AWS Security ChangesHomeSearch

AWS msk documentation change

Service: msk · 2025-04-11 · Documentation low

File: msk/latest/developerguide/iam-access-control.md

Summary

Added version requirement clarification (Kafka 2.7.1+) for IAM access control with non-Java clients

Security assessment

Clarifies requirements for existing security feature (IAM access control) but does not address a specific security vulnerability

Diff

diff --git a/msk/latest/developerguide/iam-access-control.md b/msk/latest/developerguide/iam-access-control.md
index 6d870c066..80288b659 100644
--- a//msk/latest/developerguide/iam-access-control.md
+++ b//msk/latest/developerguide/iam-access-control.md
@@ -7 +7 @@
-IAM access control for Amazon MSK enables you to handle both authentication and authorization for your MSK cluster. This eliminates the need to use one mechanism for authentication and another for authorization. For example, when a client tries to write to your cluster, Amazon MSK uses IAM to check whether that client is an authenticated identity and also whether it is authorized to produce to your cluster. IAM access control works for Java and non-Java clients, including Kafka clients written in Python, Go, JavaScript, and .NET.
+IAM access control for Amazon MSK enables you to handle both authentication and authorization for your MSK cluster. This eliminates the need to use one mechanism for authentication and another for authorization. For example, when a client tries to write to your cluster, Amazon MSK uses IAM to check whether that client is an authenticated identity and also whether it is authorized to produce to your cluster. IAM access control works for Java and non-Java clients, including Kafka clients written in Python, Go, JavaScript, and .NET. IAM access control for non-Java clients is available for MSK clusters with Kafka version 2.7.1 or above.