Merge pull request #283 from GoodMirek/patch-1

devlinbd2 · web-flow · commit 84b550b4f278 · 2021-05-25T10:57:00.000-07:00
Add VPC endpoints as alternative to NAT gateway
diff --git a/doc_source/services-msk-topic-add.md b/doc_source/services-msk-topic-add.md
@@ -12,6 +12,7 @@ This section describes how to add your Kafka cluster and topic as a function tri
 
 To get Apache Kafka records from Amazon MSK brokers, Lambda must have access to the Amazon Virtual Private Cloud \(Amazon VPC\) resources associated with your MSK cluster\. To meet Amazon VPC access requirements, we recommend:
 + Configuring one NAT gateway per public subnet\. For more information, see [Internet and service access for VPC\-connected functions](configuration-vpc.md#vpc-internet)\.
++ Alternatively, instead of NAT gateway, deploy VPC Endpoints (PrivateLink) for Lambda and STS services\. If authentication is required, then deploy also VPC Endpoint for Secrets Manager\. 
 
 Your Amazon VPC security groups must be configured with the following rules \(at minimum\):
 + Inbound rules – Allow all traffic on all ports for the security group specified as your event source\.
@@ -56,4 +57,4 @@ The following example uses the [https://awscli.amazonaws.com/v2/documentation/ap
 
 ```
 aws lambda get-event-source-mapping --uuid 6d9bce8e-836b-442c-8070-74e77903c815
-```
+```
