diff --git a/docs/integrations/data-ingestion/clickpipes/aws-privatelink.md b/docs/integrations/data-ingestion/clickpipes/aws-privatelink.md index 3f6cde4acd9..f9b3a0e2f28 100644 --- a/docs/integrations/data-ingestion/clickpipes/aws-privatelink.md +++ b/docs/integrations/data-ingestion/clickpipes/aws-privatelink.md @@ -63,6 +63,8 @@ Update your MSK cluster policy and add `072088201116` to the allowed principals See AWS guide for [attaching a cluster policy](https://docs.aws.amazon.com/msk/latest/developerguide/mvpc-cluster-owner-action-policy.html) for more details. ::: +Follow our [MSK setup guide for ClickPipes](/knowledgebase/aws-privatelink-setup-for-msk-clickpipes) to learn how to set up the connection. + ### VPC endpoint service {#vpc-endpoint-service} VPC service is another approach to share your data source with ClickPipes. diff --git a/knowledgebase/aws-privatelink-setup-for-msk-clickpipes.mdx b/knowledgebase/aws-privatelink-setup-for-msk-clickpipes.mdx new file mode 100644 index 00000000000..8c5ced6d806 --- /dev/null +++ b/knowledgebase/aws-privatelink-setup-for-msk-clickpipes.mdx @@ -0,0 +1,57 @@ +--- +title: AWS PrivateLink setup to expose MSK for ClickPipes +description: Setup steps to expose a private MSK via MSK multi-VPC connectivity to ClickPipes. +date: 2025-4-15 +tags: ['Security and Authentication', 'Managing Cloud'] +keywords: ['AWS PrivateLink', 'MSK', 'ClickPipes'] +--- + +{frontMatter.description} +{/* truncate */} + +## Overview {#overview} + +This guide will get you started with setting up a **MSK multi-VPC** to be used with [ClickPipes reverse private endpoint](/integrations/clickpipes/aws-privatelink#msk-multi-vpc). + +## Requirements {#requirements} + +Your MSK cluster VPC must be located in one of our ClickPipes regions. See [ClickPipes regions](/integrations/clickpipes/aws-privatelink#aws-privatelink-regions) for the list of supported regions. + +## Enabling multi-VPC connectivity {#enabling-multi-vpc-connectivity} + +1. Navigate to the MSK cluster. + - Choose "Clusters" from the left navigation pane in the Amazon MSK console. + - Select the specific MSK cluster you want to configure for multi-VPC connectivity. +2. Enable MSK multi-VPC connectivity + - In the **Connectivity** tab, find the **Multi-VPC connectivity** section. + - Click on **Edit**. + - Enable the **Turn-on MSK multi-VPC connectivity** option. + - Follow the instructions +3. Add ClickPipes account principal into a cluster’s policy + - Navigate to the **Configuration** tab. + - Click on **Edit** in the **Cluster policy** section. + - Include `arn:aws:iam::072088201116:root` in the **IAM policy**. Example: + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": [ + "arn:aws:iam::072088201116:root" + ] + }, + "Action": [ + "kafka-cluster:Connect", + "kafka-cluster:DescribeCluster", + "kafka-cluster:ListClusters" + ] + } + ] + } + ``` + +## Creating reverse private endpoint {#creating-reverse-private-endpoint} + +Follow reverse private endpoint creation steps in the [ClickPipes documentation](/integrations/clickpipes/aws-privatelink#creating-clickpipe). diff --git a/static/knowledgebase_toc.json b/static/knowledgebase_toc.json index d648d5660b4..19b44571137 100644 --- a/static/knowledgebase_toc.json +++ b/static/knowledgebase_toc.json @@ -1133,6 +1133,20 @@ "ClickPipes" ] }, + { + "title": "AWS PrivateLink setup to expose MSK for ClickPipes", + "description": "Setup steps to expose a private MSK via MSK multi-VPC connectivity to ClickPipes.", + "date": "2025-4-15", + "tags": [ + "Security and Authentication", + "Managing Cloud" + ], + "keywords": [ + "AWS PrivateLink", + "MSK", + "ClickPipes" + ] + }, { "title": "How to use the exchange command to switch tables", "description": "How to use the exchange command to switch tables", @@ -1262,4 +1276,4 @@ "system.custom_metrics" ] } -] +] \ No newline at end of file