in source/lib/msk-client.ts [38:82]
constructor(scope: cdk.Construct, id: string, props: KafkaClientProps) {
super(scope, id);
const instanceProfile = this.createInstanceProfile(props.clusterName);
const userDataCommands = [
'#!/bin/bash',
'yum update -y',
'yum install java-11-amazon-corretto-headless python3 -y',
'mkdir -p /home/kafka && cd /home/kafka',
`wget https://archive.apache.org/dist/kafka/${props.kafkaVersion}/kafka_2.12-${props.kafkaVersion}.tgz`,
`tar -xzf kafka_2.12-${props.kafkaVersion}.tgz --strip 1 && rm kafka_2.12-${props.kafkaVersion}.tgz`,
'wget https://github.com/aws/aws-msk-iam-auth/releases/download/1.1.0/aws-msk-iam-auth-1.1.0-all.jar',
'mv aws-msk-iam-auth-1.1.0-all.jar ./libs',
`find /usr/lib/jvm/ -name "cacerts" | xargs -I '{}' cp '{}' /tmp/kafka.client.truststore.jks`,
`touch bin/client-ssl.properties`,
`echo "security.protocol=SSL" >> bin/client-ssl.properties`,
`echo "ssl.truststore.location=/tmp/kafka.client.truststore.jks" >> bin/client-ssl.properties`,
`touch bin/client-sasl.properties`,
`echo "security.protocol=SASL_SSL" >> bin/client-sasl.properties`,
`echo "sasl.mechanism=SCRAM-SHA-512" >> bin/client-sasl.properties`,
`echo "ssl.truststore.location=/tmp/kafka.client.truststore.jks" >> bin/client-sasl.properties`,
`touch bin/client-iam.properties`,
`echo "security.protocol=SASL_SSL" >> bin/client-iam.properties`,
`echo "sasl.mechanism=AWS_MSK_IAM" >> bin/client-iam.properties`,
`echo "sasl.jaas.config = software.amazon.msk.auth.iam.IAMLoginModule required;" >> bin/client-iam.properties`,
`echo "sasl.client.callback.handler.class = software.amazon.msk.auth.iam.IAMClientCallbackHandler" >> bin/client-iam.properties`,
];
this.Instance = new ec2.CfnInstance(this, 'Client', {
imageId: props.imageId,
instanceType: props.instanceType,
subnetId: props.subnetId,
iamInstanceProfile: instanceProfile.ref,
securityGroupIds: [props.clusterSecurityGroupId],
userData: cdk.Fn.base64(userDataCommands.join('\n')),
tags: [{ key: 'Name', value: 'KafkaClient' }],
})
}