in source/lib/msk-cluster.ts [108:181]
constructor(scope: cdk.Construct, id: string, props: KafkaClusterProps) {
super(scope, id);
this.validateProps(props);
const unauthenticatedCondition = new cdk.CfnCondition(this, 'EnableUnauthenticatedCondition', {
expression: cdk.Fn.conditionEquals(props.accessControl, KafkaAccessControl.Unauthenticated)
});
const iamCondition = new cdk.CfnCondition(this, 'EnableIAMCondition', {
expression: cdk.Fn.conditionEquals(props.accessControl, KafkaAccessControl.IAM)
});
const scramCondition = new cdk.CfnCondition(this, 'EnableSCRAMCondition', {
expression: cdk.Fn.conditionEquals(props.accessControl, KafkaAccessControl.SCRAM)
});
this.SecurityGroup = this.createSecurityGroup(props.brokerVpcId);
const logGroup = new logs.LogGroup(this, 'LogGroup', { removalPolicy: cdk.RemovalPolicy.RETAIN });
this.Cluster = new msk.CfnCluster(this, 'KafkaCluster', {
clusterName: this.ClusterName,
kafkaVersion: props.kafkaVersion,
numberOfBrokerNodes: props.numberOfBrokerNodes,
brokerNodeGroupInfo: {
brokerAzDistribution: 'DEFAULT',
instanceType: props.brokerInstanceType,
clientSubnets: props.brokerSubnets,
securityGroups: [this.SecurityGroupId],
storageInfo: {
ebsStorageInfo: {
volumeSize: props.ebsVolumeSize
}
}
},
loggingInfo: {
brokerLogs: {
cloudWatchLogs: {
logGroup: logGroup.logGroupName,
enabled: true
}
}
},
enhancedMonitoring: props.monitoringLevel,
clientAuthentication: {
sasl: {
iam: {
enabled: cdk.Fn.conditionIf(iamCondition.logicalId, true, false)
},
scram: {
enabled: cdk.Fn.conditionIf(scramCondition.logicalId, true, false)
}
},
unauthenticated: {
enabled: cdk.Fn.conditionIf(unauthenticatedCondition.logicalId, true, false)
}
},
encryptionInfo: {
encryptionAtRest: {
dataVolumeKmsKeyId: 'alias/aws/kafka'
},
encryptionInTransit: {
clientBroker: 'TLS',
inCluster: true
}
},
openMonitoring: {
prometheus: {
jmxExporter: { enabledInBroker: true },
nodeExporter: { enabledInBroker: true }
}
}
});
}