Access from within Amazon but outside cluster's VPC - Amazon Managed Streaming for Apache Kafka
Amazon VPC peeringAmazon Direct ConnectAmazon Transit GatewayVPN connectionsREST proxiesMultiple Region multi-VPC connectivitySingle Region multi-VPC private connectivityEC2-Classic networking is retired
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Access from within Amazon but outside cluster's VPC

To connect to an MSK cluster from inside Amazon but outside the cluster's Amazon VPC, the following options exist.

Amazon VPC peering

To connect to your MSK cluster from a VPC that's different from the cluster's VPC, you can create a peering connection between the two VPCs. For information about VPC peering, see the Amazon VPC Peering Guide.

Amazon Direct Connect

Amazon Direct Connect links your on-premise network to Amazon over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an Amazon Direct Connect router. With this connection in place, you can create virtual interfaces directly to the Amazon cloud and Amazon VPC, bypassing Internet service providers in your network path. For more information, see Amazon Direct Connect.

Amazon Transit Gateway

Amazon Transit Gateway is a service that enables you to connect your VPCs and your on-premises networks to a single gateway. For information about how to use Amazon Transit Gateway, see Amazon Transit Gateway.

VPN connections

You can connect your MSK cluster's VPC to remote networks and users using the VPN connectivity options described in the following topic: VPN Connections.

REST proxies

You can install a REST proxy on an instance running within your cluster's Amazon VPC. REST proxies enable your producers and consumers to communicate with the cluster through HTTP API requests.

Multiple Region multi-VPC connectivity

The following document describes connectivity options for multiple VPCs that reside in different Regions: Multiple Region Multi-VPC Connectivity.

Single Region multi-VPC private connectivity

Multi-VPC private connectivity (powered by Amazon PrivateLink) for Amazon Managed Streaming for Apache Kafka (Amazon MSK) clusters is a feature that enables you to more quickly connect Kafka clients hosted in different Virtual Private Clouds (VPCs) and Amazon accounts to an Amazon MSK cluster.

See Single Region multi-VPC connectivity for cross-account clients.

EC2-Classic networking is retired

Amazon MSK no longer supports Amazon EC2 instances running with Amazon EC2-Classic networking.

See EC2-Classic Networking is Retiring – Here’s How to Prepare.