Update Public MSK (Production) docs to use SASL/SCRAM

[jfallows]

We have 3 different how-tos for Zilla Plus (Public MSK Proxy)

• Development
• Production
• Production (Mutual Trust)

The Production (Mutual Trust) how-to illustrates using TLS client certificates for client authentication, but the Production how-to illustrates unauthenticated access via TLS.

Let's modify the Production how-to to use SASL/SCRAM authentication end-to-end via Zilla Plus (Public MSK Proxy) as this is a common use case when the Kafka client is not using TLS client certificates for authentication.

Changes needed include

• Configure MSK cluster for SASL/SCRAM authentication
  • note: uses port 9096 (sasl), not port 9094 (tls)
  • applies to all ports in how-to, including command line to test via Kafka client
• Create AmazonMSK_alice secret with value alice-secret using non-default encryption key
• Associate AmazonMSK_alice secret with MSK cluster (requires secret uses non-default encryption key)
• Configure Kafka client client.properties to use SASL/SCRAM and authenticate as alice

AmazonMSK_alice secret value (plaintext)

{
  "username": "alice",
  "password": "alice-secret"
}

client.properties

sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username="alice" password="alice-secret";
security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-512