ClientAuthentication¶
-
class
aws_cdk.aws_msk.
ClientAuthentication
(*args: Any, **kwargs)¶ Bases:
object
(experimental) Configuration properties for client authentication.
- Stability
experimental
- ExampleMetadata
infused
Example:
# vpc: ec2.Vpc cluster = msk.Cluster(self, "cluster", cluster_name="myCluster", kafka_version=msk.KafkaVersion.V2_8_1, vpc=vpc, encryption_in_transit=msk.EncryptionInTransitConfig( client_broker=msk.ClientBrokerEncryption.TLS ), client_authentication=msk.ClientAuthentication.sasl( scram=True ) )
Attributes
-
sasl_props
¶ (experimental) - properties for SASL authentication.
- Stability
experimental
- Return type
Optional
[SaslAuthProps
]
-
tls_props
¶ (experimental) - properties for TLS authentication.
- Stability
experimental
- Return type
Optional
[TlsAuthProps
]
Static Methods
-
classmethod
sasl
(*, iam=None, key=None, scram=None)¶ (experimental) SASL authentication.
- Parameters
iam (
Optional
[bool
]) – (experimental) Enable IAM access control. Default: falsekey (
Optional
[IKey
]) – (experimental) KMS Key to encrypt SASL/SCRAM secrets. You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key. Default: - CMK will be created with alias msk/{clusterName}/sasl/scramscram (
Optional
[bool
]) – (experimental) Enable SASL/SCRAM authentication. Default: false
- Stability
experimental
- Return type
-
classmethod
tls
(*, certificate_authorities=None)¶ (experimental) TLS authentication.
- Parameters
certificate_authorities (
Optional
[Sequence
[ICertificateAuthority
]]) – (experimental) List of ACM Certificate Authorities to enable TLS authentication. Default: - none- Stability
experimental
- Return type