Page History
...
In the IAM > User > Summary section, find the ARN for the tomcat user, which identifies your specific AWS account and IAM user identity. It will look something like this: arn:aws:iam::9876543210:user/yourHospital-Shrine.
At the top level of the IAM console, far right column, find your account ID. It will be a long number.
Send both of these Send this to your hub admins so that they can add your node to the network. Neither It is not secret; , so sending them in the clear is fine.
Run shrineDownstream setMomUserPolicy
...
The hub admin will create an account on the Kafka server for your node,
TODO
and send you the user name and password via a secure channel.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
shrine {
...
kafka {
sasl.jaas.username = "yourKafkaUserName"
}
...
}//shrine
|
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
shrine.kafka.sasl.jaas.password = "hubPassword" |
...
yourKafkaUserPassword" |
Create a Kafka client certificate truststore
In order to secure traffic through the internet with TLS/SSL, Kafka requires clients to authenticate servers via public key infrastructure (PKI). Each client needs a client truststore, in PKCS12 format, containing a list of individual server certificates signed by a Certificate Authority (CA), or alternatively the CA's cert itself. Ask the hub admin for the certificate(s), and import them each with Java keytool:
Code Block | ||||
---|---|---|---|---|
| ||||
keytool -keystore kafka_client_truststore.pkcs12 -alias <name of cert> -import -file <certificate-file> |
This will create the truststore file if it does not exist. You will be prompted for a password, despite the trustore containing no secret material since certificates are public.
Add the truststore's location and password to the same two sections as your Kafka user credentials:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
shrine {
...
kafka {
...
ssl.truststore.location = "/path/to/your/kafka_client_truststore.pkcs12"
}
...
}}//shrine |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
shrine.kafka.ssl.truststore.password = "yourClientTruststorePassword" |