// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`successful scenarios accepts CloudFormation parameters 1`] = ` Object { "Conditions": Object { "TestMskEnableIAMConditionF946AB65": Object { "Fn::Equals": Array [ "Unauthenticated access", "IAM role-based authentication", ], }, "TestMskEnableSCRAMConditionA8CE99C1": Object { "Fn::Equals": Array [ "Unauthenticated access", "SASL/SCRAM authentication", ], }, "TestMskEnableUnauthenticatedCondition954FA493": Object { "Fn::Equals": Array [ "Unauthenticated access", "Unauthenticated access", ], }, }, "Parameters": Object { "ClientSubnets": Object { "Type": "List", }, "EbsVolumeSize": Object { "Type": "Number", }, "InstanceType": Object { "AllowedValues": Array [ "kafka.m5.large", "kafka.m5.xlarge", "kafka.m5.2xlarge", "kafka.m5.4xlarge", "kafka.m5.8xlarge", "kafka.m5.12xlarge", "kafka.m5.16xlarge", "kafka.m5.24xlarge", "kafka.t3.small", ], "Type": "String", }, "KafkaVersion": Object { "AllowedValues": Array [ "2.8.1", "2.8.0", "2.7.2", "2.7.1", "2.7.0", "2.6.3", "2.6.2", "2.6.1", "2.6.0", "2.5.1", "2.4.1.1", "2.3.1", "2.2.1", ], "Type": "String", }, "MonitoringLevel": Object { "AllowedValues": Array [ "DEFAULT", "PER_BROKER", "PER_TOPIC_PER_BROKER", "PER_TOPIC_PER_PARTITION", ], "Type": "String", }, "NumberOfBrokerNodes": Object { "Type": "Number", }, }, "Resources": Object { "TestMskClusterSG891444DD": Object { "Properties": Object { "GroupDescription": "Security group for the MSK cluster", "Tags": Array [ Object { "Key": "Name", "Value": "msk-cluster-sg", }, ], "VpcId": "my-vpc-id", }, "Type": "AWS::EC2::SecurityGroup", }, "TestMskIngressRule0C59EED6B": Object { "Properties": Object { "Description": "ZooKeeper Plaintext", "FromPort": 2181, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2181, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule1E08B69D9": Object { "Properties": Object { "Description": "ZooKeeper TLS", "FromPort": 2182, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2182, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule2463D5365": Object { "Properties": Object { "Description": "Bootstrap servers Plaintext", "FromPort": 9092, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9092, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule3A5524C16": Object { "Properties": Object { "Description": "Bootstrap servers TLS", "FromPort": 9094, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9094, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule460B95A77": Object { "Properties": Object { "Description": "SASL/SCRAM", "FromPort": 9096, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9096, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule5CDEAF845": Object { "Properties": Object { "Description": "IAM", "FromPort": 9098, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9098, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskKafkaClusterD73AA77B": Object { "Properties": Object { "BrokerNodeGroupInfo": Object { "BrokerAZDistribution": "DEFAULT", "ClientSubnets": Object { "Ref": "ClientSubnets", }, "InstanceType": Object { "Ref": "InstanceType", }, "SecurityGroups": Array [ Object { "Ref": "TestMskClusterSG891444DD", }, ], "StorageInfo": Object { "EBSStorageInfo": Object { "VolumeSize": Object { "Ref": "EbsVolumeSize", }, }, }, }, "ClientAuthentication": Object { "Sasl": Object { "Iam": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableIAMConditionF946AB65", true, false, ], }, }, "Scram": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableSCRAMConditionA8CE99C1", true, false, ], }, }, }, "Unauthenticated": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableUnauthenticatedCondition954FA493", true, false, ], }, }, }, "ClusterName": Object { "Fn::Join": Array [ "-", Array [ "kafka-cluster", Object { "Ref": "AWS::AccountId", }, ], ], }, "EncryptionInfo": Object { "EncryptionAtRest": Object { "DataVolumeKMSKeyId": "alias/aws/kafka", }, "EncryptionInTransit": Object { "ClientBroker": "TLS", "InCluster": true, }, }, "EnhancedMonitoring": Object { "Ref": "MonitoringLevel", }, "KafkaVersion": Object { "Ref": "KafkaVersion", }, "LoggingInfo": Object { "BrokerLogs": Object { "CloudWatchLogs": Object { "Enabled": true, "LogGroup": Object { "Ref": "TestMskLogGroupCF743213", }, }, }, }, "NumberOfBrokerNodes": Object { "Ref": "NumberOfBrokerNodes", }, "OpenMonitoring": Object { "Prometheus": Object { "JmxExporter": Object { "EnabledInBroker": true, }, "NodeExporter": Object { "EnabledInBroker": true, }, }, }, }, "Type": "AWS::MSK::Cluster", }, "TestMskLogGroupCF743213": Object { "DeletionPolicy": "Retain", "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, }, } `; exports[`successful scenarios creates a MSK cluster 1`] = ` Object { "Conditions": Object { "TestMskEnableIAMConditionF946AB65": Object { "Fn::Equals": Array [ "Unauthenticated access", "IAM role-based authentication", ], }, "TestMskEnableSCRAMConditionA8CE99C1": Object { "Fn::Equals": Array [ "Unauthenticated access", "SASL/SCRAM authentication", ], }, "TestMskEnableUnauthenticatedCondition954FA493": Object { "Fn::Equals": Array [ "Unauthenticated access", "Unauthenticated access", ], }, }, "Resources": Object { "TestMskClusterSG891444DD": Object { "Properties": Object { "GroupDescription": "Security group for the MSK cluster", "Tags": Array [ Object { "Key": "Name", "Value": "msk-cluster-sg", }, ], "VpcId": "my-vpc-id", }, "Type": "AWS::EC2::SecurityGroup", }, "TestMskIngressRule0C59EED6B": Object { "Properties": Object { "Description": "ZooKeeper Plaintext", "FromPort": 2181, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2181, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule1E08B69D9": Object { "Properties": Object { "Description": "ZooKeeper TLS", "FromPort": 2182, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2182, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule2463D5365": Object { "Properties": Object { "Description": "Bootstrap servers Plaintext", "FromPort": 9092, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9092, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule3A5524C16": Object { "Properties": Object { "Description": "Bootstrap servers TLS", "FromPort": 9094, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9094, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule460B95A77": Object { "Properties": Object { "Description": "SASL/SCRAM", "FromPort": 9096, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9096, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule5CDEAF845": Object { "Properties": Object { "Description": "IAM", "FromPort": 9098, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9098, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskKafkaClusterD73AA77B": Object { "Properties": Object { "BrokerNodeGroupInfo": Object { "BrokerAZDistribution": "DEFAULT", "ClientSubnets": Array [ "subnet-a", "subnet-b", ], "InstanceType": "kafka.m5.large", "SecurityGroups": Array [ Object { "Ref": "TestMskClusterSG891444DD", }, ], "StorageInfo": Object { "EBSStorageInfo": Object { "VolumeSize": 1000, }, }, }, "ClientAuthentication": Object { "Sasl": Object { "Iam": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableIAMConditionF946AB65", true, false, ], }, }, "Scram": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableSCRAMConditionA8CE99C1", true, false, ], }, }, }, "Unauthenticated": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableUnauthenticatedCondition954FA493", true, false, ], }, }, }, "ClusterName": Object { "Fn::Join": Array [ "-", Array [ "kafka-cluster", Object { "Ref": "AWS::AccountId", }, ], ], }, "EncryptionInfo": Object { "EncryptionAtRest": Object { "DataVolumeKMSKeyId": "alias/aws/kafka", }, "EncryptionInTransit": Object { "ClientBroker": "TLS", "InCluster": true, }, }, "EnhancedMonitoring": "DEFAULT", "KafkaVersion": "2.8.1", "LoggingInfo": Object { "BrokerLogs": Object { "CloudWatchLogs": Object { "Enabled": true, "LogGroup": Object { "Ref": "TestMskLogGroupCF743213", }, }, }, }, "NumberOfBrokerNodes": 2, "OpenMonitoring": Object { "Prometheus": Object { "JmxExporter": Object { "EnabledInBroker": true, }, "NodeExporter": Object { "EnabledInBroker": true, }, }, }, }, "Type": "AWS::MSK::Cluster", }, "TestMskLogGroupCF743213": Object { "DeletionPolicy": "Retain", "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, }, } `; exports[`successful scenarios creates a MSK cluster 2`] = ` Object { "Conditions": Object { "TestMskEnableIAMConditionF946AB65": Object { "Fn::Equals": Array [ "Unauthenticated access", "IAM role-based authentication", ], }, "TestMskEnableSCRAMConditionA8CE99C1": Object { "Fn::Equals": Array [ "Unauthenticated access", "SASL/SCRAM authentication", ], }, "TestMskEnableUnauthenticatedCondition954FA493": Object { "Fn::Equals": Array [ "Unauthenticated access", "Unauthenticated access", ], }, }, "Resources": Object { "TestMskClusterSG891444DD": Object { "Properties": Object { "GroupDescription": "Security group for the MSK cluster", "Tags": Array [ Object { "Key": "Name", "Value": "msk-cluster-sg", }, ], "VpcId": "my-vpc-id", }, "Type": "AWS::EC2::SecurityGroup", }, "TestMskIngressRule0C59EED6B": Object { "Properties": Object { "Description": "ZooKeeper Plaintext", "FromPort": 2181, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2181, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule1E08B69D9": Object { "Properties": Object { "Description": "ZooKeeper TLS", "FromPort": 2182, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2182, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule2463D5365": Object { "Properties": Object { "Description": "Bootstrap servers Plaintext", "FromPort": 9092, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9092, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule3A5524C16": Object { "Properties": Object { "Description": "Bootstrap servers TLS", "FromPort": 9094, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9094, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule460B95A77": Object { "Properties": Object { "Description": "SASL/SCRAM", "FromPort": 9096, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9096, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule5CDEAF845": Object { "Properties": Object { "Description": "IAM", "FromPort": 9098, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9098, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskKafkaClusterD73AA77B": Object { "Properties": Object { "BrokerNodeGroupInfo": Object { "BrokerAZDistribution": "DEFAULT", "ClientSubnets": Array [ "subnet-a", "subnet-b", ], "InstanceType": "kafka.m5.large", "SecurityGroups": Array [ Object { "Ref": "TestMskClusterSG891444DD", }, ], "StorageInfo": Object { "EBSStorageInfo": Object { "VolumeSize": 1000, }, }, }, "ClientAuthentication": Object { "Sasl": Object { "Iam": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableIAMConditionF946AB65", true, false, ], }, }, "Scram": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableSCRAMConditionA8CE99C1", true, false, ], }, }, }, "Unauthenticated": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableUnauthenticatedCondition954FA493", true, false, ], }, }, }, "ClusterName": Object { "Fn::Join": Array [ "-", Array [ "kafka-cluster", Object { "Ref": "AWS::AccountId", }, ], ], }, "EncryptionInfo": Object { "EncryptionAtRest": Object { "DataVolumeKMSKeyId": "alias/aws/kafka", }, "EncryptionInTransit": Object { "ClientBroker": "TLS", "InCluster": true, }, }, "EnhancedMonitoring": "DEFAULT", "KafkaVersion": "2.8.1", "LoggingInfo": Object { "BrokerLogs": Object { "CloudWatchLogs": Object { "Enabled": true, "LogGroup": Object { "Ref": "TestMskLogGroupCF743213", }, }, }, }, "NumberOfBrokerNodes": 4, "OpenMonitoring": Object { "Prometheus": Object { "JmxExporter": Object { "EnabledInBroker": true, }, "NodeExporter": Object { "EnabledInBroker": true, }, }, }, }, "Type": "AWS::MSK::Cluster", }, "TestMskLogGroupCF743213": Object { "DeletionPolicy": "Retain", "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, }, } `; exports[`successful scenarios creates a MSK cluster 3`] = ` Object { "Conditions": Object { "TestMskEnableIAMConditionF946AB65": Object { "Fn::Equals": Array [ "Unauthenticated access", "IAM role-based authentication", ], }, "TestMskEnableSCRAMConditionA8CE99C1": Object { "Fn::Equals": Array [ "Unauthenticated access", "SASL/SCRAM authentication", ], }, "TestMskEnableUnauthenticatedCondition954FA493": Object { "Fn::Equals": Array [ "Unauthenticated access", "Unauthenticated access", ], }, }, "Resources": Object { "TestMskClusterSG891444DD": Object { "Properties": Object { "GroupDescription": "Security group for the MSK cluster", "Tags": Array [ Object { "Key": "Name", "Value": "msk-cluster-sg", }, ], "VpcId": "my-vpc-id", }, "Type": "AWS::EC2::SecurityGroup", }, "TestMskIngressRule0C59EED6B": Object { "Properties": Object { "Description": "ZooKeeper Plaintext", "FromPort": 2181, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2181, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule1E08B69D9": Object { "Properties": Object { "Description": "ZooKeeper TLS", "FromPort": 2182, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2182, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule2463D5365": Object { "Properties": Object { "Description": "Bootstrap servers Plaintext", "FromPort": 9092, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9092, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule3A5524C16": Object { "Properties": Object { "Description": "Bootstrap servers TLS", "FromPort": 9094, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9094, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule460B95A77": Object { "Properties": Object { "Description": "SASL/SCRAM", "FromPort": 9096, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9096, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule5CDEAF845": Object { "Properties": Object { "Description": "IAM", "FromPort": 9098, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9098, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskKafkaClusterD73AA77B": Object { "Properties": Object { "BrokerNodeGroupInfo": Object { "BrokerAZDistribution": "DEFAULT", "ClientSubnets": Array [ "subnet-a", "subnet-b", ], "InstanceType": "kafka.m5.large", "SecurityGroups": Array [ Object { "Ref": "TestMskClusterSG891444DD", }, ], "StorageInfo": Object { "EBSStorageInfo": Object { "VolumeSize": 1000, }, }, }, "ClientAuthentication": Object { "Sasl": Object { "Iam": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableIAMConditionF946AB65", true, false, ], }, }, "Scram": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableSCRAMConditionA8CE99C1", true, false, ], }, }, }, "Unauthenticated": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableUnauthenticatedCondition954FA493", true, false, ], }, }, }, "ClusterName": Object { "Fn::Join": Array [ "-", Array [ "kafka-cluster", Object { "Ref": "AWS::AccountId", }, ], ], }, "EncryptionInfo": Object { "EncryptionAtRest": Object { "DataVolumeKMSKeyId": "alias/aws/kafka", }, "EncryptionInTransit": Object { "ClientBroker": "TLS", "InCluster": true, }, }, "EnhancedMonitoring": "DEFAULT", "KafkaVersion": "2.8.1", "LoggingInfo": Object { "BrokerLogs": Object { "CloudWatchLogs": Object { "Enabled": true, "LogGroup": Object { "Ref": "TestMskLogGroupCF743213", }, }, }, }, "NumberOfBrokerNodes": 6, "OpenMonitoring": Object { "Prometheus": Object { "JmxExporter": Object { "EnabledInBroker": true, }, "NodeExporter": Object { "EnabledInBroker": true, }, }, }, }, "Type": "AWS::MSK::Cluster", }, "TestMskLogGroupCF743213": Object { "DeletionPolicy": "Retain", "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, }, } `; exports[`successful scenarios uses IAM for access control 1`] = ` Object { "Conditions": Object { "TestMskEnableIAMConditionF946AB65": Object { "Fn::Equals": Array [ "IAM role-based authentication", "IAM role-based authentication", ], }, "TestMskEnableSCRAMConditionA8CE99C1": Object { "Fn::Equals": Array [ "IAM role-based authentication", "SASL/SCRAM authentication", ], }, "TestMskEnableUnauthenticatedCondition954FA493": Object { "Fn::Equals": Array [ "IAM role-based authentication", "Unauthenticated access", ], }, }, "Resources": Object { "TestMskClusterSG891444DD": Object { "Properties": Object { "GroupDescription": "Security group for the MSK cluster", "Tags": Array [ Object { "Key": "Name", "Value": "msk-cluster-sg", }, ], "VpcId": "my-vpc-id", }, "Type": "AWS::EC2::SecurityGroup", }, "TestMskIngressRule0C59EED6B": Object { "Properties": Object { "Description": "ZooKeeper Plaintext", "FromPort": 2181, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2181, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule1E08B69D9": Object { "Properties": Object { "Description": "ZooKeeper TLS", "FromPort": 2182, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2182, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule2463D5365": Object { "Properties": Object { "Description": "Bootstrap servers Plaintext", "FromPort": 9092, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9092, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule3A5524C16": Object { "Properties": Object { "Description": "Bootstrap servers TLS", "FromPort": 9094, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9094, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule460B95A77": Object { "Properties": Object { "Description": "SASL/SCRAM", "FromPort": 9096, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9096, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule5CDEAF845": Object { "Properties": Object { "Description": "IAM", "FromPort": 9098, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9098, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskKafkaClusterD73AA77B": Object { "Properties": Object { "BrokerNodeGroupInfo": Object { "BrokerAZDistribution": "DEFAULT", "ClientSubnets": Array [ "subnet-a", "subnet-b", ], "InstanceType": "kafka.m5.large", "SecurityGroups": Array [ Object { "Ref": "TestMskClusterSG891444DD", }, ], "StorageInfo": Object { "EBSStorageInfo": Object { "VolumeSize": 1000, }, }, }, "ClientAuthentication": Object { "Sasl": Object { "Iam": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableIAMConditionF946AB65", true, false, ], }, }, "Scram": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableSCRAMConditionA8CE99C1", true, false, ], }, }, }, "Unauthenticated": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableUnauthenticatedCondition954FA493", true, false, ], }, }, }, "ClusterName": Object { "Fn::Join": Array [ "-", Array [ "kafka-cluster", Object { "Ref": "AWS::AccountId", }, ], ], }, "EncryptionInfo": Object { "EncryptionAtRest": Object { "DataVolumeKMSKeyId": "alias/aws/kafka", }, "EncryptionInTransit": Object { "ClientBroker": "TLS", "InCluster": true, }, }, "EnhancedMonitoring": "DEFAULT", "KafkaVersion": "2.8.1", "LoggingInfo": Object { "BrokerLogs": Object { "CloudWatchLogs": Object { "Enabled": true, "LogGroup": Object { "Ref": "TestMskLogGroupCF743213", }, }, }, }, "NumberOfBrokerNodes": 2, "OpenMonitoring": Object { "Prometheus": Object { "JmxExporter": Object { "EnabledInBroker": true, }, "NodeExporter": Object { "EnabledInBroker": true, }, }, }, }, "Type": "AWS::MSK::Cluster", }, "TestMskLogGroupCF743213": Object { "DeletionPolicy": "Retain", "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, }, } `; exports[`successful scenarios uses SCRAM for access control 1`] = ` Object { "Conditions": Object { "TestMskEnableIAMConditionF946AB65": Object { "Fn::Equals": Array [ "SASL/SCRAM authentication", "IAM role-based authentication", ], }, "TestMskEnableSCRAMConditionA8CE99C1": Object { "Fn::Equals": Array [ "SASL/SCRAM authentication", "SASL/SCRAM authentication", ], }, "TestMskEnableUnauthenticatedCondition954FA493": Object { "Fn::Equals": Array [ "SASL/SCRAM authentication", "Unauthenticated access", ], }, }, "Resources": Object { "TestMskClusterSG891444DD": Object { "Properties": Object { "GroupDescription": "Security group for the MSK cluster", "Tags": Array [ Object { "Key": "Name", "Value": "msk-cluster-sg", }, ], "VpcId": "my-vpc-id", }, "Type": "AWS::EC2::SecurityGroup", }, "TestMskIngressRule0C59EED6B": Object { "Properties": Object { "Description": "ZooKeeper Plaintext", "FromPort": 2181, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2181, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule1E08B69D9": Object { "Properties": Object { "Description": "ZooKeeper TLS", "FromPort": 2182, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 2182, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule2463D5365": Object { "Properties": Object { "Description": "Bootstrap servers Plaintext", "FromPort": 9092, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9092, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule3A5524C16": Object { "Properties": Object { "Description": "Bootstrap servers TLS", "FromPort": 9094, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9094, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule460B95A77": Object { "Properties": Object { "Description": "SASL/SCRAM", "FromPort": 9096, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9096, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskIngressRule5CDEAF845": Object { "Properties": Object { "Description": "IAM", "FromPort": 9098, "GroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "IpProtocol": "tcp", "SourceSecurityGroupId": Object { "Ref": "TestMskClusterSG891444DD", }, "ToPort": 9098, }, "Type": "AWS::EC2::SecurityGroupIngress", }, "TestMskKafkaClusterD73AA77B": Object { "Properties": Object { "BrokerNodeGroupInfo": Object { "BrokerAZDistribution": "DEFAULT", "ClientSubnets": Array [ "subnet-a", "subnet-b", ], "InstanceType": "kafka.m5.large", "SecurityGroups": Array [ Object { "Ref": "TestMskClusterSG891444DD", }, ], "StorageInfo": Object { "EBSStorageInfo": Object { "VolumeSize": 1000, }, }, }, "ClientAuthentication": Object { "Sasl": Object { "Iam": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableIAMConditionF946AB65", true, false, ], }, }, "Scram": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableSCRAMConditionA8CE99C1", true, false, ], }, }, }, "Unauthenticated": Object { "Enabled": Object { "Fn::If": Array [ "TestMskEnableUnauthenticatedCondition954FA493", true, false, ], }, }, }, "ClusterName": Object { "Fn::Join": Array [ "-", Array [ "kafka-cluster", Object { "Ref": "AWS::AccountId", }, ], ], }, "EncryptionInfo": Object { "EncryptionAtRest": Object { "DataVolumeKMSKeyId": "alias/aws/kafka", }, "EncryptionInTransit": Object { "ClientBroker": "TLS", "InCluster": true, }, }, "EnhancedMonitoring": "DEFAULT", "KafkaVersion": "2.8.1", "LoggingInfo": Object { "BrokerLogs": Object { "CloudWatchLogs": Object { "Enabled": true, "LogGroup": Object { "Ref": "TestMskLogGroupCF743213", }, }, }, }, "NumberOfBrokerNodes": 2, "OpenMonitoring": Object { "Prometheus": Object { "JmxExporter": Object { "EnabledInBroker": true, }, "NodeExporter": Object { "EnabledInBroker": true, }, }, }, }, "Type": "AWS::MSK::Cluster", }, "TestMskLogGroupCF743213": Object { "DeletionPolicy": "Retain", "Properties": Object { "RetentionInDays": 731, }, "Type": "AWS::Logs::LogGroup", "UpdateReplacePolicy": "Retain", }, }, } `;