Public MSK Proxy
Securely access your Amazon MSK cluster via the internet.
Estimated time to complete 20-30 mins.

Overview

The Aklivity Public MSK Proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Amazon MSK cluster via the internet.
By automating the configuration of an internet-facing network load balancer and auto-scaling group of stateless proxies to access your MSK cluster via the public internet, Kafka clients can connect, publish messages and subscribe to topics in your Amazon MSK cluster from outside AWS.
You will need to choose a wildcard DNS pattern to use for public internet access to the brokers in your MSK cluster. These wildcard DNS names must resolve to the public IP address(es) where the Public MSK Proxy is deployed. The Public MSK Proxy must also be configured with a TLS server certificate representing the same wildcard DNS pattern.
Both Development and Production deployment options are available.

Development

Follow the Development guide to setup connectivity to your MSK cluster from your local development environment via the internet using a locally trusted TLS server certificate for the example wildcard DNS pattern *.aklivity.example.com.

Production

Follow the Production guide to setup connectivity to your MSK cluster from anywhere on the internet using a globally trusted TLS server certificate for a wildcard DNS pattern under your control. We use *.example.aklivity.io to illustrate the steps.
Follow the Production (Mutual Trust) guide instead if your MSK cluster is configured for TLS client authorization.