-
Interface Summary Interface Description BrokerLogging (experimental) Configuration details related to broker logs.CfnBatchScramSecretProps Properties for defining a `CfnBatchScramSecret`.CfnCluster.BrokerLogsProperty You can configure your Amazon MSK cluster to send broker logs to different destination types.CfnCluster.BrokerNodeGroupInfoProperty The setup to be used for brokers in the cluster.CfnCluster.ClientAuthenticationProperty Includes information related to client authentication.CfnCluster.CloudWatchLogsProperty Details of the CloudWatch Logs destination for broker logs.CfnCluster.ConfigurationInfoProperty Specifies the Amazon MSK configuration to use for the brokers.CfnCluster.ConnectivityInfoProperty Specifies whether the cluster's brokers are publicly accessible.CfnCluster.EBSStorageInfoProperty Contains information about the EBS storage volumes attached to brokers.CfnCluster.EncryptionAtRestProperty The data volume encryption details.CfnCluster.EncryptionInfoProperty Includes encryption-related information, such as the Amazon KMS key used for encrypting data at rest and whether you want MSK to encrypt your data in transit.CfnCluster.EncryptionInTransitProperty The settings for encrypting data in transit.CfnCluster.FirehoseProperty Details of the Kinesis Data Firehose delivery stream that is the destination for broker logs.CfnCluster.IamProperty Details for IAM access control.CfnCluster.JmxExporterProperty Indicates whether you want to enable or disable the JMX Exporter.CfnCluster.LoggingInfoProperty You can configure your Amazon MSK cluster to send broker logs to different destination types.CfnCluster.NodeExporterProperty Indicates whether you want to enable or disable the Node Exporter.CfnCluster.OpenMonitoringProperty JMX and Node monitoring for the MSK cluster.CfnCluster.PrometheusProperty Prometheus settings for open monitoring.CfnCluster.ProvisionedThroughputProperty Specifies whether provisioned throughput is turned on and the volume throughput target.CfnCluster.PublicAccessProperty Specifies whether the cluster's brokers are accessible from the internet.CfnCluster.S3Property The details of the Amazon S3 destination for broker logs.CfnCluster.SaslProperty Details for client authentication using SASL.CfnCluster.ScramProperty Details for SASL/SCRAM client authentication.CfnCluster.StorageInfoProperty Contains information about storage volumes attached to Amazon MSK broker nodes.CfnCluster.TlsProperty Details for client authentication using TLS.CfnCluster.UnauthenticatedProperty Details for allowing no client authentication.CfnCluster.VpcConnectivityClientAuthenticationProperty Not currently supported by AWS CloudFormation .CfnCluster.VpcConnectivityIamProperty Not currently supported by AWS CloudFormation .CfnCluster.VpcConnectivityProperty Example:CfnCluster.VpcConnectivitySaslProperty Not currently supported by AWS CloudFormation .CfnCluster.VpcConnectivityScramProperty Not currently supported by AWS CloudFormation .CfnCluster.VpcConnectivityTlsProperty Not currently supported by AWS CloudFormation .CfnClusterProps Properties for defining a `CfnCluster`.CfnConfigurationProps Properties for defining a `CfnConfiguration`.CfnServerlessCluster.ClientAuthenticationProperty Includes all client authentication information.CfnServerlessCluster.IamProperty Details for IAM client authentication.CfnServerlessCluster.SaslProperty Details for client authentication using SASL.CfnServerlessCluster.VpcConfigProperty Specifies information about subnets and security groups for the VPC that your clients will use to connect with the serverless cluster.CfnServerlessClusterProps Properties for defining a `CfnServerlessCluster`.ClusterConfigurationInfo (experimental) The Amazon MSK configuration to use for the cluster.ClusterProps (experimental) Properties for a MSK Cluster.EbsStorageInfo (experimental) EBS volume information.EncryptionInTransitConfig (experimental) The settings for encrypting data in transit.ICluster (experimental) Represents a MSK Cluster.ICluster.Jsii$Default Internal default implementation forICluster.MonitoringConfiguration (experimental) Monitoring Configuration.S3LoggingConfiguration (experimental) Details of the Amazon S3 destination for broker logs.SaslAuthProps (experimental) SASL authentication properties.TlsAuthProps (experimental) TLS authentication properties. -
Enum Summary Enum Description ClientBrokerEncryption (experimental) Indicates the encryption setting for data in transit between clients and brokers.ClusterMonitoringLevel (experimental) The level of monitoring for the MSK cluster.
Package software.amazon.awscdk.services.msk Description
Amazon Managed Streaming for Apache Kafka Construct Library
---
All classes with the
Cfnprefix in this module (CFN Resources) are always stable and safe to use.
The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
Amazon MSK is a fully managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data.
The following example creates an MSK Cluster.
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "Cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.build();
Allowing Connections
To control who can access the Cluster, use the .connections attribute. For a list of ports used by MSK, refer to the MSK documentation.
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "Cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.build();
cluster.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(2181));
cluster.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(9094));
Cluster Endpoints
You can use the following attributes to get a list of the Kafka broker or ZooKeeper node endpoints
Cluster cluster; CfnOutput.Builder.create(this, "BootstrapBrokers").value(cluster.getBootstrapBrokers()).build(); CfnOutput.Builder.create(this, "BootstrapBrokersTls").value(cluster.getBootstrapBrokersTls()).build(); CfnOutput.Builder.create(this, "BootstrapBrokersSaslScram").value(cluster.getBootstrapBrokersSaslScram()).build(); CfnOutput.Builder.create(this, "ZookeeperConnection").value(cluster.getZookeeperConnectionString()).build(); CfnOutput.Builder.create(this, "ZookeeperConnectionTls").value(cluster.getZookeeperConnectionStringTls()).build();
Importing an existing Cluster
To import an existing MSK cluster into your CDK app use the .fromClusterArn() method.
ICluster cluster = Cluster.fromClusterArn(this, "Cluster", "arn:aws:kafka:us-west-2:1234567890:cluster/a-cluster/11111111-1111-1111-1111-111111111111-1");
Client Authentication
MSK supports the following authentication mechanisms.
Only one authentication method can be enabled.
TLS
To enable client authentication with TLS set the certificateAuthorityArns property to reference your ACM Private CA. More info on Private CAs.
import software.amazon.awscdk.services.acmpca.*;
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "Cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.encryptionInTransit(EncryptionInTransitConfig.builder()
.clientBroker(ClientBrokerEncryption.TLS)
.build())
.clientAuthentication(ClientAuthentication.tls(TlsAuthProps.builder()
.certificateAuthorities(List.of(CertificateAuthority.fromCertificateAuthorityArn(this, "CertificateAuthority", "arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")))
.build()))
.build();
SASL/SCRAM
Enable client authentication with SASL/SCRAM:
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.encryptionInTransit(EncryptionInTransitConfig.builder()
.clientBroker(ClientBrokerEncryption.TLS)
.build())
.clientAuthentication(ClientAuthentication.sasl(SaslAuthProps.builder()
.scram(true)
.build()))
.build();
SASL/IAM
Enable client authentication with IAM:
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.encryptionInTransit(EncryptionInTransitConfig.builder()
.clientBroker(ClientBrokerEncryption.TLS)
.build())
.clientAuthentication(ClientAuthentication.sasl(SaslAuthProps.builder()
.iam(true)
.build()))
.build();