# AWS MSK

{% hint style="success" %}
Lenses will not start without a valid Kafka Connection. You can either add the connection via the bootstrap wizard or use [provisioning ](/latest/devx/5.5/deployment/installation/automation.md)for automated deployments.
{% endhint %}

It is recommended to install Lenses on an EC2 instance or with EKS in the same VPC as your MSK cluster. Lenses can be installed and preconfigured via the[ AWS Marketplace](/latest/devx/5.5/getting-started/connections/kafka/aws-msk.md).

## Open network connectivity

Edit the AWS MSK security group in the AWS Console and add the IP address of your Lenses installation.

<figure><img src="/files/ksRKWS1OJi3Sg2bnOuuE" alt=""><figcaption><p>MSK Security group</p></figcaption></figure>

## Enable Open Monitoring

If you want to have Lenses collect JMX metrics you have to enable Open Monitoring on your MSK cluster. Follow the AWS guide[ here](https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html#enable-open-monitoring-after-creation).

## Select your MSK endpoint

Depending on your MSK cluster, select the endpoint and protocol you want to connect with.

{% hint style="warning" %}
It is not recommended to use Plaintext for secure environments. For these environments use TLS or IAM.
{% endhint %}

<figure><img src="/files/OC3My2v3OEHt0WlXhSl2" alt=""><figcaption></figcaption></figure>

## Creating a Connection

In the Lenses bootstrap UI, Select:

1. Security Protocol and set the protocol you want to use
2. SASL Mechanism and set the mechanism you want to use.

## Connecting with AWS IAM

In the Lenses bootstrap UI, Select:

1. Security Protocol and set it to **SASL\_SSL**
2. Sasl Mechanism and set it to **`AWS_MSK_IAM`**
3. Add **`software.amazon.msk.auth.iam.IAMLoginModule required;`** to the Sasl Jaas Config section
4. Optionally upload your trust store
5. Set **`sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler`** in the Advances Kafka Properties section.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lenses.io/latest/devx/5.5/getting-started/connections/kafka/aws-msk.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.