Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-msk-alpha: should support multiple auth modes #28592

Open
1 of 2 tasks
ahammond opened this issue Jan 5, 2024 · 5 comments
Open
1 of 2 tasks

aws-msk-alpha: should support multiple auth modes #28592

ahammond opened this issue Jan 5, 2024 · 5 comments
Labels
@aws-cdk/aws-msk Related to Amazon Managed Streaming for Apache Kafka (Amazon MSK) effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p3

Comments

@ahammond
Copy link
Contributor

ahammond commented Jan 5, 2024

Describe the feature

Per https://aws.amazon.com/about-aws/whats-new/2021/09/amazon-msk-multiple-authentication-modes-tls-encryption-settings/ MSK supports having any combination of mTLS, SASL/SCRAM or IAM running simultaneously.

Use Case

Existing implementation correctly implements the old constraints. We want to migrate towards using IAM, so we're either moving to TF or updating CDK to support a feature that's 2+ years old.

Proposed Solution

Refactor the existing constraints to allow multiple auth methods. Pretty low-hanging.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.90.0

Environment details (OS name and version, etc.)

irrelevant
@ahammond ahammond added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Jan 5, 2024
@github-actions github-actions bot added the @aws-cdk/aws-msk Related to Amazon Managed Streaming for Apache Kafka (Amazon MSK) label Jan 5, 2024
@pahud
Copy link
Contributor

pahud commented Jan 5, 2024

Yes we definitely should support that. Thank you for the report.

@pahud pahud added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jan 5, 2024
@ahammond
Copy link
Contributor Author

ahammond commented Jan 6, 2024 via email

@github-actions github-actions bot mentioned this issue Feb 1, 2024
Closed
@vdahlberg vdahlberg mentioned this issue May 22, 2024
Closed
1 task
@vdahlberg vdahlberg mentioned this issue Jun 10, 2024
Closed
1 task
@pahud pahud added p3 and removed p2 labels Jun 11, 2024
@pahud
Copy link
Contributor

pahud commented Jul 9, 2024

Please try this sample:

const cluster = new msk_alpha.Cluster(this, 'cdc-kafka-cluster', {
  kafkaVersion: msk_alpha.KafkaVersion.V2_8_0,
  vpc,
  clusterName: 'cdc-kafka-cluster-v1',
  clientAuthentication: msk_alpha.ClientAuthentication.sasl({
    iam: true,
    scram: true,
  }),
});

synth

"ClientAuthentication": {
 "Sasl": {
  "Iam": {
   "Enabled": true
  },
  "Scram": {
   "Enabled": true
  }
 }
},

Let me know if it works for you.

@pahud
Copy link
Contributor

pahud commented Jul 9, 2024

internal reference: V1192886211

@pahud pahud added the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jul 9, 2024
@ahammond
Copy link
Contributor Author

ahammond commented Jul 10, 2024 via email

@github-actions github-actions bot removed the response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. label Jul 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-msk Related to Amazon Managed Streaming for Apache Kafka (Amazon MSK) effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p3
Projects
None yet
Milestone
No milestone
2 participants
@pahud @ahammond