-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws-msk-alpha: should support multiple auth modes #28592
Labels
@aws-cdk/aws-msk
Related to Amazon Managed Streaming for Apache Kafka (Amazon MSK)
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p3
Comments
ahammond
added
feature-request
A feature should be added or improved.
needs-triage
This issue or PR still needs to be triaged.
labels
Jan 5, 2024
github-actions
bot
added
the
@aws-cdk/aws-msk
Related to Amazon Managed Streaming for Apache Kafka (Amazon MSK)
label
Jan 5, 2024
Yes we definitely should support that. Thank you for the report. |
pahud
added
p2
effort/medium
Medium work item – several days of effort
and removed
needs-triage
This issue or PR still needs to be triaged.
labels
Jan 5, 2024
We're waiting on AWS Support ticket 170431096601286 in our usQa account, to
confirm that Cfn doesn't cause data-loss events / cluster thrash when
enabling IAM on a cluster that already has SASL. We're waiting there
because Cfn support for MSK is famously horrible and has cost us data-loss
events in the past. If we get that validation, we'll provide the
implementation here.
…On Fri, Jan 5, 2024 at 1:41 PM Pahud Hsieh ***@***.***> wrote:
Yes we definitely should support that. Thank you for the report.
—
Reply to this email directly, view it on GitHub
<#28592 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADM2RGPBAIEAUZ3KDMGHK3YNBXPFAVCNFSM6AAAAABBOYS5O2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZZGI4DOOBVGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
MiniLockID: uX4VrN5FvyFxFCxgTksGxJqvKa16iBhqseYxxA1UkZVJw
GPG: 773A 6BDD 71CE 0AB8 0F5A 1176 8679 A114 FB1A 69BD
|
1 task
1 task
Please try this sample: const cluster = new msk_alpha.Cluster(this, 'cdc-kafka-cluster', {
kafkaVersion: msk_alpha.KafkaVersion.V2_8_0,
vpc,
clusterName: 'cdc-kafka-cluster-v1',
clientAuthentication: msk_alpha.ClientAuthentication.sasl({
iam: true,
scram: true,
}),
}); synth "ClientAuthentication": {
"Sasl": {
"Iam": {
"Enabled": true
},
"Scram": {
"Enabled": true
}
}
}, Let me know if it works for you. |
internal reference: V1192886211 |
pahud
added
the
response-requested
Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
label
Jul 9, 2024
We moved all our MSK support away from CDK/Cfn to Terraform.
…On Tue, Jul 9, 2024 at 12:29 PM Pahud Hsieh ***@***.***> wrote:
internal reference: V1192886211
—
Reply to this email directly, view it on GitHub
<#28592 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADM2RG73RZGB6T7RCBSCK3ZLQ2Y5AVCNFSM6AAAAABBOYS5O2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMJYGQ4DCNBZGM>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
--
MiniLockID: uX4VrN5FvyFxFCxgTksGxJqvKa16iBhqseYxxA1UkZVJw
GPG: 773A 6BDD 71CE 0AB8 0F5A 1176 8679 A114 FB1A 69BD
|
github-actions
bot
removed
the
response-requested
Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
label
Jul 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-msk
Related to Amazon Managed Streaming for Apache Kafka (Amazon MSK)
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p3
Describe the feature
Per https://aws.amazon.com/about-aws/whats-new/2021/09/amazon-msk-multiple-authentication-modes-tls-encryption-settings/ MSK supports having any combination of mTLS, SASL/SCRAM or IAM running simultaneously.
Use Case
Existing implementation correctly implements the old constraints. We want to migrate towards using IAM, so we're either moving to TF or updating CDK to support a feature that's 2+ years old.
Proposed Solution
Refactor the existing constraints to allow multiple auth methods. Pretty low-hanging.
Other Information
No response
Acknowledgements
CDK version used
2.90.0
Environment details (OS name and version, etc.)
irrelevant
The text was updated successfully, but these errors were encountered: