Considerations for creating an Amazon MSK Replicator - Amazon Managed Streaming for Apache Kafka
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Considerations for creating an Amazon MSK Replicator

The following sections give an overview of the prerequisites, supported configurations, and best practices for using the MSK Replicator feature. It covers the necessary permissions, cluster compatibility, and Serverless-specific requirements, as well as guidance on managing the Replicator after creation.

IAM permissions required to create an MSK Replicator

Here is an example of the IAM policy required to create an MSK Replicator. The action kafka:TagResource is only needed if tags are provided when creating the MSK Replicator. Replicator IAM policies should be attached to the IAM role that corresponds to your client. For information on creating authorization policies, see Create authorization policies.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "iam:PassRole", "iam:CreateServiceLinkedRole", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:CreateNetworkInterface", "ec2:DescribeVpcs", "kafka:CreateReplicator", "kafka:TagResource" ], "Resource": "*" } ] }

The following is an example IAM policy to describe replicator. Either the kafka:DescribeReplicator action or kafka:ListTagsForResource action is needed, not both.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "kafka:DescribeReplicator", "kafka:ListTagsForResource" ], "Resource": "*" } ] }