Show HN: C++ AWS MSK IAM Auth Implementation – Goodbye Kafka Passwords

In 2023, AWS announced[1] IAM authentication for MSK Kafka clusters with support for &quot;all programming languages&quot;… except C++. While Java[2], Python[3], Go[4], and others got official SDKs, C++ developers&#x2F;vendors were stuck hardcoding SCRAM-SHA credentials in code&#x2F;configs or relying on heavier Java-based tools like Kafka Connect or Apache Flink.<p>Later, community projects added Rust[5] and Ruby[6] support. Why no C++? Rust might be the new favorite, but C++ is still king for high-performance data systems: minimal dependencies, lean resource use, and raw speed.<p>At Timeplus, we needed IAM auth for our C++ streaming engine, Proton, so we built it ourselves. Today, we’re open-sourcing our code for AWS MSK IAM authentication. It’s live in Timeplus Proton 1.6.12<p>Just attach an IAM role to your EC2 instance or EKS pod, then put the Timeplus Proton single binary inside, start the server, then run the following SQL to read or write MSK:<p>CREATE EXTERNAL STREAM msk_stream(column_defs) SETTINGS type=&#x27;kafka&#x27;,topic=&#x27;topic2&#x27;, brokers=&#x27;prefix.kafka.us-west-2.amazonaws.com:9098&#x27;, security_protocol=&#x27;SASL_SSL&#x27;, sasl_mechanism=&#x27;AWS_MSK_IAM&#x27;;<p>The core logic is just two files under 200 lines and you can reuse the code anywhere. <a href="https:&#x2F;&#x2F;github.com&#x2F;timeplus-io&#x2F;proton&#x2F;blob&#x2F;develop&#x2F;src&#x2F;IO&#x2F;Kafka&#x2F;AwsMskIamSigner.h">https:&#x2F;&#x2F;github.com&#x2F;timeplus-io&#x2F;proton&#x2F;blob&#x2F;develop&#x2F;src&#x2F;IO&#x2F;Ka...</a> <a href="https:&#x2F;&#x2F;github.com&#x2F;timeplus-io&#x2F;proton&#x2F;blob&#x2F;develop&#x2F;src&#x2F;IO&#x2F;Kafka&#x2F;AwsMskIamSigner.cpp">https:&#x2F;&#x2F;github.com&#x2F;timeplus-io&#x2F;proton&#x2F;blob&#x2F;develop&#x2F;src&#x2F;IO&#x2F;Ka...</a><p>We’d love to get your feedback and work together to make this a standalone library—or even get it into ClickHouse or AWS SDK for C++.<p>For those curious about Timeplus Proton: it’s an open-source streaming engine we built in C++ (think “FlinkSQL in C++” meets ClickHouse’s columnar storage). Later this month, we will also open-source our C++ code for Apache Iceberg read&amp;write. Stay tuned.<p>Links:<p>[1] <a href="https:&#x2F;&#x2F;aws.amazon.com&#x2F;blogs&#x2F;big-data&#x2F;amazon-msk-iam-authentication-now-supports-all-programming-languages&#x2F;" rel="nofollow">https:&#x2F;&#x2F;aws.amazon.com&#x2F;blogs&#x2F;big-data&#x2F;amazon-msk-iam-authent...</a> [2] <a href="https:&#x2F;&#x2F;github.com&#x2F;aws&#x2F;aws-msk-iam-auth">https:&#x2F;&#x2F;github.com&#x2F;aws&#x2F;aws-msk-iam-auth</a> [3] <a href="https:&#x2F;&#x2F;github.com&#x2F;aws&#x2F;aws-msk-iam-sasl-signer-python">https:&#x2F;&#x2F;github.com&#x2F;aws&#x2F;aws-msk-iam-sasl-signer-python</a> [4] <a href="https:&#x2F;&#x2F;github.com&#x2F;aws&#x2F;aws-msk-iam-sasl-signer-go">https:&#x2F;&#x2F;github.com&#x2F;aws&#x2F;aws-msk-iam-sasl-signer-go</a> [5] <a href="https:&#x2F;&#x2F;docs.rs&#x2F;aws-msk-iam-sasl-signer" rel="nofollow">https:&#x2F;&#x2F;docs.rs&#x2F;aws-msk-iam-sasl-signer</a> [6] <a href="https:&#x2F;&#x2F;rubygems.org&#x2F;gems&#x2F;aws-msk-iam-sasl-signer&#x2F;" rel="nofollow">https:&#x2F;&#x2F;rubygems.org&#x2F;gems&#x2F;aws-msk-iam-sasl-signer&#x2F;</a>