Page cover

Step 2: Create a Kafka User

Superstream requires a Kafka user with the following configuration to communicate and analyze connected clusters.

By Kafka flavor/vendor:

AWS MSK

Option 1: Create or Update Superstream Role

Be sure you’re signed in to the AWS Console with your default browser, then click here to:

  1. Enter required parameters (e.g., NodeGroupRoleArn).

  2. Acknowledge IAM resource creation.

  3. Click Create Stack or Update Stack (choose Update Stack if the Superstream IAM role already exists).

  4. Confirm status: CREATE_COMPLETE or UPDATE_COMPLETE.

  5. Click on Outputs to get IAM Role details:

Option 2: Create or Update Superstream User

Be sure you’re signed in to the AWS Console with your default browser, then click here to:

  1. Acknowledge IAM resource creation.

  2. Click Create Stack or Update Stack (choose Update Stack if the Superstream IAM user already exists).

  3. Confirm status: CREATE_COMPLETE or UPDATE_COMPLETE.

  4. Click on Outputs to get the programmatic user details.

  1. Create a new Access secret key for the user and use it in SSM Console to connect the new cluster.


Confluent Cloud

Step 1: Create a new Confluent service account

In Confluent Console: Top-right menu -> Accounts & access -> Accounts -> Service Accounts -> "Add service account"

In the "Add service account" wizard:

  1. Name the service account "Superstream" (The Service account name must include the word "Superstream".)

  2. Set account type to "None"

  3. Click on each organization -> Add role assignment(top right) and add the following permissions:

    1. BillingAdmin - on the organization level

    2. ResourceKeyAdmin - on the organization level

    3. MetricsViewer

  4. In case you want Superstream to connect only with clusters in a specific environment, please grant

    EnvironmentAdmin - for each environment you want to connect with Superstream

  5. Optional: In case you want Superstream to connect only with specific clusters, please grant CloudClusterAdmin for each such cluster instead of granting EnvironmentAdmin for the entire environment

Step 2: Create a Confluent Cloud Resource Management Key

In Confluent Console: Top-right menu -> API Keys -> + Add API key

Follow the following steps:

Create and save the newly created credentials.

Other (Apache Kafka (Self-hosted) / Aiven / Redpanda)

Create a dedicated Kafka user for Superstream with the following ACLs

// cluster ACLs
{"CLUSTER", "kafka-cluster", "LITERAL", "ALTER_CONFIGS", "ALLOW"}
{"CLUSTER", "kafka-cluster", "LITERAL", "DESCRIBE", "ALLOW"}
{"CLUSTER", "kafka-cluster", "LITERAL", "DESCRIBE_CONFIGS", "ALLOW"}
{"CLUSTER", "kafka-cluster", "LITERAL", "CREATE", "ALLOW"}

// consumers groups ACLs
{"GROUP", "*", "LITERAL", "DELETE", "ALLOW"}
{"GROUP", "*", "LITERAL", "DESCRIBE", "ALLOW"}
{"GROUP", "*", "LITERAL", "READ", "ALLOW"}

// topics ACLs
{"TOPIC", "*", "LITERAL", "ALTER", "ALLOW"}
{"TOPIC", "*", "LITERAL", "ALTER_CONFIGS", "ALLOW"}
{"TOPIC", "*", "LITERAL", "DELETE", "ALLOW"}
{"TOPIC", "*", "LITERAL", "DESCRIBE", "ALLOW"}
{"TOPIC", "*", "LITERAL", "DESCRIBE_CONFIGS", "ALLOW"}
{"TOPIC", "*", "LITERAL", "READ", "ALLOW"}
{"TOPIC", "*", "LITERAL", "WRITE", "ALLOW"}
{"TOPIC", "*", "LITERAL", "CREATE", "ALLOW"}

Last updated

Was this helpful?