1. 创建AWS IAM角色

在AWS IAM中创建一个新的角色并分配S3、EC2和MSK的权限，如下所示：

aws iam create-role \
  --role-name ConnectRole \
  --assume-role-policy-document '{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "",
        "Effect": "Allow",
        "Principal": {
          "Service": "connect.amazonaws.com"
        },
        "Action": "sts:AssumeRole"
      }
    ]
  }'

aws iam attach-role-policy \
  --policy-arn arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess \
  --role-name ConnectRole

aws iam attach-role-policy \
  --policy-arn arn:aws:iam::aws:policy/AmazonMSKFullAccess \
  --role-name ConnectRole

aws iam attach-role-policy \
  --policy-arn arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess \
  --role-name ConnectRole

2. 配置连接器

在连接器配置文件中指定连接器使用的IAM角色ARN：

{
  "name": "inventory-connector",
  "config": {
    "connector.class": "io.debezium.connector.mysql.MySqlConnector",
    "tasks.max": "1",
    "database.hostname": "localhost",
    "database.port": "3306",
    "database.user": "mysqluser",
    "database.password": "mysqlpw",
    "database.server.id": "184055",
    "database.server.name": "dbserver1",
    "table.whitelist": "inventory.customers",
    "database.history.kafka.bootstrap.servers": "kafka:9092",
    "database.history.kafka.topic": "schema-changes.inventory"
  },
  "acl": {
    "principal": "*",
    "grant": "read",
    "type": "AWS_IAM",
    "aws.iam.role.arn": "arn:aws:iam::123456789012:role/ConnectRole"
  }
}

3. 验证IAM角色

使用以下命令验证连接器是否使用指定