MSK clusters should not be publicly accessible and should use private subnets

amazon-msk
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

MSK clusters should not be publicly accessible and should be deployed in private subnets. Keeping brokers in private subnets reduces exposure to the public internet and limits access to approved network paths.

Remediation

Disable public access for brokers and place the cluster in subnets that do not assign public IPs on launch. For guidance, refer to Configuring public access for a cluster.