UNPKG

@aws-cdk/aws-msk-alpha

Version:

The CDK Construct Library for AWS::MSK

463 lines (462 loc) 14.8 kB
import * as acmpca from 'aws-cdk-lib/aws-acmpca'; import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as kms from 'aws-cdk-lib/aws-kms'; import * as logs from 'aws-cdk-lib/aws-logs'; import * as s3 from 'aws-cdk-lib/aws-s3'; import * as core from 'aws-cdk-lib/core'; import * as constructs from 'constructs'; import { KafkaVersion } from './'; /** * Represents a MSK Cluster */ export interface ICluster extends core.IResource, ec2.IConnectable { /** * The ARN of cluster. * * @attribute */ readonly clusterArn: string; /** * The physical name of the cluster. * * @attribute */ readonly clusterName: string; } /** * A new or imported MSK Cluster. */ export declare abstract class ClusterBase extends core.Resource implements ICluster { abstract readonly clusterArn: string; abstract readonly clusterName: string; /** @internal */ protected _connections: ec2.Connections | undefined; /** Manages connections for the cluster */ get connections(): ec2.Connections; } /** * Properties for a MSK Cluster */ export interface ClusterProps { /** * The physical name of the cluster. */ readonly clusterName: string; /** * The version of Apache Kafka. */ readonly kafkaVersion: KafkaVersion; /** * Number of Apache Kafka brokers deployed in each Availability Zone. * * @default 1 */ readonly numberOfBrokerNodes?: number; /** * Defines the virtual networking environment for this cluster. * Must have at least 2 subnets in two different AZs. */ readonly vpc: ec2.IVpc; /** * Where to place the nodes within the VPC. * Amazon MSK distributes the broker nodes evenly across the subnets that you specify. * The subnets that you specify must be in distinct Availability Zones. * Client subnets can't be in Availability Zone us-east-1e. * * @default - the Vpc default strategy if not specified. */ readonly vpcSubnets?: ec2.SubnetSelection; /** * The EC2 instance type that you want Amazon MSK to use when it creates your brokers. * * @see https://docs.aws.amazon.com/msk/latest/developerguide/msk-create-cluster.html#broker-instance-types * @default kafka.m5.large */ readonly instanceType?: ec2.InstanceType; /** * The AWS security groups to associate with the elastic network interfaces in order to specify who can * connect to and communicate with the Amazon MSK cluster. * * @default - create new security group */ readonly securityGroups?: ec2.ISecurityGroup[]; /** * Information about storage volumes attached to MSK broker nodes. * * @default - 1000 GiB EBS volume */ readonly ebsStorageInfo?: EbsStorageInfo; /** * This controls storage mode for supported storage tiers. * * @default - StorageMode.LOCAL * @see https://docs.aws.amazon.com/msk/latest/developerguide/msk-tiered-storage.html */ readonly storageMode?: StorageMode; /** * The Amazon MSK configuration to use for the cluster. * * @default - none */ readonly configurationInfo?: ClusterConfigurationInfo; /** * Cluster monitoring configuration. * * @default - DEFAULT monitoring level */ readonly monitoring?: MonitoringConfiguration; /** * Configure your MSK cluster to send broker logs to different destination types. * * @default - disabled */ readonly logging?: BrokerLogging; /** * Config details for encryption in transit. * * @default - enabled */ readonly encryptionInTransit?: EncryptionInTransitConfig; /** * Configuration properties for client authentication. * MSK supports using private TLS certificates or SASL/SCRAM to authenticate the identity of clients. * * @default - disabled */ readonly clientAuthentication?: ClientAuthentication; /** * What to do when this resource is deleted from a stack. * * @default RemovalPolicy.RETAIN */ readonly removalPolicy?: core.RemovalPolicy; } /** * EBS volume information. */ export interface EbsStorageInfo { /** * The size in GiB of the EBS volume for the data drive on each broker node. * * @default 1000 */ readonly volumeSize?: number; /** * The AWS KMS key for encrypting data at rest. * * @default Uses AWS managed CMK (aws/kafka) */ readonly encryptionKey?: kms.IKey; } /** * The storage mode for the cluster brokers. */ export declare enum StorageMode { /** * Local storage mode utilizes network attached EBS storage. */ LOCAL = "LOCAL", /** * Tiered storage mode utilizes EBS storage and Tiered storage. */ TIERED = "TIERED" } /** * The Amazon MSK configuration to use for the cluster. * Note: There is currently no Cloudformation Resource to create a Configuration */ export interface ClusterConfigurationInfo { /** * The Amazon Resource Name (ARN) of the MSK configuration to use. * For example, arn:aws:kafka:us-east-1:123456789012:configuration/example-configuration-name/abcdabcd-1234-abcd-1234-abcd123e8e8e-1. */ readonly arn: string; /** * The revision of the Amazon MSK configuration to use. */ readonly revision: number; } /** * The level of monitoring for the MSK cluster * * @see https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html#metrics-details */ export declare enum ClusterMonitoringLevel { /** * Default metrics are the essential metrics to monitor. */ DEFAULT = "DEFAULT", /** * Per Broker metrics give you metrics at the broker level. */ PER_BROKER = "PER_BROKER", /** * Per Topic Per Broker metrics help you understand volume at the topic level. */ PER_TOPIC_PER_BROKER = "PER_TOPIC_PER_BROKER", /** * Per Topic Per Partition metrics help you understand consumer group lag at the topic partition level. */ PER_TOPIC_PER_PARTITION = "PER_TOPIC_PER_PARTITION" } /** * Monitoring Configuration */ export interface MonitoringConfiguration { /** * Specifies the level of monitoring for the MSK cluster. * * @default DEFAULT */ readonly clusterMonitoringLevel?: ClusterMonitoringLevel; /** * Indicates whether you want to enable or disable the JMX Exporter. * * @default false */ readonly enablePrometheusJmxExporter?: boolean; /** * Indicates whether you want to enable or disable the Prometheus Node Exporter. * * You can use the Prometheus Node Exporter to get CPU and disk metrics for the broker nodes. * * @default false */ readonly enablePrometheusNodeExporter?: boolean; } /** * Configuration details related to broker logs. */ export interface BrokerLogging { /** * The Amazon Data Firehose delivery stream that is the destination for broker logs. * * @default - disabled */ readonly firehoseDeliveryStreamName?: string; /** * The CloudWatch Logs group that is the destination for broker logs. * * @default - disabled */ readonly cloudwatchLogGroup?: logs.ILogGroup; /** * Details of the Amazon S3 destination for broker logs. * * @default - disabled */ readonly s3?: S3LoggingConfiguration; } /** * Details of the Amazon S3 destination for broker logs. */ export interface S3LoggingConfiguration { /** * The S3 bucket that is the destination for broker logs. */ readonly bucket: s3.IBucket; /** * The S3 prefix that is the destination for broker logs. * * @default - no prefix */ readonly prefix?: string; } /** * Indicates the encryption setting for data in transit between clients and brokers. */ export declare enum ClientBrokerEncryption { /** * TLS means that client-broker communication is enabled with TLS only. */ TLS = "TLS", /** * TLS_PLAINTEXT means that client-broker communication is enabled for both TLS-encrypted, as well as plaintext data. */ TLS_PLAINTEXT = "TLS_PLAINTEXT", /** * PLAINTEXT means that client-broker communication is enabled in plaintext only. */ PLAINTEXT = "PLAINTEXT" } /** * The settings for encrypting data in transit. * * @see https://docs.aws.amazon.com/msk/latest/developerguide/msk-encryption.html#msk-encryption-in-transit */ export interface EncryptionInTransitConfig { /** * Indicates the encryption setting for data in transit between clients and brokers. * * @default - TLS */ readonly clientBroker?: ClientBrokerEncryption; /** * Indicates that data communication among the broker nodes of the cluster is encrypted. * * @default true */ readonly enableInCluster?: boolean; } /** * SASL authentication properties */ export interface SaslAuthProps { /** * Enable SASL/SCRAM authentication. * * @default false */ readonly scram?: boolean; /** * Enable IAM access control. * * @default false */ readonly iam?: boolean; /** * KMS Key to encrypt SASL/SCRAM secrets. * * You must use a customer master key (CMK) when creating users in secrets manager. * You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key. * * @default - CMK will be created with alias msk/{clusterName}/sasl/scram */ readonly key?: kms.IKey; } /** * TLS authentication properties */ export interface TlsAuthProps { /** * List of ACM Certificate Authorities to enable TLS authentication. * * @default - none */ readonly certificateAuthorities?: acmpca.ICertificateAuthority[]; } /** * SASL + TLS authentication properties */ export interface SaslTlsAuthProps extends SaslAuthProps, TlsAuthProps { } /** * Configuration properties for client authentication. */ export declare class ClientAuthentication { readonly saslProps?: SaslAuthProps | undefined; readonly tlsProps?: TlsAuthProps | undefined; /** * SASL authentication */ static sasl(props: SaslAuthProps): ClientAuthentication; /** * TLS authentication */ static tls(props: TlsAuthProps): ClientAuthentication; /** * SASL + TLS authentication */ static saslTls(saslTlsProps: SaslTlsAuthProps): ClientAuthentication; /** * @param saslProps - properties for SASL authentication * @param tlsProps - properties for TLS authentication */ private constructor(); } /** * Create a MSK Cluster. * * @resource AWS::MSK::Cluster */ export declare class Cluster extends ClusterBase { /** Uniquely identifies this class. */ static readonly PROPERTY_INJECTION_ID: string; /** * Reference an existing cluster, defined outside of the CDK code, by name. */ static fromClusterArn(scope: constructs.Construct, id: string, clusterArn: string): ICluster; readonly clusterArn: string; readonly clusterName: string; /** Key used to encrypt SASL/SCRAM users */ readonly saslScramAuthenticationKey?: kms.IKey; private _clusterDescription?; private _clusterBootstrapBrokers?; constructor(scope: constructs.Construct, id: string, props: ClusterProps); private mskInstanceType; /** * Get the ZooKeeper Connection string * * Uses a Custom Resource to make an API call to `describeCluster` using the Javascript SDK * * @param responseField Field to return from API call. eg. ZookeeperConnectString, ZookeeperConnectStringTls * @returns - The connection string to use to connect to the Apache ZooKeeper cluster. */ private _zookeeperConnectionString; /** * Get the ZooKeeper Connection string * * Uses a Custom Resource to make an API call to `describeCluster` using the Javascript SDK * * @returns - The connection string to use to connect to the Apache ZooKeeper cluster. */ get zookeeperConnectionString(): string; /** * Get the ZooKeeper Connection string for a TLS enabled cluster * * Uses a Custom Resource to make an API call to `describeCluster` using the Javascript SDK * * @returns - The connection string to use to connect to zookeeper cluster on TLS port. */ get zookeeperConnectionStringTls(): string; /** * Get the list of brokers that a client application can use to bootstrap * * Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK * * @param responseField Field to return from API call. eg. BootstrapBrokerStringSaslScram, BootstrapBrokerString * @returns - A string containing one or more hostname:port pairs. */ private _bootstrapBrokers; /** * Get the list of brokers that a client application can use to bootstrap * * Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK * * @returns - A string containing one or more hostname:port pairs. */ get bootstrapBrokers(): string; /** * Get the list of brokers that a TLS authenticated client application can use to bootstrap * * Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK * * @returns - A string containing one or more DNS names (or IP) and TLS port pairs. */ get bootstrapBrokersTls(): string; /** * Get the list of brokers that a SASL/SCRAM authenticated client application can use to bootstrap * * Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK * * @returns - A string containing one or more dns name (or IP) and SASL SCRAM port pairs. */ get bootstrapBrokersSaslScram(): string; /** * Get the list of brokers that a SASL/IAM authenticated client application can use to bootstrap * * Uses a Custom Resource to make an API call to `getBootstrapBrokers` using the Javascript SDK * * @returns - A string containing one or more DNS names (or IP) and TLS port pairs. */ get bootstrapBrokersSaslIam(): string; /** * A list of usersnames to register with the cluster. The password will automatically be generated using Secrets * Manager and the { username, password } JSON object stored in Secrets Manager as `AmazonMSK_username`. * * Must be using the SASL/SCRAM authentication mechanism. * * @param usernames - username(s) to register with the cluster */ addUser(...usernames: string[]): void; }