Use AWS IAM assume role credentials provider
The Aiven for Apache Kafka® S3 sink connector moves data from an Aiven for Apache Kafka cluster to Amazon S3 for long-term storage.
You can connect the S3 sink connector to Amazon S3 using either:
- Long-term AWS credentials (
ACCESS_KEY_IDandSECRET_ACCESS_KEY) - AWS IAM assume role credentials (recommended)
When you use IAM assume role credentials, the connector requests short-term credentials each time it writes data to the S3 bucket.
To use IAM assume role credentials:
- Request a unique IAM user from Aiven support.
- Create an AWS cross-account access role.
- Create a Kafka Connect S3 sink connector.
Request a unique IAM user from Aiven support
Each Aiven project has a dedicated IAM user. Aiven does not share IAM users or roles
across customers. Contact Aiven support at support@aiven.io to request:
- An IAM user ARN
- An External ID (used to identify your role)
Example:
- IAM user:
arn:aws:iam::012345678901:user/sample-project-user - External ID:
2f401145-06a0-4938-8e05-2d67196a0695
The cross-account role you create provides access to one Aiven project only.