-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws-resources.tf
148 lines (129 loc) · 9.04 KB
/
aws-resources.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
# Create the Schema Registry Cluster Secrets: API Key Pair and REST endpoint for Java client
resource "aws_secretsmanager_secret" "schema_registry_cluster_api_key_java_client" {
name = "${local.secrets_prefix}/schema_registry_cluster/java_client"
description = "Schema Registry Cluster secrets for Java client"
}
resource "aws_secretsmanager_secret_version" "schema_registry_cluster_api_key_java_client" {
secret_id = aws_secretsmanager_secret.schema_registry_cluster_api_key_java_client.id
secret_string = jsonencode({"basic.auth.credentials.source": "USER_INFO",
"basic.auth.user.info": "${module.schema_registry_cluster_api_key_rotation.active_api_key.id}:${module.schema_registry_cluster_api_key_rotation.active_api_key.secret}",
"schema.registry.url": "${data.confluent_schema_registry_cluster.env.rest_endpoint}"})
}
# Create the Schema Registry Cluster Secrets: API Key Pair and REST endpoint for Python client
resource "aws_secretsmanager_secret" "schema_registry_cluster_api_key_python_client" {
name = "${local.secrets_prefix}/schema_registry_cluster/python_client"
description = "Schema Registry Cluster secrets for Python client"
}
resource "aws_secretsmanager_secret_version" "schema_registry_cluster_api_key_python_client" {
secret_id = aws_secretsmanager_secret.schema_registry_cluster_api_key_python_client.id
secret_string = jsonencode({"basic.auth.credentials.source": "USER_INFO",
"basic.auth.user.info": "${module.schema_registry_cluster_api_key_rotation.active_api_key.id}:${module.schema_registry_cluster_api_key_rotation.active_api_key.secret}",
"schema.registry.url": "${data.confluent_schema_registry_cluster.env.rest_endpoint}"})
}
# Create the Kafka Cluster Secrets: API Key Pair, JAAS (Java Authentication and Authorization) representation
# for Java client, bootstrap server URI and REST endpoint
resource "aws_secretsmanager_secret" "kafka_cluster_api_key_java_client" {
name = "${local.secrets_prefix}/kafka_cluster/java_client"
description = "Kafka Cluster secrets for Java client"
}
resource "aws_secretsmanager_secret_version" "kafka_cluster_api_key_java_client" {
secret_id = aws_secretsmanager_secret.kafka_cluster_api_key_java_client.id
secret_string = jsonencode({"sasl.jaas.config": "org.apache.kafka.common.security.plain.PlainLoginModule required username='${module.kafka_cluster_api_key_rotation.active_api_key.id}' password='${module.kafka_cluster_api_key_rotation.active_api_key.secret}';",
"bootstrap.servers": replace(confluent_kafka_cluster.kafka_cluster.bootstrap_endpoint, "SASL_SSL://", "")})
}
# Create the Kafka Cluster Secrets: API Key Pair, JAAS (Java Authentication and Authorization) representation
# for Python client, bootstrap server URI and REST endpoint
resource "aws_secretsmanager_secret" "kafka_cluster_api_key_python_client" {
name = "${local.secrets_prefix}/kafka_cluster/python_client"
description = "Kafka Cluster secrets for Python client"
}
resource "aws_secretsmanager_secret_version" "kafka_cluster_api_key_python_client" {
secret_id = aws_secretsmanager_secret.kafka_cluster_api_key_python_client.id
secret_string = jsonencode({"sasl.username": "${module.kafka_cluster_api_key_rotation.active_api_key.id}",
"sasl.password": "${module.kafka_cluster_api_key_rotation.active_api_key.secret}",
"bootstrap.servers": replace(confluent_kafka_cluster.kafka_cluster.bootstrap_endpoint, "SASL_SSL://", "")})
}
resource "aws_ssm_parameter" "consumer_kafka_client_auto_commit_interval_ms" {
name = "/confluent_cloud_resource/consumer_kafka_client/auto.commit.interval.ms"
description = "The 'auto.commit.interval.ms' property in Apache Kafka defines the frequency (in milliseconds) at which the Kafka consumer automatically commits offsets. This is relevant when 'enable.auto.commit' is set to true, which allows Kafka to automatically commit the offsets periodically without requiring the application to do so explicitly."
type = "String"
value = "1000"
}
resource "aws_ssm_parameter" "consumer_kafka_client_auto_offset_reset" {
name = "/confluent_cloud_resource/consumer_kafka_client/auto.offset.reset"
description = "Specifies the behavior of the consumer when there is no committed position (which occurs when the group is first initialized) or when an offset is out of range. You can choose either to reset the position to the 'earliest' offset or the 'latest' offset (the default)."
type = "String"
value = "${var.auto_offset_reset}"
}
resource "aws_ssm_parameter" "consumer_kafka_client_basic_auth_credentials_source" {
name = "/confluent_cloud_resource/consumer_kafka_client/basic.auth.credentials.source"
description = "This property specifies the source of the credentials for basic authentication."
type = "String"
value = "USER_INFO"
}
resource "aws_ssm_parameter" "consumer_kafka_client_client_dns_lookup" {
name = "/confluent_cloud_resource/consumer_kafka_client/client.dns.lookup"
description = "This property specifies how the client should resolve the DNS name of the Kafka brokers."
type = "String"
value = "use_all_dns_ips"
}
resource "aws_ssm_parameter" "consumer_kafka_client_enable_auto_commit" {
name = "/confluent_cloud_resource/consumer_kafka_client/enable.auto.commit"
description = "When set to true, the Kafka consumer automatically commits the offsets of messages it has processed at regular intervals, specified by the 'auto.commit.interval.ms' property. If set to false, the application is responsible for committing offsets manually."
type = "String"
value = "true"
}
resource "aws_ssm_parameter" "consumer_kafka_client_max_poll_interval_ms" {
name = "/confluent_cloud_resource/consumer_kafka_client/max.poll.interval.ms"
description = "This property defines the maximum amount of time (in milliseconds) that can pass between consecutive calls to poll() on a consumer. If this interval is exceeded, the consumer will be considered dead, and its partitions will be reassigned to other consumers in the group."
type = "String"
value = "300000"
}
resource "aws_ssm_parameter" "consumer_kafka_client_request_timeout_ms" {
name = "/confluent_cloud_resource/consumer_kafka_client/request.timeout.ms"
description = "This property sets the maximum amount of time the client will wait for a response from the Kafka broker. If the server does not respond within this time, the client will consider the request as failed and handle it accordingly."
type = "String"
value = "60000"
}
resource "aws_ssm_parameter" "consumer_kafka_client_sasl_mechanism" {
name = "/confluent_cloud_resource/consumer_kafka_client/sasl.mechanism"
description = "This property specifies the SASL mechanism to be used for authentication."
type = "String"
value = "PLAIN"
}
resource "aws_ssm_parameter" "consumer_kafka_client_security_protocol" {
name = "/confluent_cloud_resource/consumer_kafka_client/security.protocol"
description = "This property specifies the protocol used to communicate with Kafka brokers."
type = "String"
value = "SASL_SSL"
}
resource "aws_ssm_parameter" "consumer_kafka_client_session_timeout_ms" {
name = "/confluent_cloud_resource/consumer_kafka_client/session.timeout.ms"
description = "This property sets the timeout for detecting consumer failures when using Kafka's group management. If the consumer does not send a heartbeat to the broker within this period, it will be considered dead, and its partitions will be reassigned to other consumers in the group."
type = "String"
value = "90000"
}
resource "aws_ssm_parameter" "producer_kafka_client_sasl_mechanism" {
name = "/confluent_cloud_resource/producer_kafka_client/sasl.mechanism"
description = "This property specifies the SASL mechanism to be used for authentication."
type = "String"
value = "PLAIN"
}
resource "aws_ssm_parameter" "producer_kafka_client_security_protocol" {
name = "/confluent_cloud_resource/producer_kafka_client/security.protocol"
description = "This property specifies the protocol used to communicate with Kafka brokers."
type = "String"
value = "SASL_SSL"
}
resource "aws_ssm_parameter" "producer_kafka_client_client_dns_lookup" {
name = "/confluent_cloud_resource/producer_kafka_client/client.dns.lookup"
description = "This property specifies how the client should resolve the DNS name of the Kafka brokers."
type = "String"
value = "use_all_dns_ips"
}
resource "aws_ssm_parameter" "producer_kafka_client_acks" {
name = "/confluent_cloud_resource/producer_kafka_client/acks"
description = "This property specifies the number of acknowledgments the producer requires the leader to have received before considering a request complete."
type = "String"
value = "all"
}