Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for SASL/IAM auth #22

Merged
merged 2 commits into from Jun 4, 2021
Merged

Added support for SASL/IAM auth #22

merged 2 commits into from Jun 4, 2021

Conversation

hcourse-nydig
Copy link
Contributor

@hcourse-nydig hcourse-nydig commented May 27, 2021
edited

what

  • Added support for the incoming just released (AWS provider 3.43.x) SASL/IAM auth method.

why

  • Allows access control to an MSK cluster via IAM instead of requiring SCRAM secret management.

references

@hcourse-nydig hcourse-nydig requested review from a team as code owners May 27, 2021 11:00
bridgecrew[bot]
bridgecrew bot reviewed May 27, 2021
View reviewed changes
Copy link

@bridgecrew bridgecrew bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bridgecrew has found 1 infrastructure configuration error in this PR ⬇️

main.tf
@@ -86,7 +86,7 @@ resource "aws_msk_cluster" "default" {
}

dynamic "client_authentication" {
for_each = var.client_tls_auth_enabled || var.client_sasl_scram_enabled ? [1] : []
for_each = var.client_tls_auth_enabled || var.client_sasl_scram_enabled || var.client_sasl_iam_enabled ? [1] : []
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Error Description: Ensure MSK Cluster logging is enabled
Category: Logging | Severity: MEDIUM
Resource: aws_msk_cluster [default], lines: 61 - 142

@hcourse-nydig hcourse-nydig requested a review from a team as a code owner May 27, 2021 11:01
@hcourse-nydig hcourse-nydig marked this pull request as draft May 27, 2021 11:08
@danmcnulty
Copy link

Description should say 3.43

Added support for the incoming (AWS provider 2.43.x) SASL/IAM auth method.

@hcourse-nydig hcourse-nydig marked this pull request as ready for review June 3, 2021 16:08
@hcourse-nydig hcourse-nydig changed the title Added support for incoming SASL/IAM auth Added support for SASL/IAM auth Jun 3, 2021
@nitrocode
Copy link
Member

/test all

@nitrocode nitrocode merged commit 76d89b3 into cloudposse:master Jun 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridgecrew bridgecrew[bot] bridgecrew left review comments

@nitrocode nitrocode nitrocode approved these changes

@dotCipher dotCipher Awaiting requested review from dotCipher

@brcnblc brcnblc Awaiting requested review from brcnblc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

IAM-based client authentication
4 participants
@hcourse-nydig @danmcnulty @nitrocode @cloudpossebot