github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/msk/AVD-AWS-0074/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/msk/AVD-AWS-0074/Terraform.md (about)

     1  
     2  Enable logging
     3  
     4  ```hcl
     5   resource "aws_msk_cluster" "example" {
     6     cluster_name           = "example"
     7     kafka_version          = "2.4.1"
     8     number_of_broker_nodes = 3
     9   
    10     broker_node_group_info {
    11       instance_type   = "kafka.m5.large"
    12       ebs_volume_size = 1000
    13       client_subnets = [
    14         aws_subnet.subnet_az1.id,
    15         aws_subnet.subnet_az2.id,
    16         aws_subnet.subnet_az3.id,
    17       ]
    18       security_groups = [aws_security_group.sg.id]
    19     }
    20   
    21     logging_info {
    22       broker_logs {
    23         firehose {
    24           enabled         = false
    25           delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name
    26         }
    27         s3 {
    28           enabled = true
    29           bucket  = aws_s3_bucket.bucket.id
    30           prefix  = "logs/msk-"
    31         }
    32       }
    33     }
    34   
    35     tags = {
    36       foo = "bar"
    37     }
    38   }
    39   
    40  ```
    41  ```hcl
    42   resource "aws_msk_cluster" "example" {
    43     cluster_name           = "example"
    44     kafka_version          = "2.4.1"
    45     number_of_broker_nodes = 3
    46   
    47     broker_node_group_info {
    48       instance_type   = "kafka.m5.large"
    49       ebs_volume_size = 1000
    50       client_subnets = [
    51         aws_subnet.subnet_az1.id,
    52         aws_subnet.subnet_az2.id,
    53         aws_subnet.subnet_az3.id,
    54       ]
    55       security_groups = [aws_security_group.sg.id]
    56     }
    57   
    58     logging_info {
    59       broker_logs {
    60         cloudwatch_logs {
    61           enabled   = false
    62           log_group = aws_cloudwatch_log_group.test.name
    63         }
    64         firehose {
    65           enabled         = true
    66           delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name
    67         }
    68       }
    69     }
    70   
    71     tags = {
    72       foo = "bar"
    73     }
    74   }
    75   
    76  ```
    77  ```hcl
    78   resource "aws_msk_cluster" "example" {
    79     cluster_name           = "example"
    80     kafka_version          = "2.4.1"
    81     number_of_broker_nodes = 3
    82   
    83     broker_node_group_info {
    84       instance_type   = "kafka.m5.large"
    85       ebs_volume_size = 1000
    86       client_subnets = [
    87         aws_subnet.subnet_az1.id,
    88         aws_subnet.subnet_az2.id,
    89         aws_subnet.subnet_az3.id,
    90       ]
    91       security_groups = [aws_security_group.sg.id]
    92     }
    93   
    94     logging_info {
    95       broker_logs {
    96         cloudwatch_logs {
    97           enabled   = true
    98           log_group = aws_cloudwatch_log_group.test.name
    99         }
   100         firehose {
   101           enabled         = false
   102           delivery_stream = aws_kinesis_firehose_delivery_stream.test_stream.name
   103         }
   104         s3 {
   105           enabled = true
   106           bucket  = aws_s3_bucket.bucket.id
   107           prefix  = "logs/msk-"
   108         }
   109       }
   110     }
   111   
   112     tags = {
   113       foo = "bar"
   114     }
   115   }
   116   
   117  ```
   118  
   119  #### Remediation Links
   120   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster#
   121