Ensure that your Amazon Managed Streaming for Kafka (MSK) clusters are not publicly accessible from the Internet to avoid exposing sensitive and confidential data, and minimize security risks. Trend Micro Cloud One™ – Conformity strongly recommends to keep your Amazon MSK clusters privately (i.e. accessible only from inside the cluster's VPC).
When your Amazon MSK clusters are publicly accessible, anyone on the Internet can establish a connection to the Apache Kafka brokers running within the MSK clusters and this can increase the opportunity for malicious activities such as Denial of Service (DoS) attacks.
Audit
To determine if your Amazon Managed Streaming for Kafka (MSK) clusters are publicly accessible, perform the following operations:
Remediation / Resolution
To turn off public access to the Apache Kafka brokers running within your Amazon MSK clusters, perform the following operations:
References
- AWS Documentation
- Amazon MSK FAQs
- Connecting to an Amazon MSK cluster
- Public access
- AWS Command Line Interface (CLI) Documentation
- kafka
- list-clusters
- describe-cluster
- update-connectivity
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Publicly Accessible Clusters
Risk Level: Medium