-
Open the Amazon VPC console at console.aws.amazon.com/vpc/.
-
In the navigation pane, choose Subnets, and then copy the subnet IDs of the three subnets you created previously. Save these IDs because you need them later in this procedure.
-
In the navigation pane, choose Security Groups. Then in the table of security groups, find the group for which the VPC ID column has the ID you saved for AWSKafkaTutorialVPC. Copy the ID of this security group and save it because you need it later in this procedure.
-
Copy the following JSON and save it to a file. Name the file
clusterinfo.json. -
In the
clusterinfo.jsonfile, replace the placeholders for the three subnet IDs and the security group ID with the values that you saved in previous steps. -
In clusterinfo.json, replace your-CMK with a customer managed CMK. You can also remove EncryptionAtRest and let Amazon MSK create a CMK and use it on your behalf. Setting InCluster to true means that you want Amazon MSK to encrypt your data as it travels between brokers within the cluster. For ClientBroker you can choose one of the following settings: TLS, TLS_PLAINTEXT, or PLAINTEXT. In this exercise, we use TLS to indicate that we want data to be encrypted as it travels between clients and brokers. For more information about encryption settings, see Amazon MSK Encryption.
-
Upgrade your AWS CLI to the latest version to ensure that it has support for Amazon MSK. For detailed instructions on how to upgrade the AWS CLI, see Installing the AWS Command Line Interface.
-
Run the following AWS CLI command in the directory where you saved the
clusterinfo.jsonfile.aws kafka create-cluster --cli-input-json fileb://clusterinfo.json Copy the codeThe output of the command looks like the following JSON:
{ "ClusterArn": "..." , "ClusterName": "AWSKafkaTutorialCluster", "State": "CREATING" }Copy the code -
Save the value of the
ClusterArnkey because you need it later.