update_security
(**kwargs)¶Updates the security settings for the cluster. You can use this operation to specify encryption and authentication on existing clusters.
See also: AWS API Documentation
Request Syntax
response = client.update_security(
ClientAuthentication={
'Sasl': {
'Scram': {
'Enabled': True|False
},
'Iam': {
'Enabled': True|False
}
},
'Tls': {
'CertificateAuthorityArnList': [
'string',
],
'Enabled': True|False
},
'Unauthenticated': {
'Enabled': True|False
}
},
ClusterArn='string',
CurrentVersion='string',
EncryptionInfo={
'EncryptionAtRest': {
'DataVolumeKMSKeyId': 'string'
},
'EncryptionInTransit': {
'ClientBroker': 'TLS'|'TLS_PLAINTEXT'|'PLAINTEXT',
'InCluster': True|False
}
}
)
Includes all client authentication related information.
Details for ClientAuthentication using SASL.
Details for SASL/SCRAM client authentication.
SASL/SCRAM authentication is enabled or not.
Indicates whether IAM access control is enabled.
Indicates whether IAM access control is enabled.
Details for ClientAuthentication using TLS.
List of ACM Certificate Authority ARNs.
Specifies whether you want to turn on or turn off TLS authentication.
Contains information about unauthenticated traffic to the cluster.
Specifies whether you want to turn on or turn off unauthenticated traffic to your cluster.
[REQUIRED]
The Amazon Resource Name (ARN) that uniquely identifies the cluster.
[REQUIRED]
The version of the MSK cluster to update. Cluster versions aren't simple numbers. You can describe an MSK cluster to find its version. When this update operation is successful, it generates a new cluster version.
Includes all encryption-related information.
The data-volume encryption details.
The ARN of the AWS KMS key for encrypting data at rest. If you don't specify a KMS key, MSK creates one for you and uses it.
The details for encryption in transit.
Indicates the encryption setting for data in transit between clients and brokers. The following are the possible values.
TLS means that client-broker communication is enabled with TLS only.
TLS_PLAINTEXT means that client-broker communication is enabled for both TLS-encrypted, as well as plaintext data.
PLAINTEXT means that client-broker communication is enabled in plaintext only.
The default value is TLS_PLAINTEXT.
When set to true, it indicates that data communication among the broker nodes of the cluster is encrypted. When set to false, the communication happens in plaintext.
The default value is true.
dict
Response Syntax
{
'ClusterArn': 'string',
'ClusterOperationArn': 'string'
}
Response Structure
(dict) --
ClusterArn (string) --
The Amazon Resource Name (ARN) of the cluster.
ClusterOperationArn (string) --
The Amazon Resource Name (ARN) of the cluster operation.
Exceptions
Kafka.Client.exceptions.BadRequestException
Kafka.Client.exceptions.UnauthorizedException
Kafka.Client.exceptions.InternalServerErrorException
Kafka.Client.exceptions.ForbiddenException
Kafka.Client.exceptions.NotFoundException
Kafka.Client.exceptions.ServiceUnavailableException
Kafka.Client.exceptions.TooManyRequestsException