what does "Client subnets" mean in Amazon Managed Streaming for Apache Kafka?
The AWS MSK documentation said:
clientSubnets: The list of subnets to connect to in the client virtual private cloud (VPC). Amazon creates elastic network interfaces inside these subnets. Client applications use elastic network interfaces to produce and consume data.
Question 1: what does clientSubnets mean?
Question 2: are they subnets that Kafka brokers reside in?
If the answer is yes, why it is called ClientSubnet? it has nothing to do with Client.
Question3: who has the access to the broker?
My VPC has three subnets, if my EC2 instance is in subnet A, but the brokerB is in subnet B, does this EC2 instance has access to the endpoint of broker B?
The following image from AWS docs ilustrates what's happening:
Q1 and Q2: what does clientSubnets mean? and are they subnets that Kafka brokers reside in?
No, they are not. These are subnets in your VPC that will have elastic network interfaces (ENI) created in. This is because MKS cluster is created in AWS mangaged VPC, not your VPC as illustrated above. This means that you don't have direct access to the cluster. You can only interact with it using ENI's created in your clientSubnets that you specify.
Question3: who has the access to the broker?
Direct access has only AWS. But you will have access to it through ENI from any subnet in your VPC. So your instances don't have to be in same subnets. As long as they are in same VPC, your instances and MKS's ENI can be in different subnets.