Cluster - Amazon Managed Streaming for Apache Kafka

Cluster

Represents an Amazon MSK cluster.

URI

/v1/clusters/clusterArn

HTTP methods

DELETE

Operation ID: DeleteCluster

Deletes the MSK cluster specified by the Amazon Resource Name (ARN) in the request, and all its revisions.

Path parameters
NameTypeRequiredDescription
clusterArnStringTrue

The Amazon Resource Name (ARN) that uniquely identifies the cluster.

Query parameters
NameTypeRequiredDescription
currentVersionStringFalse

The current version of the MSK cluster.

Responses
Status codeResponse modelDescription
200 DeleteClusterResponse

Successful response.

400Error

The request isn't valid because the input is incorrect. Correct your input and then submit it again.

401Error

The request is not authorized. The provided credentials couldn't be validated.

403Error

Access forbidden. Check your credentials and then retry your request.

404Error

The resource could not be found due to incorrect input. Correct the input, then retry the request.

429Error

429 response

500Error

There was an unexpected internal server error. Retrying your request might resolve the issue.

503Error

503 response

GET

Operation ID: DescribeCluster

Returns a description of the MSK cluster whose Amazon Resource Name (ARN) is specified in the request. The following is a Python 3.6 example of how to use this operation. Before you run this Python script, replace the example cluster Amazon Resource Name (ARN) with the ARN of the cluster you want to describe. If you don't know the ARN of the cluster, you can use the ListClusters operation to list all the clusters and see their ARNs and full descriptions.

import boto3 client = boto3.client('kafka') response = client.describe_cluster( ClusterArn='arn:aws:kafka:us-east-1:0123456789019:cluster/SalesCluster/abcd1234-abcd-cafe-abab-9876543210ab-4' ) print(response)

Note that the response to this operation only includes the ZookeeperConnectStringTls node in clusters created with Apache Kafka version 2.5.1 and later.

Path parameters
NameTypeRequiredDescription
clusterArnStringTrue

The Amazon Resource Name (ARN) that uniquely identifies the cluster.

Responses
Status codeResponse modelDescription
200 DescribeClusterResponse

Successful response.

400Error

The request isn't valid because the input is incorrect. Correct your input and then submit it again.

401Error

The request is not authorized. The provided credentials couldn't be validated.

403Error

Access forbidden. Check your credentials and then retry your request.

404Error

The resource could not be found due to incorrect input. Correct the input, then retry the request.

429Error

429 response

500Error

There was an unexpected internal server error. Retrying your request might resolve the issue.

503Error

503 response

OPTIONS

Enable CORS by returning the correct headers.

Path parameters
NameTypeRequiredDescription
clusterArnStringTrue

The Amazon Resource Name (ARN) that uniquely identifies the cluster.

Responses
Status codeResponse modelDescription
200None

Default response for CORS method

Schemas

Response bodies

{ "clusterArn": "string", "state": enum }
{ "clusterInfo": { "activeOperationArn": "string", "brokerNodeGroupInfo": { "brokerAZDistribution": enum, "clientSubnets": [ "string" ], "connectivityInfo": { "publicAccess": { "type": "string" }, "vpcConnectivity": { "clientAuthentication": { "sasl": { "iam": { "enabled": boolean }, "scram": { "enabled": boolean } }, "tls": { "enabled": boolean } } } }, "instanceType": "string", "securityGroups": [ "string" ], "storageInfo": { "ebsStorageInfo": { "provisionedThroughput": { "enabled": boolean, "volumeThroughput": integer }, "volumeSize": integer } }, "zoneIds": [ "string" ] }, "clientAuthentication": { "sasl": { "iam": { "enabled": boolean }, "scram": { "enabled": boolean } }, "tls": { "certificateAuthorityArnList": [ "string" ], "enabled": boolean }, "unauthenticated": { "enabled": boolean } }, "clusterArn": "string", "clusterName": "string", "creationTime": "string", "currentBrokerSoftwareInfo": { "configurationArn": "string", "configurationRevision": integer, "kafkaVersion": "string" }, "currentVersion": "string", "customerActionStatus": enum, "encryptionInfo": { "encryptionAtRest": { "dataVolumeKMSKeyId": "string" }, "encryptionInTransit": { "clientBroker": enum, "inCluster": boolean } }, "enhancedMonitoring": enum, "loggingInfo": { "brokerLogs": { "cloudWatchLogs": { "enabled": boolean, "logGroup": "string" }, "firehose": { "deliveryStream": "string", "enabled": boolean }, "s3": { "bucket": "string", "enabled": boolean, "prefix": "string" } } }, "numberOfBrokerNodes": integer, "openMonitoring": { "prometheus": { "jmxExporter": { "enabledInBroker": boolean }, "nodeExporter": { "enabledInBroker": boolean } } }, "state": enum, "stateInfo": { "code": "string", "message": "string" }, "storageMode": enum, "tags": { }, "zookeeperConnectString": "string", "zookeeperConnectStringTls": "string" } }
{ "invalidParameter": "string", "message": "string" }

Properties

BrokerAZDistribution

This parameter is currently not in use.

  • DEFAULT

BrokerLogs

The broker logs configuration for this MSK cluster.

PropertyTypeRequiredDescription
cloudWatchLogs

CloudWatchLogs

False

Details of the CloudWatch Logs destination for broker logs.

firehose

Firehose

False

Details of the Kinesis Data Firehose delivery stream that is the destination for broker logs.

s3

S3

False

Details of the Amazon S3 destination for broker logs.

BrokerNodeGroupInfo

Describes the setup to be used for the broker nodes in the cluster.

PropertyTypeRequiredDescription
brokerAZDistribution

BrokerAZDistribution

False

This parameter is currently not in use.

clientSubnets

Array of type string

True

The list of subnets to connect to in the client virtual private cloud (VPC). Amazon creates elastic network interfaces inside these subnets. Client applications use elastic network interfaces to produce and consume data.

If you use the US West (N. California) Region, specify exactly two subnets. For other Regions where Amazon MSK is available, you can specify either two or three subnets. The subnets that you specify must be in distinct Availability Zones. When you create a cluster, Amazon MSK distributes the broker nodes evenly across the subnets that you specify.

Client subnets can't occupy the Availability Zone with ID use1-az3.

connectivityInfo

ConnectivityInfo

False

Information about the cluster's connectivity setting.

instanceType

string

MinLength: 5

MaxLength: 32

True

The type of Amazon EC2 instances to use for brokers. The following instance types are allowed: kafka.m5.large, kafka.m5.xlarge, kafka.m5.2xlarge, kafka.m5.4xlarge, kafka.m5.8xlarge, kafka.m5.12xlarge, kafka.m5.16xlarge, and kafka.m5.24xlarge.

securityGroups

Array of type string

False

The security groups to associate with the elastic network interfaces in order to specify who can connect to and communicate with the Amazon MSK cluster. If you don't specify a security group, Amazon MSK uses the default security group associated with the VPC. If you specify security groups that were shared with you, you must ensure that you have permissions to them. Specifically, you need the ec2:DescribeSecurityGroups permission.

storageInfo

StorageInfo

False

Contains information about storage volumes attached to Amazon MSK broker nodes.

zoneIds

Array of type string

False

The zoneIds for brokers in customer account.

BrokerSoftwareInfo

Information about the current software installed on the cluster.

PropertyTypeRequiredDescription
configurationArn

string

False

The Amazon Resource Name (ARN) of the configuration used for the cluster. This field isn't visible in this preview release.

configurationRevision

integer

Format: int64

False

The revision of the configuration to use. This field isn't visible in this preview release.

kafkaVersion

string

False

The version of Apache Kafka. You can use Amazon MSK to create clusters that use Apache Kafka versions 1.1.1 and 2.2.1.

ClientAuthentication

Includes all client authentication information.

PropertyTypeRequiredDescription
sasl

Sasl

False

Details for client authentication using SASL. To turn on SASL, you must also turn on EncryptionInTransit by setting inCluster to true. You must set clientBroker to either TLS or TLS_PLAINTEXT. If you choose TLS_PLAINTEXT, then you must also set unauthenticated to true.

tls

Tls

False

Details for ClientAuthentication using TLS. To turn on TLS access control, you must also turn on EncryptionInTransit by setting inCluster to true and clientBroker to TLS.

unauthenticated

Unauthenticated

False

Details for ClientAuthentication using no authentication.

ClientBroker

Client-broker encryption in transit setting.

  • TLS

  • TLS_PLAINTEXT

  • PLAINTEXT

CloudWatchLogs

Details of the CloudWatch Logs destination for broker logs.

PropertyTypeRequiredDescription
enabled

boolean

True

Specifies whether broker logs get sent to the specified CloudWatch Logs destination.

logGroup

string

False

The CloudWatch log group that is the destination for broker logs.

ClusterInfo

Returns information about a cluster.

PropertyTypeRequiredDescription
activeOperationArn

string

False

Arn of active cluster operation.

brokerNodeGroupInfo

BrokerNodeGroupInfo

False

Information about the broker nodes.

clientAuthentication

ClientAuthentication

False

Includes all client authentication information.

clusterArn

string

False

The Amazon Resource Name (ARN) that uniquely identifies the cluster.

clusterName

string

False

The name of the cluster.

creationTime

string

False

The time when the cluster was created.

currentBrokerSoftwareInfo

BrokerSoftwareInfo

False

Information about the version of software currently deployed on the brokers in the cluster.

currentVersion

string

False

The current version of the MSK cluster. Cluster versions aren't simple integers. You can obtain the current version by describing the cluster. An example version is KTVPDKIKX0DER.

customerActionStatus

CustomerActionStatus

False

Determines if there is an action required from the customer.

encryptionInfo

EncryptionInfo

False

Includes all encryption-related information.

enhancedMonitoring

EnhancedMonitoring

False

Specifies which Apache Kafka metrics Amazon MSK gathers and sends to Amazon CloudWatch for this cluster. This property has three possible values: DEFAULT, PER_BROKER, and PER_TOPIC_PER_BROKER. For a list of the metrics associated with each of these three levels of monitoring, see Monitoring.

loggingInfo

LoggingInfo

False

You can configure your MSK cluster to send broker logs to different destination types. This is a container for the configuration details related to broker logs.

numberOfBrokerNodes

integer

False

The number of broker nodes in the cluster.

openMonitoring

OpenMonitoring

False

Settings for open monitoring using Prometheus.

state

ClusterState

False

The state of the cluster. Amazon MSK automatically renews certificates on clusters every 13 months. It sets the state of the cluster to MAINTENANCE when it starts the certificate-update operation. It sets it back to ACTIVE when the update is done. While a cluster is in the MAINTENANCE state, you can continue to produce and consume data, but you can't perform any update operations on it. You can perform update operations on a cluster when it is in the ACTIVE state.

stateInfo

StateInfo

False

Includes information of the cluster state.

storageMode

StorageMode

False

This controls storage mode for supported storage tiers.

tags

object

False

Tags attached to the cluster.

zookeeperConnectString

string

False

The connection string to use to connect to zookeeper cluster on plaintext port.

zookeeperConnectStringTls

string

False

The connection string to use to connect to the Apache ZooKeeper cluster on a TLS port.

ClusterState

The state of the cluster. Amazon MSK automatically renews certificates on clusters every 13 months. It sets the state of the cluster to MAINTENANCE when it starts the certificate-update operation. It sets it back to ACTIVE when the update is done. While a cluster is in the MAINTENANCE state, you can continue to produce and consume data, but you can't perform any update operations on it. You can perform update operations on a cluster when it is in the ACTIVE state.

  • ACTIVE

  • CREATING

  • UPDATING

  • DELETING

  • FAILED

  • MAINTENANCE

  • REBOOTING_BROKER

  • HEALING

ConnectivityInfo

Broker access controls.

PropertyTypeRequiredDescription
publicAccess

PublicAccess

False

Access control settings for the cluster's brokers.

vpcConnectivity

VpcConnectivity

False

VPC connection control settings for brokers

CustomerActionStatus

A type of an action required from the customer.

  • CRITICAL_ACTION_REQUIRED

  • ACTION_RECOMMENDED

  • NONE

DeleteClusterResponse

Returns information about the deleted cluster.

PropertyTypeRequiredDescription
clusterArn

string

False

The Amazon Resource Name (ARN) of the cluster.

state

ClusterState

False

The state of the cluster. Amazon MSK automatically renews certificates on clusters every 13 months. It sets the state of the cluster to MAINTENANCE when it starts the certificate-update operation. It sets it back to ACTIVE when the update is done. While a cluster is in the MAINTENANCE state, you can continue to produce and consume data, but you can't perform any update operations on it. You can perform update operations on a cluster when it is in the ACTIVE state.

DescribeClusterResponse

Returns information about a cluster.

PropertyTypeRequiredDescription
clusterInfo

ClusterInfo

False

The cluster information.

EBSStorageInfo

Contains information about the EBS storage volumes attached to the broker nodes.

PropertyTypeRequiredDescription
provisionedThroughput

ProvisionedThroughput

False

EBS volume provisioned throughput information.

volumeSize

integer

Minimum: 1

Maximum: 16384

False

The size in GiB of the EBS volume for the data drive on each broker node.

EncryptionAtRest

The data-volume encryption details. You can't update encryption at rest settings for existing clusters.

PropertyTypeRequiredDescription
dataVolumeKMSKeyId

string

True

The Amazon Resource Name (ARN) of the Amazon KMS key for encrypting data at rest. If you don't specify a KMS key, MSK creates one for you and uses it.

EncryptionInTransit

The settings for encrypting data in transit.

PropertyTypeRequiredDescription
clientBroker

ClientBroker

False

Indicates the encryption setting for data in transit between clients and brokers. You must set it to one of the following values.

TLS means that client-broker communication is enabled with TLS only.

TLS_PLAINTEXT means that client-broker communication is enabled for both TLS-encrypted, as well as plaintext data.

PLAINTEXT means that client-broker communication is enabled in plaintext only.

The default value is TLS.

inCluster

boolean

False

When set to true, it indicates that data communication among the broker nodes of the cluster is encrypted. When set to false, the communication happens in plaintext.

The default value is true.

EncryptionInfo

Includes encryption-related information, such as the Amazon KMS key used for encrypting data at rest and whether you want MSK to encrypt your data in transit.

PropertyTypeRequiredDescription
encryptionAtRest

EncryptionAtRest

False

The data-volume encryption details.

encryptionInTransit

EncryptionInTransit

False

The details for encryption in transit.

EnhancedMonitoring

Specifies which Apache Kafka metrics Amazon MSK gathers and sends to Amazon CloudWatch for this cluster. This property has three possible values: DEFAULT, PER_BROKER, and PER_TOPIC_PER_BROKER. For a list of the metrics associated with each of these three levels of monitoring, see Monitoring.

  • DEFAULT

  • PER_BROKER

  • PER_TOPIC_PER_BROKER

  • PER_TOPIC_PER_PARTITION

Error

Returns information about an error.

PropertyTypeRequiredDescription
invalidParameter

string

False

The parameter that caused the error.

message

string

False

The description of the error.

Firehose

Firehose details for BrokerLogs.

PropertyTypeRequiredDescription
deliveryStream

string

False

The Kinesis Data Firehose delivery stream that is the destination for broker logs.

enabled

boolean

True

Specifies whether broker logs get sent to the specified Kinesis Data Firehose delivery stream.

IAM

Details for SASL/IAM client authentication.

PropertyTypeRequiredDescription
enabled

boolean

False

SASL/IAM authentication is enabled or not.

JmxExporter

Indicates whether you want to enable or disable the JMX Exporter.

PropertyTypeRequiredDescription
enabledInBroker

boolean

True

Indicates whether you want to enable or disable the JMX Exporter.

LoggingInfo

You can configure your MSK cluster to send broker logs to different destination types. This is a container for the configuration details related to broker logs.

PropertyTypeRequiredDescription
brokerLogs

BrokerLogs

True

You can configure your MSK cluster to send broker logs to different destination types. This configuration specifies the details of these destinations.

NodeExporter

Indicates whether you want to enable or disable the Node Exporter.

PropertyTypeRequiredDescription
enabledInBroker

boolean

True

Indicates whether you want to enable or disable the Node Exporter.

OpenMonitoring

JMX and Node monitoring for the MSK cluster.

PropertyTypeRequiredDescription
prometheus

Prometheus

True

Prometheus exporter settings.

Prometheus

Prometheus settings for open monitoring.

PropertyTypeRequiredDescription
jmxExporter

JmxExporter

False

Indicates whether you want to enable or disable the JMX Exporter.

nodeExporter

NodeExporter

False

Indicates whether you want to enable or disable the Node Exporter.

ProvisionedThroughput

Contains information about provisioned throughput for EBS storage volumes attached to kafka broker nodes.

PropertyTypeRequiredDescription
enabled

boolean

False

Provisioned throughput is enabled or not.

volumeThroughput

integer

False

Throughput value of the EBS volumes for the data drive on each kafka broker node in MiB per second.

PublicAccess

Broker access controls

PropertyTypeRequiredDescription
type

string

False

DISABLED means that public access is turned off. SERVICE_PROVIDED_EIPS means that public access is turned on.

S3

The details of the Amazon S3 destination for broker logs.

PropertyTypeRequiredDescription
bucket

string

False

The name of the S3 bucket that is the destination for broker logs.

enabled

boolean

True

Specifies whether broker logs get sent to the specified Amazon S3 destination.

prefix

string

False

The S3 prefix that is the destination for broker logs.

Sasl

Details for client authentication using SASL. To turn on SASL, you must also turn on EncryptionInTransit by setting inCluster to true. You must set clientBroker to either TLS or TLS_PLAINTEXT. If you choose TLS_PLAINTEXT, then you must also set unauthenticated to true.

PropertyTypeRequiredDescription
iam

IAM

False

Details for ClientAuthentication using IAM.

scram

Scram

False

Details for SASL/SCRAM client authentication.

Scram

Details for SASL/SCRAM client authentication.

PropertyTypeRequiredDescription
enabled

boolean

False

SASL/SCRAM authentication is enabled or not.

StateInfo

Includes information about the state of the cluster.

PropertyTypeRequiredDescription
code

string

False

If the cluster is in an unusable state, this field contains the code that describes the issue.

message

string

False

If the cluster is in an unusable state, this field contains a message that describes the issue.

StorageInfo

Contains information about storage volumes attached to Amazon MSK broker nodes.

PropertyTypeRequiredDescription
ebsStorageInfo

EBSStorageInfo

False

EBS volume information.

StorageMode

Controls storage mode for various supported storage tiers.

  • LOCAL

  • TIERED

Tls

Details for client authentication using TLS.

PropertyTypeRequiredDescription
certificateAuthorityArnList

Array of type string

False

List of AWS Private CA Amazon Resource Name (ARN)s.

enabled

boolean

False

TLS authentication is enabled or not.

Unauthenticated

Details for allowing no client authentication.

PropertyTypeRequiredDescription
enabled

boolean

False

Unauthenticated is enabled or not.

VpcConnectivity

VPC connection control settings for brokers.

PropertyTypeRequiredDescription
clientAuthentication

VpcConnectivityClientAuthentication

False

VPC connection control settings for brokers.

VpcConnectivityClientAuthentication

Includes all client authentication information for VpcConnectivity.

PropertyTypeRequiredDescription
sasl

VpcConnectivitySasl

False

Details for VpcConnectivity ClientAuthentication using SASL.

tls

VpcConnectivityTls

False

Details for VpcConnectivity ClientAuthentication using TLS.

VpcConnectivityIAM

Details for SASL/IAM client authentication for VpcConnectivity.

PropertyTypeRequiredDescription
enabled

boolean

False

SASL/IAM authentication is enabled or not.

VpcConnectivitySasl

Details for client authentication using SASL for VpcConnectivity.

PropertyTypeRequiredDescription
iam

VpcConnectivityIAM

False

Details for ClientAuthentication using IAM for VpcConnectivity.

scram

VpcConnectivityScram

False

Details for SASL/SCRAM client authentication for VpcConnectivity.

VpcConnectivityScram

Details for SASL/SCRAM client authentication for vpcConnectivity.

PropertyTypeRequiredDescription
enabled

boolean

False

SASL/SCRAM authentication is enabled or not.

VpcConnectivityTls

Details for client authentication using TLS for vpcConnectivity.

PropertyTypeRequiredDescription
enabled

boolean

False

TLS authentication is enabled or not.

See also

For more information about using this API in one of the language-specific AWS SDKs and references, see the following:

DeleteCluster

DescribeCluster