# Amazon Managed Streaming for Apache Kafka Construct Library
<!--BEGIN STABILITY BANNER-->---
> All classes with the `Cfn` prefix in this module ([CFN Resources](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) are always stable and safe to use.
> The APIs of higher level constructs in this module are experimental and under active development.
> They are subject to non-backward compatible changes or removal in any future version. These are
> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be
> announced in the release notes. This means that while you may use them, you may need to update
> your source code when upgrading to a newer version of this package.
---
<!--END STABILITY BANNER-->
[Amazon MSK](https://aws.amazon.com/msk/) is a fully managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data.
The following example creates an MSK Cluster.
```python
# vpc: ec2.Vpc
cluster = msk.Cluster(self, "Cluster",
cluster_name="myCluster",
kafka_version=msk.KafkaVersion.V2_8_1,
vpc=vpc
)
```
## Allowing Connections
To control who can access the Cluster, use the `.connections` attribute. For a list of ports used by MSK, refer to the [MSK documentation](https://docs.aws.amazon.com/msk/latest/developerguide/client-access.html#port-info).
```python
# vpc: ec2.Vpc
cluster = msk.Cluster(self, "Cluster",
cluster_name="myCluster",
kafka_version=msk.KafkaVersion.V2_8_1,
vpc=vpc
)
cluster.connections.allow_from(
ec2.Peer.ipv4("1.2.3.4/8"),
ec2.Port.tcp(2181))
cluster.connections.allow_from(
ec2.Peer.ipv4("1.2.3.4/8"),
ec2.Port.tcp(9094))
```
## Cluster Endpoints
You can use the following attributes to get a list of the Kafka broker or ZooKeeper node endpoints
```python
# cluster: msk.Cluster
CfnOutput(self, "BootstrapBrokers", value=cluster.bootstrap_brokers)
CfnOutput(self, "BootstrapBrokersTls", value=cluster.bootstrap_brokers_tls)
CfnOutput(self, "BootstrapBrokersSaslScram", value=cluster.bootstrap_brokers_sasl_scram)
CfnOutput(self, "ZookeeperConnection", value=cluster.zookeeper_connection_string)
CfnOutput(self, "ZookeeperConnectionTls", value=cluster.zookeeper_connection_string_tls)
```
## Importing an existing Cluster
To import an existing MSK cluster into your CDK app use the `.fromClusterArn()` method.
```python
cluster = msk.Cluster.from_cluster_arn(self, "Cluster", "arn:aws:kafka:us-west-2:1234567890:cluster/a-cluster/11111111-1111-1111-1111-111111111111-1")
```
## Client Authentication
[MSK supports](https://docs.aws.amazon.com/msk/latest/developerguide/kafka_apis_iam.html) the following authentication mechanisms.
> Only one authentication method can be enabled.
### TLS
To enable client authentication with TLS set the `certificateAuthorityArns` property to reference your ACM Private CA. [More info on Private CAs.](https://docs.aws.amazon.com/msk/latest/developerguide/msk-authentication.html)
```python
import aws_cdk.aws_acmpca as acmpca
# vpc: ec2.Vpc
cluster = msk.Cluster(self, "Cluster",
cluster_name="myCluster",
kafka_version=msk.KafkaVersion.V2_8_1,
vpc=vpc,
encryption_in_transit=msk.EncryptionInTransitConfig(
client_broker=msk.ClientBrokerEncryption.TLS
),
client_authentication=msk.ClientAuthentication.tls(
certificate_authorities=[
acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CertificateAuthority", "arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")
]
)
)
```
### SASL/SCRAM
Enable client authentication with [SASL/SCRAM](https://docs.aws.amazon.com/msk/latest/developerguide/msk-password.html):
```python
# vpc: ec2.Vpc
cluster = msk.Cluster(self, "cluster",
cluster_name="myCluster",
kafka_version=msk.KafkaVersion.V2_8_1,
vpc=vpc,
encryption_in_transit=msk.EncryptionInTransitConfig(
client_broker=msk.ClientBrokerEncryption.TLS
),
client_authentication=msk.ClientAuthentication.sasl(
scram=True
)
)
```
### SASL/IAM
Enable client authentication with [IAM](https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html):
```python
# vpc: ec2.Vpc
cluster = msk.Cluster(self, "cluster",
cluster_name="myCluster",
kafka_version=msk.KafkaVersion.V2_8_1,
vpc=vpc,
encryption_in_transit=msk.EncryptionInTransitConfig(
client_broker=msk.ClientBrokerEncryption.TLS
),
client_authentication=msk.ClientAuthentication.sasl(
iam=True
)
)
```
Raw data
{
"_id": null,
"home_page": "https://github.com/aws/aws-cdk",
"name": "aws-cdk.aws-msk",
"maintainer": "",
"docs_url": null,
"requires_python": "~=3.7",
"maintainer_email": "",
"keywords": "",
"author": "Amazon Web Services",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/31/cb/a573a9257dc6844cd0d9415ee14990f5e7df1bd5d242831730a596c6c621/aws-cdk.aws-msk-1.199.0.tar.gz",
"platform": null,
"description": "# Amazon Managed Streaming for Apache Kafka Construct Library\n\n<!--BEGIN STABILITY BANNER-->---\n\n\n\n\n> All classes with the `Cfn` prefix in this module ([CFN Resources](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib)) are always stable and safe to use.\n\n\n\n> The APIs of higher level constructs in this module are experimental and under active development.\n> They are subject to non-backward compatible changes or removal in any future version. These are\n> not subject to the [Semantic Versioning](https://semver.org/) model and breaking changes will be\n> announced in the release notes. This means that while you may use them, you may need to update\n> your source code when upgrading to a newer version of this package.\n\n---\n<!--END STABILITY BANNER-->\n\n[Amazon MSK](https://aws.amazon.com/msk/) is a fully managed service that makes it easy for you to build and run applications that use Apache Kafka to process streaming data.\n\nThe following example creates an MSK Cluster.\n\n```python\n# vpc: ec2.Vpc\n\ncluster = msk.Cluster(self, \"Cluster\",\n cluster_name=\"myCluster\",\n kafka_version=msk.KafkaVersion.V2_8_1,\n vpc=vpc\n)\n```\n\n## Allowing Connections\n\nTo control who can access the Cluster, use the `.connections` attribute. For a list of ports used by MSK, refer to the [MSK documentation](https://docs.aws.amazon.com/msk/latest/developerguide/client-access.html#port-info).\n\n```python\n# vpc: ec2.Vpc\n\ncluster = msk.Cluster(self, \"Cluster\",\n cluster_name=\"myCluster\",\n kafka_version=msk.KafkaVersion.V2_8_1,\n vpc=vpc\n)\n\ncluster.connections.allow_from(\n ec2.Peer.ipv4(\"1.2.3.4/8\"),\n ec2.Port.tcp(2181))\ncluster.connections.allow_from(\n ec2.Peer.ipv4(\"1.2.3.4/8\"),\n ec2.Port.tcp(9094))\n```\n\n## Cluster Endpoints\n\nYou can use the following attributes to get a list of the Kafka broker or ZooKeeper node endpoints\n\n```python\n# cluster: msk.Cluster\n\nCfnOutput(self, \"BootstrapBrokers\", value=cluster.bootstrap_brokers)\nCfnOutput(self, \"BootstrapBrokersTls\", value=cluster.bootstrap_brokers_tls)\nCfnOutput(self, \"BootstrapBrokersSaslScram\", value=cluster.bootstrap_brokers_sasl_scram)\nCfnOutput(self, \"ZookeeperConnection\", value=cluster.zookeeper_connection_string)\nCfnOutput(self, \"ZookeeperConnectionTls\", value=cluster.zookeeper_connection_string_tls)\n```\n\n## Importing an existing Cluster\n\nTo import an existing MSK cluster into your CDK app use the `.fromClusterArn()` method.\n\n```python\ncluster = msk.Cluster.from_cluster_arn(self, \"Cluster\", \"arn:aws:kafka:us-west-2:1234567890:cluster/a-cluster/11111111-1111-1111-1111-111111111111-1\")\n```\n\n## Client Authentication\n\n[MSK supports](https://docs.aws.amazon.com/msk/latest/developerguide/kafka_apis_iam.html) the following authentication mechanisms.\n\n> Only one authentication method can be enabled.\n\n### TLS\n\nTo enable client authentication with TLS set the `certificateAuthorityArns` property to reference your ACM Private CA. [More info on Private CAs.](https://docs.aws.amazon.com/msk/latest/developerguide/msk-authentication.html)\n\n```python\nimport aws_cdk.aws_acmpca as acmpca\n\n# vpc: ec2.Vpc\n\ncluster = msk.Cluster(self, \"Cluster\",\n cluster_name=\"myCluster\",\n kafka_version=msk.KafkaVersion.V2_8_1,\n vpc=vpc,\n encryption_in_transit=msk.EncryptionInTransitConfig(\n client_broker=msk.ClientBrokerEncryption.TLS\n ),\n client_authentication=msk.ClientAuthentication.tls(\n certificate_authorities=[\n acmpca.CertificateAuthority.from_certificate_authority_arn(self, \"CertificateAuthority\", \"arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111\")\n ]\n )\n)\n```\n\n### SASL/SCRAM\n\nEnable client authentication with [SASL/SCRAM](https://docs.aws.amazon.com/msk/latest/developerguide/msk-password.html):\n\n```python\n# vpc: ec2.Vpc\n\ncluster = msk.Cluster(self, \"cluster\",\n cluster_name=\"myCluster\",\n kafka_version=msk.KafkaVersion.V2_8_1,\n vpc=vpc,\n encryption_in_transit=msk.EncryptionInTransitConfig(\n client_broker=msk.ClientBrokerEncryption.TLS\n ),\n client_authentication=msk.ClientAuthentication.sasl(\n scram=True\n )\n)\n```\n\n### SASL/IAM\n\nEnable client authentication with [IAM](https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html):\n\n```python\n# vpc: ec2.Vpc\n\ncluster = msk.Cluster(self, \"cluster\",\n cluster_name=\"myCluster\",\n kafka_version=msk.KafkaVersion.V2_8_1,\n vpc=vpc,\n encryption_in_transit=msk.EncryptionInTransitConfig(\n client_broker=msk.ClientBrokerEncryption.TLS\n ),\n client_authentication=msk.ClientAuthentication.sasl(\n iam=True\n )\n)\n```\n\n\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "The CDK Construct Library for AWS::MSK",
"version": "1.199.0",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "4fa646f32342db2759331d1fd7dc44270a934989b6e921abbf3a883b80928a1d",
"md5": "f5c7b2c84c6db718704a67d01f919dff",
"sha256": "46f8634b2ca41545070e376b8a434b4f1e9c7acb32ff4ce5890444e3fe5a2c48"
},
"downloads": -1,
"filename": "aws_cdk.aws_msk-1.199.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f5c7b2c84c6db718704a67d01f919dff",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.7",
"size": 184089,
"upload_time": "2023-04-20T21:37:33",
"upload_time_iso_8601": "2023-04-20T21:37:33.757266Z",
"url": "https://files.pythonhosted.org/packages/4f/a6/46f32342db2759331d1fd7dc44270a934989b6e921abbf3a883b80928a1d/aws_cdk.aws_msk-1.199.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "31cba573a9257dc6844cd0d9415ee14990f5e7df1bd5d242831730a596c6c621",
"md5": "0bf4d1474adc372f8ee51ecb855dd78b",
"sha256": "21251143e520f6423a9bc6faf1c84943c916c6e4a882d32f295ccab3ef61729d"
},
"downloads": -1,
"filename": "aws-cdk.aws-msk-1.199.0.tar.gz",
"has_sig": false,
"md5_digest": "0bf4d1474adc372f8ee51ecb855dd78b",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.7",
"size": 184838,
"upload_time": "2023-04-20T21:45:17",
"upload_time_iso_8601": "2023-04-20T21:45:17.035512Z",
"url": "https://files.pythonhosted.org/packages/31/cb/a573a9257dc6844cd0d9415ee14990f5e7df1bd5d242831730a596c6c621/aws-cdk.aws-msk-1.199.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-04-20 21:45:17",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "aws",
"github_project": "aws-cdk",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-cdk.aws-msk"
}
JSON
