Secure Public Access

Available in Zilla

The Zilla Plus for Amazon MSK Secure Public Access Proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Amazon MSK cluster via the internet.

By automating the configuration of an internet-facing network load balancer and auto-scaling group of stateless Secure Public Access proxies to expose your MSK cluster via the public internet, Kafka clients can connect, publish messages and subscribe to topics in your Amazon MSK cluster from outside AWS.

You will need to choose a wildcard DNS pattern to use for public internet access to the brokers in your Kafka cluster. These wildcard DNS names must resolve to the public IP address(es) where the Zilla proxy is deployed. The Zilla proxy must also be configured with a TLS server certificate representing the same wildcard DNS pattern.

The Zilla proxy can securely expose any Kafka cluster with these deployment options.

Amazon MSK

The Zilla Plus for Amazon MSK Secure Public Access proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Amazon MSK cluster via the internet.

Deploy with Terraform

Follow the Secure Public Access with Terraform guide to generated or deploy a custom Terraform template using CDKTF. This Terraform script can be configured to deploy SASL/SCRAM authentication, Mutual TLS (mTLS) authentication or Unauthorized access to setup connectivity to your MSK cluster with a wildcard DNS pattern.

Secure Public Access

Secure Public Access

Amazon MSK

Deploy with Terraform

Deploy with CloudFormation

SASL/SCRAM authentication

Mutual TLS (mTLS) authentication

Unauthorized access

Confluent Cloud

Deploy with CloudFormation