AWS msk documentation change
Summary
Added support for mTLS authentication in addition to SASL/SCRAM for self-managed Apache Kafka source clusters
Security assessment
The change introduces mTLS as a new authentication method for source clusters, which enhances security by providing certificate-based mutual authentication. However, there's no evidence of a specific security vulnerability being addressed.
Diff
diff --git a/msk/latest/developerguide/msk-replicator-supported-configs.md b/msk/latest/developerguide/msk-replicator-supported-configs.md index 8fa5b420f..b3b5c9847 100644 --- a//msk/latest/developerguide/msk-replicator-supported-configs.md +++ b//msk/latest/developerguide/msk-replicator-supported-configs.md @@ -17 +17 @@ The following are requirements for cluster types, Kafka versions, instance types - * MSK Replicator also supports self-managed Apache Kafka clusters (Kafka version 2.8.1 or later) with SASL/SCRAM authentication as source clusters when replicating to Amazon MSK Provisioned clusters with Express brokers. For more information, see [Migrate from non-MSK Apache Kafka clusters to Amazon MSK Express brokers](./msk-replicator-migrate-external.html). + * MSK Replicator also supports self-managed Apache Kafka clusters (Kafka version 2.8.1 or later) with SASL/SCRAM or mTLS authentication as source clusters when replicating to Amazon MSK Provisioned clusters with Express brokers. For more information, see [Migrate from non-MSK Apache Kafka clusters to Amazon MSK Express brokers](./msk-replicator-migrate-external.html). @@ -38 +38 @@ The following are requirements for cluster types, Kafka versions, instance types - * If you are using MSK Replicator with a self-managed Apache Kafka cluster as the source, the self-managed cluster must have SASL/SCRAM authentication enabled. + * If you are using MSK Replicator with a self-managed Apache Kafka cluster as the source, the self-managed cluster must have SASL/SCRAM or mTLS authentication enabled.