SASL no TLS and AWS MSK

[mattia-crypto]

Hi,

I am unable to use the provider with an AWS MSK cluster configured with SASL:

terraform {
  required_version = ">=1.1.5"
  required_providers {
    kafka = {
      source = "Mongey/kafka"
    }
  }
}

provider "kafka" {
  bootstrap_servers = ["some-host:9096"]
  sasl_username     = var.terraform_sasl_username
  sasl_password     = var.terraform_sasl_password
  sasl_mechanism    = "scram-sha512"
  tls_enabled       = false
}

I keep seeing the following on terraform apply:

Error: kafka: client has run out of available brokers to talk to: unexpected EOF

when trying to create:

resource "kafka_topic" "test" {
  name               = "test"
  replication_factor = 3
  partitions         = 1

}

[antontreushchenko]

Try to use

provider "kafka" {
  bootstrap_servers = ["some-host:9096"]
  sasl_username     = var.terraform_sasl_username
  sasl_password     = var.terraform_sasl_password
  sasl_mechanism    = "scram-sha512"
  tls_enabled       = true
  skip_tls_verify   = false
}

[mattia-crypto]

@antontreushchenko Same problem unfortunately

[antontreushchenko]

mattia-crypto I have such a security configuration for the cluster, if yours is not like this, then try to do this

[mattia-crypto]

Thanks. However, I see from your screenshot you have unauthenticated access and Plaintext between clients and brokers enabled. Unfortunately, I cannot have that.

[mattia-crypto]

@antontreushchenko on second note, I noticed I had overlooked one of the params in the config you sent. I managed to make it work now with this:

provider "kafka" {
  bootstrap_servers = ["some-host:9096"]
  sasl_username     = var.terraform_sasl_username
  sasl_password     = var.terraform_sasl_password
  sasl_mechanism    = "scram-sha512"
  tls_enabled       = true
  skip_tls_verify   = false
}

[rssaini01]

I'm bit curious to know,, why you guys are using private port like 9096 ?? it's a private endpoint port for SASL/SCRAM.