From 32a0ece0a3ae4f7c49017c67dcfa9024d93a3baf Mon Sep 17 00:00:00 2001
From: German Osin <german.osin@gmail.com>
Date: Tue, 20 Jul 2021 11:55:24 +0300
Subject: [PATCH] Added AWS IAM (#692)

---
 README.md            |  1 +
 guides/AWS_IAM.md    | 41 +++++++++++++++++++++++++++++++++++++++++
 kafka-ui-api/pom.xml |  6 ++++++
 3 files changed, 48 insertions(+)
 create mode 100644 guides/AWS_IAM.md

diff --git a/README.md b/README.md
index 1e39a9fb3b..6feb09572a 100644
--- a/README.md
+++ b/README.md
@@ -109,6 +109,7 @@ To read more please follow to [chart documentation](charts/kafka-ui/README.md)
 # Guides
 
 - [SSO configuration](guides/SSO.md)
+- [AWS IAM configuration](guides/AWS_IAM.md)
 
 ## Connecting to a Secure Broker
 
diff --git a/guides/AWS_IAM.md b/guides/AWS_IAM.md
new file mode 100644
index 0000000000..80bfab205b
--- /dev/null
+++ b/guides/AWS_IAM.md
@@ -0,0 +1,41 @@
+# How to configure AWS IAM Authentication
+
+UI for Apache Kafka comes with built-in [aws-msk-iam-auth](https://github.com/aws/aws-msk-iam-auth) library.
+
+You could pass sasl configs in properties section for each cluster.
+
+More details could be found here: [aws-msk-iam-auth](https://github.com/aws/aws-msk-iam-auth)
+ 
+## Examples: 
+
+Please replace 
+* <KAFKA_URL> with broker list
+* <PROFILE_NAME> with your aws profile
+
+
+### Running From Docker Image
+
+```sh
+docker run -p 8080:8080 \
+    -e KAFKA_CLUSTERS_0_NAME=local \
+    -e KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS=<KAFKA_URL> \
+    -e KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL=SASL_SSL \
+    -e KAFKA_CLUSTERS_0_PROPERTIES_SASL_MECHANISM=AWS_MSK_IAM \
+    -e KAFKA_CLUSTERS_0_PROPERTIES_SASL_CLIENT_CALLBACK_HANDLER_CLASS=software.amazon.msk.auth.iam.IAMClientCallbackHandler \
+    -e KAFKA_CLUSTERS_0_PROPERTIES_SASL_JAAS_CONFIG=software.amazon.msk.auth.iam.IAMLoginModule required awsProfileName="<PROFILE_NAME>"; \
+    -d provectuslabs/kafka-ui:latest 
+```
+
+### Configuring by application.yaml
+
+```yaml
+kafka:
+  clusters:
+    - name: local
+      bootstrapServers: <KAFKA_URL>
+      properties:
+        security.protocol: SASL_SSL
+        sasl.mechanism: AWS_MSK_IAM
+        sasl.client.callback.handler.class: software.amazon.msk.auth.iam.IAMClientCallbackHandler
+        sasl.jaas.config: software.amazon.msk.auth.iam.IAMLoginModule required awsProfileName="<PROFILE_NAME>";
+```
\ No newline at end of file
diff --git a/kafka-ui-api/pom.xml b/kafka-ui-api/pom.xml
index 41ca96f744..ea7a888173 100644
--- a/kafka-ui-api/pom.xml
+++ b/kafka-ui-api/pom.xml
@@ -97,6 +97,12 @@
             <version>${confluent.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>software.amazon.msk</groupId>
+            <artifactId>aws-msk-iam-auth</artifactId>
+            <version>1.1.0</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.avro</groupId>
             <artifactId>avro</artifactId>