Best practice rules for Amazon Managed Streaming for Apache Kafka
Trend Micro Cloud One™ – Conformity monitors Amazon Managed Streaming for Apache Kafka with the following rules:
- Enable Apache Kafka Latest Security Features
Ensure access to the latest security features in Amazon MSK clusters.
- Enable Enhanced Monitoring for Apache Kafka Brokers
Ensure that enhanced monitoring of Apache Kafka brokers using Amazon CloudWatch is enabled.
- Enable In-Transit Encryption
Ensure that in-transit encryption is enabled for Amazon MSK clusters to protect against eavesdropping.
- Enable MSK Cluster Encryption at Rest using CMK
Ensure that your Amazon MSK clusters are encrypted using KMS Customer Master Keys.
- Enable Mutual TLS Authentication for Kafka Clients
Ensure that only trusted clients can connect to your Amazon MSK clusters using TLS certificates.
- Publicly Accessible Clusters
Ensure that Amazon MSK clusters are not publicly accessible and prone to security risks.
- Unrestricted Access to Apache Kafka Brokers
Ensure that unrestricted access to the Apache Kafka brokers is disabled.