msk: add bootstrapBrokersSaslIam

[jfpolly]

Description

Currently @aws-cdk/aws-msk-alpha package supports:

• bootstrapBrokers
• bootstrapBrokersTls
• bootstrapBrokersSaslScram

Please add support for a new property

• bootstrapBrokersSaslIAM

Use Case

In the case where the Kafka cluster is configured using Sasl with IAM, e.g.:

new msk.Cluster(this, `${tenantName}KafkaCluster`, {
      clusterName: "MyKafkaCluster",
      kafkaVersion: msk.KafkaVersion.V2_8_1,
      vpc: vpc,
      instanceType: new aws_ec2.InstanceType("t3.small"),
      clientAuthentication: msk.ClientAuthentication.sasl({ iam: true })
    });

It is currently not possible to access the bootstrap brokers directly as a property of the Kafka cluster.

Proposed Solution

The Cluster class of aws-msk-alpha contains a private method _bootstrapBrokers. The other public bootstrapBroker* functions are defined in relation to this function:

    get bootstrapBrokers() {
        return this._bootstrapBrokers('BootstrapBrokerString');
    }
// ...
    get bootstrapBrokersTls() {
        return this._bootstrapBrokers('BootstrapBrokerStringTls');
    }
// ...
    get bootstrapBrokersSaslScram() {
        return this._bootstrapBrokers('BootstrapBrokerStringSaslScram');
    }
// ...

A similar function can be defined for SaslIam:

    get bootstrapBrokersSaslIam() {
        return this._bootstrapBrokers('BootstrapBrokerStringSaslIam');
    }

Other information

When accessing the bootstrap brokers of a cluster configured with property

clientAuthentication: msk.ClientAuthentication.sasl({ iam: true })

One can access the bootstrap brokers from the command line:

aws kafka get-bootstrap-brokers --cluster-arn <ClusterArn>

This will return an object:

{
    "BootstrapBrokerStringSaslIam": "..."
}

Acknowledge

• I may be able to implement this feature request
• This feature might incur a breaking change

[epretha]

Hi @otaviomacedo ,
Can you please confirm if this feature is implemented for msk ?
Because, today when I ran the command
aws kafka get-bootstrap-brokers --cluster-arn <myclusterArn>
it returns nothing.
Though in the AWS Management Console, under "View client information", I could see some broker URLs with the Authentication Type set to IAM.

Thanks.

[svyatogor]

I just ran today:

aws kafka get-bootstrap-brokers --cluster-arn arn:aws:kafka:eu-central-1:******:cluster/msk/******** --region eu-central-1
{
    "BootstrapBrokerStringSaslIam": "****:9098,*****:9098"
}

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.