awscdkawsmskalpha

package module
v2.0.0-rc.24 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 13, 2021 License: Apache-2.0 Imports: 11 Imported by: 0

README

Amazon Managed Streaming for Apache Kafka Construct Library

All classes with the Cfn prefix in this module (CFN Resources) are always stable and safe to use.

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Amazon MSK is a fully managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data.

The following example creates an MSK Cluster.

import * as msk from '@aws-cdk/aws-msk';

const cluster = new Cluster(this, 'Cluster', {
  kafkaVersion: msk.KafkaVersion.V2_6_1,
  vpc,
});

Allowing Connections

To control who can access the Cluster, use the .connections attribute. For a list of ports used by MSK, refer to the MSK documentation.

import * as msk from "@aws-cdk/aws-msk"
import * as ec2 from "@aws-cdk/aws-ec2"

const cluster = new msk.Cluster(this, "Cluster", {...})

cluster.connections.allowFrom(
  ec2.Peer.ipv4("1.2.3.4/8"),
  ec2.Port.tcp(2181)
)
cluster.connections.allowFrom(
  ec2.Peer.ipv4("1.2.3.4/8"),
  ec2.Port.tcp(9094)
)

Cluster Endpoints

You can use the following attributes to get a list of the Kafka broker or ZooKeeper node endpoints

new cdk.CfnOutput(this, 'BootstrapBrokers', { value: cluster.bootstrapBrokers });
new cdk.CfnOutput(this, 'BootstrapBrokersTls', { value: cluster.bootstrapBrokersTls });
new cdk.CfnOutput(this, 'BootstrapBrokersSaslScram', { value: cluster.bootstrapBrokersSaslScram });
new cdk.CfnOutput(this, 'ZookeeperConnection', { value: cluster.zookeeperConnectionString });
new cdk.CfnOutput(this, 'ZookeeperConnectionTls', { value: cluster.zookeeperConnectionStringTls });

Importing an existing Cluster

To import an existing MSK cluster into your CDK app use the .fromClusterArn() method.

const cluster = msk.Cluster.fromClusterArn(this, 'Cluster', 'arn:aws:kafka:us-west-2:1234567890:cluster/a-cluster/11111111-1111-1111-1111-111111111111-1')

Client Authentication

MSK supports the following authentication mechanisms.

Only one authentication method can be enabled.

TLS

To enable client authentication with TLS set the certificateAuthorityArns property to reference your ACM Private CA. More info on Private CAs.

import * as msk from "@aws-cdk/aws-msk"
import * as acmpca from "@aws-cdk/aws-acmpca"

const cluster = new msk.Cluster(this, 'Cluster', {
    ...
    encryptionInTransit: {
      clientBroker: msk.ClientBrokerEncryption.TLS,
    },
    clientAuthentication: msk.ClientAuthentication.tls({
      certificateAuthorities: [
        acmpca.CertificateAuthority.fromCertificateAuthorityArn(
          stack,
          "CertificateAuthority",
          "arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111"
        ),
      ],
    }),
  });
});
SASL/SCRAM

Enable client authentication with SASL/SCRAM:

import * as msk from "@aws-cdk/aws-msk"

const cluster = new msk.cluster(this, "cluster", {
  ...
  encryptionInTransit: {
    clientBroker: msk.ClientBrokerEncryption.TLS,
  },
  clientAuthentication: msk.ClientAuthentication.sasl({
    scram: true,
  }),
})
SASL/IAM

Enable client authentication with IAM:

import * as msk from "@aws-cdk/aws-msk"

const cluster = new msk.cluster(this, "cluster", {
  ...
  encryptionInTransit: {
    clientBroker: msk.ClientBrokerEncryption.TLS,
  },
  clientAuthentication: msk.ClientAuthentication.sasl({
    iam: true,
  }),
})

Documentation

Overview

The CDK Construct Library for AWS::MSK

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Cluster_IsConstruct 

func Cluster_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func Cluster_IsResource 

func Cluster_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func NewCluster_Override 

func NewCluster_Override(c Cluster, scope constructs.Construct, id *string, props *ClusterProps)

Experimental.

Types

type BrokerLogging 

type BrokerLogging struct {
	// The CloudWatch Logs group that is the destination for broker logs.
	// Experimental.
	CloudwatchLogGroup awslogs.ILogGroup `json:"cloudwatchLogGroup"`
	// The Kinesis Data Firehose delivery stream that is the destination for broker logs.
	// Experimental.
	FirehoseDeliveryStreamName *string `json:"firehoseDeliveryStreamName"`
	// Details of the Amazon S3 destination for broker logs.
	// Experimental.
	S3 *S3LoggingConfiguration `json:"s3"`
}

Configuration details related to broker logs. Experimental.

type ClientAuthentication 

type ClientAuthentication interface {
	SaslProps() *SaslAuthProps
	TlsProps() *TlsAuthProps
}

Configuration properties for client authentication. Experimental.

func ClientAuthentication_Sasl 

func ClientAuthentication_Sasl(props *SaslAuthProps) ClientAuthentication

SASL authentication. Experimental.

func ClientAuthentication_Tls 

func ClientAuthentication_Tls(props *TlsAuthProps) ClientAuthentication

TLS authentication. Experimental.

type ClientBrokerEncryption 

type ClientBrokerEncryption string

Indicates the encryption setting for data in transit between clients and brokers. Experimental. 

const (
	ClientBrokerEncryption_TLS           ClientBrokerEncryption = "TLS"
	ClientBrokerEncryption_TLS_PLAINTEXT ClientBrokerEncryption = "TLS_PLAINTEXT"
	ClientBrokerEncryption_PLAINTEXT     ClientBrokerEncryption = "PLAINTEXT"
)

type Cluster 

type Cluster interface {
	awscdk.Resource
	ICluster
	BootstrapBrokers() *string
	BootstrapBrokersSaslScram() *string
	BootstrapBrokersTls() *string
	ClusterArn() *string
	ClusterName() *string
	Connections() awsec2.Connections
	Env() *awscdk.ResourceEnvironment
	Node() constructs.Node
	PhysicalName() *string
	SaslScramAuthenticationKey() awskms.IKey
	Stack() awscdk.Stack
	ZookeeperConnectionString() *string
	ZookeeperConnectionStringTls() *string
	AddUser(usernames ...*string)
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	ToString() *string
}

Create a MSK Cluster. Experimental.

func NewCluster 

func NewCluster(scope constructs.Construct, id *string, props *ClusterProps) Cluster

Experimental.

type ClusterConfigurationInfo 

type ClusterConfigurationInfo struct {
	// The Amazon Resource Name (ARN) of the MSK configuration to use.
	//
	// For example, arn:aws:kafka:us-east-1:123456789012:configuration/example-configuration-name/abcdabcd-1234-abcd-1234-abcd123e8e8e-1.
	// Experimental.
	Arn *string `json:"arn"`
	// The revision of the Amazon MSK configuration to use.
	// Experimental.
	Revision *float64 `json:"revision"`
}

The Amazon MSK configuration to use for the cluster.

Note: There is currently no Cloudformation Resource to create a Configuration Experimental.

type ClusterMonitoringLevel 

type ClusterMonitoringLevel string

The level of monitoring for the MSK cluster. See: https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html#metrics-details

Experimental. 

const (
	ClusterMonitoringLevel_DEFAULT                 ClusterMonitoringLevel = "DEFAULT"
	ClusterMonitoringLevel_PER_BROKER              ClusterMonitoringLevel = "PER_BROKER"
	ClusterMonitoringLevel_PER_TOPIC_PER_BROKER    ClusterMonitoringLevel = "PER_TOPIC_PER_BROKER"
	ClusterMonitoringLevel_PER_TOPIC_PER_PARTITION ClusterMonitoringLevel = "PER_TOPIC_PER_PARTITION"
)

type ClusterProps 

type ClusterProps struct {
	// The physical name of the cluster.
	// Experimental.
	ClusterName *string `json:"clusterName"`
	// The version of Apache Kafka.
	// Experimental.
	KafkaVersion KafkaVersion `json:"kafkaVersion"`
	// Defines the virtual networking environment for this cluster.
	//
	// Must have at least 2 subnets in two different AZs.
	// Experimental.
	Vpc awsec2.IVpc `json:"vpc"`
	// Configuration properties for client authentication.
	//
	// MSK supports using private TLS certificates or SASL/SCRAM to authenticate the identity of clients.
	// Experimental.
	ClientAuthentication ClientAuthentication `json:"clientAuthentication"`
	// The Amazon MSK configuration to use for the cluster.
	// Experimental.
	ConfigurationInfo *ClusterConfigurationInfo `json:"configurationInfo"`
	// Information about storage volumes attached to MSK broker nodes.
	// Experimental.
	EbsStorageInfo *EbsStorageInfo `json:"ebsStorageInfo"`
	// Config details for encryption in transit.
	// Experimental.
	EncryptionInTransit *EncryptionInTransitConfig `json:"encryptionInTransit"`
	// The EC2 instance type that you want Amazon MSK to use when it creates your brokers.
	// See: https://docs.aws.amazon.com/msk/latest/developerguide/msk-create-cluster.html#broker-instance-types
	//
	// Experimental.
	InstanceType awsec2.InstanceType `json:"instanceType"`
	// Configure your MSK cluster to send broker logs to different destination types.
	// Experimental.
	Logging *BrokerLogging `json:"logging"`
	// Cluster monitoring configuration.
	// Experimental.
	Monitoring *MonitoringConfiguration `json:"monitoring"`
	// Number of Apache Kafka brokers deployed in each Availability Zone.
	// Experimental.
	NumberOfBrokerNodes *float64 `json:"numberOfBrokerNodes"`
	// What to do when this resource is deleted from a stack.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
	// The AWS security groups to associate with the elastic network interfaces in order to specify who can connect to and communicate with the Amazon MSK cluster.
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `json:"securityGroups"`
	// Where to place the nodes within the VPC.
	//
	// Amazon MSK distributes the broker nodes evenly across the subnets that you specify.
	// The subnets that you specify must be in distinct Availability Zones.
	// Client subnets can't be in Availability Zone us-east-1e.
	// Experimental.
	VpcSubnets *awsec2.SubnetSelection `json:"vpcSubnets"`
}

Properties for a MSK Cluster. Experimental.

type EbsStorageInfo 

type EbsStorageInfo struct {
	// The AWS KMS key for encrypting data at rest.
	// Experimental.
	EncryptionKey awskms.IKey `json:"encryptionKey"`
	// The size in GiB of the EBS volume for the data drive on each broker node.
	// Experimental.
	VolumeSize *float64 `json:"volumeSize"`
}

EBS volume information. Experimental.

type EncryptionInTransitConfig 

type EncryptionInTransitConfig struct {
	// Indicates the encryption setting for data in transit between clients and brokers.
	// Experimental.
	ClientBroker ClientBrokerEncryption `json:"clientBroker"`
	// Indicates that data communication among the broker nodes of the cluster is encrypted.
	// Experimental.
	EnableInCluster *bool `json:"enableInCluster"`
}

The settings for encrypting data in transit. See: https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html#msk-encryption-in-transit

Experimental.

type ICluster 

type ICluster interface {
	awsec2.IConnectable
	awscdk.IResource
	// The ARN of cluster.
	// Experimental.
	ClusterArn() *string
	// The physical name of the cluster.
	// Experimental.
	ClusterName() *string
}

Represents a MSK Cluster. Experimental.

func Cluster_FromClusterArn 

func Cluster_FromClusterArn(scope constructs.Construct, id *string, clusterArn *string) ICluster

Reference an existing cluster, defined outside of the CDK code, by name. Experimental.

type KafkaVersion 

type KafkaVersion interface {
	Version() *string
}

Kafka cluster version. Experimental.

func KafkaVersion_Of 

func KafkaVersion_Of(version *string) KafkaVersion

Custom cluster version. Experimental.

func KafkaVersion_V1_1_1 

func KafkaVersion_V1_1_1() KafkaVersion

func KafkaVersion_V2_2_1 

func KafkaVersion_V2_2_1() KafkaVersion

func KafkaVersion_V2_3_1 

func KafkaVersion_V2_3_1() KafkaVersion

func KafkaVersion_V2_4_1_1 

func KafkaVersion_V2_4_1_1() KafkaVersion

func KafkaVersion_V2_5_1 

func KafkaVersion_V2_5_1() KafkaVersion

func KafkaVersion_V2_6_0 

func KafkaVersion_V2_6_0() KafkaVersion

func KafkaVersion_V2_6_1 

func KafkaVersion_V2_6_1() KafkaVersion

func KafkaVersion_V2_7_0 

func KafkaVersion_V2_7_0() KafkaVersion

func KafkaVersion_V2_8_0 

func KafkaVersion_V2_8_0() KafkaVersion

type MonitoringConfiguration 

type MonitoringConfiguration struct {
	// Specifies the level of monitoring for the MSK cluster.
	// Experimental.
	ClusterMonitoringLevel ClusterMonitoringLevel `json:"clusterMonitoringLevel"`
	// Indicates whether you want to enable or disable the JMX Exporter.
	// Experimental.
	EnablePrometheusJmxExporter *bool `json:"enablePrometheusJmxExporter"`
	// Indicates whether you want to enable or disable the Prometheus Node Exporter.
	//
	// You can use the Prometheus Node Exporter to get CPU and disk metrics for the broker nodes.
	// Experimental.
	EnablePrometheusNodeExporter *bool `json:"enablePrometheusNodeExporter"`
}

Monitoring Configuration. Experimental.

type S3LoggingConfiguration 

type S3LoggingConfiguration struct {
	// The S3 bucket that is the destination for broker logs.
	// Experimental.
	Bucket awss3.IBucket `json:"bucket"`
	// The S3 prefix that is the destination for broker logs.
	// Experimental.
	Prefix *string `json:"prefix"`
}

Details of the Amazon S3 destination for broker logs. Experimental.

type SaslAuthProps 

type SaslAuthProps struct {
	// Enable IAM access control.
	// Experimental.
	Iam *bool `json:"iam"`
	// KMS Key to encrypt SASL/SCRAM secrets.
	//
	// You must use a customer master key (CMK) when creating users in secrets manager.
	// You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key.
	// Experimental.
	Key awskms.IKey `json:"key"`
	// Enable SASL/SCRAM authentication.
	// Experimental.
	Scram *bool `json:"scram"`
}

SASL authentication properties. Experimental.

type TlsAuthProps 

type TlsAuthProps struct {
	// List of ACM Certificate Authorities to enable TLS authentication.
	// Experimental.
	CertificateAuthorities *[]awsacmpca.ICertificateAuthority `json:"certificateAuthorities"`
}

TLS authentication properties. Experimental.

Source Files

View all Source files

Directories

Path Synopsis
Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.
 Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.