ClientAuthentication

class aws_cdk.aws_msk.ClientAuthentication(*args: Any, **kwargs)

Bases: object

(experimental) Configuration properties for client authentication.

Stability

experimental

ExampleMetadata

infused

Example:

# vpc: ec2.Vpc

cluster = msk.Cluster(self, "cluster",
    cluster_name="myCluster",
    kafka_version=msk.KafkaVersion.V2_8_1,
    vpc=vpc,
    encryption_in_transit=msk.EncryptionInTransitConfig(
        client_broker=msk.ClientBrokerEncryption.TLS
    ),
    client_authentication=msk.ClientAuthentication.sasl(
        scram=True
    )
)

Attributes

sasl_props

(experimental) - properties for SASL authentication.

Stability

experimental

Return type

Optional[SaslAuthProps]

tls_props

(experimental) - properties for TLS authentication.

Stability

experimental

Return type

Optional[TlsAuthProps]

Static Methods

classmethod sasl(*, iam=None, key=None, scram=None)

(experimental) SASL authentication.

Parameters
  • iam (Optional[bool]) – (experimental) Enable IAM access control. Default: false

  • key (Optional[IKey]) – (experimental) KMS Key to encrypt SASL/SCRAM secrets. You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key. Default: - CMK will be created with alias msk/{clusterName}/sasl/scram

  • scram (Optional[bool]) – (experimental) Enable SASL/SCRAM authentication. Default: false

Stability

experimental

Return type

ClientAuthentication

classmethod tls(*, certificate_authorities=None)

(experimental) TLS authentication.

Parameters

certificate_authorities (Optional[Sequence[ICertificateAuthority]]) – (experimental) List of ACM Certificate Authorities to enable TLS authentication. Default: - none

Stability

experimental

Return type

ClientAuthentication