Initial draft

.github/workflows/publish.yml

@@ -0,0 +1,32 @@
+name: Nullstone
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  NULLSTONE_ORG: nullstone
+  NULLSTONE_API_KEY: ${{ secrets.NULLSTONE_API_KEY }}
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Find version
+        id: version
+        run: echo ::set-output name=tag::${GITHUB_REF#refs/tags/v}
+
+      - name: Set up Nullstone
+        uses: nullstone-io/setup-nullstone-action@v0
+
+      - name: Publish module
+        run: |
+          nullstone modules publish --version=${{ steps.version.outputs.tag }}

.nullstone/module.yml

@@ -0,0 +1,13 @@
+org_name: nullstone
+name: aws-msk
+friendly_name: Kafka Cluster (AWS MSK)
+description: Creates a Kafka cluster using AWS MSK
+category: datastore
+subcategory: ""
+provider_types:
+    - aws
+platform: kafka
+subplatform: msk
+type: ""
+appCategories: []
+is_public: true

CHANGELOG.md

@@ -0,0 +1,2 @@
+## 0.1.0 (Unreleased)
+* Initial release

Makefile

@@ -0,0 +1,2 @@
+lock-providers:
+	terraform providers lock -platform=linux_amd64 -platform=linux_arm64 -platform=darwin_amd64 -platform=darwin_arm64 -platform=windows_amd64

README.md

@@ -1,2 +1,3 @@
 # aws-msk
+
 Creates a Kafka cluster using AWS MSK

aws.tf

@@ -0,0 +1,5 @@
+data "aws_region" "this" {}
+
+locals {
+  region = data.aws_region.this.name
+}

cluster.tf

@@ -0,0 +1,30 @@
+resource "aws_msk_cluster" "this" {
+  cluster_name           = local.resource_name
+  kafka_version          = var.kafka_version
+  number_of_broker_nodes = var.num_broker_nodes
+
+  broker_node_group_info {
+    instance_type   = var.instance_type
+    client_subnets  = local.private_subnet_ids
+    security_groups = [aws_security_group.this.id]
+
+    storage_info {
+      ebs_storage_info {
+        volume_size = var.storage_size
+      }
+    }
+  }
+
+  encryption_info {
+    encryption_at_rest_kms_key_arn = aws_kms_alias.this.arn
+
+    encryption_in_transit {
+      client_broker = "TLS"
+      in_cluster    = true
+    }
+  }
+
+  client_authentication {
+    iam = true
+  }
+}

kms.tf

@@ -0,0 +1,11 @@
+resource "aws_kms_key" "this" {
+  description             = "KMS key for MSK cluster encryption (${local.resource_name})"
+  deletion_window_in_days = 30
+  enable_key_rotation     = true
+  tags                    = local.tags
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/${local.resource_name}"
+  target_key_id = aws_kms_key.this.id
+}

network.tf

@@ -0,0 +1,9 @@
+data "ns_connection" "network" {
+  name     = "network"
+  contract = "network/aws/vpc"
+}
+
+locals {
+  vpc_id             = data.ns_connection.network.outputs.vpc_id
+  private_subnet_ids = data.ns_connection.network.outputs.private_subnet_ids
+}

nullstone.tf

@@ -0,0 +1,24 @@
+terraform {
+  required_providers {
+    ns = {
+      source = "nullstone-io/ns"
+    }
+  }
+}
+
+data "ns_workspace" "this" {}
+
+// Generate a random suffix to ensure uniqueness of resources
+resource "random_string" "resource_suffix" {
+  length  = 5
+  lower   = true
+  upper   = false
+  numeric = false
+  special = false
+}
+
+locals {
+  tags          = data.ns_workspace.this.tags
+  block_name    = data.ns_workspace.this.block_name
+  resource_name = "${data.ns_workspace.this.block_ref}-${random_string.resource_suffix.result}"
+}

outputs.tf

@@ -0,0 +1,24 @@
+output "region" {
+  value       = local.region
+  description = "string ||| The AWS Region that this instance is deployed"
+}
+
+output "cluster_arn" {
+  value       = aws_msk_cluster.this.arn
+  description = "string ||| The ARN of the MSK Cluster"
+}
+
+output "cluster_name" {
+  value       = aws_msk_cluster.this.cluster_name
+  description = "string ||| The name of the MSK Cluster"
+}
+
+output "bootstrap_brokers_tls" {
+  value       = aws_msk_cluster.this.bootstrap_brokers_tls
+  description = "list(string) ||| The TLS-enabled Bootstrap Brokers of the MSK Cluster"
+}
+
+output "security_group_id" {
+  value       = aws_security_group.this.id
+  description = "string ||| The ID of the security group attached to the Kafka cluster."
+}

security.tf

@@ -0,0 +1,5 @@
+resource "aws_security_group" "this" {
+  name        = local.resource_name
+  description = "MSK Security Group for ${local.resource_name}"
+  vpc_id      = local.vpc_id
+}

variables.tf

@@ -0,0 +1,47 @@
+variable "kafka_version" {
+  type        = string
+  default     = "3.7.0"
+  description = <<EOF
+The version of Apache Kafka.
+For available versions, see https://docs.aws.amazon.com/msk/latest/developerguide/supported-kafka-versions.html
+EOF
+}
+
+variable "instance_type" {
+  type        = string
+  default     = "kafka.m5.large"
+  description = <<EOF
+The instance type to use for the kafka brokers.
+It must be a valid Amazon MSK instance type. (e.g. `kafka.*.*`)
+See https://docs.aws.amazon.com/msk/latest/developerguide/broker-instance-sizes.html
+EOF
+}
+
+variable "num_broker_nodes" {
+  type        = number
+  default     = 2
+  description = <<EOF
+The desired number of broker nodes in the kafka cluster.
+It must be a multiple of the number of specified client subnets.
+This module uses all private subnets of the connected network.
+EOF
+}
+
+variable "storage_size" {
+  type        = number
+  default     = 100
+  description = <<EOF
+The size of the EBS volume for each data volume in the broker nodes.
+This is measured in GiB with a minimum of 1GiB and a maximum of 16 TiB.
+EOF
+
+  validation {
+    condition     = var.storage_size >= 1
+    error_message = "The storage size must be at least 1 GiB."
+  }
+
+  validation {
+    condition     = var.storage_size <= 16384
+    error_message = "The storage size must be at most 16 TiB."
+  }
+}