
Step 2: Create a Kafka User
Superstream requires a Kafka user with the following configuration to communicate and analyze connected clusters.
By Kafka flavor/vendor:
AWS MSK
Option 1: Create or Update Superstream Role
Be sure you’re signed in to the AWS Console with your default browser, then click here to:
Enter required parameters (e.g., NodeGroupRoleArn).
Acknowledge IAM resource creation.
Click Create Stack or Update Stack (choose Update Stack if the Superstream IAM role already exists).
Confirm status: CREATE_COMPLETE or UPDATE_COMPLETE.
Click on Outputs to get IAM Role details:

Option 2: Create or Update Superstream User
Be sure you’re signed in to the AWS Console with your default browser, then click here to:
Acknowledge IAM resource creation.
Click Create Stack or Update Stack (choose Update Stack if the Superstream IAM user already exists).
Confirm status: CREATE_COMPLETE or UPDATE_COMPLETE.
Click on Outputs to get the programmatic user details.

Create a new Access secret key for the user and use it in SSM Console to connect the new cluster.
Confluent Cloud
Step 1: Create a new Confluent service account
In Confluent Console: Top-right menu -> Accounts & access -> Accounts -> Service Accounts -> "Add service account"

In the "Add service account" wizard:
Name the service account "
Superstream
" (The Service account name must include the word "Superstream".)Set account type to "None"
Click on each organization -> Add role assignment(top right) and add the following permissions:
BillingAdmin
- on the organization levelResourceKeyAdmin
- on the organization levelMetricsViewer
In case you want Superstream to connect only with clusters in a specific environment, please grant
EnvironmentAdmin
- for each environment you want to connect with SuperstreamOptional: In case you want Superstream to connect only with specific clusters, please grant
CloudClusterAdmin
for each such cluster instead of grantingEnvironmentAdmin
for the entire environment
Step 2: Create a Confluent Cloud Resource Management Key
In Confluent Console: Top-right menu -> API Keys -> + Add API key
Follow the following steps:



Create and save the newly created credentials.
Other (Apache Kafka (Self-hosted) / Aiven / Redpanda)
Create a dedicated Kafka user for Superstream with the following ACLs
// cluster ACLs
{"CLUSTER", "kafka-cluster", "LITERAL", "ALTER_CONFIGS", "ALLOW"}
{"CLUSTER", "kafka-cluster", "LITERAL", "DESCRIBE", "ALLOW"}
{"CLUSTER", "kafka-cluster", "LITERAL", "DESCRIBE_CONFIGS", "ALLOW"}
{"CLUSTER", "kafka-cluster", "LITERAL", "CREATE", "ALLOW"}
// consumers groups ACLs
{"GROUP", "*", "LITERAL", "DELETE", "ALLOW"}
{"GROUP", "*", "LITERAL", "DESCRIBE", "ALLOW"}
{"GROUP", "*", "LITERAL", "READ", "ALLOW"}
// topics ACLs
{"TOPIC", "*", "LITERAL", "ALTER", "ALLOW"}
{"TOPIC", "*", "LITERAL", "ALTER_CONFIGS", "ALLOW"}
{"TOPIC", "*", "LITERAL", "DELETE", "ALLOW"}
{"TOPIC", "*", "LITERAL", "DESCRIBE", "ALLOW"}
{"TOPIC", "*", "LITERAL", "DESCRIBE_CONFIGS", "ALLOW"}
{"TOPIC", "*", "LITERAL", "READ", "ALLOW"}
{"TOPIC", "*", "LITERAL", "WRITE", "ALLOW"}
{"TOPIC", "*", "LITERAL", "CREATE", "ALLOW"}
Last updated
Was this helpful?