Limitations when using SCRAM secrets - Amazon Managed Streaming for Apache Kafka
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Limitations when using SCRAM secrets

Note the following limitations when using SCRAM secrets:

  • Amazon MSK only supports SCRAM-SHA-512 authentication.

  • An Amazon MSK cluster can have up to 1000 users.

  • You must use an Amazon KMS key with your Secret. You cannot use a Secret that uses the default Secrets Manager encryption key with Amazon MSK. For information about creating a KMS key, see Creating symmetric encryption KMS keys.

  • You can't use an asymmetric KMS key with Secrets Manager.

  • You can associate up to 10 secrets with a cluster at a time using the BatchAssociateScramSecret operation.

  • The name of secrets associated with an Amazon MSK cluster must have the prefix AmazonMSK_.

  • Secrets associated with an Amazon MSK cluster must be in the same Amazon Web Services account and Amazon region as the cluster.