README
¶
Amazon Managed Streaming for Apache Kafka Construct Library
---
The APIs of higher level constructs in this module are experimental and under active development. They are subject to non-backward compatible changes or removal in any future version. These are not subject to the Semantic Versioning model and breaking changes will be announced in the release notes. This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
Amazon MSK is a fully managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data.
The following example creates an MSK Cluster.
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
})
Allowing Connections
To control who can access the Cluster, use the .connections attribute. For a list of ports used by MSK, refer to the MSK documentation.
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
})
cluster.connections.AllowFrom(ec2.Peer_Ipv4(jsii.String("1.2.3.4/8")), ec2.Port_Tcp(jsii.Number(2181)))
cluster.connections.AllowFrom(ec2.Peer_Ipv4(jsii.String("1.2.3.4/8")), ec2.Port_Tcp(jsii.Number(9094)))
Cluster Endpoints
You can use the following attributes to get a list of the Kafka broker or ZooKeeper node endpoints
var cluster Cluster
awscdk.NewCfnOutput(this, jsii.String("BootstrapBrokers"), &CfnOutputProps{
Value: cluster.bootstrapBrokers,
})
awscdk.NewCfnOutput(this, jsii.String("BootstrapBrokersTls"), &CfnOutputProps{
Value: cluster.bootstrapBrokersTls,
})
awscdk.NewCfnOutput(this, jsii.String("BootstrapBrokersSaslScram"), &CfnOutputProps{
Value: cluster.bootstrapBrokersSaslScram,
})
awscdk.NewCfnOutput(this, jsii.String("BootstrapBrokerStringSaslIam"), &CfnOutputProps{
Value: cluster.bootstrapBrokersSaslIam,
})
awscdk.NewCfnOutput(this, jsii.String("ZookeeperConnection"), &CfnOutputProps{
Value: cluster.zookeeperConnectionString,
})
awscdk.NewCfnOutput(this, jsii.String("ZookeeperConnectionTls"), &CfnOutputProps{
Value: cluster.zookeeperConnectionStringTls,
})
Importing an existing Cluster
To import an existing MSK cluster into your CDK app use the .fromClusterArn() method.
cluster := msk.Cluster_FromClusterArn(this, jsii.String("Cluster"), jsii.String("arn:aws:kafka:us-west-2:1234567890:cluster/a-cluster/11111111-1111-1111-1111-111111111111-1"))
Client Authentication
MSK supports the following authentication mechanisms.
TLS
To enable client authentication with TLS set the certificateAuthorityArns property to reference your ACM Private CA. More info on Private CAs.
import acmpca "github.com/aws/aws-cdk-go/awscdk"
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
CertificateAuthorities: []ICertificateAuthority{
acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
},
}),
})
SASL/SCRAM
Enable client authentication with SASL/SCRAM:
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
Scram: jsii.Boolean(true),
}),
})
IAM
Enable client authentication with IAM:
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
Iam: jsii.Boolean(true),
}),
})
SASL/IAM + TLS
Enable client authentication with IAM
as well as enable client authentication with TLS by setting the certificateAuthorityArns property to reference your ACM Private CA. More info on Private CAs.
import acmpca "github.com/aws/aws-cdk-go/awscdk"
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_SaslTls(&SaslTlsAuthProps{
Iam: jsii.Boolean(true),
CertificateAuthorities: []ICertificateAuthority{
acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
},
}),
})
Logging
You can deliver Apache Kafka broker logs to one or more of the following destination types: Amazon CloudWatch Logs, Amazon S3, Amazon Data Firehose.
To configure logs to be sent to an S3 bucket, provide a bucket in the logging config.
var vpc Vpc
var bucket IBucket
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
Logging: &BrokerLogging{
S3: &S3LoggingConfiguration{
Bucket: *Bucket,
},
},
})
When the S3 destination is configured, AWS will automatically create an S3 bucket policy
that allows the service to write logs to the bucket. This makes it impossible to later update
that bucket policy. To have CDK create the bucket policy so that future updates can be made,
the @aws-cdk/aws-s3:createDefaultLoggingPolicy feature flag can be used. This can be set
in the cdk.json file.
{
"context": {
"@aws-cdk/aws-s3:createDefaultLoggingPolicy": true
}
}
Storage Mode
You can configure an MSK cluster storage mode using the storageMode property.
Tiered storage is a low-cost storage tier for Amazon MSK that scales to virtually unlimited storage, making it cost-effective to build streaming data applications.
Visit Tiered storage to see the list of compatible Kafka versions and for more details.
var vpc Vpc
var bucket IBucket
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
StorageMode: msk.StorageMode_TIERED,
})
MSK Express Brokers
You can create an MSK cluster with Express Brokers by setting the brokerType property to BrokerType.EXPRESS. Express Brokers are a low-cost option for development, testing, and workloads that don't require the high availability guarantees of standard MSK cluster.
For more information, see Amazon MSK Express Brokers.
Note: When using Express Brokers, the following constraints apply:
- Apache Kafka version must be 3.6.x, 3.8.x, or 3.9.x
- You must specify the
instanceType - The VPC must have at least 3 subnets (across 3 AZs)
ebsStorageInfois not supportedstorageModeis not supportedloggingis not supported- Supported broker sizes:
m7g.xlarge,m7g.2xlarge,m7g.4xlarge,m7g.8xlarge,m7g.12xlarge,m7g.16xlarge
var vpc Vpc
expressCluster := msk.NewCluster(this, jsii.String("ExpressCluster"), &ClusterProps{
ClusterName: jsii.String("MyExpressCluster"),
KafkaVersion: msk.KafkaVersion_V3_8_X(),
Vpc: Vpc,
BrokerType: msk.BrokerType_EXPRESS,
InstanceType: ec2.InstanceType_Of(ec2.InstanceClass_M7G, ec2.InstanceSize_XLARGE),
})
MSK Serverless
You can also use MSK Serverless by using ServerlessCluster class.
MSK Serverless is a cluster type for Amazon MSK that makes it possible for you to run Apache Kafka without having to manage and scale cluster capacity.
MSK Serverless requires IAM access control for all clusters.
For more infomation, see Use MSK Serverless clusters.
var vpc Vpc
serverlessCluster := msk.NewServerlessCluster(this, jsii.String("ServerlessCluster"), &ServerlessClusterProps{
ClusterName: jsii.String("MyServerlessCluster"),
VpcConfigs: []VpcConfig{
&VpcConfig{
Vpc: *Vpc,
},
},
})
Documentation
¶
Overview ¶
The CDK Construct Library for AWS::MSK
Index ¶
- func ClusterBase_IsConstruct(x interface{}) *bool
- func ClusterBase_IsOwnedResource(construct constructs.IConstruct) *bool
- func ClusterBase_IsResource(construct constructs.IConstruct) *bool
- func Cluster_IsConstruct(x interface{}) *bool
- func Cluster_IsOwnedResource(construct constructs.IConstruct) *bool
- func Cluster_IsResource(construct constructs.IConstruct) *bool
- func Cluster_PROPERTY_INJECTION_ID() *string
- func NewClusterBase_Override(c ClusterBase, scope constructs.Construct, id *string, ...)
- func NewCluster_Override(c Cluster, scope constructs.Construct, id *string, props *ClusterProps)
- func NewServerlessCluster_Override(s ServerlessCluster, scope constructs.Construct, id *string, ...)
- func ServerlessCluster_IsConstruct(x interface{}) *bool
- func ServerlessCluster_IsOwnedResource(construct constructs.IConstruct) *bool
- func ServerlessCluster_IsResource(construct constructs.IConstruct) *bool
- func ServerlessCluster_PROPERTY_INJECTION_ID() *string
- type BrokerLogging
- type BrokerType
- type ClientAuthentication
- type ClientBrokerEncryption
- type Cluster
- type ClusterBase
- type ClusterConfigurationInfo
- type ClusterMonitoringLevel
- type ClusterProps
- type EbsStorageInfo
- type EncryptionInTransitConfig
- type ICluster
- type KafkaVersion
- func KafkaVersion_Of(version *string, features *KafkaVersionFeatures) KafkaVersion
- func KafkaVersion_V1_1_1() KafkaVersion
- func KafkaVersion_V2_1_0() KafkaVersion
- func KafkaVersion_V2_2_1() KafkaVersion
- func KafkaVersion_V2_3_1() KafkaVersion
- func KafkaVersion_V2_4_1() KafkaVersion
- func KafkaVersion_V2_4_1_1() KafkaVersion
- func KafkaVersion_V2_5_1() KafkaVersion
- func KafkaVersion_V2_6_0() KafkaVersion
- func KafkaVersion_V2_6_1() KafkaVersion
- func KafkaVersion_V2_6_2() KafkaVersion
- func KafkaVersion_V2_6_3() KafkaVersion
- func KafkaVersion_V2_7_0() KafkaVersion
- func KafkaVersion_V2_7_1() KafkaVersion
- func KafkaVersion_V2_7_2() KafkaVersion
- func KafkaVersion_V2_8_0() KafkaVersion
- func KafkaVersion_V2_8_1() KafkaVersion
- func KafkaVersion_V2_8_2_TIERED() KafkaVersion
- func KafkaVersion_V3_1_1() KafkaVersion
- func KafkaVersion_V3_2_0() KafkaVersion
- func KafkaVersion_V3_3_1() KafkaVersion
- func KafkaVersion_V3_3_2() KafkaVersion
- func KafkaVersion_V3_4_0() KafkaVersion
- func KafkaVersion_V3_5_1() KafkaVersion
- func KafkaVersion_V3_6_0() KafkaVersion
- func KafkaVersion_V3_7_X() KafkaVersion
- func KafkaVersion_V3_7_X_KRAFT() KafkaVersion
- func KafkaVersion_V3_8_X() KafkaVersion
- func KafkaVersion_V3_8_X_KRAFT() KafkaVersion
- func KafkaVersion_V3_9_X() KafkaVersion
- func KafkaVersion_V3_9_X_KRAFT() KafkaVersion
- func KafkaVersion_V4_0_X_KRAFT() KafkaVersion
- func KafkaVersion_V4_1_X_KRAFT() KafkaVersion
- type KafkaVersionFeatures
- type MonitoringConfiguration
- type S3LoggingConfiguration
- type SaslAuthProps
- type SaslTlsAuthProps
- type ServerlessCluster
- type ServerlessClusterProps
- type StorageMode
- type TlsAuthProps
- type VpcConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClusterBase_IsConstruct ¶
func ClusterBase_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.
func ClusterBase_IsOwnedResource ¶
func ClusterBase_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise. Experimental.
func ClusterBase_IsResource ¶
func ClusterBase_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func Cluster_IsConstruct ¶
func Cluster_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.
func Cluster_IsOwnedResource ¶
func Cluster_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise. Experimental.
func Cluster_IsResource ¶
func Cluster_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func Cluster_PROPERTY_INJECTION_ID ¶
func Cluster_PROPERTY_INJECTION_ID() *string
func NewClusterBase_Override ¶
func NewClusterBase_Override(c ClusterBase, scope constructs.Construct, id *string, props *awscdk.ResourceProps)
Experimental.
func NewCluster_Override ¶
func NewCluster_Override(c Cluster, scope constructs.Construct, id *string, props *ClusterProps)
Experimental.
func NewServerlessCluster_Override ¶
func NewServerlessCluster_Override(s ServerlessCluster, scope constructs.Construct, id *string, props *ServerlessClusterProps)
Experimental.
func ServerlessCluster_IsConstruct ¶
func ServerlessCluster_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.
Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.
Returns: true if `x` is an object created from a class which extends `Construct`. Experimental.
func ServerlessCluster_IsOwnedResource ¶
func ServerlessCluster_IsOwnedResource(construct constructs.IConstruct) *bool
Returns true if the construct was created by CDK, and false otherwise. Experimental.
func ServerlessCluster_IsResource ¶
func ServerlessCluster_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func ServerlessCluster_PROPERTY_INJECTION_ID ¶
func ServerlessCluster_PROPERTY_INJECTION_ID() *string
Types ¶
type BrokerLogging ¶
type BrokerLogging struct {
// The CloudWatch Logs group that is the destination for broker logs.
// Default: - disabled.
//
// Experimental.
CloudwatchLogGroup awslogs.ILogGroup `field:"optional" json:"cloudwatchLogGroup" yaml:"cloudwatchLogGroup"`
// The Amazon Data Firehose delivery stream that is the destination for broker logs.
// Default: - disabled.
//
// Experimental.
FirehoseDeliveryStreamName *string `field:"optional" json:"firehoseDeliveryStreamName" yaml:"firehoseDeliveryStreamName"`
// Details of the Amazon S3 destination for broker logs.
// Default: - disabled.
//
// Experimental.
S3 *S3LoggingConfiguration `field:"optional" json:"s3" yaml:"s3"`
}
Configuration details related to broker logs.
Example:
var vpc Vpc
var bucket IBucket
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
Logging: &BrokerLogging{
S3: &S3LoggingConfiguration{
Bucket: *Bucket,
},
},
})
Experimental.
type BrokerType ¶
type BrokerType string
The broker type for the cluster.
Example:
var vpc Vpc
expressCluster := msk.NewCluster(this, jsii.String("ExpressCluster"), &ClusterProps{
ClusterName: jsii.String("MyExpressCluster"),
KafkaVersion: msk.KafkaVersion_V3_8_X(),
Vpc: Vpc,
BrokerType: msk.BrokerType_EXPRESS,
InstanceType: ec2.InstanceType_Of(ec2.InstanceClass_M7G, ec2.InstanceSize_XLARGE),
})
Experimental.
const ( // Standard brokers provide high-availability guarantees. // Experimental. BrokerType_STANDARD BrokerType = "STANDARD" // Express brokers are a low-cost option for development, testing, and workloads that don't require the high availability guarantees of standard MSK cluster. // Experimental. BrokerType_EXPRESS BrokerType = "EXPRESS" )
type ClientAuthentication ¶
type ClientAuthentication interface {
// - properties for SASL authentication.
// Experimental.
SaslProps() *SaslAuthProps
// - properties for TLS authentication.
// Experimental.
TlsProps() *TlsAuthProps
}
Configuration properties for client authentication.
Example:
import acmpca "github.com/aws/aws-cdk-go/awscdk"
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
CertificateAuthorities: []ICertificateAuthority{
acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
},
}),
})
Experimental.
func ClientAuthentication_Sasl ¶
func ClientAuthentication_Sasl(props *SaslAuthProps) ClientAuthentication
SASL authentication. Experimental.
func ClientAuthentication_SaslTls ¶
func ClientAuthentication_SaslTls(saslTlsProps *SaslTlsAuthProps) ClientAuthentication
SASL + TLS authentication. Experimental.
func ClientAuthentication_Tls ¶
func ClientAuthentication_Tls(props *TlsAuthProps) ClientAuthentication
TLS authentication. Experimental.
type ClientBrokerEncryption ¶
type ClientBrokerEncryption string
Indicates the encryption setting for data in transit between clients and brokers.
Example:
import acmpca "github.com/aws/aws-cdk-go/awscdk"
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
CertificateAuthorities: []ICertificateAuthority{
acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
},
}),
})
Experimental.
const ( // TLS means that client-broker communication is enabled with TLS only. // Experimental. ClientBrokerEncryption_TLS ClientBrokerEncryption = "TLS" // TLS_PLAINTEXT means that client-broker communication is enabled for both TLS-encrypted, as well as plaintext data. // Experimental. ClientBrokerEncryption_TLS_PLAINTEXT ClientBrokerEncryption = "TLS_PLAINTEXT" // PLAINTEXT means that client-broker communication is enabled in plaintext only. // Experimental. ClientBrokerEncryption_PLAINTEXT ClientBrokerEncryption = "PLAINTEXT" )
type Cluster ¶
type Cluster interface {
ClusterBase
// Get the list of brokers that a client application can use to bootstrap.
//
// Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK.
//
// Returns: - A string containing one or more hostname:port pairs.
// Experimental.
BootstrapBrokers() *string
// Get the list of brokers that a SASL/IAM authenticated client application can use to bootstrap.
//
// Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK.
//
// Returns: - A string containing one or more DNS names (or IP) and TLS port pairs.
// Experimental.
BootstrapBrokersSaslIam() *string
// Get the list of brokers that a SASL/SCRAM authenticated client application can use to bootstrap.
//
// Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK.
//
// Returns: - A string containing one or more dns name (or IP) and SASL SCRAM port pairs.
// Experimental.
BootstrapBrokersSaslScram() *string
// Get the list of brokers that a TLS authenticated client application can use to bootstrap.
//
// Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK.
//
// Returns: - A string containing one or more DNS names (or IP) and TLS port pairs.
// Experimental.
BootstrapBrokersTls() *string
// The ARN of cluster.
// Experimental.
ClusterArn() *string
// The physical name of the cluster.
// Experimental.
ClusterName() *string
// Manages connections for the cluster.
// Experimental.
Connections() awsec2.Connections
// The environment this resource belongs to.
//
// For resources that are created and managed in a Stack (those created by
// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
// is always the same as the environment of the stack they belong to.
//
// For referenced resources (those obtained from referencing methods like
// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
// different than the stack they were imported into.
// Experimental.
Env() *interfaces.ResourceEnvironment
// The tree node.
// Experimental.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
// Experimental.
PhysicalName() *string
// Key used to encrypt SASL/SCRAM users.
// Experimental.
SaslScramAuthenticationKey() awskms.IKey
// The stack in which this resource is defined.
// Experimental.
Stack() awscdk.Stack
// Get the ZooKeeper Connection string.
//
// Uses a Custom Resource to make an API call to `describeCluster` using the Javascript SDK.
//
// Returns: - The connection string to use to connect to the Apache ZooKeeper cluster.
// Experimental.
ZookeeperConnectionString() *string
// Get the ZooKeeper Connection string for a TLS enabled cluster.
//
// Uses a Custom Resource to make an API call to `describeCluster` using the Javascript SDK.
//
// Returns: - The connection string to use to connect to zookeeper cluster on TLS port.
// Experimental.
ZookeeperConnectionStringTls() *string
// A list of usersnames to register with the cluster.
//
// The password will automatically be generated using Secrets
// Manager and the { username, password } JSON object stored in Secrets Manager as `AmazonMSK_username`.
//
// Must be using the SASL/SCRAM authentication mechanism.
// Experimental.
AddUser(usernames ...*string)
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
// Experimental.
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
// Experimental.
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
// Experimental.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
// Experimental.
GetResourceNameAttribute(nameAttr *string) *string
// Returns a string representation of this construct.
// Experimental.
ToString() *string
// Applies one or more mixins to this construct.
//
// Mixins are applied in order. The list of constructs is captured at the
// start of the call, so constructs added by a mixin will not be visited.
// Use multiple `with()` calls if subsequent mixins should apply to added
// constructs.
// Experimental.
With(mixins ...constructs.IMixin) constructs.IConstruct
}
Create a MSK Cluster.
Example:
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
Scram: jsii.Boolean(true),
}),
})
Experimental.
func NewCluster ¶
func NewCluster(scope constructs.Construct, id *string, props *ClusterProps) Cluster
Experimental.
type ClusterBase ¶
type ClusterBase interface {
awscdk.Resource
ICluster
// The ARN of cluster.
// Experimental.
ClusterArn() *string
// The physical name of the cluster.
// Experimental.
ClusterName() *string
// Manages connections for the cluster.
// Experimental.
Connections() awsec2.Connections
// The environment this resource belongs to.
//
// For resources that are created and managed in a Stack (those created by
// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
// is always the same as the environment of the stack they belong to.
//
// For referenced resources (those obtained from referencing methods like
// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
// different than the stack they were imported into.
// Experimental.
Env() *interfaces.ResourceEnvironment
// The tree node.
// Experimental.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
// Experimental.
PhysicalName() *string
// The stack in which this resource is defined.
// Experimental.
Stack() awscdk.Stack
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
// Experimental.
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
// Experimental.
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
// Experimental.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
// Experimental.
GetResourceNameAttribute(nameAttr *string) *string
// Returns a string representation of this construct.
// Experimental.
ToString() *string
// Applies one or more mixins to this construct.
//
// Mixins are applied in order. The list of constructs is captured at the
// start of the call, so constructs added by a mixin will not be visited.
// Use multiple `with()` calls if subsequent mixins should apply to added
// constructs.
// Experimental.
With(mixins ...constructs.IMixin) constructs.IConstruct
}
A new or imported MSK Cluster. Experimental.
type ClusterConfigurationInfo ¶
type ClusterConfigurationInfo struct {
// The Amazon Resource Name (ARN) of the MSK configuration to use.
//
// For example, arn:aws:kafka:us-east-1:123456789012:configuration/example-configuration-name/abcdabcd-1234-abcd-1234-abcd123e8e8e-1.
// Experimental.
Arn *string `field:"required" json:"arn" yaml:"arn"`
// The revision of the Amazon MSK configuration to use.
// Experimental.
Revision *float64 `field:"required" json:"revision" yaml:"revision"`
}
The Amazon MSK configuration to use for the cluster.
Note: There is currently no Cloudformation Resource to create a Configuration.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import msk_alpha "github.com/aws/aws-cdk-go/awscdkmskalpha"
clusterConfigurationInfo := &ClusterConfigurationInfo{
Arn: jsii.String("arn"),
Revision: jsii.Number(123),
}
Experimental.
type ClusterMonitoringLevel ¶
type ClusterMonitoringLevel string
The level of monitoring for the MSK cluster. See: https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html#metrics-details
Experimental.
const ( // Default metrics are the essential metrics to monitor. // Experimental. ClusterMonitoringLevel_DEFAULT ClusterMonitoringLevel = "DEFAULT" // Per Broker metrics give you metrics at the broker level. // Experimental. ClusterMonitoringLevel_PER_BROKER ClusterMonitoringLevel = "PER_BROKER" // Per Topic Per Broker metrics help you understand volume at the topic level. // Experimental. ClusterMonitoringLevel_PER_TOPIC_PER_BROKER ClusterMonitoringLevel = "PER_TOPIC_PER_BROKER" // Per Topic Per Partition metrics help you understand consumer group lag at the topic partition level. // Experimental. ClusterMonitoringLevel_PER_TOPIC_PER_PARTITION ClusterMonitoringLevel = "PER_TOPIC_PER_PARTITION" )
type ClusterProps ¶
type ClusterProps struct {
// The physical name of the cluster.
// Experimental.
ClusterName *string `field:"required" json:"clusterName" yaml:"clusterName"`
// The version of Apache Kafka.
// Experimental.
KafkaVersion KafkaVersion `field:"required" json:"kafkaVersion" yaml:"kafkaVersion"`
// Defines the virtual networking environment for this cluster.
//
// Must have at least 2 subnets in two different AZs.
// Experimental.
Vpc awsec2.IVpc `field:"required" json:"vpc" yaml:"vpc"`
// The broker type for the cluster.
//
// When set to EXPRESS, the cluster will be created with Express Brokers.
// When this is set to EXPRESS, instanceType must also be specified.
// Default: BrokerType.STANDARD
//
// Experimental.
BrokerType BrokerType `field:"optional" json:"brokerType" yaml:"brokerType"`
// Configuration properties for client authentication.
//
// MSK supports using private TLS certificates or SASL/SCRAM to authenticate the identity of clients.
// Default: - disabled.
//
// Experimental.
ClientAuthentication ClientAuthentication `field:"optional" json:"clientAuthentication" yaml:"clientAuthentication"`
// The Amazon MSK configuration to use for the cluster.
// Default: - none.
//
// Experimental.
ConfigurationInfo *ClusterConfigurationInfo `field:"optional" json:"configurationInfo" yaml:"configurationInfo"`
// Information about storage volumes attached to MSK broker nodes.
// Default: - 1000 GiB EBS volume.
//
// Experimental.
EbsStorageInfo *EbsStorageInfo `field:"optional" json:"ebsStorageInfo" yaml:"ebsStorageInfo"`
// Config details for encryption in transit.
// Default: - enabled.
//
// Experimental.
EncryptionInTransit *EncryptionInTransitConfig `field:"optional" json:"encryptionInTransit" yaml:"encryptionInTransit"`
// The EC2 instance type that you want Amazon MSK to use when it creates your brokers.
// See: https://docs.aws.amazon.com/msk/latest/developerguide/msk-create-cluster.html#broker-instance-types
//
// Default: kafka.m5.large
//
// Experimental.
InstanceType awsec2.InstanceType `field:"optional" json:"instanceType" yaml:"instanceType"`
// Configure your MSK cluster to send broker logs to different destination types.
// Default: - disabled.
//
// Experimental.
Logging *BrokerLogging `field:"optional" json:"logging" yaml:"logging"`
// Cluster monitoring configuration.
// Default: - DEFAULT monitoring level.
//
// Experimental.
Monitoring *MonitoringConfiguration `field:"optional" json:"monitoring" yaml:"monitoring"`
// Number of Apache Kafka brokers deployed in each Availability Zone.
// Default: 1.
//
// Experimental.
NumberOfBrokerNodes *float64 `field:"optional" json:"numberOfBrokerNodes" yaml:"numberOfBrokerNodes"`
// What to do when this resource is deleted from a stack.
// Default: RemovalPolicy.RETAIN
//
// Experimental.
RemovalPolicy awscdk.RemovalPolicy `field:"optional" json:"removalPolicy" yaml:"removalPolicy"`
// The AWS security groups to associate with the elastic network interfaces in order to specify who can connect to and communicate with the Amazon MSK cluster.
// Default: - create new security group.
//
// Experimental.
SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
// This controls storage mode for supported storage tiers.
// See: https://docs.aws.amazon.com/msk/latest/developerguide/msk-tiered-storage.html
//
// Default: - StorageMode.LOCAL
//
// Experimental.
StorageMode StorageMode `field:"optional" json:"storageMode" yaml:"storageMode"`
// Where to place the nodes within the VPC.
//
// Amazon MSK distributes the broker nodes evenly across the subnets that you specify.
// The subnets that you specify must be in distinct Availability Zones.
// Client subnets can't be in Availability Zone us-east-1e.
// Default: - the Vpc default strategy if not specified.
//
// Experimental.
VpcSubnets *awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
}
Properties for a MSK Cluster.
Example:
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
Scram: jsii.Boolean(true),
}),
})
Experimental.
type EbsStorageInfo ¶
type EbsStorageInfo struct {
// The AWS KMS key for encrypting data at rest.
// Default: Uses AWS managed CMK (aws/kafka).
//
// Experimental.
EncryptionKey interfacesawskms.IKeyRef `field:"optional" json:"encryptionKey" yaml:"encryptionKey"`
// The size in GiB of the EBS volume for the data drive on each broker node.
// Default: 1000.
//
// Experimental.
VolumeSize *float64 `field:"optional" json:"volumeSize" yaml:"volumeSize"`
}
EBS volume information.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import msk_alpha "github.com/aws/aws-cdk-go/awscdkmskalpha"
import "github.com/aws/aws-cdk-go/awscdk"
var keyRef IKeyRef
ebsStorageInfo := &EbsStorageInfo{
EncryptionKey: keyRef,
VolumeSize: jsii.Number(123),
}
Experimental.
type EncryptionInTransitConfig ¶
type EncryptionInTransitConfig struct {
// Indicates the encryption setting for data in transit between clients and brokers.
// Default: - TLS.
//
// Experimental.
ClientBroker ClientBrokerEncryption `field:"optional" json:"clientBroker" yaml:"clientBroker"`
// Indicates that data communication among the broker nodes of the cluster is encrypted.
// Default: true.
//
// Experimental.
EnableInCluster *bool `field:"optional" json:"enableInCluster" yaml:"enableInCluster"`
}
The settings for encrypting data in transit.
Example:
import acmpca "github.com/aws/aws-cdk-go/awscdk"
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
CertificateAuthorities: []ICertificateAuthority{
acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
},
}),
})
See: https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html#msk-encryption-in-transit
Experimental.
type ICluster ¶
type ICluster interface {
awsec2.IConnectable
awscdk.IResource
// The ARN of cluster.
// Experimental.
ClusterArn() *string
// The physical name of the cluster.
// Experimental.
ClusterName() *string
}
Represents a MSK Cluster. Experimental.
func Cluster_FromClusterArn ¶
func Cluster_FromClusterArn(scope constructs.Construct, id *string, clusterArn *string) ICluster
Reference an existing cluster, defined outside of the CDK code, by name. Experimental.
func ServerlessCluster_FromClusterArn ¶
func ServerlessCluster_FromClusterArn(scope constructs.Construct, id *string, clusterArn *string) ICluster
Reference an existing cluster, defined outside of the CDK code, by name. Experimental.
type KafkaVersion ¶
type KafkaVersion interface {
// features for the cluster version.
// Experimental.
Features() *KafkaVersionFeatures
// cluster version number.
// Experimental.
Version() *string
// Checks if the cluster version supports tiered storage mode.
// Experimental.
IsTieredStorageCompatible() *bool
}
Kafka cluster version.
Example:
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
Scram: jsii.Boolean(true),
}),
})
Experimental.
func KafkaVersion_Of ¶
func KafkaVersion_Of(version *string, features *KafkaVersionFeatures) KafkaVersion
Custom cluster version. Experimental.
func KafkaVersion_V1_1_1 ¶
func KafkaVersion_V1_1_1() KafkaVersion
func KafkaVersion_V2_1_0 ¶
func KafkaVersion_V2_1_0() KafkaVersion
func KafkaVersion_V2_2_1 ¶
func KafkaVersion_V2_2_1() KafkaVersion
func KafkaVersion_V2_3_1 ¶
func KafkaVersion_V2_3_1() KafkaVersion
func KafkaVersion_V2_4_1 ¶
func KafkaVersion_V2_4_1() KafkaVersion
func KafkaVersion_V2_4_1_1 ¶
func KafkaVersion_V2_4_1_1() KafkaVersion
func KafkaVersion_V2_5_1 ¶
func KafkaVersion_V2_5_1() KafkaVersion
func KafkaVersion_V2_6_0 ¶
func KafkaVersion_V2_6_0() KafkaVersion
func KafkaVersion_V2_6_1 ¶
func KafkaVersion_V2_6_1() KafkaVersion
func KafkaVersion_V2_6_2 ¶
func KafkaVersion_V2_6_2() KafkaVersion
func KafkaVersion_V2_6_3 ¶
func KafkaVersion_V2_6_3() KafkaVersion
func KafkaVersion_V2_7_0 ¶
func KafkaVersion_V2_7_0() KafkaVersion
func KafkaVersion_V2_7_1 ¶
func KafkaVersion_V2_7_1() KafkaVersion
func KafkaVersion_V2_7_2 ¶
func KafkaVersion_V2_7_2() KafkaVersion
func KafkaVersion_V2_8_0 ¶
func KafkaVersion_V2_8_0() KafkaVersion
func KafkaVersion_V2_8_1 ¶
func KafkaVersion_V2_8_1() KafkaVersion
func KafkaVersion_V2_8_2_TIERED ¶
func KafkaVersion_V2_8_2_TIERED() KafkaVersion
func KafkaVersion_V3_1_1 ¶
func KafkaVersion_V3_1_1() KafkaVersion
func KafkaVersion_V3_2_0 ¶
func KafkaVersion_V3_2_0() KafkaVersion
func KafkaVersion_V3_3_1 ¶
func KafkaVersion_V3_3_1() KafkaVersion
func KafkaVersion_V3_3_2 ¶
func KafkaVersion_V3_3_2() KafkaVersion
func KafkaVersion_V3_4_0 ¶
func KafkaVersion_V3_4_0() KafkaVersion
func KafkaVersion_V3_5_1 ¶
func KafkaVersion_V3_5_1() KafkaVersion
func KafkaVersion_V3_6_0 ¶
func KafkaVersion_V3_6_0() KafkaVersion
func KafkaVersion_V3_7_X ¶
func KafkaVersion_V3_7_X() KafkaVersion
func KafkaVersion_V3_7_X_KRAFT ¶
func KafkaVersion_V3_7_X_KRAFT() KafkaVersion
func KafkaVersion_V3_8_X ¶
func KafkaVersion_V3_8_X() KafkaVersion
func KafkaVersion_V3_8_X_KRAFT ¶
func KafkaVersion_V3_8_X_KRAFT() KafkaVersion
func KafkaVersion_V3_9_X ¶
func KafkaVersion_V3_9_X() KafkaVersion
func KafkaVersion_V3_9_X_KRAFT ¶
func KafkaVersion_V3_9_X_KRAFT() KafkaVersion
func KafkaVersion_V4_0_X_KRAFT ¶
func KafkaVersion_V4_0_X_KRAFT() KafkaVersion
func KafkaVersion_V4_1_X_KRAFT ¶
func KafkaVersion_V4_1_X_KRAFT() KafkaVersion
type KafkaVersionFeatures ¶
type KafkaVersionFeatures struct {
// Whether the Kafka version supports tiered storage mode.
// See: https://docs.aws.amazon.com/msk/latest/developerguide/msk-tiered-storage.html#msk-tiered-storage-requirements
//
// Default: false.
//
// Experimental.
TieredStorage *bool `field:"optional" json:"tieredStorage" yaml:"tieredStorage"`
}
Available features for a given Kafka version.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import msk_alpha "github.com/aws/aws-cdk-go/awscdkmskalpha"
kafkaVersionFeatures := &KafkaVersionFeatures{
TieredStorage: jsii.Boolean(false),
}
Experimental.
type MonitoringConfiguration ¶
type MonitoringConfiguration struct {
// Specifies the level of monitoring for the MSK cluster.
// Default: DEFAULT.
//
// Experimental.
ClusterMonitoringLevel ClusterMonitoringLevel `field:"optional" json:"clusterMonitoringLevel" yaml:"clusterMonitoringLevel"`
// Indicates whether you want to enable or disable the JMX Exporter.
// Default: false.
//
// Experimental.
EnablePrometheusJmxExporter *bool `field:"optional" json:"enablePrometheusJmxExporter" yaml:"enablePrometheusJmxExporter"`
// Indicates whether you want to enable or disable the Prometheus Node Exporter.
//
// You can use the Prometheus Node Exporter to get CPU and disk metrics for the broker nodes.
// Default: false.
//
// Experimental.
EnablePrometheusNodeExporter *bool `field:"optional" json:"enablePrometheusNodeExporter" yaml:"enablePrometheusNodeExporter"`
}
Monitoring Configuration.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import msk_alpha "github.com/aws/aws-cdk-go/awscdkmskalpha"
monitoringConfiguration := &MonitoringConfiguration{
ClusterMonitoringLevel: msk_alpha.ClusterMonitoringLevel_DEFAULT,
EnablePrometheusJmxExporter: jsii.Boolean(false),
EnablePrometheusNodeExporter: jsii.Boolean(false),
}
Experimental.
type S3LoggingConfiguration ¶
type S3LoggingConfiguration struct {
// The S3 bucket that is the destination for broker logs.
// Experimental.
Bucket awss3.IBucket `field:"required" json:"bucket" yaml:"bucket"`
// The S3 prefix that is the destination for broker logs.
// Default: - no prefix.
//
// Experimental.
Prefix *string `field:"optional" json:"prefix" yaml:"prefix"`
}
Details of the Amazon S3 destination for broker logs.
Example:
var vpc Vpc
var bucket IBucket
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
Logging: &BrokerLogging{
S3: &S3LoggingConfiguration{
Bucket: *Bucket,
},
},
})
Experimental.
type SaslAuthProps ¶
type SaslAuthProps struct {
// Enable IAM access control.
// Default: false.
//
// Experimental.
Iam *bool `field:"optional" json:"iam" yaml:"iam"`
// KMS Key to encrypt SASL/SCRAM secrets.
//
// You must use a customer master key (CMK) when creating users in secrets manager.
// You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key.
// Default: - CMK will be created with alias msk/{clusterName}/sasl/scram.
//
// Experimental.
Key interfacesawskms.IKeyRef `field:"optional" json:"key" yaml:"key"`
// Enable SASL/SCRAM authentication.
// Default: false.
//
// Experimental.
Scram *bool `field:"optional" json:"scram" yaml:"scram"`
}
SASL authentication properties.
Example:
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Sasl(&SaslAuthProps{
Scram: jsii.Boolean(true),
}),
})
Experimental.
type SaslTlsAuthProps ¶
type SaslTlsAuthProps struct {
// Enable IAM access control.
// Default: false.
//
// Experimental.
Iam *bool `field:"optional" json:"iam" yaml:"iam"`
// KMS Key to encrypt SASL/SCRAM secrets.
//
// You must use a customer master key (CMK) when creating users in secrets manager.
// You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key.
// Default: - CMK will be created with alias msk/{clusterName}/sasl/scram.
//
// Experimental.
Key interfacesawskms.IKeyRef `field:"optional" json:"key" yaml:"key"`
// Enable SASL/SCRAM authentication.
// Default: false.
//
// Experimental.
Scram *bool `field:"optional" json:"scram" yaml:"scram"`
// List of ACM Certificate Authorities to enable TLS authentication.
// Default: - none.
//
// Experimental.
CertificateAuthorities *[]awsacmpca.ICertificateAuthority `field:"optional" json:"certificateAuthorities" yaml:"certificateAuthorities"`
}
SASL + TLS authentication properties.
Example:
import acmpca "github.com/aws/aws-cdk-go/awscdk"
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_SaslTls(&SaslTlsAuthProps{
Iam: jsii.Boolean(true),
CertificateAuthorities: []ICertificateAuthority{
acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
},
}),
})
Experimental.
type ServerlessCluster ¶
type ServerlessCluster interface {
ClusterBase
// The ARN of cluster.
// Experimental.
ClusterArn() *string
// The physical name of the cluster.
// Experimental.
ClusterName() *string
// Manages connections for the cluster.
// Experimental.
Connections() awsec2.Connections
// The environment this resource belongs to.
//
// For resources that are created and managed in a Stack (those created by
// creating new class instances like `new Role()`, `new Bucket()`, etc.), this
// is always the same as the environment of the stack they belong to.
//
// For referenced resources (those obtained from referencing methods like
// `Role.fromRoleArn()`, `Bucket.fromBucketName()`, etc.), they might be
// different than the stack they were imported into.
// Experimental.
Env() *interfaces.ResourceEnvironment
// The tree node.
// Experimental.
Node() constructs.Node
// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
//
// This value will resolve to one of the following:
// - a concrete value (e.g. `"my-awesome-bucket"`)
// - `undefined`, when a name should be generated by CloudFormation
// - a concrete name generated automatically during synthesis, in
// cross-environment scenarios.
// Experimental.
PhysicalName() *string
// The stack in which this resource is defined.
// Experimental.
Stack() awscdk.Stack
// Apply the given removal policy to this resource.
//
// The Removal Policy controls what happens to this resource when it stops
// being managed by CloudFormation, either because you've removed it from the
// CDK application or because you've made a change that requires the resource
// to be replaced.
//
// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
// Experimental.
ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
// Experimental.
GeneratePhysicalName() *string
// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
//
// Normally, this token will resolve to `arnAttr`, but if the resource is
// referenced across environments, `arnComponents` will be used to synthesize
// a concrete ARN with the resource's physical name. Make sure to reference
// `this.physicalName` in `arnComponents`.
// Experimental.
GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
//
// Normally, this token will resolve to `nameAttr`, but if the resource is
// referenced across environments, it will be resolved to `this.physicalName`,
// which will be a concrete name.
// Experimental.
GetResourceNameAttribute(nameAttr *string) *string
// Returns a string representation of this construct.
// Experimental.
ToString() *string
// Applies one or more mixins to this construct.
//
// Mixins are applied in order. The list of constructs is captured at the
// start of the call, so constructs added by a mixin will not be visited.
// Use multiple `with()` calls if subsequent mixins should apply to added
// constructs.
// Experimental.
With(mixins ...constructs.IMixin) constructs.IConstruct
}
Create a MSK Serverless Cluster.
Example:
var vpc Vpc
serverlessCluster := msk.NewServerlessCluster(this, jsii.String("ServerlessCluster"), &ServerlessClusterProps{
ClusterName: jsii.String("MyServerlessCluster"),
VpcConfigs: []VpcConfig{
&VpcConfig{
Vpc: *Vpc,
},
},
})
Experimental.
func NewServerlessCluster ¶
func NewServerlessCluster(scope constructs.Construct, id *string, props *ServerlessClusterProps) ServerlessCluster
Experimental.
type ServerlessClusterProps ¶
type ServerlessClusterProps struct {
// The configuration of the Amazon VPCs for the cluster.
//
// You can specify up to 5 VPC configurations.
// Experimental.
VpcConfigs *[]*VpcConfig `field:"required" json:"vpcConfigs" yaml:"vpcConfigs"`
// The physical name of the cluster.
// Default: - auto generate.
//
// Experimental.
ClusterName *string `field:"optional" json:"clusterName" yaml:"clusterName"`
}
Properties for a MSK Serverless Cluster.
Example:
var vpc Vpc
serverlessCluster := msk.NewServerlessCluster(this, jsii.String("ServerlessCluster"), &ServerlessClusterProps{
ClusterName: jsii.String("MyServerlessCluster"),
VpcConfigs: []VpcConfig{
&VpcConfig{
Vpc: *Vpc,
},
},
})
Experimental.
type StorageMode ¶
type StorageMode string
The storage mode for the cluster brokers.
Example:
var vpc Vpc
var bucket IBucket
cluster := msk.NewCluster(this, jsii.String("cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
StorageMode: msk.StorageMode_TIERED,
})
Experimental.
const ( // Local storage mode utilizes network attached EBS storage. // Experimental. StorageMode_LOCAL StorageMode = "LOCAL" // Tiered storage mode utilizes EBS storage and Tiered storage. // Experimental. StorageMode_TIERED StorageMode = "TIERED" )
type TlsAuthProps ¶
type TlsAuthProps struct {
// List of ACM Certificate Authorities to enable TLS authentication.
// Default: - none.
//
// Experimental.
CertificateAuthorities *[]awsacmpca.ICertificateAuthority `field:"optional" json:"certificateAuthorities" yaml:"certificateAuthorities"`
}
TLS authentication properties.
Example:
import acmpca "github.com/aws/aws-cdk-go/awscdk"
var vpc Vpc
cluster := msk.NewCluster(this, jsii.String("Cluster"), &ClusterProps{
ClusterName: jsii.String("myCluster"),
KafkaVersion: msk.KafkaVersion_V4_1_X_KRAFT(),
Vpc: Vpc,
EncryptionInTransit: &EncryptionInTransitConfig{
ClientBroker: msk.ClientBrokerEncryption_TLS,
},
ClientAuthentication: msk.ClientAuthentication_Tls(&TlsAuthProps{
CertificateAuthorities: []ICertificateAuthority{
acmpca.CertificateAuthority_FromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")),
},
}),
})
Experimental.
type VpcConfig ¶
type VpcConfig struct {
// Defines the virtual networking environment for this cluster.
//
// Must have at least 2 subnets in two different AZs.
// Experimental.
Vpc awsec2.IVpc `field:"required" json:"vpc" yaml:"vpc"`
// The security groups associated with the cluster.
//
// You can specify up to 5 security groups.
// Default: - create new security group.
//
// Experimental.
SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
// The subnets associated with the cluster.
// Default: - the Vpc default strategy if not specified.
//
// Experimental.
VpcSubnets *awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
}
The configuration of the Amazon VPCs for the cluster.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import msk_alpha "github.com/aws/aws-cdk-go/awscdkmskalpha"
import "github.com/aws/aws-cdk-go/awscdk"
var securityGroup SecurityGroup
var subnet Subnet
var subnetFilter SubnetFilter
var vpc Vpc
vpcConfig := &VpcConfig{
Vpc: vpc,
// the properties below are optional
SecurityGroups: []ISecurityGroup{
securityGroup,
},
VpcSubnets: &SubnetSelection{
AvailabilityZones: []*string{
jsii.String("availabilityZones"),
},
OnePerAz: jsii.Boolean(false),
SubnetFilters: []SubnetFilter{
subnetFilter,
},
SubnetGroupName: jsii.String("subnetGroupName"),
Subnets: []ISubnet{
subnet,
},
SubnetType: awscdk.Aws_ec2.SubnetType_PRIVATE_ISOLATED,
},
}
Experimental.
Source Files
¶
- BrokerLogging.go
- BrokerType.go
- ClientAuthentication.go
- ClientAuthentication__checks.go
- ClientBrokerEncryption.go
- Cluster.go
- ClusterBase.go
- ClusterBase__checks.go
- ClusterConfigurationInfo.go
- ClusterMonitoringLevel.go
- ClusterProps.go
- Cluster__checks.go
- EbsStorageInfo.go
- EncryptionInTransitConfig.go
- ICluster.go
- ICluster__checks.go
- KafkaVersion.go
- KafkaVersionFeatures.go
- KafkaVersion__checks.go
- MonitoringConfiguration.go
- S3LoggingConfiguration.go
- SaslAuthProps.go
- SaslTlsAuthProps.go
- ServerlessCluster.go
- ServerlessClusterProps.go
- ServerlessCluster__checks.go
- StorageMode.go
- TlsAuthProps.go
- VpcConfig.go
- main.go
Directories
Click to show internal directories.
Click to hide internal directories.