ApsaraMQ for Kafka Professional Edition and Serverless Edition instances provide the access control list (ACL) feature. After you enable ACL for an instance, you can authorize a Simple Authentication and Security Layer (SASL) user to access the instance by using the SASL endpoint.
Prerequisites
Before you begin, make sure that you have:
An ApsaraMQ for Kafka instance of Professional Edition or Serverless Edition
An instance in the Running state
A major version of 2.2.0 or later. To upgrade, see the "Upgrade the version of an instance" section of Upgrade instance versions
The latest minor version. To update, see Upgrade instance versions
Enable ACL for an existing instance
Log on to the ApsaraMQ for Kafka console.
In the Resource Distribution section of the Overview page, select the region where your instance resides.
On the Instances page, click the name of your instance.
On the Instance Details page, click Enable ACL in the upper-right corner of the Overview section.
In the Note dialog, click OK, and then refresh the page.
You can enable ACL only after the version of the instance is upgraded. You can also enable ACL when you deploy a new instance.
Verify the result
After you refresh the Instance Details page, the Status parameter in the Basic Information section changes to Upgrading. The upgrade takes about 15 to 20 minutes. When Status changes back to Running, ACL is enabled.
What to do next
After you enable ACL, create a SASL user and grant the user permissions to access your instance through the SASL endpoint. For more information, see the "Create a SASL user" section of Grant permissions to SASL users.