See: Description
Interface | Description |
---|---|
BrokerLogging |
(experimental) Configuration details related to broker logs.
|
CfnBatchScramSecretProps |
Properties for defining a `CfnBatchScramSecret`.
|
CfnCluster.BrokerLogsProperty |
You can configure your Amazon MSK cluster to send broker logs to different destination types.
|
CfnCluster.BrokerNodeGroupInfoProperty |
The setup to be used for brokers in the cluster.
|
CfnCluster.ClientAuthenticationProperty |
Includes information related to client authentication.
|
CfnCluster.CloudWatchLogsProperty |
Details of the CloudWatch Logs destination for broker logs.
|
CfnCluster.ConfigurationInfoProperty |
Specifies the Amazon MSK configuration to use for the brokers.
|
CfnCluster.ConnectivityInfoProperty |
Specifies whether the cluster's brokers are publicly accessible.
|
CfnCluster.EBSStorageInfoProperty |
Contains information about the EBS storage volumes attached to brokers.
|
CfnCluster.EncryptionAtRestProperty |
The data volume encryption details.
|
CfnCluster.EncryptionInfoProperty |
Includes encryption-related information, such as the Amazon KMS key used for encrypting data at rest and whether you want MSK to encrypt your data in transit.
|
CfnCluster.EncryptionInTransitProperty |
The settings for encrypting data in transit.
|
CfnCluster.FirehoseProperty |
Details of the Kinesis Data Firehose delivery stream that is the destination for broker logs.
|
CfnCluster.IamProperty |
Details for IAM access control.
|
CfnCluster.JmxExporterProperty |
Indicates whether you want to enable or disable the JMX Exporter.
|
CfnCluster.LoggingInfoProperty |
You can configure your Amazon MSK cluster to send broker logs to different destination types.
|
CfnCluster.NodeExporterProperty |
Indicates whether you want to enable or disable the Node Exporter.
|
CfnCluster.OpenMonitoringProperty |
JMX and Node monitoring for the MSK cluster.
|
CfnCluster.PrometheusProperty |
Prometheus settings for open monitoring.
|
CfnCluster.ProvisionedThroughputProperty |
Specifies whether provisioned throughput is turned on and the volume throughput target.
|
CfnCluster.PublicAccessProperty |
Specifies whether the cluster's brokers are accessible from the internet.
|
CfnCluster.S3Property |
The details of the Amazon S3 destination for broker logs.
|
CfnCluster.SaslProperty |
Details for client authentication using SASL.
|
CfnCluster.ScramProperty |
Details for SASL/SCRAM client authentication.
|
CfnCluster.StorageInfoProperty |
Contains information about storage volumes attached to Amazon MSK broker nodes.
|
CfnCluster.TlsProperty |
Details for client authentication using TLS.
|
CfnCluster.UnauthenticatedProperty |
Details for allowing no client authentication.
|
CfnCluster.VpcConnectivityClientAuthenticationProperty |
Not currently supported by AWS CloudFormation .
|
CfnCluster.VpcConnectivityIamProperty |
Not currently supported by AWS CloudFormation .
|
CfnCluster.VpcConnectivityProperty |
Example:
|
CfnCluster.VpcConnectivitySaslProperty |
Not currently supported by AWS CloudFormation .
|
CfnCluster.VpcConnectivityScramProperty |
Not currently supported by AWS CloudFormation .
|
CfnCluster.VpcConnectivityTlsProperty |
Not currently supported by AWS CloudFormation .
|
CfnClusterProps |
Properties for defining a `CfnCluster`.
|
CfnConfigurationProps |
Properties for defining a `CfnConfiguration`.
|
CfnServerlessCluster.ClientAuthenticationProperty |
Includes all client authentication information.
|
CfnServerlessCluster.IamProperty |
Details for IAM client authentication.
|
CfnServerlessCluster.SaslProperty |
Details for client authentication using SASL.
|
CfnServerlessCluster.VpcConfigProperty |
Specifies information about subnets and security groups for the VPC that your clients will use to connect with the serverless cluster.
|
CfnServerlessClusterProps |
Properties for defining a `CfnServerlessCluster`.
|
ClusterConfigurationInfo |
(experimental) The Amazon MSK configuration to use for the cluster.
|
ClusterProps |
(experimental) Properties for a MSK Cluster.
|
EbsStorageInfo |
(experimental) EBS volume information.
|
EncryptionInTransitConfig |
(experimental) The settings for encrypting data in transit.
|
ICluster |
(experimental) Represents a MSK Cluster.
|
ICluster.Jsii$Default |
Internal default implementation for
ICluster . |
MonitoringConfiguration |
(experimental) Monitoring Configuration.
|
S3LoggingConfiguration |
(experimental) Details of the Amazon S3 destination for broker logs.
|
SaslAuthProps |
(experimental) SASL authentication properties.
|
TlsAuthProps |
(experimental) TLS authentication properties.
|
Enum | Description |
---|---|
ClientBrokerEncryption |
(experimental) Indicates the encryption setting for data in transit between clients and brokers.
|
ClusterMonitoringLevel |
(experimental) The level of monitoring for the MSK cluster.
|
---
All classes with the
Cfn
prefix in this module (CFN Resources) are always stable and safe to use.
The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
Amazon MSK is a fully managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data.
The following example creates an MSK Cluster.
Vpc vpc; Cluster cluster = Cluster.Builder.create(this, "Cluster") .clusterName("myCluster") .kafkaVersion(KafkaVersion.V2_8_1) .vpc(vpc) .build();
To control who can access the Cluster, use the .connections
attribute. For a list of ports used by MSK, refer to the MSK documentation.
Vpc vpc; Cluster cluster = Cluster.Builder.create(this, "Cluster") .clusterName("myCluster") .kafkaVersion(KafkaVersion.V2_8_1) .vpc(vpc) .build(); cluster.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(2181)); cluster.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(9094));
You can use the following attributes to get a list of the Kafka broker or ZooKeeper node endpoints
Cluster cluster; CfnOutput.Builder.create(this, "BootstrapBrokers").value(cluster.getBootstrapBrokers()).build(); CfnOutput.Builder.create(this, "BootstrapBrokersTls").value(cluster.getBootstrapBrokersTls()).build(); CfnOutput.Builder.create(this, "BootstrapBrokersSaslScram").value(cluster.getBootstrapBrokersSaslScram()).build(); CfnOutput.Builder.create(this, "ZookeeperConnection").value(cluster.getZookeeperConnectionString()).build(); CfnOutput.Builder.create(this, "ZookeeperConnectionTls").value(cluster.getZookeeperConnectionStringTls()).build();
To import an existing MSK cluster into your CDK app use the .fromClusterArn()
method.
ICluster cluster = Cluster.fromClusterArn(this, "Cluster", "arn:aws:kafka:us-west-2:1234567890:cluster/a-cluster/11111111-1111-1111-1111-111111111111-1");
MSK supports the following authentication mechanisms.
Only one authentication method can be enabled.
To enable client authentication with TLS set the certificateAuthorityArns
property to reference your ACM Private CA. More info on Private CAs.
import software.amazon.awscdk.services.acmpca.*; Vpc vpc; Cluster cluster = Cluster.Builder.create(this, "Cluster") .clusterName("myCluster") .kafkaVersion(KafkaVersion.V2_8_1) .vpc(vpc) .encryptionInTransit(EncryptionInTransitConfig.builder() .clientBroker(ClientBrokerEncryption.TLS) .build()) .clientAuthentication(ClientAuthentication.tls(TlsAuthProps.builder() .certificateAuthorities(List.of(CertificateAuthority.fromCertificateAuthorityArn(this, "CertificateAuthority", "arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111"))) .build())) .build();
Enable client authentication with SASL/SCRAM:
Vpc vpc; Cluster cluster = Cluster.Builder.create(this, "cluster") .clusterName("myCluster") .kafkaVersion(KafkaVersion.V2_8_1) .vpc(vpc) .encryptionInTransit(EncryptionInTransitConfig.builder() .clientBroker(ClientBrokerEncryption.TLS) .build()) .clientAuthentication(ClientAuthentication.sasl(SaslAuthProps.builder() .scram(true) .build())) .build();
Enable client authentication with IAM:
Vpc vpc; Cluster cluster = Cluster.Builder.create(this, "cluster") .clusterName("myCluster") .kafkaVersion(KafkaVersion.V2_8_1) .vpc(vpc) .encryptionInTransit(EncryptionInTransitConfig.builder() .clientBroker(ClientBrokerEncryption.TLS) .build()) .clientAuthentication(ClientAuthentication.sasl(SaslAuthProps.builder() .iam(true) .build())) .build();