SaslAuthProps

class aws_cdk.aws_msk.SaslAuthProps(*, iam=None, key=None, scram=None)

Bases: object

(experimental) SASL authentication properties.

Parameters
  • iam (Optional[bool]) – (experimental) Enable IAM access control. Default: false

  • key (Optional[IKey]) – (experimental) KMS Key to encrypt SASL/SCRAM secrets. You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key. Default: - CMK will be created with alias msk/{clusterName}/sasl/scram

  • scram (Optional[bool]) – (experimental) Enable SASL/SCRAM authentication. Default: false

Stability

experimental

Example:

# Example automatically generated from non-compiling source. May contain errors.
import aws_cdk.aws_msk as msk

cluster = msk.cluster(self, "cluster", {
    (SpreadAssignment ...
      encryptionInTransit
      encryption_in_transit)
}, {
    "client_broker": msk.ClientBrokerEncryption.TLS
}, client_authentication, msk.ClientAuthentication.sasl(
    scram=True
))

Attributes

iam

(experimental) Enable IAM access control.

Default

false

Stability

experimental

Return type

Optional[bool]

key

(experimental) KMS Key to encrypt SASL/SCRAM secrets.

You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key.

Default
  • CMK will be created with alias msk/{clusterName}/sasl/scram

Stability

experimental

Return type

Optional[IKey]

scram

(experimental) Enable SASL/SCRAM authentication.

Default

false

Stability

experimental

Return type

Optional[bool]