GITBOOK-15: Add a MSK guide (thx @Narekmat)

Author: Haarolean

SUMMARY.md

@@ -23,10 +23,11 @@
 
 ## 👷♂ Configuration
 
-* [Configuration](configuration/configuration/README.md)
-  * [Required ACLs](configuration/configuration/required-acls.md)
-  * [Complex configuration examples](configuration/configuration/complex-configuration-examples/README.md)
-    * [Kraft mode + multiple brokers](configuration/configuration/complex-configuration-examples/kraft-mode-+-multiple-brokers.md)
+* [Permissions](configuration/permissions/README.md)
+  * [Required Kafka ACLs](configuration/permissions/required-kafka-acls.md)
+  * [MSK (+Serverless) Setup](configuration/permissions/msk-+serverless-setup.md)
+* [Complex configuration examples](configuration/complex-configuration-examples/README.md)
+  * [Kraft mode + multiple brokers](configuration/complex-configuration-examples/kraft-mode-+-multiple-brokers.md)
 * [SSL](configuration/ssl.md)
 * [Authentication](configuration/authentication/README.md)
   * [OAuth2](configuration/authentication/oauth2.md)

configuration/configuration/complex-configuration-examples/README.md renamed to configuration/complex-configuration-examples/README.md

@@ -0,0 +1,2 @@
+# Permissions
+

configuration/configuration/complex-configuration-examples/kraft-mode-+-multiple-brokers.md renamed to configuration/complex-configuration-examples/kraft-mode-+-multiple-brokers.md

@@ -0,0 +1,86 @@
+# MSK (+Serverless) Setup
+
+This guide has been written for MSK Serverless but is applicable for MSK in general as well.
+
+## Creating an instance
+
+1. Go to the MSK page
+2. Click "create cluster"
+3. Choose "Custom create"
+4. Choose "Serverless"
+5. Choose VPC and subnets
+6. Choose the default security group or use the existing one
+
+### Creating a policy
+
+1. Go to IAM policies
+2. Click "create policy"
+3. Click "JSON"
+4. Paste the following policy example in the editor, and replace "MSK ARN" with the ARN of your MSK cluster
+
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "VisualEditor0",
+            "Effect": "Allow",
+            "Action": [
+                "kafka-cluster:DescribeCluster",
+                "kafka-cluster:AlterCluster",
+                "kafka-cluster:Connect"
+            ],
+            "Resource": "arn:aws:kafka:eu-central-1:297478128798:cluster/test-wizard/7b39802a-21ac-48fe-b6e8-a7baf2ae2533-s2"
+        },
+        {
+            "Sid": "VisualEditor1",
+            "Effect": "Allow",
+            "Action": [
+                "kafka-cluster:DeleteGroup",
+                "kafka-cluster:DescribeCluster",
+                "kafka-cluster:ReadData",
+                "kafka-cluster:DescribeTopicDynamicConfiguration",
+                "kafka-cluster:AlterTopicDynamicConfiguration",
+                "kafka-cluster:AlterGroup",
+                "kafka-cluster:AlterClusterDynamicConfiguration",
+                "kafka-cluster:AlterTopic",
+                "kafka-cluster:CreateTopic",
+                "kafka-cluster:DescribeTopic",
+                "kafka-cluster:AlterCluster",
+                "kafka-cluster:DescribeGroup",
+                "kafka-cluster:DescribeClusterDynamicConfiguration",
+                "kafka-cluster:Connect",
+                "kafka-cluster:DeleteTopic",
+                "kafka-cluster:WriteData"
+            ],
+            "Resource": "arn:aws:kafka:eu-central-1:297478128798:topic/test-wizard/7b39802a-21ac-48fe-b6e8-a7baf2ae2533-s2/*"
+        },
+        {
+            "Sid": "VisualEditor2",
+            "Effect": "Allow",
+            "Action": [
+                "kafka-cluster:AlterGroup",
+                "kafka-cluster:DescribeGroup"
+            ],
+            "Resource": "arn:aws:kafka:eu-central-1:297478128798:group/test-wizard/7b39802a-21ac-48fe-b6e8-a7baf2ae2533-s2/*"
+        }
+    ]
+}
+```
+
+### Attaching the policy to a user
+
+#### Creating a role for EC2
+
+1. Go to IAM
+2. Click "Create role"
+3. Choose AWS Services and EC2
+4. On the next page find the policy which has been created in the previous step
+
+### Attaching the role to the EC2 instance
+
+1. Go to EC2
+2. Choose your EC2 with Kafka-UI
+3. Go to Actions -> Security -> Modify IAM role
+4. Choose the IAM role from previous step
+5. Click Update IAM role

configuration/configuration/README.md

@@ -2,9 +2,9 @@
 description: ACLs required to run the app
 ---
 
-# Required ACLs
+# Required Kafka ACLs
 
-## Standalone kafka
+## ACLs for standalone kafka
 
 This list is enough to run the app in r/o mode
 
@@ -18,12 +18,5 @@ This list is enough to run the app in r/o mode
  ALLOW      | DESCRIBE_CONFIGS | CLUSTER      | kafka-cluster | LITERAL
 ```
 
-## MSK
 
-```
-      "kafka-cluster:Connect",
-      "kafka-cluster:Describe*",
-      "kafka-cluster:CreateTopic",
-      "kafka-cluster:AlterGroup",
-      "kafka-cluster:ReadData"
-```
+

configuration/permissions/README.md

@@ -10,7 +10,7 @@ Good resource for what properties are needed here: https://gist.github.com/rmoff
 
 ## Cluster authorization failed
 
-Check the [required permissions](../configuration/configuration/required-acls.md).
+Check the [required permissions](../configuration/permissions/required-kafka-acls.md).
 
 ## Confluent cloud errors