Considerations for creating an Amazon MSK Replicator
The following sections give an overview of the prerequisites, supported configurations, and best practices for using the MSK Replicator feature. It covers the necessary permissions, cluster compatibility, and Serverless-specific requirements, as well as guidance on managing the Replicator after creation.
IAM permissions required to create an MSK Replicator
Here is an example of the IAM policy required to create an MSK Replicator. The
action kafka:TagResource
is only needed if tags are provided when
creating the MSK Replicator. Replicator IAM policies should be attached to the IAM
role that corresponds to your client. For information on creating authorization
policies, see Create authorization policies
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "iam:PassRole", "iam:CreateServiceLinkedRole", "ec2:DescribeSubnets", "ec2:DescribeSecurityGroups", "ec2:CreateNetworkInterface", "ec2:DescribeVpcs", "kafka:CreateReplicator", "kafka:TagResource" ], "Resource": "*" } ] }
The following is an example IAM policy to describe replicator. Either the kafka:DescribeReplicator
action or kafka:ListTagsForResource
action is needed, not both.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "kafka:DescribeReplicator", "kafka:ListTagsForResource" ], "Resource": "*" } ] }