AWS msk documentation change
Summary
Added multiple Kafka configuration parameters including security-related settings like max.connections.per.ip and log cleanup policies
Security assessment
Introduces documentation for security-adjacent configurations (connection limits, log retention) but doesn't reference specific vulnerabilities.
Diff
diff --git a/msk/latest/developerguide/msk-configuration-express-read-write.md b/msk/latest/developerguide/msk-configuration-express-read-write.md index 3626cb38b..7b6b167b1 100644 --- a/msk/latest/developerguide/msk-configuration-express-read-write.md +++ b/msk/latest/developerguide/msk-configuration-express-read-write.md @@ -29,0 +30 @@ auto.create.topics.enable | Enables autocreation of a topic on the server. | f +compression.type | Specify the final compression type for a given topic. This configuration accepts the standard compression codecs: gzip, snappy, lz4, zstd. This configuration additionally accepts `uncompressed`, which is equivalent to no compression; and `producer`, which means retain the original compression codec set by the producer. | Apache Kafka Default @@ -34,0 +36,7 @@ leader.imbalance.per.broker.percentage | The ratio of leader imbalance allowed +log.cleanup.policy | The default cleanup policy for segments beyond the retention window. A comma-separated list of valid policies. Valid policies are `delete` and `compact`. For tiered storage-enabled clusters, valid policy is `delete` only. | Apache Kafka Default +log.message.timestamp.after.max.ms | The allowable timestamp difference between the message timestamp and the broker's timestamp. The message timestamp can be later than or equal to the broker's timestamp, with the maximum allowable difference determined by the value set in this configuration. If `log.message.timestamp.type=CreateTime`, the message will be rejected if the difference in timestamps exceeds this specified threshold. This configuration is ignored if `log.message.timestamp.type=LogAppendTime`. | 86400000 (24 * 60 * 60 * 1000 ms, that is, 1 day) +log.message.timestamp.before.max.ms | The allowable timestamp difference between the broker's timestamp and the message timestamp. The message timestamp can be earlier than or equal to the broker's timestamp, with the maximum allowable difference determined by the value set in this configuration. If `log.message.timestamp.type=CreateTime`, the message will be rejected if the difference in timestamps exceeds this specified threshold. This configuration is ignored if `log.message.timestamp.type=LogAppendTime`. | 86400000 (24 * 60 * 60 * 1000 ms, that is, 1 day) +log.message.timestamp.type | Specifies if the timestamp in the message is the message creation time or the log append time. The allowed values are `CreateTime` and `LogAppendTime`. | Apache Kafka Default +log.retention.bytes | Maximum size of the log before deleting it. | Apache Kafka Default +log.retention.ms | Number of milliseconds to keep a log file before deleting it. | Apache Kafka Default +max.connections.per.ip | The maximum number of connections allowed from each IP address. This can be set to `0` if there are overrides configured using the `max.connections.per.ip.overrides` property. New connections from the IP address are dropped if the limit is reached. | Apache Kafka Default @@ -35,0 +44 @@ max.incremental.fetch.session.cache.slots | Maximum number of incremental fetch +message.max.bytes | Largest record batch size that Kafka allows. If you increase this value and there are consumers older than 0.10.2, you must also increase the fetch size of the consumers so that they can fetch record batches this large. The latest message format version always groups messages into batches for efficiency. Previous message format versions don't group uncompressed records into batches, and in such a case, this limit only applies to a single record. You can set this value per topic with the topic level `max.message.bytes` config. | Apache Kafka Default