We want to set up Username and password authentication with AWS Secrets Manager as per the documentation.
AmazonMSK_testmsk2 and with key as Password and Value as { "username": "alice", "password": "alice-secret" } Still when we associate the secret with MSK we get the error Amazon MSK failed to associate 1 secret for cluster. The provided secret has an invalid schema
The troubleshooting documentation is not of much help either
This error can occur when one or more pre-requisites for creating the secret has not been followed. There are a few pre-requisites when creating the secret. AWS document for reference. Listing them below for quick access.
AmazonMSK_Plaintext option. {
"username": "alice",
"password": "alice-secret"
}
In addition to @Sourabh 's answer, a secret created with the default AWS KMS key cannot be used with an Amazon MSK cluster,
so what you need to do is:
Open the Secrets Manager console.
In Secret name, choose your secret.
Choose Actions, and then choose dropdown list, select the AWS KMS key, select the check box for Create new version of secret with new encryption key, and then choose Save.
that should solve this error
Amazon MSK failed to associate 1 secret for cluster sasl-cluster. Wait for a few minutes and try again. If the problem persists, see AWS Support Center . API Response : The provided secret is encrypted with the default key. You can't use this secret with Amazon MSK.
This is happening because at the time of secret creation you had selected the default aws kms option. Frist you have to create the new KMS then you have to update it in secret manager creation time.
After following all you will not get this error.
You can't use a backslash in the password:
will give this error:
You can save it, but you cannot associate it with a cluster.
