Our requirement is to subscribe to Amazone Managed Kafka Cluster with IAM Access. Currently, pega doesn't support option of passing "sasl.client.callback.handler.class" to Amazon MSK. Below was the response provided by PEGA architecture team.
We have reviewed the IAM access control scenario with the product and development teams to better understand what is possible. Ultimately, in this scenario, one of the elements Amazon MSK expects back from the [Pega] client is not yet supported. When evaluated against other deployments using external stream service one deployment model to consider is having the EKS/MSK in the same VPC, using security groups to control access, which provides a level of security and IAM may not be necessary.
Submit an enhancement requesting to have the Pega MSK/IAM client add the sasl.client.callback.handler.class to the prconfig.