@aws-cdk_aws-msk-alpha.SaslTlsAuthProps

interface SaslTlsAuthProps ๐Ÿ”น

LanguageType name
.NETAmazon.CDK.AWS.MSK.Alpha.SaslTlsAuthProps
Gogithub.com/aws/aws-cdk-go/awscdkmskalpha/v2#SaslTlsAuthProps
Javasoftware.amazon.awscdk.services.msk.alpha.SaslTlsAuthProps
Pythonaws_cdk.aws_msk_alpha.SaslTlsAuthProps
TypeScript (source)@aws-cdk/aws-msk-alpha ยป SaslTlsAuthProps

SASL + TLS authentication properties.

Example

import * as acmpca from 'aws-cdk-lib/aws-acmpca';

declare const vpc: ec2.Vpc;
const cluster = new msk.Cluster(this, 'Cluster', {
  clusterName: 'myCluster',
  kafkaVersion: msk.KafkaVersion.V2_8_1,
  vpc,
  encryptionInTransit: {
    clientBroker: msk.ClientBrokerEncryption.TLS,
  },
  clientAuthentication: msk.ClientAuthentication.saslTls({
    iam: true,
    certificateAuthorities: [
      acmpca.CertificateAuthority.fromCertificateAuthorityArn(
        this,
        'CertificateAuthority',
        'arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111',
      ),
    ],
  }),
});

Properties

NameTypeDescription
certificateAuthorities?๐Ÿ”นICertificateAuthority[]List of ACM Certificate Authorities to enable TLS authentication.
iam?๐Ÿ”นbooleanEnable IAM access control.
key?๐Ÿ”นIKeyKMS Key to encrypt SASL/SCRAM secrets.
scram?๐Ÿ”นbooleanEnable SASL/SCRAM authentication.

certificateAuthorities?๐Ÿ”น

Type: ICertificateAuthority[] (optional, default: none)

List of ACM Certificate Authorities to enable TLS authentication.


iam?๐Ÿ”น

Type: boolean (optional, default: false)

Enable IAM access control.


key?๐Ÿ”น

Type: IKey (optional, default: CMK will be created with alias msk/{clusterName}/sasl/scram)

KMS Key to encrypt SASL/SCRAM secrets.

You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key.


scram?๐Ÿ”น

Type: boolean (optional, default: false)

Enable SASL/SCRAM authentication.