BOM - AWS MSK
- Query id: 2730c169-51d7-4ae7-99b5-584379eff1bb
- Query name: BOM - AWS MSK
- Platform: CloudFormation
- Severity: Trace
- Category: Bill Of Materials
- CWE: 532
- URL: Github
Description¶
A list of MSK resources specified. Amazon Managed Streaming for Apache Kafka (Amazon MSK) is a fully managed service that enables you to build and run applications that use Apache Kafka to process streaming data.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Description: MSK Cluster with all properties
Resources:
TestCluster:
Type: 'AWS::MSK::Cluster'
Properties:
ClusterName: ClusterWithAllProperties
KafkaVersion: 2.2.1
NumberOfBrokerNodes: 3
EnhancedMonitoring: PER_BROKER
EncryptionInfo:
EncryptionAtRest:
DataVolumeKMSKeyId: ReplaceWithKmsKeyArn
EncryptionInTransit:
ClientBroker: TLS
InCluster: true
OpenMonitoring:
Prometheus:
JmxExporter:
EnabledInBroker: "true"
NodeExporter:
EnabledInBroker: "true"
ConfigurationInfo:
Arn: ReplaceWithConfigurationArn
Revision: 1
ClientAuthentication:
Tls:
CertificateAuthorityArnList:
- ReplaceWithCAArn
Tags:
Environment: Test
Owner: QATeam
BrokerNodeGroupInfo:
BrokerAZDistribution: DEFAULT
InstanceType: kafka.m5.large
SecurityGroups:
- ReplaceWithSecurityGroupId
StorageInfo:
EBSStorageInfo:
VolumeSize: 100
ClientSubnets:
- ReplaceWithSubnetId1
- ReplaceWithSubnetId2
- ReplaceWithSubnetId3
ConnectivityInfo:
PublicAccess:
Type: SERVICE_PROVIDED_EIPS
Positive test num. 2 - json file
{
"Description": "MSK Cluster with all properties",
"Resources": {
"TestCluster3": {
"Type": "AWS::MSK::Cluster",
"Properties": {
"ClusterName": "ClusterWithAllProperties",
"KafkaVersion": "2.2.1",
"NumberOfBrokerNodes": 3,
"EnhancedMonitoring": "PER_BROKER",
"OpenMonitoring": {
"Prometheus": {
"JmxExporter": {
"EnabledInBroker": "true"
},
"NodeExporter": {
"EnabledInBroker": "true"
}
}
},
"ConfigurationInfo": {
"Arn": "ReplaceWithConfigurationArn",
"Revision": 1
},
"ClientAuthentication": {
"Tls": {
"CertificateAuthorityArnList": [
"ReplaceWithCAArn"
]
}
},
"Tags": {
"Environment": "Test",
"Owner": "QATeam"
},
"BrokerNodeGroupInfo": {
"BrokerAZDistribution": "DEFAULT",
"InstanceType": "kafka.m5.large",
"SecurityGroups": [
"ReplaceWithSecurityGroupId"
],
"StorageInfo": {
"EBSStorageInfo": {
"VolumeSize": 100
}
},
"ClientSubnets": [
"ReplaceWithSubnetId1",
"ReplaceWithSubnetId2",
"ReplaceWithSubnetId3"
]
}
}
}
}
}