0

我将 kafka-connect docker image( confluentinc/cp-kafka-connect-base:6.0.1) 部署到 ECS / fargate 中,为我的 ECS 服务分配了一个安全组,该安全组允许传入的 zooper keeper 和 kafka 引导服务器流量(纯文本和 TLS)以及允许我的 IAM 角色ECS 任务对 MSK 集群运行 kafka 操作,但连接集群在尝试从 MSK 集群获取代理列表时仍然超时。

kafka connect ECS 服务和 MSK 集群都在 AWS 的同一个私有子网上。

安全组代码

      "Type": "AWS::EC2::SecurityGroup",
      "Properties": {
        "GroupDescription": "kakfa-connect-sg",
        "SecurityGroupEgress": [
          {
            "CidrIp": "0.0.0.0/0",
            "Description": "Allow all outbound traffic by default",
            "IpProtocol": "-1"
          }
        ],
        "SecurityGroupIngress": [
          {
            "CidrIp": "0.0.0.0/0",
            "Description": "Kafka Bootstrap Server Plaintext",
            "FromPort": 9092,
            "IpProtocol": "tcp",
            "ToPort": 9092
          },
          {
            "CidrIp": "0.0.0.0/0",
            "Description": "Kafka Bootstrap Server TLS",
            "FromPort": 9094,
            "IpProtocol": "tcp",
            "ToPort": 9094
          },
          {
            "CidrIp": "0.0.0.0/0",
            "Description": "ZooKeeper TLS",
            "FromPort": 2182,
            "IpProtocol": "tcp",
            "ToPort": 2182
          },
          {
            "CidrIp": "0.0.0.0/0",
            "Description": "ZooKeeper Plaintext",
            "FromPort": 2181,
            "IpProtocol": "tcp",
            "ToPort": 2181
          }
        ],
        "VpcId": "vpc-id"
      }```

IAM role code

```{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": "kafka:*",
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}```

Is there anything i might be missing?
4

1 回答 1

0

MSK 集群上的安全组设置不允许来自我的 kafka 连接集群的流量。

于 2021-01-11T22:16:13.147 回答