SaslTlsAuthProps

class aws_cdk.aws_msk_alpha.SaslTlsAuthProps(*, iam=None, key=None, scram=None, certificate_authorities=None)

Bases: SaslAuthProps, TlsAuthProps

(experimental) SASL + TLS authentication properties.

Parameters:

  • iam (Optional[bool]) – (experimental) Enable IAM access control. Default: false

  • key (Optional[IKey]) – (experimental) KMS Key to encrypt SASL/SCRAM secrets. You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key. Default: - CMK will be created with alias msk/{clusterName}/sasl/scram

  • scram (Optional[bool]) – (experimental) Enable SASL/SCRAM authentication. Default: false

  • certificate_authorities (Optional[Sequence[ICertificateAuthority]]) – (experimental) List of ACM Certificate Authorities to enable TLS authentication. Default: - none

Stability:

experimental

ExampleMetadata:

infused

Example:

import aws_cdk.aws_acmpca as acmpca

# vpc: ec2.Vpc

cluster = msk.Cluster(self, "Cluster",
    cluster_name="myCluster",
    kafka_version=msk.KafkaVersion.V2_8_1,
    vpc=vpc,
    encryption_in_transit=msk.EncryptionInTransitConfig(
        client_broker=msk.ClientBrokerEncryption.TLS
    ),
    client_authentication=msk.ClientAuthentication.sasl_tls(
        iam=True,
        certificate_authorities=[
            acmpca.CertificateAuthority.from_certificate_authority_arn(self, "CertificateAuthority", "arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")
        ]
    )
)

Attributes

certificate_authorities

(experimental) List of ACM Certificate Authorities to enable TLS authentication.

Default:

  • none

Stability:

experimental

iam

(experimental) Enable IAM access control.

Default:

false

Stability:

experimental

key

(experimental) KMS Key to encrypt SASL/SCRAM secrets.

You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key.

Default:

  • CMK will be created with alias msk/{clusterName}/sasl/scram

Stability:

experimental

scram

(experimental) Enable SASL/SCRAM authentication.

Default:

false

Stability:

experimental