Ensure MSK (Kafka) cluster is not using an unsupported Kafka version (2.4.1)

Security & Compliance

Amazon Managed Streaming for Apache Kafka (MSK) is a fully managed, highly available, and secure service that makes it easy to build and run applications that use Apache Kafka to process streaming data. It is important to ensure that MSK clusters are not using an unsupported Kafka version (2.4.1) to avoid any potential security or compatibility issues.


To remediate the issue of an MSK (Kafka) cluster using an unsupported Kafka version (2.4.1), follow these steps:

  1. Check the compatibility of the Kafka version that is currently in use with MSK. If the Kafka version is 2.4.1, take note of the configuration and settings of the cluster.
  2. Create a new cluster using a supported Kafka version. The supported versions can be found in the Amazon MSK documentation.
  3. Configure the new cluster with the same settings and configurations as the original cluster.
  4. Migrate the data from the original cluster to the new cluster.
  5. Once the data is fully migrated and verified, decommission the original cluster.

Note: If migration is not feasible, upgrade the Kafka version of the original cluster to a supported version according to the documentation.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.