Posted On: Nov 19, 2021

AWS Lambda now supports mutual TLS authentication for Amazon MSK and self managed Kafka as an event source. Customers now have the option to provide a client certificate to establish a trust relationship between AWS Lambda and Amazon MSK or self managed Kafka brokers that are configured as event sources. Lambda will support self-signed server certificates or server certificates signed by a private CA for self-managed Kafka event sources by letting customers provide a root CA certificate which allows our pollers to trust their Kafka brokers. Support for self-signed server certificates is not required for MSK event sources because all MSK brokers use public certificates signed by Amazon Trust Services CAs, which Lambda trusts by default.

To learn more about how to use mTLS Authentication for your Kafka triggered AWS Lambda functions please refer to our documentation on using AWS Lambda with self managed Apache Kafka and using AWS Lambda with Amazon MSK.