Access Denied trying to connect Lenses Agent to MSK Serverless

Lenses
1

I’m trying to get Lenses 6 Agent to connect to my MSK Serverless Kafka but I’m getting an Access Denied error.

I’ve correctly set an IAM role against the EC2 instance.

Testing even with the kafka-topics.sh, I’m getting the error:

[2025-07-14 20:13:43,776] ERROR [AdminClient clientId=adminclient-1] Connection to node -1 (boot-0tm6ik1m.c1.kafka-serverless.eu-west-3.amazonaws.com/172.31.18.146:9098) failed authentication due to: [cf8ae020-efff-4d6b-add2-bf451ec58949]: Access denied (org.apache.kafka.clients.NetworkClient)
[2025-07-14 20:13:43,781] WARN [AdminClient clientId=adminclient-1] Metadata update failed due to authentication error (org.apache.kafka.clients.admin.internals.AdminMetadataManager)
org.apache.kafka.common.errors.SaslAuthenticationException: [cf8ae020-efff-4d6b-add2-bf451ec58949]: Access denied Error while executing topic command : [cf8ae020-efff-4d6b-add2bf451ec58949]: Access denied
[2025-07-14 20:13:43,784] ERROR org.apache.kafka.common.errors.SaslAuthenticationException: [cf8ae020-efff-4d6b-add2-bf451ec58949]: Access denied (org.apache.kafka.tools.TopicCommand)
2

For MSK Serverless, ensure in your IAM role you are specifying kafka-cluster and not kafka in the IAM Actions.

Eg:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "kafka-cluster:*"
            ],
            "Resource": "*"
        }
    ]
}

See AWS MSK Serverless docs

This solved the problem for me.