Last active
March 3, 2022 01:51
-
-
Save vikfork/5de7ceb77161e7d9d4863dcce637a01e to your computer and use it in GitHub Desktop.
CloudFormation template to create a Amazon MSK cluster for Amazon MSK PrivateLink blog
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Parameters: | |
| MSKKafkaVersion: | |
| Description: "MSK version" | |
| Type: String | |
| Default: 2.7.1 | |
| AllowedValues: | |
| - 2.7.1 | |
| VPCStackName: | |
| Description: "MSK VPC stack name that you created earlier" | |
| Type: String | |
| Default: "PrivateLinkVPCStack" | |
| ClientStackName: | |
| Description: "MSK Admin client stack name that you created earlier" | |
| Type: String | |
| Default: "MSKAdminClientStack" | |
| Resources: | |
| MSKSecurityGroup: | |
| Type: AWS::EC2::SecurityGroup | |
| Properties: | |
| GroupDescription: MSK Security Group | |
| VpcId: | |
| Fn::ImportValue: | |
| !Sub "${VPCStackName}-VPCID" | |
| SecurityGroupIngress: | |
| - Description: allows 2181 (MSK Zookeeper) access from security group associated with Kafka clients EC2 instances | |
| IpProtocol: tcp | |
| FromPort: 2181 | |
| ToPort: 2181 | |
| SourceSecurityGroupId: | |
| Fn::ImportValue: | |
| !Sub "${ClientStackName}-MSKAdminInstanceSecurityGroupId" | |
| - Description: allows 9092 (Plaintext) access from security group associated with Kafka clients EC2 instances | |
| IpProtocol: tcp | |
| FromPort: 9092 | |
| ToPort: 9092 | |
| SourceSecurityGroupId: | |
| Fn::ImportValue: | |
| !Sub "${ClientStackName}-MSKAdminInstanceSecurityGroupId" | |
| - Description: allows 9092 (Plaintext) access from VPC CIDR range for NLB nodes to perform health check of Broker | |
| IpProtocol: tcp | |
| FromPort: 9092 | |
| ToPort: 9092 | |
| CidrIp: | |
| Fn::ImportValue: | |
| !Sub "${VPCStackName}-VPCCidr" | |
| SecurityGroupEgress: | |
| - Description: all egress allowed | |
| IpProtocol: -1 | |
| CidrIp: 0.0.0.0/0 | |
| MSKClusterConfig: | |
| Type: AWS::MSK::Configuration | |
| Properties: | |
| Name: !Sub "${AWS::StackName}-msk-cluster-config" | |
| ServerProperties: | | |
| auto.create.topics.enable=false | |
| default.replication.factor=3 | |
| min.insync.replicas=2 | |
| num.io.threads=8 | |
| num.network.threads=5 | |
| num.partitions=1 | |
| num.replica.fetchers=2 | |
| replica.lag.time.max.ms=30000 | |
| socket.receive.buffer.bytes=102400 | |
| socket.request.max.bytes=104857600 | |
| socket.send.buffer.bytes=102400 | |
| unclean.leader.election.enable=true | |
| zookeeper.session.timeout.ms=18000 | |
| MSKCluster: | |
| Type: AWS::MSK::Cluster | |
| Properties: | |
| BrokerNodeGroupInfo: | |
| ClientSubnets: | |
| - Fn::ImportValue: | |
| !Sub "${VPCStackName}-PrivateSubnetOne" | |
| - Fn::ImportValue: | |
| !Sub "${VPCStackName}-PrivateSubnetTwo" | |
| - Fn::ImportValue: | |
| !Sub "${VPCStackName}-PrivateSubnetThree" | |
| InstanceType: kafka.m5.large | |
| SecurityGroups: [!GetAtt MSKSecurityGroup.GroupId] | |
| StorageInfo: | |
| EBSStorageInfo: | |
| VolumeSize: 100 | |
| ClusterName: !Ref 'AWS::StackName' | |
| EncryptionInfo: | |
| EncryptionInTransit: | |
| ClientBroker: PLAINTEXT | |
| InCluster: false | |
| ConfigurationInfo: | |
| Arn: !Ref MSKClusterConfig | |
| Revision: 1 | |
| ClientAuthentication: | |
| Unauthenticated: | |
| Enabled: true | |
| EnhancedMonitoring: PER_TOPIC_PER_BROKER | |
| KafkaVersion: !Ref MSKKafkaVersion | |
| NumberOfBrokerNodes: 3 | |
| Outputs: | |
| MSKClusterArn: | |
| Description: MSK Cluster Arn | |
| Value: !Ref MSKCluster | |
| Export: | |
| Name: !Sub "${AWS::StackName}-ClusterArn" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment