CommunityTeamEnterprise
Glue Schema Registry
Configuration
Kpow connects to a Schema registry with environment variables.
| Variable | Description |
|---|---|
| SCHEMA_REGISTRY_NAME | UI and logs friendly name for this Schema Registry |
| SCHEMA_REGISTRY_ARN | The ARN of your AWS Glue Schema Registry |
| SCHEMA_REGISTRY_REGION | The Region of your AWS Glue Schema Registry (default: us-east-1) |
AWS Glue authentication
By default, Kpow will use the DefaultAWSCredentialsProviderChain to authenticate with AWS Glue schema registry.
Static credentials
You can authenticate using static credentials by specifying:
SCHEMA_REGISTRY_ACCESS_KEY_ID=xxx
SCHEMA_REGISTRY_SECRET_ACCESS_KEY=xxx
Cross-account AWS Access (STS Assume Role)
If you wish to configure cross-account AWS Schema registry access (where for example Kpow is living in AWS Account A and AWS Glue is living in Account B) you can configure an IAM role+trust policy.
This blog post demonstrates how to configure an IAM role for this exact scenario with example Terraform in the GitHub repo.
You can configure Kpow to assume a role with the following environment variables:
SCHEMA_REGISTRY_STS_ROLE_ARN="arn:aws:iam::ACCOUNT_B_ID:root"
SCHEMA_REGISTRY_STS_SESSION_NAME="session_name"
SCHEMA_REGISTRY_STS_REGION="us-east-2" # (default us-east-1)
Access control
User permissions to Kafka cluster resources are defined by Schema actions. See: User Authorization.