Query: Do we have any near term Plan for AWS IAM authentication to control access

[vivekdurafe]

KafDrop is an amazing UI tool.

We have observed that everyone is able to see all the topics and data on Kafka cluster.
Is there any roadmap or plan to control the access with AWS IAM or any other way, so specific team can only see their own topics and data instead of everyone's

[snigdhasjg]

For AWS IAM auth you need additional library to be present in classpath.

If you need it really bad just update few lines of config code to add maven dependency and add the IAM auth properties to kafka client property. Look for the docs for more details.

security.protocol = SASL_SSL
sasl.mechanism = AWS_MSK_IAM
sasl.jaas.config = software.amazon.msk.auth.iam.IAMLoginModule required;
sasl.client.callback.handler.class = software.amazon.msk.auth.iam.IAMClientCallbackHandler

---

I have never used other kafka managed service other than AWS MSK.
So as a starting point before putting the change into this, we need to find a way to make it configurable for other managed service. Even kafka has it own Kerberos config, don't think its possible to configure it.
Libraries also needs to be optional, not sure how to achieve that.

[snigdhasjg]

Looks like you can add kafka.properties file with the property mentioned above.
And curl the jar aws iam auth and put it /kafdrop-4.0.1/lib directory. Or whatever you chose of path and add that it classpath. But the above mentioned path is already a classpath so no need to configure it

So, no need to modify code or rebuild app