ClientAuthentication
- class aws_cdk.aws_msk_alpha.ClientAuthentication(*args: Any, **kwargs)
Bases:
object
(experimental) Configuration properties for client authentication.
- Stability:
experimental
- ExampleMetadata:
infused
Example:
import aws_cdk.aws_acmpca as acmpca # vpc: ec2.Vpc cluster = msk.Cluster(self, "Cluster", cluster_name="myCluster", kafka_version=msk.KafkaVersion.V2_8_1, vpc=vpc, encryption_in_transit=msk.EncryptionInTransitConfig( client_broker=msk.ClientBrokerEncryption.TLS ), client_authentication=msk.ClientAuthentication.tls( certificate_authorities=[ acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CertificateAuthority", "arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111") ] ) )
Attributes
- sasl_props
(experimental) - properties for SASL authentication.
- Stability:
experimental
- tls_props
(experimental) - properties for TLS authentication.
- Stability:
experimental
Static Methods
- classmethod sasl(*, iam=None, key=None, scram=None)
(experimental) SASL authentication.
- Parameters:
iam (
Optional
[bool
]) – (experimental) Enable IAM access control. Default: falsekey (
Optional
[IKey
]) – (experimental) KMS Key to encrypt SASL/SCRAM secrets. You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key. Default: - CMK will be created with alias msk/{clusterName}/sasl/scramscram (
Optional
[bool
]) – (experimental) Enable SASL/SCRAM authentication. Default: false
- Stability:
experimental
- Return type:
- classmethod sasl_tls(*, iam=None, key=None, scram=None, certificate_authorities=None)
(experimental) SASL + TLS authentication.
- Parameters:
iam (
Optional
[bool
]) – (experimental) Enable IAM access control. Default: falsekey (
Optional
[IKey
]) – (experimental) KMS Key to encrypt SASL/SCRAM secrets. You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key. Default: - CMK will be created with alias msk/{clusterName}/sasl/scramscram (
Optional
[bool
]) – (experimental) Enable SASL/SCRAM authentication. Default: falsecertificate_authorities (
Optional
[Sequence
[ICertificateAuthority
]]) – (experimental) List of ACM Certificate Authorities to enable TLS authentication. Default: - none
- Stability:
experimental
- Return type:
- classmethod tls(*, certificate_authorities=None)
(experimental) TLS authentication.
- Parameters:
certificate_authorities (
Optional
[Sequence
[ICertificateAuthority
]]) – (experimental) List of ACM Certificate Authorities to enable TLS authentication. Default: - none- Stability:
experimental
- Return type: