Set up JDBC Sink Connector for MSK Connect - aws_mainframe_modernization_service - Latest

AWS Mainframe Modernization Data Replication for IBM z/OS
Product type
Software
Portfolio
Integrate
Product family
Connect
Product
AWS Mainframe Modernization > AWS Mainframe Modernization Service
Version
Latest
ft:locale
en-US
Product name
AWS Mainframe Modernization
ft:title
AWS Mainframe Modernization Data Replication for IBM z/OS
Copyright
2025
First publish date
2000
ft:lastEdition
2025-02-10
ft:lastPublication
2025-02-10T15:55:15.122000

Precisely MSK connect CDC converter is a combined package of the JDBC sink connector plugin, AWS Secrets Manager Config Provider, and Precisely Connect SMT that is ready for AWS deployments.

  1. Upload /opt/precisely/di/packages/sqdata-msk_connect-1.0.0.zip to an S3 bucket.
  2. Use the S3 bucket location to create a plugin in MSK Connect (https://docs.aws.amazon.com/msk/latest/developerguide/msk-connect-plugins.html)
  3. Create a service execution IAM role to be used by MSK Connect (https://docs.aws.amazon.com/msk/latest/developerguide/msk-connect-service-execution-role.html)
  4. If needed, create a Secrets Manager endpoint in the same VPC as MSK Connect (https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html)

Trust policy example

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "kafkaconnect.amazonaws.com"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "Account-ID"
        },
        "ArnLike": {
          "aws:SourceArn": "arn:aws:kafkaconnect:region:account-id:connector/*"
        }
      }
    }   
  ]
}

IAM policy example

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:Connect",
                "kafka-cluster:DescribeCluster"
            ],
            "Resource": [
                "arn:aws:kafka:region:account-id:topic/cluster-name/cluster-uuid"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:ReadData",
                "kafka-cluster:DescribeTopic"
            ],
            "Resource": [
                "arn:aws:kafka:region:account-id:topic/cluster-name/cluster-uuid/topic-name"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:CreateTopic",
                "kafka-cluster:WriteData",
                "kafka-cluster:ReadData",
                "kafka-cluster:DescribeTopic"
            ],
            "Resource": [
                "arn:aws:kafka:region:account-id:topic/cluster-name/cluster-uuid/__amazon_msk_connect_*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:AlterGroup",
                "kafka-cluster:DescribeGroup"
            ],
            "Resource": [
                "arn:aws:kafka:region:account-id:group/cluster-name/cluster-uuid/__amazon_msk_connect_*",
                "arn:aws:kafka:region:account-id:group/cluster-name/cluster-uuid/connect-*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetResourcePolicy",
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret",
                "secretsmanager:ListSecretVersionIds"
            ],
            "Resource": [
                "arn:aws:secretsmanager:region:account-i:secret:secret-name"
            ]
        }
    ]
}