Common use cases for client authorization policy
The first column in the following table shows some common use cases. To authorize a
client to carry out a given use case, include the required actions for that use case in
the client's authorization policy, and set Effect to
Allow.
For information about all the actions that are part of IAM access control for Amazon MSK, see Semantics of IAM authorization policy actions and resources.
Note
Actions are denied by default. You must explicitly allow every action that you want to authorize the client to perform.
| Use case | Required actions |
|---|---|
| Admin |
|
| Create a topic |
|
| Produce data |
|
| Consume data |
|
| Produce data idempotently |
|
| Produce data transactionally |
|
| Describe the configuration of a cluster |
|
| Update the configuration of a cluster |
|
| Describe the configuration of a topic |
|
| Update the configuration of a topic |
|
| Alter a topic |
|