Open in app

Sign in

Write

Sign in

Explaining AWS MSK Multi-VPC Private Connections and it’s advantages over VPC Peering to load into Kafka on AWS

The aim of this page📝 is to explain the concept of multi-VPC private connectivity in AWS MSK based on the particular example of loading data into AWS MSK using multi-connection VPC and managed VPC. Learning about this with a client who does not want to use VPC peering to allow us access to the whole network when all that we need is to start loading data into a single particular Kafka endpoint.

Pavol Kutaj
2 min readMar 14, 2024
  • For more general treatment on VPC Peering vs AWS PrivateLink, see https://pavolkutaj.medium.com/explaining-aws-privatelink-vs-aws-vpc-peering-f26c87e13d8f
  • Multi-VPC private connectivity for Amazon Managed Streaming for Apache Kafka (MSK) is a feature that leverages AWS PrivateLink.
  • It allows you to connect Apache Kafka clients that are hosted in different Virtual Private Clouds (VPCs) and AWS accounts to an MSK cluster.
  • This feature simplifies the networking infrastructure for multi-VPC and cross-account connectivity.
  • It provides more granular control over access and connectivity.
  • It enables overlapping IPs across connecting VPCs, eliminating the need to maintain non-overlapping IPs, complex peering, and routing tables associated with other VPC connectivity solutions.
  • You use a cluster policy for your MSK cluster to define which AWS accounts have permission to set up cross-account private connectivity to your MSK cluster.
  • Multi-VPC private connectivity is supported only on Apache Kafka 2.7.1 or higher.
  • It supports auth types IAM, TLS, and SASL/SCRAM. Unauthenticated clusters can’t use multi-VPC private connectivity.
  • AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks without exposing your traffic to the public internet.
  • AWS PrivateLink makes it easy to connect services across different accounts and VPCs.

LINKS

ANKI

Question: What is multi-VPC private connectivity in AWS MSK?
Answer: Multi-VPC private connectivity for Amazon Managed Streaming for Apache Kafka (MSK) is a feature that leverages AWS PrivateLink. It allows you to connect Apache Kafka clients that are hosted in different Virtual Private Clouds (VPCs) and AWS accounts to an MSK cluster. This feature simplifies the networking infrastructure for multi-VPC and cross-account connectivity. It provides more granular control over access and connectivity.
Question: What are the requirements for using multi-VPC private connectivity in AWS MSK?
Answer: Multi-VPC private connectivity is supported only on Apache Kafka 2.7.1 or higher. It supports auth types IAM, TLS, and SASL/SCRAM. Unauthenticated clusters can't use multi-VPC private connectivity.
Question: What is AWS PrivateLink and how does it relate to multi-VPC private connectivity in AWS MSK?
Answer: AWS PrivateLink provides private connectivity between VPCs, AWS services, and your on-premises networks without exposing your traffic to the public internet. AWS PrivateLink makes it easy to connect services across different accounts and VPCs. Multi-VPC private connectivity for Amazon Managed Streaming for Apache Kafka (MSK) is essentially a feature that leverages AWS PrivateLink.
AWS
DevOps
Vpc Peering
Msk
Kafka

--

--

Pavol Kutaj

Written by Pavol Kutaj

123 Followers

Today I Learnt | Infrastructure Support Engineer at snowplow.io with a passion for cloud infrastructure/terraform/python/docs. More at https://pavol.kutaj.com

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams