Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Zilla Plus for Amazon MSK Web Streaming AWS CDK template #39

Merged
merged 20 commits into from
Jan 23, 2025
Merged

Zilla Plus for Amazon MSK Web Streaming AWS CDK template #39

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
7393e1a
Add example cluster for CDK
bmaidics Dec 16, 2024
72fc9e5
Add tests, readme
bmaidics Dec 17, 2024
3823621
Add SPA
bmaidics Dec 20, 2024
dc45a20
checkpoint
bmaidics Dec 30, 2024
b1831a0
FInish Secure Public Access scenario
bmaidics Jan 6, 2025
7c60bc2
Remove variables.ts
bmaidics Jan 6, 2025
e1e6f3d
init commit
bmaidics Jan 7, 2025
2a0dfee
checkpoint
bmaidics Jan 8, 2025
7dc935d
working
bmaidics Jan 8, 2025
6a449dd
remove comment
bmaidics Jan 8, 2025
9a3c614
Add readme
bmaidics Jan 8, 2025
db4ea40
Merge remote-tracking branch 'upstream/main' into web_cdk
bmaidics Jan 8, 2025
7d70639
Review items
bmaidics Jan 9, 2025
4940772
Delete cdk.context.json
bmaidics Jan 9, 2025
7c7a33d
Fixes
bmaidics Jan 9, 2025
b516d82
Review items
bmaidics Jan 9, 2025
7bea283
Review items
bmaidics Jan 10, 2025
0e6bf01
Use context vars instead of terraform vars
bmaidics Jan 17, 2025
36a3143
cleanup
bmaidics Jan 17, 2025
8fb6bde
Reviews
bmaidics Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 11 additions & 5 deletions amazon-msk/cdk/secure-public-access/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,12 +188,18 @@ Note down the ARN of the ACM Private Certificate Authority you want to use.
"cloudwatch":
{
"disable": false,
"logGroupName": "<your public tls certificate key ARN>",
"port": "<your public port>"
"logs":
{
"group": "<your cloudwatch log group name>"
},
"metrics":
{
"namespace": "<your cloudwatch metrics namespace>"
}
}
```

By default CloudWatch metrics and logging is enabled. To disable CloudWatch logging and metrics, set the `cloudwatchDisabled` context variable to `true`.
By default CloudWatch metrics and logging is enabled. To disable CloudWatch logging and metrics, set the `cloudwatch.disabled` context variable to `true`.

You can create or use existing log groups and metric namespaces in CloudWatch.

Expand All @@ -207,15 +213,15 @@ aws logs describe-log-groups --query 'logGroups[*].[logGroupName]' --output tabl
```

This command will return a table listing the names of all the log groups in your CloudWatch.
In your `cdk.json` file add the desired CloudWatch Logs Group for variable name `logGroupName` under `zilla-plus` object in the `cloudwatch` variables section.
In your `cdk.json` file add the desired CloudWatch Logs Group for variable name `logs.group` under `zilla-plus` object in the `cloudwatch` variables section.

#### List All CloudWatch Custom Metric Namespaces

```bash
aws cloudwatch list-metrics --query 'Metrics[*].Namespace' --output text | tr '\t' '\n' | sort | uniq | grep -v '^AWS'
```

In your `cdk.json` file add the desired CloudWatch Metrics Namespace for variable name `metricsNamespace` under `zilla-plus` object in the `cloudwatch` variables section.
In your `cdk.json` file add the desired CloudWatch Metrics Namespace for variable name `metrics.namespace` under `zilla-plus` object in the `cloudwatch` variables section.

### Enable SSH Access

Expand Down
6 changes: 3 additions & 3 deletions amazon-msk/cdk/secure-public-access/lib/secure-public-access-stack.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -316,14 +316,14 @@ systemctl start nitro-enclaves-acm.service
}

const cloudwatch = zillaPlusContext.cloudwatch;
const cloudwatchDisabled = cloudwatch.disabled ?? false;
const cloudwatchDisabled = cloudwatch?.disabled ?? false;

if (!cloudwatchDisabled) {
const defaultLogGroupName = `${id}-group`;
const defaultMetricNamespace = `${id}-namespace`;

const logGroupName = cloudwatch.logGroupName ?? defaultLogGroupName;
const metricNamespace = cloudwatch.metricsNamespace ?? defaultMetricNamespace;
const logGroupName = cloudwatch?.logs?.group ?? defaultLogGroupName;
const metricNamespace = cloudwatch?.metrics?.namespace ?? defaultMetricNamespace;

const cloudWatchLogGroup = new logs.LogGroup(this, `LogGroup-${id}`, {
logGroupName: logGroupName,
Expand Down
23 changes: 16 additions & 7 deletions amazon-msk/cdk/secure-public-access/test/secure-public-access.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,13 +31,22 @@ test('Secure Public Access Stack created', () => {
]
}
]
},
"vpcId": "vpc-12345",
"mskBootstrapServers": "b-1.mymskcluster.****.us-east-1.amazonaws.com:9096",
"mskClientAuthentication": "SASL/SCRAM",
"mskCertificateAuthorityArn": "arn:aws:acm-pca:us-east-1:****:certificate-authority/*********",
"publicWildcardDNS": "*.example.aklivity.io",
"publicTlsCertificateKey": "arn:aws:acm:us-east-1:****:certificate//*********",
},
"zilla-plus":
{
"vpcId": "vpc-12345",
"msk":
{
"bootstrapServers": "b-1.mymskcluster.****.us-east-1.amazonaws.com:9096",
"clientAuthentication": "SASL/SCRAM",
"certificateAuthorityArn": "arn:aws:acm-pca:us-east-1:****:certificate-authority/*********",
},
"public":
{
"wildcardDNS": "*.example.aklivity.io",
"tlsCertificateKey": "arn:aws:acm:us-east-1:****:certificate//*********"
}
}
}
}
);
Expand Down
16 changes: 11 additions & 5 deletions amazon-msk/cdk/web-streaming/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,12 +153,18 @@ Note down the security group IDs (GroupId) of the desired security groups.
"cloudwatch":
{
"disable": false,
"logGroupName": "<your public tls certificate key ARN>",
"port": "<your public port>"
"logs":
{
"group": "<your cloudwatch log group name>"
},
"metrics":
{
"namespace": "<your cloudwatch metrics namespace>"
}
}
```

By default CloudWatch metrics and logging is enabled. To disable CloudWatch logging and metrics, set the `cloudwatchDisabled` context variable to `true`.
By default CloudWatch metrics and logging is enabled. To disable CloudWatch logging and metrics, set the `cloudwatch.disabled` context variable to `true`.

You can create or use existing log groups and metric namespaces in CloudWatch.

Expand All @@ -172,15 +178,15 @@ aws logs describe-log-groups --query 'logGroups[*].[logGroupName]' --output tabl
```

This command will return a table listing the names of all the log groups in your CloudWatch.
In your `cdk.json` file add the desired CloudWatch Logs Group for variable name `logGroupName` under `zilla-plus` object in the `cloudwatch` variables section.
In your `cdk.json` file add the desired CloudWatch Logs Group for variable name `logs.group` under `zilla-plus` object in the `cloudwatch` variables section.

#### List All CloudWatch Custom Metric Namespaces

```bash
aws cloudwatch list-metrics --query 'Metrics[*].Namespace' --output text | tr '\t' '\n' | sort | uniq | grep -v '^AWS'
```

In your `cdk.json` file add the desired CloudWatch Metrics Namespace for variable name `metricsNamespace` under `zilla-plus` object in the `cloudwatch` variables section.
In your `cdk.json` file add the desired CloudWatch Metrics Namespace for variable name `metrics.namespace` under `zilla-plus` object in the `cloudwatch` variables section.

### Enable JWT Access Tokens

Expand Down
6 changes: 3 additions & 3 deletions amazon-msk/cdk/web-streaming/lib/web-streaming-stack.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -260,14 +260,14 @@ export class WebStreamingStack extends cdk.Stack {
}

const cloudwatch = zillaPlusContext.cloudwatch;
const cloudwatchDisabled = cloudwatch.disabled ?? false;
const cloudwatchDisabled = cloudwatch?.disabled ?? false;

if (!cloudwatchDisabled) {
const defaultLogGroupName = `${id}-group`;
const defaultMetricNamespace = `${id}-namespace`;

const logGroupName = cloudwatch.logGroupName ?? defaultLogGroupName;
const metricNamespace = cloudwatch.metricsNamespace ?? defaultMetricNamespace;
const logGroupName = cloudwatch?.logs?.group ?? defaultLogGroupName;
const metricNamespace = cloudwatch?.metrics?.namespace ?? defaultMetricNamespace;

const cloudWatchLogGroup = new logs.LogGroup(this, `LogGroup-${id}`, {
logGroupName: logGroupName,
Expand Down
21 changes: 12 additions & 9 deletions amazon-msk/cdk/web-streaming/test/web-streaming.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,18 @@ test('Secure Public Access Stack created', () => {
]
}
]
},
"vpcId": "vpc-12345",
"msk":
{
"bootstrapServers": "b-1.mymskcluter.****.us-east-1.amazonaws.com:9096",
"credentialsSecretName": "AmazonMSK_Alice"
},
"publicTlsCertificateKey": "arn:aws:acm:us-east-1:****:certificate//*********",
"kafkaTopic": "pets",
},
"zilla-plus":
{
"vpcId": "vpc-12345",
"msk":
{
"bootstrapServers": "b-1.mymskcluter.****.us-east-1.amazonaws.com:9096",
"credentialsSecretName": "AmazonMSK_Alice"
},
"publicTlsCertificateKey": "arn:aws:acm:us-east-1:****:certificate//*********",
"kafkaTopic": "pets",
bmaidics marked this conversation as resolved.
Show resolved Hide resolved
}
}
}
);
Expand Down