BOM - AWS MSK

  • Query id: 2730c169-51d7-4ae7-99b5-584379eff1bb
  • Query name: BOM - AWS MSK
  • Platform: CloudFormation
  • Severity: Trace
  • Category: Bill Of Materials
  • CWE: Ongoing
  • URL: Github

Description

A list of MSK resources specified. Amazon Managed Streaming for Apache Kafka (Amazon MSK) is a fully managed service that enables you to build and run applications that use Apache Kafka to process streaming data.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
Description: MSK Cluster with all properties
Resources:
  TestCluster:
    Type: 'AWS::MSK::Cluster'
    Properties:
      ClusterName: ClusterWithAllProperties
      KafkaVersion: 2.2.1
      NumberOfBrokerNodes: 3
      EnhancedMonitoring: PER_BROKER
      EncryptionInfo:
        EncryptionAtRest:
          DataVolumeKMSKeyId: ReplaceWithKmsKeyArn
        EncryptionInTransit:
          ClientBroker: TLS
          InCluster: true
      OpenMonitoring:
        Prometheus:
          JmxExporter:
            EnabledInBroker: "true"
          NodeExporter:
            EnabledInBroker: "true"
      ConfigurationInfo:
        Arn: ReplaceWithConfigurationArn
        Revision: 1
      ClientAuthentication:
        Tls:
          CertificateAuthorityArnList:
            - ReplaceWithCAArn
      Tags:
        Environment: Test
        Owner: QATeam
      BrokerNodeGroupInfo:
        BrokerAZDistribution: DEFAULT
        InstanceType: kafka.m5.large
        SecurityGroups:
          - ReplaceWithSecurityGroupId
        StorageInfo:
          EBSStorageInfo:
            VolumeSize: 100
        ClientSubnets:
          - ReplaceWithSubnetId1
          - ReplaceWithSubnetId2
          - ReplaceWithSubnetId3
        ConnectivityInfo:
          PublicAccess:
            Type: SERVICE_PROVIDED_EIPS
Positive test num. 2 - json file
{
  "Description": "MSK Cluster with all properties",
  "Resources": {
    "TestCluster3": {
      "Type": "AWS::MSK::Cluster",
      "Properties": {
        "ClusterName": "ClusterWithAllProperties",
        "KafkaVersion": "2.2.1",
        "NumberOfBrokerNodes": 3,
        "EnhancedMonitoring": "PER_BROKER",
        "OpenMonitoring": {
          "Prometheus": {
            "JmxExporter": {
              "EnabledInBroker": "true"
            },
            "NodeExporter": {
              "EnabledInBroker": "true"
            }
          }
        },
        "ConfigurationInfo": {
          "Arn": "ReplaceWithConfigurationArn",
          "Revision": 1
        },
        "ClientAuthentication": {
          "Tls": {
            "CertificateAuthorityArnList": [
              "ReplaceWithCAArn"
            ]
          }
        },
        "Tags": {
          "Environment": "Test",
          "Owner": "QATeam"
        },
        "BrokerNodeGroupInfo": {
          "BrokerAZDistribution": "DEFAULT",
          "InstanceType": "kafka.m5.large",
          "SecurityGroups": [
            "ReplaceWithSecurityGroupId"
          ],
          "StorageInfo": {
            "EBSStorageInfo": {
              "VolumeSize": 100
            }
          },
          "ClientSubnets": [
            "ReplaceWithSubnetId1",
            "ReplaceWithSubnetId2",
            "ReplaceWithSubnetId3"
          ]
        }
      }
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  myDistribution:
    Type: AWS::CloudFront::Distribution
    Properties:
      DistributionConfig:
        Enabled: true
Negative test num. 2 - json file
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "myDistribution": {
      "Type": "AWS::CloudFront::Distribution",
      "Properties": {
        "DistributionConfig": {
          "Enabled": "true"
        }
      }
    }
  }
}