awscdkmskalpha

package module
v2.158.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 11, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

README

Amazon Managed Streaming for Apache Kafka Construct Library

---

The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.

Amazon MSK is a fully managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data.

The following example creates an MSK Cluster.

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
})

Allowing Connections

To control who can access the Cluster, use the .connections attribute. For a list of ports used by MSK, refer to the MSK documentation.

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
})

cluster.connections.AllowFrom(ec2.Peer_Ipv4(jsii.String("1.2.3.4/8")), ec2.Port_Tcp(jsii.Number(2181)))
cluster.connections.AllowFrom(ec2.Peer_Ipv4(jsii.String("1.2.3.4/8")), ec2.Port_Tcp(jsii.Number(9094)))

Cluster Endpoints

You can use the following attributes to get a list of the Kafka broker or ZooKeeper node endpoints

var cluster cluster

awscdk.NewCfnOutput(this, jsii.String("BootstrapBrokers"), &CfnOutputProps{
	Value: cluster.bootstrapBrokers,
})
awscdk.NewCfnOutput(this, jsii.String("BootstrapBrokersTls"), &CfnOutputProps{
	Value: cluster.bootstrapBrokersTls,
})
awscdk.NewCfnOutput(this, jsii.String("BootstrapBrokersSaslScram"), &CfnOutputProps{
	Value: cluster.bootstrapBrokersSaslScram,
})
awscdk.NewCfnOutput(this, jsii.String("BootstrapBrokerStringSaslIam"), &CfnOutputProps{
	Value: cluster.bootstrapBrokersSaslIam,
})
awscdk.NewCfnOutput(this, jsii.String("ZookeeperConnection"), &CfnOutputProps{
	Value: cluster.zookeeperConnectionString,
})
awscdk.NewCfnOutput(this, jsii.String("ZookeeperConnectionTls"), &CfnOutputProps{
	Value: cluster.zookeeperConnectionStringTls,
})

Importing an existing Cluster

To import an existing MSK cluster into your CDK app use the .fromClusterArn() method.

cluster := msk.Cluster_FromClusterArn(this, jsii.String("Cluster"), jsii.String("arn:aws:kafka:us-west-2:1234567890:cluster/a-cluster/11111111-1111-1111-1111-111111111111-1"))

Client Authentication

MSK supports the following authentication mechanisms.

TLS

To enable client authentication with TLS set the certificateAuthorityArns property to reference your ACM Private CA. More info on Private CAs.

import acmpca "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
		CertificateAuthorities: []iCertificateAuthority{
			acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
		},
	}),
})
SASL/SCRAM

Enable client authentication with SASL/SCRAM:

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
		Scram: jsii.Boolean(true),
	}),
})
SASL/IAM

Enable client authentication with IAM:

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
		Iam: jsii.Boolean(true),
	}),
})
SASL/IAM + TLS

Enable client authentication with IAM as well as enable client authentication with TLS by setting the certificateAuthorityArns property to reference your ACM Private CA. More info on Private CAs.

import acmpca "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_SaslTls(&SaslTlsAuthProps{
		Iam: jsii.Boolean(true),
		CertificateAuthorities: []iCertificateAuthority{
			acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
		},
	}),
})

Logging

You can deliver Apache Kafka broker logs to one or more of the following destination types: Amazon CloudWatch Logs, Amazon S3, Amazon Kinesis Data Firehose.

To configure logs to be sent to an S3 bucket, provide a bucket in the logging config.

var vpc vpc
var bucket iBucket

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	Logging: &BrokerLogging{
		S3: &S3LoggingConfiguration{
			Bucket: *Bucket,
		},
	},
})

When the S3 destination is configured, AWS will automatically create an S3 bucket policy that allows the service to write logs to the bucket. This makes it impossible to later update that bucket policy. To have CDK create the bucket policy so that future updates can be made, the @aws-cdk/aws-s3:createDefaultLoggingPolicy feature flag can be used. This can be set in the cdk.json file.

{
  "context": {
    "@aws-cdk/aws-s3:createDefaultLoggingPolicy": true
  }
}

Storage Mode

You can configure an MSK cluster storage mode using the storageMode property.

Tiered storage is a low-cost storage tier for Amazon MSK that scales to virtually unlimited storage, making it cost-effective to build streaming data applications.

Visit Tiered storage to see the list of compatible Kafka versions and for more details.

var vpc vpc
var bucket iBucket


cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V3_6_0(),
	Vpc: Vpc,
	StorageMode: msk.StorageMode_TIERED,
})

Documentation

Overview

The CDK Construct Library for AWS::MSK

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Cluster_IsConstruct 

func Cluster_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.

func Cluster_IsOwnedResource 

func Cluster_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise. Experimental.

func Cluster_IsResource 

func Cluster_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func NewCluster_Override 

func NewCluster_Override(c Cluster, scope constructs.Construct, id *string, props *ClusterProps)

Experimental.

Types

type BrokerLogging 

type BrokerLogging struct {
	// The CloudWatch Logs group that is the destination for broker logs.
	// Default: - disabled.
	//
	// Experimental.
	CloudwatchLogGroup awslogs.ILogGroup `field:"optional" json:"cloudwatchLogGroup" yaml:"cloudwatchLogGroup"`
	// The Kinesis Data Firehose delivery stream that is the destination for broker logs.
	// Default: - disabled.
	//
	// Experimental.
	FirehoseDeliveryStreamName *string `field:"optional" json:"firehoseDeliveryStreamName" yaml:"firehoseDeliveryStreamName"`
	// Details of the Amazon S3 destination for broker logs.
	// Default: - disabled.
	//
	// Experimental.
	S3 *S3LoggingConfiguration `field:"optional" json:"s3" yaml:"s3"`
}

Configuration details related to broker logs.

Example: 

var vpc vpc
var bucket iBucket

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	Logging: &BrokerLogging{
		S3: &S3LoggingConfiguration{
			Bucket: *Bucket,
		},
	},
})

Experimental.

type ClientAuthentication 

type ClientAuthentication interface {
	// - properties for SASL authentication.
	// Experimental.
	SaslProps() *SaslAuthProps
	// - properties for TLS authentication.
	// Experimental.
	TlsProps() *TlsAuthProps
}

Configuration properties for client authentication.

Example: 

import acmpca "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
		CertificateAuthorities: []iCertificateAuthority{
			acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
		},
	}),
})

Experimental.

func ClientAuthentication_Sasl 

func ClientAuthentication_Sasl(props *SaslAuthProps) ClientAuthentication

SASL authentication. Experimental.

func ClientAuthentication_SaslTls 

func ClientAuthentication_SaslTls(saslTlsProps *SaslTlsAuthProps) ClientAuthentication

SASL + TLS authentication. Experimental.

func ClientAuthentication_Tls 

func ClientAuthentication_Tls(props *TlsAuthProps) ClientAuthentication

TLS authentication. Experimental.

type ClientBrokerEncryption 

type ClientBrokerEncryption string

Indicates the encryption setting for data in transit between clients and brokers.

Example: 

import acmpca "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
		CertificateAuthorities: []iCertificateAuthority{
			acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
		},
	}),
})

Experimental. 

const (
	// TLS means that client-broker communication is enabled with TLS only.
	// Experimental.
	ClientBrokerEncryption_TLS ClientBrokerEncryption = "TLS"
	// TLS_PLAINTEXT means that client-broker communication is enabled for both TLS-encrypted, as well as plaintext data.
	// Experimental.
	ClientBrokerEncryption_TLS_PLAINTEXT ClientBrokerEncryption = "TLS_PLAINTEXT"
	// PLAINTEXT means that client-broker communication is enabled in plaintext only.
	// Experimental.
	ClientBrokerEncryption_PLAINTEXT ClientBrokerEncryption = "PLAINTEXT"
)

type Cluster 

type Cluster interface {
	awscdk.Resource
	ICluster
	// Get the list of brokers that a client application can use to bootstrap.
	//
	// Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK.
	//
	// Returns: - A string containing one or more hostname:port pairs.
	// Experimental.
	BootstrapBrokers() *string
	// Get the list of brokers that a SASL/IAM authenticated client application can use to bootstrap.
	//
	// Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK.
	//
	// Returns: - A string containing one or more DNS names (or IP) and TLS port pairs.
	// Experimental.
	BootstrapBrokersSaslIam() *string
	// Get the list of brokers that a SASL/SCRAM authenticated client application can use to bootstrap.
	//
	// Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK.
	//
	// Returns: - A string containing one or more dns name (or IP) and SASL SCRAM port pairs.
	// Experimental.
	BootstrapBrokersSaslScram() *string
	// Get the list of brokers that a TLS authenticated client application can use to bootstrap.
	//
	// Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK.
	//
	// Returns: - A string containing one or more DNS names (or IP) and TLS port pairs.
	// Experimental.
	BootstrapBrokersTls() *string
	// The ARN of cluster.
	// Experimental.
	ClusterArn() *string
	// The physical name of the cluster.
	// Experimental.
	ClusterName() *string
	// Manages connections for the cluster.
	// Experimental.
	Connections() awsec2.Connections
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	// Experimental.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	// Experimental.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	// Experimental.
	PhysicalName() *string
	// Key used to encrypt SASL/SCRAM users.
	// Experimental.
	SaslScramAuthenticationKey() awskms.IKey
	// The stack in which this resource is defined.
	// Experimental.
	Stack() awscdk.Stack
	// Get the ZooKeeper Connection string.
	//
	// Uses a Custom Resource to make an API call to `describeCluster` using the Javascript SDK.
	//
	// Returns: - The connection string to use to connect to the Apache ZooKeeper cluster.
	// Experimental.
	ZookeeperConnectionString() *string
	// Get the ZooKeeper Connection string for a TLS enabled cluster.
	//
	// Uses a Custom Resource to make an API call to `describeCluster` using the Javascript SDK.
	//
	// Returns: - The connection string to use to connect to zookeeper cluster on TLS port.
	// Experimental.
	ZookeeperConnectionStringTls() *string
	// A list of usersnames to register with the cluster.
	//
	// The password will automatically be generated using Secrets
	// Manager and the { username, password } JSON object stored in Secrets Manager as `AmazonMSK_username`.
	//
	// Must be using the SASL/SCRAM authentication mechanism.
	// Experimental.
	AddUser(usernames ...*string)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	// Experimental.
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	// Experimental.
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	// Experimental.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	// Experimental.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	// Experimental.
	ToString() *string
}

Create a MSK Cluster.

Example: 

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
		Scram: jsii.Boolean(true),
	}),
})

Experimental.

func NewCluster 

func NewCluster(scope constructs.Construct, id *string, props *ClusterProps) Cluster

Experimental.

type ClusterConfigurationInfo 

type ClusterConfigurationInfo struct {
	// The Amazon Resource Name (ARN) of the MSK configuration to use.
	//
	// For example, arn:aws:kafka:us-east-1:123456789012:configuration/example-configuration-name/abcdabcd-1234-abcd-1234-abcd123e8e8e-1.
	// Experimental.
	Arn *string `field:"required" json:"arn" yaml:"arn"`
	// The revision of the Amazon MSK configuration to use.
	// Experimental.
	Revision *float64 `field:"required" json:"revision" yaml:"revision"`
}

The Amazon MSK configuration to use for the cluster.

Note: There is currently no Cloudformation Resource to create a Configuration.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import msk_alpha "github.com/aws/aws-cdk-go/awscdkmskalpha"

clusterConfigurationInfo := &ClusterConfigurationInfo{
	Arn: jsii.String("arn"),
	Revision: jsii.Number(123),
}

Experimental.

type ClusterMonitoringLevel 

type ClusterMonitoringLevel string

The level of monitoring for the MSK cluster. See: https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html#metrics-details

Experimental. 

const (
	// Default metrics are the essential metrics to monitor.
	// Experimental.
	ClusterMonitoringLevel_DEFAULT ClusterMonitoringLevel = "DEFAULT"
	// Per Broker metrics give you metrics at the broker level.
	// Experimental.
	ClusterMonitoringLevel_PER_BROKER ClusterMonitoringLevel = "PER_BROKER"
	// Per Topic Per Broker metrics help you understand volume at the topic level.
	// Experimental.
	ClusterMonitoringLevel_PER_TOPIC_PER_BROKER ClusterMonitoringLevel = "PER_TOPIC_PER_BROKER"
	// Per Topic Per Partition metrics help you understand consumer group lag at the topic partition level.
	// Experimental.
	ClusterMonitoringLevel_PER_TOPIC_PER_PARTITION ClusterMonitoringLevel = "PER_TOPIC_PER_PARTITION"
)

type ClusterProps 

type ClusterProps struct {
	// The physical name of the cluster.
	// Experimental.
	ClusterName *string `field:"required" json:"clusterName" yaml:"clusterName"`
	// The version of Apache Kafka.
	// Experimental.
	KafkaVersion KafkaVersion `field:"required" json:"kafkaVersion" yaml:"kafkaVersion"`
	// Defines the virtual networking environment for this cluster.
	//
	// Must have at least 2 subnets in two different AZs.
	// Experimental.
	Vpc awsec2.IVpc `field:"required" json:"vpc" yaml:"vpc"`
	// Configuration properties for client authentication.
	//
	// MSK supports using private TLS certificates or SASL/SCRAM to authenticate the identity of clients.
	// Default: - disabled.
	//
	// Experimental.
	ClientAuthentication ClientAuthentication `field:"optional" json:"clientAuthentication" yaml:"clientAuthentication"`
	// The Amazon MSK configuration to use for the cluster.
	// Default: - none.
	//
	// Experimental.
	ConfigurationInfo *ClusterConfigurationInfo `field:"optional" json:"configurationInfo" yaml:"configurationInfo"`
	// Information about storage volumes attached to MSK broker nodes.
	// Default: - 1000 GiB EBS volume.
	//
	// Experimental.
	EbsStorageInfo *EbsStorageInfo `field:"optional" json:"ebsStorageInfo" yaml:"ebsStorageInfo"`
	// Config details for encryption in transit.
	// Default: - enabled.
	//
	// Experimental.
	EncryptionInTransit *EncryptionInTransitConfig `field:"optional" json:"encryptionInTransit" yaml:"encryptionInTransit"`
	// The EC2 instance type that you want Amazon MSK to use when it creates your brokers.
	// See: https://docs.aws.amazon.com/msk/latest/developerguide/msk-create-cluster.html#broker-instance-types
	//
	// Default: kafka.m5.large
	//
	// Experimental.
	InstanceType awsec2.InstanceType `field:"optional" json:"instanceType" yaml:"instanceType"`
	// Configure your MSK cluster to send broker logs to different destination types.
	// Default: - disabled.
	//
	// Experimental.
	Logging *BrokerLogging `field:"optional" json:"logging" yaml:"logging"`
	// Cluster monitoring configuration.
	// Default: - DEFAULT monitoring level.
	//
	// Experimental.
	Monitoring *MonitoringConfiguration `field:"optional" json:"monitoring" yaml:"monitoring"`
	// Number of Apache Kafka brokers deployed in each Availability Zone.
	// Default: 1.
	//
	// Experimental.
	NumberOfBrokerNodes *float64 `field:"optional" json:"numberOfBrokerNodes" yaml:"numberOfBrokerNodes"`
	// What to do when this resource is deleted from a stack.
	// Default: RemovalPolicy.RETAIN
	//
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
	// The AWS security groups to associate with the elastic network interfaces in order to specify who can connect to and communicate with the Amazon MSK cluster.
	// Default: - create new security group.
	//
	// Experimental.
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// This controls storage mode for supported storage tiers.
	// See: https://docs.aws.amazon.com/msk/latest/developerguide/msk-tiered-storage.html
	//
	// Default: - StorageMode.LOCAL
	//
	// Experimental.
	StorageMode StorageMode `field:"optional" json:"storageMode" yaml:"storageMode"`
	// Where to place the nodes within the VPC.
	//
	// Amazon MSK distributes the broker nodes evenly across the subnets that you specify.
	// The subnets that you specify must be in distinct Availability Zones.
	// Client subnets can't be in Availability Zone us-east-1e.
	// Default: - the Vpc default strategy if not specified.
	//
	// Experimental.
	VpcSubnets *awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
}

Properties for a MSK Cluster.

Example: 

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
		Scram: jsii.Boolean(true),
	}),
})

Experimental.

type EbsStorageInfo 

type EbsStorageInfo struct {
	// The AWS KMS key for encrypting data at rest.
	// Default: Uses AWS managed CMK (aws/kafka).
	//
	// Experimental.
	EncryptionKey awskms.IKey `field:"optional" json:"encryptionKey" yaml:"encryptionKey"`
	// The size in GiB of the EBS volume for the data drive on each broker node.
	// Default: 1000.
	//
	// Experimental.
	VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"`
}

EBS volume information.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import msk_alpha "github.com/aws/aws-cdk-go/awscdkmskalpha"
import "github.com/aws/aws-cdk-go/awscdk"

var key key

ebsStorageInfo := &EbsStorageInfo{
	EncryptionKey: key,
	VolumeSize: jsii.Number(123),
}

Experimental.

type EncryptionInTransitConfig 

type EncryptionInTransitConfig struct {
	// Indicates the encryption setting for data in transit between clients and brokers.
	// Default: - TLS.
	//
	// Experimental.
	ClientBroker ClientBrokerEncryption `field:"optional" json:"clientBroker" yaml:"clientBroker"`
	// Indicates that data communication among the broker nodes of the cluster is encrypted.
	// Default: true.
	//
	// Experimental.
	EnableInCluster *bool `field:"optional" json:"enableInCluster" yaml:"enableInCluster"`
}

The settings for encrypting data in transit.

Example: 

import acmpca "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
		CertificateAuthorities: []iCertificateAuthority{
			acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
		},
	}),
})

See: https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html#msk-encryption-in-transit

Experimental.

type ICluster 

type ICluster interface {
	awsec2.IConnectable
	awscdk.IResource
	// The ARN of cluster.
	// Experimental.
	ClusterArn() *string
	// The physical name of the cluster.
	// Experimental.
	ClusterName() *string
}

Represents a MSK Cluster. Experimental.

func Cluster_FromClusterArn 

func Cluster_FromClusterArn(scope constructs.Construct, id *string, clusterArn *string) ICluster

Reference an existing cluster, defined outside of the CDK code, by name. Experimental.

type KafkaVersion 

type KafkaVersion interface {
	// cluster version number.
	// Experimental.
	Version() *string
	// Checks if the cluster version supports tiered storage mode.
	// Experimental.
	IsTieredStorageCompatible() *bool
}

Kafka cluster version.

Example: 

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
		Scram: jsii.Boolean(true),
	}),
})

Experimental.

func KafkaVersion_Of 

func KafkaVersion_Of(version *string) KafkaVersion

Custom cluster version. Experimental.

func KafkaVersion_V1_1_1 

func KafkaVersion_V1_1_1() KafkaVersion

func KafkaVersion_V2_1_0 

func KafkaVersion_V2_1_0() KafkaVersion

func KafkaVersion_V2_2_1 

func KafkaVersion_V2_2_1() KafkaVersion

func KafkaVersion_V2_3_1 

func KafkaVersion_V2_3_1() KafkaVersion

func KafkaVersion_V2_4_1 

func KafkaVersion_V2_4_1() KafkaVersion

func KafkaVersion_V2_4_1_1 

func KafkaVersion_V2_4_1_1() KafkaVersion

func KafkaVersion_V2_5_1 

func KafkaVersion_V2_5_1() KafkaVersion

func KafkaVersion_V2_6_0 

func KafkaVersion_V2_6_0() KafkaVersion

func KafkaVersion_V2_6_1 

func KafkaVersion_V2_6_1() KafkaVersion

func KafkaVersion_V2_6_2 

func KafkaVersion_V2_6_2() KafkaVersion

func KafkaVersion_V2_6_3 

func KafkaVersion_V2_6_3() KafkaVersion

func KafkaVersion_V2_7_0 

func KafkaVersion_V2_7_0() KafkaVersion

func KafkaVersion_V2_7_1 

func KafkaVersion_V2_7_1() KafkaVersion

func KafkaVersion_V2_7_2 

func KafkaVersion_V2_7_2() KafkaVersion

func KafkaVersion_V2_8_0 

func KafkaVersion_V2_8_0() KafkaVersion

func KafkaVersion_V2_8_1 

func KafkaVersion_V2_8_1() KafkaVersion

func KafkaVersion_V2_8_2_TIERED 

func KafkaVersion_V2_8_2_TIERED() KafkaVersion

func KafkaVersion_V3_1_1 

func KafkaVersion_V3_1_1() KafkaVersion

func KafkaVersion_V3_2_0 

func KafkaVersion_V3_2_0() KafkaVersion

func KafkaVersion_V3_3_1 

func KafkaVersion_V3_3_1() KafkaVersion

func KafkaVersion_V3_3_2 

func KafkaVersion_V3_3_2() KafkaVersion

func KafkaVersion_V3_4_0 

func KafkaVersion_V3_4_0() KafkaVersion

func KafkaVersion_V3_5_1 

func KafkaVersion_V3_5_1() KafkaVersion

func KafkaVersion_V3_6_0 

func KafkaVersion_V3_6_0() KafkaVersion

type MonitoringConfiguration 

type MonitoringConfiguration struct {
	// Specifies the level of monitoring for the MSK cluster.
	// Default: DEFAULT.
	//
	// Experimental.
	ClusterMonitoringLevel ClusterMonitoringLevel `field:"optional" json:"clusterMonitoringLevel" yaml:"clusterMonitoringLevel"`
	// Indicates whether you want to enable or disable the JMX Exporter.
	// Default: false.
	//
	// Experimental.
	EnablePrometheusJmxExporter *bool `field:"optional" json:"enablePrometheusJmxExporter" yaml:"enablePrometheusJmxExporter"`
	// Indicates whether you want to enable or disable the Prometheus Node Exporter.
	//
	// You can use the Prometheus Node Exporter to get CPU and disk metrics for the broker nodes.
	// Default: false.
	//
	// Experimental.
	EnablePrometheusNodeExporter *bool `field:"optional" json:"enablePrometheusNodeExporter" yaml:"enablePrometheusNodeExporter"`
}

Monitoring Configuration.

Example: 

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import msk_alpha "github.com/aws/aws-cdk-go/awscdkmskalpha"

monitoringConfiguration := &MonitoringConfiguration{
	ClusterMonitoringLevel: msk_alpha.ClusterMonitoringLevel_DEFAULT,
	EnablePrometheusJmxExporter: jsii.Boolean(false),
	EnablePrometheusNodeExporter: jsii.Boolean(false),
}

Experimental.

type S3LoggingConfiguration 

type S3LoggingConfiguration struct {
	// The S3 bucket that is the destination for broker logs.
	// Experimental.
	Bucket awss3.IBucket `field:"required" json:"bucket" yaml:"bucket"`
	// The S3 prefix that is the destination for broker logs.
	// Default: - no prefix.
	//
	// Experimental.
	Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
}

Details of the Amazon S3 destination for broker logs.

Example: 

var vpc vpc
var bucket iBucket

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	Logging: &BrokerLogging{
		S3: &S3LoggingConfiguration{
			Bucket: *Bucket,
		},
	},
})

Experimental.

type SaslAuthProps 

type SaslAuthProps struct {
	// Enable IAM access control.
	// Default: false.
	//
	// Experimental.
	Iam *bool `field:"optional" json:"iam" yaml:"iam"`
	// KMS Key to encrypt SASL/SCRAM secrets.
	//
	// You must use a customer master key (CMK) when creating users in secrets manager.
	// You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key.
	// Default: - CMK will be created with alias msk/{clusterName}/sasl/scram.
	//
	// Experimental.
	Key awskms.IKey `field:"optional" json:"key" yaml:"key"`
	// Enable SASL/SCRAM authentication.
	// Default: false.
	//
	// Experimental.
	Scram *bool `field:"optional" json:"scram" yaml:"scram"`
}

SASL authentication properties.

Example: 

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
		Scram: jsii.Boolean(true),
	}),
})

Experimental.

type SaslTlsAuthProps 

type SaslTlsAuthProps struct {
	// Enable IAM access control.
	// Default: false.
	//
	// Experimental.
	Iam *bool `field:"optional" json:"iam" yaml:"iam"`
	// KMS Key to encrypt SASL/SCRAM secrets.
	//
	// You must use a customer master key (CMK) when creating users in secrets manager.
	// You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key.
	// Default: - CMK will be created with alias msk/{clusterName}/sasl/scram.
	//
	// Experimental.
	Key awskms.IKey `field:"optional" json:"key" yaml:"key"`
	// Enable SASL/SCRAM authentication.
	// Default: false.
	//
	// Experimental.
	Scram *bool `field:"optional" json:"scram" yaml:"scram"`
	// List of ACM Certificate Authorities to enable TLS authentication.
	// Default: - none.
	//
	// Experimental.
	CertificateAuthorities *[]awsacmpca.ICertificateAuthority `field:"optional" json:"certificateAuthorities" yaml:"certificateAuthorities"`
}

SASL + TLS authentication properties.

Example: 

import acmpca "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_SaslTls(&SaslTlsAuthProps{
		Iam: jsii.Boolean(true),
		CertificateAuthorities: []iCertificateAuthority{
			acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
		},
	}),
})

Experimental.

type StorageMode 

type StorageMode string

The storage mode for the cluster brokers.

Example: 

var vpc vpc
var bucket iBucket

cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V3_6_0(),
	Vpc: Vpc,
	StorageMode: msk.StorageMode_TIERED,
})

Experimental. 

const (
	// Local storage mode utilizes network attached EBS storage.
	// Experimental.
	StorageMode_LOCAL StorageMode = "LOCAL"
	// Tiered storage mode utilizes EBS storage and Tiered storage.
	// Experimental.
	StorageMode_TIERED StorageMode = "TIERED"
)

type TlsAuthProps 

type TlsAuthProps struct {
	// List of ACM Certificate Authorities to enable TLS authentication.
	// Default: - none.
	//
	// Experimental.
	CertificateAuthorities *[]awsacmpca.ICertificateAuthority `field:"optional" json:"certificateAuthorities" yaml:"certificateAuthorities"`
}

TLS authentication properties.

Example: 

import acmpca "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc

cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
	ClusterName: jsii.String("myCluster"),
	KafkaVersion: msk.KafkaVersion_V2_8_1(),
	Vpc: Vpc,
	EncryptionInTransit: &EncryptionInTransitConfig{
		ClientBroker: msk.ClientBrokerEncryption_TLS,
	},
	ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
		CertificateAuthorities: []iCertificateAuthority{
			acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
		},
	}),
})

Experimental.

Source Files

View all Source files

Directories

Path Synopsis
Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.
 Package jsii contains the functionaility needed for jsii packages to initialize their dependencies and themselves.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.