AWS MSK Kafka Cluster Terraform module
Upstream version 3.3.0
0 controls from Registry requirements
Terraform Module Source
registry.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws59 unique
| Name | Type | Default | Description |
|---|---|---|---|
| Optional | |||
broker_node_az_distribution | string | null | The distribution of broker nodes across availability zones ([documentation](https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#clusters-model-brokerazdistribution)). Currently the only valid value is `DEFAULT` |
broker_node_client_subnets | list(string) | [] | A list of subnets to connect to in client VPC ([documentation](https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#clusters-prop-brokernodegroupinfo-clientsubnets)) |
broker_node_connectivity_info | object({...}) | null | Information about the cluster access configuration |
broker_node_instance_type | string | null | Specify the instance type to use for the kafka brokers. e.g. kafka.m5.large. ([Pricing info](https://aws.amazon.com/msk/pricing/)) |
broker_node_security_groups | list(string) | [] | A list of the security groups to associate with the elastic network interfaces to control who can communicate with the cluster |
broker_node_storage_info | object({...}) | null | A block that contains information about storage volumes attached to MSK broker nodes |
client_authentication | object({...}) | null | Configuration block for specifying a client authentication |
cloudwatch_log_group_class | string | null | Specifies the log class of the log group. Possible values are: STANDARD or INFREQUENT_ACCESS. |
cloudwatch_log_group_kms_key_id | string | null | The ARN of the KMS Key to use when encrypting log data |
cloudwatch_log_group_name | string | null | Name of the Cloudwatch Log Group to deliver logs to |
cloudwatch_log_group_retention_in_days | number | 0 | Specifies the number of days you want to retain log events in the log group |
cloudwatch_logs_enabled | bool | false | Indicates whether you want to enable or disable streaming broker logs to Cloudwatch Logs |
cluster_override_policy_documents | list(string) | null | Override policy documents for cluster policy |
cluster_policy_statements | map({...}) | null | Map of policy statements for cluster policy |
cluster_source_policy_documents | list(string) | null | Source policy documents for cluster policy |
configuration_arn | string | null | ARN of an externally created configuration to use |
configuration_description | string | null | Description of the configuration |
configuration_name | string | null | Name of the configuration |
configuration_revision | number | null | Revision of the externally created configuration to use |
configuration_server_properties | map(string) | {} | Contents of the server.properties file. Supported properties are documented in the [MSK Developer Guide](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html) |
connect_custom_plugins | map({...}) | {} | Map of custom plugin configuration details (map of maps) |
connect_worker_config_description | string | null | A summary description of the worker configuration |
connect_worker_config_name | string | null | The name of the worker configuration |
connect_worker_config_properties_file_content | string | null | Contents of connect-distributed.properties file. The value can be either base64 encoded or in raw format |
create | bool | true | Determines whether cluster resources will be created |
create_cloudwatch_log_group | bool | true | Determines whether to create a CloudWatch log group |
create_cluster_policy | bool | false | Determines whether to create an MSK cluster policy |
create_configuration | bool | true | Determines whether to create a configuration |
create_connect_worker_configuration | bool | false | Determines whether to create connect worker configuration |
create_schema_registry | bool | true | Determines whether to create a Glue schema registry for managing Avro schemas for the cluster |
create_scram_secret_association | bool | false | Determines whether to create SASL/SCRAM secret association |
enable_storage_autoscaling | bool | true | Determines whether autoscaling is enabled for storage |
encryption_at_rest_kms_key_arn | string | null | You may specify a KMS key short ID or ARN (it will always output an ARN) to use for encrypting your data at rest. If no key is specified, an AWS managed KMS ('aws/msk' managed service) key will be used for encrypting the data at rest |
encryption_in_transit_client_broker | string | null | Encryption setting for data in transit between clients and brokers. Valid values: `TLS`, `TLS_PLAINTEXT`, and `PLAINTEXT`. Default value is `TLS` |
encryption_in_transit_in_cluster | bool | null | Whether data communication among broker nodes is encrypted. Default value: `true` |
enhanced_monitoring | string | null | Specify the desired enhanced MSK CloudWatch monitoring level. See [Monitoring Amazon MSK with Amazon CloudWatch](https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html) |
firehose_delivery_stream | string | null | Name of the Kinesis Data Firehose delivery stream to deliver logs to |
firehose_logs_enabled | bool | false | Indicates whether you want to enable or disable streaming broker logs to Kinesis Data Firehose |
jmx_exporter_enabled | bool | false | Indicates whether you want to enable or disable the JMX Exporter |
kafka_version | string | null | Specify the desired Kafka software version |
name | string | "msk" | Name of the MSK cluster |
node_exporter_enabled | bool | false | Indicates whether you want to enable or disable the Node Exporter |
number_of_broker_nodes | number | null | The desired total number of broker nodes in the kafka cluster. It must be a multiple of the number of specified client subnets |
rebalancing | object({...}) | null | Configuration block for intelligent rebalancing |
region | string | null | Region where this resource will be managed. Defaults to the Region set in the provider configuration |
s3_logs_bucket | string | null | Name of the S3 bucket to deliver logs to |
s3_logs_enabled | bool | false | Indicates whether you want to enable or disable streaming broker logs to S3 |
s3_logs_prefix | string | null | Prefix to append to the folder name |
scaling_max_capacity | number | 250 | Max storage capacity for Kafka broker autoscaling |
scaling_role_arn | string | null | The ARN of the IAM role that allows Application AutoScaling to modify your scalable target on your behalf. This defaults to an IAM Service-Linked Role |
scaling_target_value | number | 70 | The Kafka broker storage utilization at which scaling is initiated |
schema_registries | map({...}) | {} | A map of schema registries to be created |
schemas | map({...}) | {} | A map schemas to be created within the schema registry |
scram_secret_association_secret_arn_list | list(string) | [] | List of AWS Secrets Manager secret ARNs to associate with SCRAM |
storage_mode | string | null | Controls storage mode for supported storage tiers. Valid values are: `LOCAL` or `TIERED` |
tags | map(string) | {} | A map of tags to assign to the resources created |
timeouts | object({...}) | null | Create, update, and delete timeout configurations for the cluster |
topics | map({...}) | {} | Map of MSK topics to create |
vpc_connections | map({...}) | {} | Map of VPC Connections to create |