Here i'm trying to use Debezium Connector to Read data from RDS and publish it to AWS MSK.
All i could see is using AWS IAM based authentication everywhere but unfortunately my cloud engineering team is not willing to add IAM but provided basic auth (username and password) with a topic to publish.
I'm planning to use debezium/connect docker image so i can deploy it to EKS.
Is there any way to connect to MSK using username and password ?
If you want Debezium to connect to your RDS database, you must include database credentials (username and password) in your Debezium config. For example, check out the 'Required Config' docs for the Postgres connector: https://debezium.io/documentation/reference/stable/connectors/postgresql.html#postgresql-required-configuration-properties
You must supply database.user, database.password, and other related values.
If you want to connect to your MSK cluster, there are a couple of alternatives as described here: Connecting to an Amazon MSK Cluster.
For a username/password based authentication to MSK cluster best would be to use SASL SCRAM. See details here: https://docs.aws.amazon.com/msk/latest/developerguide/msk-password.html
Other authentication supported by MSK so far [JAN/31/2022] are:
IAM auth
mutual TLS - certificate based
SASL SCRAM - username/password based
Related
For elasticache cluster configured to use Redis version 7 or above, there is an option to connect using IAM authentication. With IAM Authentication you can authenticate a connection to ElastiCache for Redis using AWS IAM identities.
Reference: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/auth-iam.html
I am trying to get an example of working code with StackExchange.Redis client to authenticate requests to elasticache using IAM user
As per the documentation, I have tried the following :
Create a role with given policies
Created a user with IAM authentication mode
Created signed token request and tried to pass it as a password while connecting with cluster
I am getting wrongpass:invalid-username-password error.
I struggling enable Access log on Apache Kafka generally and specifically on Amazon MSK - managed Kafka service
[v] Kafka with authentication enabled via SASL/Scrum over SSL
[v] I able to connect with username & password
Hard to believe that basic thing like login audit don't exists at Apache Kafka / Amazon MSK
How to enable audit log ? Am i missing something ?
I have one mongo db hosted in AWS atlas account and my application is running in AWS EC2 instance. I want to access my DB using my application by VPC peering but it always ask for username password which i think is not a good practice because for this i need to hardcode dummy credentials in properties file.
Is there any way I can do this without using dummy credentials. Can I do this using private endpoint? Please suggest best practice used in industry for mongodb atlas.
Authentication is orthogonal to your network topology (VPC).
Authentication in Atlas is required. You can try using x.509 or aws authentication instead of passwords.
How do we create client certificate to get validated by aws document db?In aws docs https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html#connect_programmatically-tls_enabled, it is mentioned only about one way ssl i.e.,clients authenticating server certificate.I didn't find information regarding two way ssl supported by aws document db.Can anyone help on this?
Amazon DocumentDB does not support using client certificates to connect to your cluster. Are you looking for client-side certificates to be used by the server for authentication? Amazon DocumentDB only supports SCRAM based authentication.
Does AWS DocumentDB support authenticating clients with SSL?I've downloaded rds-combined-ca-bundle.pem and got rds-truststore.jks by following the aws link "https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html#connect_programmatically-tls_enabled".Specifying it in truststore,I can successfully connect to document db.
For two way ssl,I've created keystore using self-signed certificate following the link https://docs.mongodb.com/manual/appendix/security/appendixA-openssl-ca/. I'm able to connect to documentdb by specifying any keystore,even by specifying rds-truststore.jks in both truststore and keystore also.
Amazon DocumentDB doesn't support x509 certificate based authentication, only username/password authentication.
As the service is continually improving, stay tuned for new releases .