Package software.amazon.awscdk.services.msk
@Stability(Experimental)
@Deprecated
package software.amazon.awscdk.services.msk
Deprecated.
Amazon Managed Streaming for Apache Kafka Construct Library
---
AWS CDK v1 has reached End-of-Support on 2023-06-01. This package is no longer being updated, and users should migrate to AWS CDK v2.
For more information on how to migrate, see the Migrating to AWS CDK v2 guide.
Amazon MSK is a fully managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data.
The following example creates an MSK Cluster.
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "Cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.build();
Allowing Connections
To control who can access the Cluster, use the .connections attribute. For a list of ports used by MSK, refer to the MSK documentation.
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "Cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.build();
cluster.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(2181));
cluster.connections.allowFrom(Peer.ipv4("1.2.3.4/8"), Port.tcp(9094));
Cluster Endpoints
You can use the following attributes to get a list of the Kafka broker or ZooKeeper node endpoints
Cluster cluster; CfnOutput.Builder.create(this, "BootstrapBrokers").value(cluster.getBootstrapBrokers()).build(); CfnOutput.Builder.create(this, "BootstrapBrokersTls").value(cluster.getBootstrapBrokersTls()).build(); CfnOutput.Builder.create(this, "BootstrapBrokersSaslScram").value(cluster.getBootstrapBrokersSaslScram()).build(); CfnOutput.Builder.create(this, "ZookeeperConnection").value(cluster.getZookeeperConnectionString()).build(); CfnOutput.Builder.create(this, "ZookeeperConnectionTls").value(cluster.getZookeeperConnectionStringTls()).build();
Importing an existing Cluster
To import an existing MSK cluster into your CDK app use the .fromClusterArn() method.
ICluster cluster = Cluster.fromClusterArn(this, "Cluster", "arn:aws:kafka:us-west-2:1234567890:cluster/a-cluster/11111111-1111-1111-1111-111111111111-1");
Client Authentication
MSK supports the following authentication mechanisms.
Only one authentication method can be enabled.
TLS
To enable client authentication with TLS set the certificateAuthorityArns property to reference your ACM Private CA. More info on Private CAs.
import software.amazon.awscdk.services.acmpca.*;
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "Cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.encryptionInTransit(EncryptionInTransitConfig.builder()
.clientBroker(ClientBrokerEncryption.TLS)
.build())
.clientAuthentication(ClientAuthentication.tls(TlsAuthProps.builder()
.certificateAuthorities(List.of(CertificateAuthority.fromCertificateAuthorityArn(this, "CertificateAuthority", "arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")))
.build()))
.build();
SASL/SCRAM
Enable client authentication with SASL/SCRAM:
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.encryptionInTransit(EncryptionInTransitConfig.builder()
.clientBroker(ClientBrokerEncryption.TLS)
.build())
.clientAuthentication(ClientAuthentication.sasl(SaslAuthProps.builder()
.scram(true)
.build()))
.build();
SASL/IAM
Enable client authentication with IAM:
Vpc vpc;
Cluster cluster = Cluster.Builder.create(this, "cluster")
.clusterName("myCluster")
.kafkaVersion(KafkaVersion.V2_8_1)
.vpc(vpc)
.encryptionInTransit(EncryptionInTransitConfig.builder()
.clientBroker(ClientBrokerEncryption.TLS)
.build())
.clientAuthentication(ClientAuthentication.sasl(SaslAuthProps.builder()
.iam(true)
.build()))
.build();
-
ClassDescription(experimental) Configuration details related to broker logs.A builder for
BrokerLoggingAn implementation forBrokerLoggingA CloudFormationAWS::MSK::BatchScramSecret.A fluent builder forCfnBatchScramSecret.Properties for defining aCfnBatchScramSecret.A builder forCfnBatchScramSecretPropsAn implementation forCfnBatchScramSecretPropsA CloudFormationAWS::MSK::Cluster.The broker logs configuration for this MSK cluster.A builder forCfnCluster.BrokerLogsPropertyAn implementation forCfnCluster.BrokerLogsPropertyDescribes the setup to be used for the broker nodes in the cluster.A builder forCfnCluster.BrokerNodeGroupInfoPropertyAn implementation forCfnCluster.BrokerNodeGroupInfoPropertyA fluent builder forCfnCluster.Includes all client authentication information.A builder forCfnCluster.ClientAuthenticationPropertyAn implementation forCfnCluster.ClientAuthenticationPropertyDetails of the CloudWatch Logs destination for broker logs.A builder forCfnCluster.CloudWatchLogsPropertyAn implementation forCfnCluster.CloudWatchLogsPropertySpecifies the configuration to use for the brokers.A builder forCfnCluster.ConfigurationInfoPropertyAn implementation forCfnCluster.ConfigurationInfoPropertyBroker access controls.A builder forCfnCluster.ConnectivityInfoPropertyAn implementation forCfnCluster.ConnectivityInfoPropertyContains information about the EBS storage volumes attached to the broker nodes.A builder forCfnCluster.EBSStorageInfoPropertyAn implementation forCfnCluster.EBSStorageInfoPropertyThe data-volume encryption details.A builder forCfnCluster.EncryptionAtRestPropertyAn implementation forCfnCluster.EncryptionAtRestPropertyIncludes encryption-related information, such as the Amazon KMS key used for encrypting data at rest and whether you want MSK to encrypt your data in transit.A builder forCfnCluster.EncryptionInfoPropertyAn implementation forCfnCluster.EncryptionInfoPropertyThe settings for encrypting data in transit.A builder forCfnCluster.EncryptionInTransitPropertyAn implementation forCfnCluster.EncryptionInTransitPropertyFirehose details for BrokerLogs.A builder forCfnCluster.FirehosePropertyAn implementation forCfnCluster.FirehosePropertyDetails for SASL/IAM client authentication.A builder forCfnCluster.IamPropertyAn implementation forCfnCluster.IamPropertyIndicates whether you want to enable or disable the JMX Exporter.A builder forCfnCluster.JmxExporterPropertyAn implementation forCfnCluster.JmxExporterPropertyYou can configure your MSK cluster to send broker logs to different destination types.A builder forCfnCluster.LoggingInfoPropertyAn implementation forCfnCluster.LoggingInfoPropertyIndicates whether you want to enable or disable the Node Exporter.A builder forCfnCluster.NodeExporterPropertyAn implementation forCfnCluster.NodeExporterPropertyJMX and Node monitoring for the MSK cluster.A builder forCfnCluster.OpenMonitoringPropertyAn implementation forCfnCluster.OpenMonitoringPropertyPrometheus settings for open monitoring.A builder forCfnCluster.PrometheusPropertyAn implementation forCfnCluster.PrometheusPropertyContains information about provisioned throughput for EBS storage volumes attached to kafka broker nodes.A builder forCfnCluster.ProvisionedThroughputPropertyAn implementation forCfnCluster.ProvisionedThroughputPropertyBroker access controls.A builder forCfnCluster.PublicAccessPropertyAn implementation forCfnCluster.PublicAccessPropertyThe details of the Amazon S3 destination for broker logs.A builder forCfnCluster.S3PropertyAn implementation forCfnCluster.S3PropertyDetails for client authentication using SASL.A builder forCfnCluster.SaslPropertyAn implementation forCfnCluster.SaslPropertyDetails for SASL/SCRAM client authentication.A builder forCfnCluster.ScramPropertyAn implementation forCfnCluster.ScramPropertyContains information about storage volumes attached to Amazon MSK broker nodes.A builder forCfnCluster.StorageInfoPropertyAn implementation forCfnCluster.StorageInfoPropertyDetails for client authentication using TLS.A builder forCfnCluster.TlsPropertyAn implementation forCfnCluster.TlsPropertyDetails for allowing no client authentication.A builder forCfnCluster.UnauthenticatedPropertyAn implementation forCfnCluster.UnauthenticatedPropertyIncludes all client authentication information for VpcConnectivity.A builder forCfnCluster.VpcConnectivityClientAuthenticationPropertyAn implementation forCfnCluster.VpcConnectivityClientAuthenticationPropertyDetails for SASL/IAM client authentication for VpcConnectivity.A builder forCfnCluster.VpcConnectivityIamPropertyAn implementation forCfnCluster.VpcConnectivityIamPropertyVPC connection control settings for brokers.A builder forCfnCluster.VpcConnectivityPropertyAn implementation forCfnCluster.VpcConnectivityPropertyDetails for client authentication using SASL for VpcConnectivity.A builder forCfnCluster.VpcConnectivitySaslPropertyAn implementation forCfnCluster.VpcConnectivitySaslPropertyDetails for SASL/SCRAM client authentication for vpcConnectivity.A builder forCfnCluster.VpcConnectivityScramPropertyAn implementation forCfnCluster.VpcConnectivityScramPropertyDetails for client authentication using TLS for vpcConnectivity.A builder forCfnCluster.VpcConnectivityTlsPropertyAn implementation forCfnCluster.VpcConnectivityTlsPropertyA CloudFormationAWS::MSK::ClusterPolicy.A fluent builder forCfnClusterPolicy.Properties for defining aCfnClusterPolicy.A builder forCfnClusterPolicyPropsAn implementation forCfnClusterPolicyPropsProperties for defining aCfnCluster.A builder forCfnClusterPropsAn implementation forCfnClusterPropsA CloudFormationAWS::MSK::Configuration.A fluent builder forCfnConfiguration.Properties for defining aCfnConfiguration.A builder forCfnConfigurationPropsAn implementation forCfnConfigurationPropsA CloudFormationAWS::MSK::ServerlessCluster.A fluent builder forCfnServerlessCluster.Includes all client authentication information.A builder forCfnServerlessCluster.ClientAuthenticationPropertyAn implementation forCfnServerlessCluster.ClientAuthenticationPropertyDetails for SASL/IAM client authentication.A builder forCfnServerlessCluster.IamPropertyAn implementation forCfnServerlessCluster.IamPropertyDetails for client authentication using SASL.A builder forCfnServerlessCluster.SaslPropertyAn implementation forCfnServerlessCluster.SaslPropertyExample:A builder forCfnServerlessCluster.VpcConfigPropertyAn implementation forCfnServerlessCluster.VpcConfigPropertyProperties for defining aCfnServerlessCluster.A builder forCfnServerlessClusterPropsAn implementation forCfnServerlessClusterPropsA CloudFormationAWS::MSK::VpcConnection.A fluent builder forCfnVpcConnection.Properties for defining aCfnVpcConnection.A builder forCfnVpcConnectionPropsAn implementation forCfnVpcConnectionProps(experimental) Configuration properties for client authentication.(experimental) Indicates the encryption setting for data in transit between clients and brokers.(experimental) Create a MSK Cluster.(experimental) A fluent builder forCluster.(experimental) The Amazon MSK configuration to use for the cluster.A builder forClusterConfigurationInfoAn implementation forClusterConfigurationInfo(experimental) The level of monitoring for the MSK cluster.(experimental) Properties for a MSK Cluster.A builder forClusterPropsAn implementation forClusterProps(experimental) EBS volume information.A builder forEbsStorageInfoAn implementation forEbsStorageInfo(experimental) The settings for encrypting data in transit.A builder forEncryptionInTransitConfigAn implementation forEncryptionInTransitConfig(experimental) Represents a MSK Cluster.Internal default implementation forICluster.A proxy class which represents a concrete javascript instance of this type.(experimental) Kafka cluster version.(experimental) Monitoring Configuration.A builder forMonitoringConfigurationAn implementation forMonitoringConfiguration(experimental) Details of the Amazon S3 destination for broker logs.A builder forS3LoggingConfigurationAn implementation forS3LoggingConfiguration(experimental) SASL authentication properties.A builder forSaslAuthPropsAn implementation forSaslAuthProps(experimental) TLS authentication properties.A builder forTlsAuthPropsAn implementation forTlsAuthProps