// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`creates a Kafka client instance 1`] = ` Object { "Resources": Object { "TestClientD3610C34": Object { "Properties": Object { "IamInstanceProfile": Object { "Ref": "TestClientInstanceProfileF9C60143", }, "ImageId": "ami-1234", "InstanceType": "t3.small", "SecurityGroupIds": Array [ "cluster-sg", ], "SubnetId": "subnet-abc", "Tags": Array [ Object { "Key": "Name", "Value": "KafkaClient", }, ], "UserData": Object { "Fn::Base64": "#!/bin/bash yum update -y yum install java-11-amazon-corretto-headless python3 -y mkdir -p /home/kafka && cd /home/kafka wget https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz tar -xzf kafka_2.12-2.6.0.tgz --strip 1 && rm kafka_2.12-2.6.0.tgz wget https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.1/aws-msk-iam-auth-1.1.1-all.jar wget https://github.com/aws/aws-msk-iam-auth/releases/download/v1.1.1/aws-msk-iam-auth-1.1.1-all.jar.sha256 IAM_LIB_CHECKSUM=\`cat aws-msk-iam-auth-1.1.1-all.jar.sha256\` echo \\"$IAM_LIB_CHECKSUM aws-msk-iam-auth-1.1.1-all.jar\\" | sha256sum -c mv aws-msk-iam-auth-1.1.1-all.jar aws-msk-iam-auth-1.1.1-all.jar.sha256 ./libs find /usr/lib/jvm/ -name \\"cacerts\\" | xargs -I '{}' cp '{}' /tmp/kafka.client.truststore.jks touch bin/client-ssl.properties echo \\"security.protocol=SSL\\" >> bin/client-ssl.properties echo \\"ssl.truststore.location=/tmp/kafka.client.truststore.jks\\" >> bin/client-ssl.properties touch bin/client-sasl.properties echo \\"security.protocol=SASL_SSL\\" >> bin/client-sasl.properties echo \\"sasl.mechanism=SCRAM-SHA-512\\" >> bin/client-sasl.properties echo \\"ssl.truststore.location=/tmp/kafka.client.truststore.jks\\" >> bin/client-sasl.properties touch bin/client-iam.properties echo \\"security.protocol=SASL_SSL\\" >> bin/client-iam.properties echo \\"sasl.mechanism=AWS_MSK_IAM\\" >> bin/client-iam.properties echo \\"sasl.jaas.config=software.amazon.msk.auth.iam.IAMLoginModule required;\\" >> bin/client-iam.properties echo \\"sasl.client.callback.handler.class=software.amazon.msk.auth.iam.IAMClientCallbackHandler\\" >> bin/client-iam.properties", }, }, "Type": "AWS::EC2::Instance", }, "TestClientInstanceProfileF9C60143": Object { "Properties": Object { "Roles": Array [ Object { "Ref": "TestClientRole00F4BDF5", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, "TestClientMskPolicyDC57001A": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W12", "reason": "MSK actions do not support resource level permissions", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "kafka:DescribeCluster", "kafka:GetBootstrapBrokers", ], "Effect": "Allow", "Resource": "*", "Sid": "ClusterMetadata", }, Object { "Action": Array [ "kafka-cluster:Connect", "kafka-cluster:DescribeCluster", "kafka-cluster:AlterGroup", "kafka-cluster:DescribeGroup", "kafka-cluster:DeleteGroup", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kafka:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":cluster/my-cluster/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kafka:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":group/my-cluster/*/*", ], ], }, ], "Sid": "ClusterAPIs", }, Object { "Action": Array [ "kafka-cluster:*Topic*", "kafka-cluster:WriteData", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kafka:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/my-cluster/*/*", ], ], }, "Sid": "ProducerAPIs", }, Object { "Action": Array [ "kafka-cluster:*Topic*", "kafka-cluster:ReadData", ], "Effect": "Allow", "Resource": Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":kafka:", Object { "Ref": "AWS::Region", }, ":", Object { "Ref": "AWS::AccountId", }, ":topic/my-cluster/*/*", ], ], }, "Sid": "ConsumerAPIs", }, ], "Version": "2012-10-17", }, "PolicyName": "TestClientMskPolicyDC57001A", "Roles": Array [ Object { "Ref": "TestClientRole00F4BDF5", }, ], }, "Type": "AWS::IAM::Policy", }, "TestClientRole00F4BDF5": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": Object { "Fn::Join": Array [ "", Array [ "ec2.", Object { "Ref": "AWS::URLSuffix", }, ], ], }, }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "TestClientSessionManagerPolicy40AA67DF": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W12", "reason": "Session Manager actions do not support resource level permissions", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "ssm:UpdateInstanceInformation", "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "TestClientSessionManagerPolicy40AA67DF", "Roles": Array [ Object { "Ref": "TestClientRole00F4BDF5", }, ], }, "Type": "AWS::IAM::Policy", }, }, } `;