-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deployment in AWS MSK Connect fails with sts "connect timed out" #30
Comments
Connect to sts.amazonaws.com timed out implies that it cannot be reached. Is it possible the Kafka Connect cluster runs in an unusual networking configuration? If the queue and connector accounts are the same, you may not need to assume a role at all, although it is nice to have. |
Thanks for your reply @dylanmei. Yes everything is in the same account. Let's say that I don't want to assume a role at all, should I just remove the following properties? sqs.credentials.provider.class
sqs.credentials.provider.role.arn
sqs.credentials.provider.session.name
sqs.credentials.provider.external.id |
That's correct, it should just inherit the context of the worker in that case. The README doesn't make it so clear that these things are optional 😞 but you can see we don't supply any such values in the demo folder. |
I removed the above properties and I am observing the same failure mode. 😞 |
Hey @kyrsideris, I had a similar issue #31. In my case, MSK Connect didn't have internet access. The connector worked fine when I added a NAT to the subnet that the MSK cluster was connected to. |
Hello,
Thank you very much for this nice connector, I wish I could use it!
I am deploying it in AWS MSK Connect and the exception that I see is the following:
com.amazonaws.SdkClientException: Unable to execute HTTP request: Connect to sts.amazonaws.com:443 [sts.amazonaws.com/X.Y.Z.V] failed: connect timed out
Any help will be appreciated! 🙏
Configuration
The role that I have provided to the MSK Connector (
test-kafka-connect-sqs-source-role
) has more than enough permissions in the policies and the trust policy looks like this:The trust in
kafkaconnect.amazonaws.com
is needed so the service can used this IAM role.The configuration of the connector is the following:
Kafka authentication method is set to "None"
Versions
Apache Kafka version: 2.6.2
Apache Kafka Connect version: 2.7.1
kafka-connect-sqs: 1.4.0
Logs
The full exceptions is the following
The text was updated successfully, but these errors were encountered: