# AWS MSK

{% hint style="success" %}
Only one Kafka connection is allowed.

The name must be kafka.

See [JSON schema](/latest/devx/6.0/deployment/configuration/agent/overview.md#json-schema-support) for support.

Environment variables are supported; escape the dollar sign

```yaml
sslKeystorePassword:
  value: "\${ENV_VAR_NAME}"
```

{% endhint %}

It is recommended to install the Agent on an EC2 instance or with EKS in the same VPC as your MSK cluster. The Agent can be installed and preconfigured via the[ AWS Marketplace](/latest/devx/6.0/deployment/configuration/agent/automation/kafka/aws-msk.md).

## Open network connectivity

Edit the AWS MSK security group in the AWS Console and add the IP address of your Agent installation.

<figure><img src="/files/FNnjkTPM3QIjwkbDgJxa" alt=""><figcaption><p>MSK Security group</p></figcaption></figure>

## Enable Open Monitoring

If you want to have the Agent collect JMX metrics you have to enable Open Monitoring on your MSK cluster. Follow the AWS guide[ here](https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html#enable-open-monitoring-after-creation).

## Select your MSK endpoint

Depending on your MSK cluster, select the endpoint and protocol you want to connect with.

{% hint style="warning" %}
It is not recommended to use Plaintext for secure environments. For these environments use TLS or IAM.
{% endhint %}

<figure><img src="/files/QvEXC1mqdLIKkVxCvGvN" alt=""><figcaption></figcaption></figure>

When the Agent is running inside AWS and is connecting to an Amazon’s Managed Kafka (MSK) instance, IAM can be used for authentication.

## Configure Provisioning

{% code title="provisioning.yaml" %}

```yaml
kafka:
- name: kafka
  version: 1
  tags: ["optional-tag"]
  configuration:
    kafkaBootstrapServers:
      value:
       - SASL_SSL://your.kafka.broker.0:9098
       - SASL_SSL://your.kafka.broker.1:9098
    protocol: 
      value: SASL_SSL
    saslMechanism: 
      value: AWS_MSK_IAM
    saslJaasConfig:
      value: software.amazon.msk.auth.iam.IAMLoginModule required;
    additionalProperties:
      value:
        sasl.client.callback.handler.class: "software.amazon.msk.auth.iam.IAMClientCallbackHandler"
    metricsType:
      value: AWS
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lenses.io/latest/devx/6.0/deployment/configuration/agent/automation/kafka/aws-msk.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.