0

I have a MSK cluster and I am not able to connect to it via an ec2 host in the same vpc. Here are my settings:

  1. Security group applied to EC2 (Outbound) enter image description here
  2. Security group applied to MSK (Inbound) enter image description here
  3. The ec2 instance profile role has AmazonMSKFullAccess profile attached to it

Am I missing anything, can't seem to figure it out from the docs. Another interesting thing I noticed is that if I put another egress rule in ec2 security group for 0.0.0.0/0 it works.

command I am using:

aws kafka describe-cluster --region <region> --cluster-arn <cluster-arn>
4

1 回答 1

1

您使用的命令:

aws kafka describe-cluster --region --cluster-arn

是连接到 MKS 服务端点,该端点是公共的并且需要互联网访问。因此,如果您没有 的出口规则0.0.0.0/0,您的命令将失败。当您启用“0.0.0.0/0”时,它的工作原理是该命令可以访问服务端点。

并且您指定的安全组是为了让 kafka 原生命令行工具能够连接到集群,而不是连接到 MKS 服务端点。

于 2020-09-05T06:04:18.027 回答