interface SaslTlsAuthProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.MSK.Alpha.SaslTlsAuthProps |
 Go | github.com/aws/aws-cdk-go/awscdkmskalpha/v2#SaslTlsAuthProps |
 Java | software.amazon.awscdk.services.msk.alpha.SaslTlsAuthProps |
 Python | aws_cdk.aws_msk_alpha.SaslTlsAuthProps |
 TypeScript (source) | @aws-cdk/aws-msk-alpha ยป SaslTlsAuthProps |
SASL + TLS authentication properties.
Example
import * as acmpca from 'aws-cdk-lib/aws-acmpca';
declare const vpc: ec2.Vpc;
const cluster = new msk.Cluster(this, 'Cluster', {
clusterName: 'myCluster',
kafkaVersion: msk.KafkaVersion.V4_1_X_KRAFT,
vpc,
encryptionInTransit: {
clientBroker: msk.ClientBrokerEncryption.TLS,
},
clientAuthentication: msk.ClientAuthentication.saslTls({
iam: true,
certificateAuthorities: [
acmpca.CertificateAuthority.fromCertificateAuthorityArn(
this,
'CertificateAuthority',
'arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111',
),
],
}),
});
Properties
| Name | Type | Description |
|---|---|---|
| certificate | ICertificate[] | List of ACM Certificate Authorities to enable TLS authentication. |
| iam? | boolean | Enable IAM access control. |
| key? | IKey | KMS Key to encrypt SASL/SCRAM secrets. |
| scram? | boolean | Enable SASL/SCRAM authentication. |
certificateAuthorities?
Type:
ICertificate[]
(optional, default: none)
List of ACM Certificate Authorities to enable TLS authentication.
iam?
Type:
boolean
(optional, default: false)
Enable IAM access control.
key?
Type:
IKey
(optional, default: CMK will be created with alias msk/{clusterName}/sasl/scram)
KMS Key to encrypt SASL/SCRAM secrets.
You must use a customer master key (CMK) when creating users in secrets manager. You cannot use a Secret with Amazon MSK that uses the default Secrets Manager encryption key.
scram?
Type:
boolean
(optional, default: false)
Enable SASL/SCRAM authentication.