Start FreeWebsiteSign-in
Page cover
Edit

Step 2: Create a Kafka User

Superstream requires a Kafka user with the following configuration to communicate and analyze connected clusters.

By Kafka flavor/vendor:

AWS MSK

Option 1: Create or Update Superstream Role

Be sure you’re signed in to the AWS Console with your default browser, then click here:

  1. Enter required parameters (e.g., NodeGroupRoleArn).

  2. Acknowledge IAM resource creation.

  3. Click Create Stack or Update Stack (choose Update Stack if the Superstream IAM role already exists).

  4. Confirm status: CREATE_COMPLETE or UPDATE_COMPLETE.

  5. Click on "Resources," then select "SuperstreamAgentRole" to retrieve the IAM Role ARN. Use this ARN in the Superstream console.

Option 2: Create or Update Superstream User

Be sure you’re signed in to the AWS Console with your default browser, then click here:

  1. Acknowledge IAM resource creation.

  2. Click Create Stack or Update Stack (choose Update Stack if the Superstream IAM user already exists).

  3. Confirm status: CREATE_COMPLETE or UPDATE_COMPLETE (appears on the left side of the screen).

  4. Click on "Resources" and then click on the created user called "SuperstreamAgentUser".

  5. Click on the "Security Credentials" tab, then select "Create access key." Choose "Third-party service" and generate the key. Use this key in the Superstream Console.

Confluent Cloud

Step 1: Create a new Service Account

  1. In Confluent Console: Top-right menu -> Accounts & access -> Accounts -> Service Accounts -> "Add service account"

  2. Name the service account "Superstream" (The Service account name must include the word "Superstream".)

  3. Set account type to "None"

  4. Click on the organization -> Add role assignment(top right) and add the following permissions:

    1. BillingAdmin - on the organization level

    2. ResourceKeyAdmin - on the organization level

    3. MetricsViewer

  5. In case you want Superstream to connect only with clusters in a specific environment, please grant

    EnvironmentAdmin - for each environment you want to connect with Superstream

  6. Optional: In case you want Superstream to connect only with specific clusters, please grant CloudClusterAdmin for each such cluster instead of granting EnvironmentAdmin for the entire environment

Step 2: Create a Cloud Resource Management Key

  1. In Confluent Console: Top-right menu -> API Keys -> + Add API key

  2. Select Service account, search for the created service account from the previous step, and choose None for the account type

  3. Select Cloud Resource Management

  4. Use the created key in the Superstream console.

Aiven

Step 1: Create a Token

  1. In Aiven console: Click on user information (top right) -> Tokens -> Generate token

  2. Use the created credentials in the Superstream console.

Step 2: Creating a Kafka User

  1. Make sure the Kafka user you are giving to Superstream has the ACLs appear below.

Other

Create a dedicated Kafka user for Superstream with the following ACLs

// cluster ACLs
{"CLUSTER", "kafka-cluster", "LITERAL", "ALTER_CONFIGS", "ALLOW"}
{"CLUSTER", "kafka-cluster", "LITERAL", "DESCRIBE", "ALLOW"}
{"CLUSTER", "kafka-cluster", "LITERAL", "DESCRIBE_CONFIGS", "ALLOW"}
{"CLUSTER", "kafka-cluster", "LITERAL", "CREATE", "ALLOW"}

// consumers groups ACLs
{"GROUP", "*", "LITERAL", "DELETE", "ALLOW"}
{"GROUP", "*", "LITERAL", "DESCRIBE", "ALLOW"}
{"GROUP", "*", "LITERAL", "READ", "ALLOW"}

// topics ACLs
{"TOPIC", "*", "LITERAL", "ALTER", "ALLOW"}
{"TOPIC", "*", "LITERAL", "ALTER_CONFIGS", "ALLOW"}
{"TOPIC", "*", "LITERAL", "DELETE", "ALLOW"}
{"TOPIC", "*", "LITERAL", "DESCRIBE", "ALLOW"}
{"TOPIC", "*", "LITERAL", "DESCRIBE_CONFIGS", "ALLOW"}
{"TOPIC", "*", "LITERAL", "READ", "ALLOW"}
{"TOPIC", "*", "LITERAL", "WRITE", "ALLOW"}
{"TOPIC", "*", "LITERAL", "CREATE", "ALLOW"}
PreviousStep 1: Agent DeploymentNextStep 3: Connect a Cluster

Last updated

Was this helpful?