AWS msk documentation change
Summary
Updated troubleshooting guidance to include mTLS authentication errors and certificate validation
Security assessment
Expands authentication failure troubleshooting to cover mTLS scenarios, providing security-related operational guidance but without evidence of a specific vulnerability being fixed.
Diff
diff --git a/msk/latest/developerguide/msk-replicator-troubleshooting.md b/msk/latest/developerguide/msk-replicator-troubleshooting.md index f8435627a..00d2bf3d7 100644 --- a//msk/latest/developerguide/msk-replicator-troubleshooting.md +++ b//msk/latest/developerguide/msk-replicator-troubleshooting.md @@ -274 +274 @@ Perform the following checks if MSK Replicator cannot connect to your self-manag -### SASL/SCRAM authentication failures +### SASL/SCRAM or mTLS authentication failures @@ -276 +276 @@ Perform the following checks if MSK Replicator cannot connect to your self-manag -If the `AuthError` metric is non-zero or the Replicator logs show SASL/SCRAM errors: +If the `AuthError` metric is non-zero or the Replicator logs show SASL/SCRAM or mTLS errors: @@ -278 +278 @@ If the `AuthError` metric is non-zero or the Replicator logs show SASL/SCRAM err - 1. Verify that the credentials stored in AWS Secrets Manager match the SCRAM user credentials on the self-managed cluster. + 1. Verify that the credentials stored in AWS Secrets Manager match the SCRAM user credentials on the self-managed cluster (for SASL/SCRAM) or that the client certificate and private key are correct (for mTLS). @@ -280 +280 @@ If the `AuthError` metric is non-zero or the Replicator logs show SASL/SCRAM err - 2. Verify that the SCRAM user has the required ACL permissions (Read, Describe on topics; Read, Describe on consumer groups; Describe on cluster). + 2. Verify that the SCRAM user or certificate principal has the required ACL permissions (Read, Describe on topics; Read, Describe on consumer groups; Describe on cluster).