Add VPC Connectivity SASL Scram and IAM

README.md

@@ -181,6 +181,8 @@ Here is an example of using this module:
 | <a name="input_preserve_security_group_id"></a> [preserve\_security\_group\_id](#input\_preserve\_security\_group\_id) | When `false` and `security_group_create_before_destroy` is `true`, changes to security group rules<br/>cause a new security group to be created with the new rules, and the existing security group is then<br/>replaced with the new one, eliminating any service interruption.<br/>When `true` or when changing the value (from `false` to `true` or from `true` to `false`),<br/>existing security group rules will be deleted before new ones are created, resulting in a service interruption,<br/>but preserving the security group itself.<br/>**NOTE:** Setting this to `true` does not guarantee the security group will never be replaced,<br/>it only keeps changes to the security group rules from triggering a replacement.<br/>See the [terraform-aws-security-group README](https://github.com/cloudposse/terraform-aws-security-group) for further discussion. | `bool` | `false` | no |
 | <a name="input_properties"></a> [properties](#input\_properties) | Contents of the server.properties file. Supported properties are documented in the [MSK Developer Guide](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html) | `map(string)` | `{}` | no |
 | <a name="input_public_access_enabled"></a> [public\_access\_enabled](#input\_public\_access\_enabled) | Enable public access to MSK cluster (given that all of the requirements are met) | `bool` | `false` | no |
+| <a name="input_vpc_connectivity_client_authentication_sasl_iam_enabled"></a> [vpc\_connectivity\_client\_authentication\_sasl\_iam\_enabled](#input\_vpc\_connectivity\_client\_authentication\_sasl\_iam\_enabled) |(Optional) Enables SASL/IAM authentication for VPC connectivity | `bool` | `false` | no |
+| <a name="input_vpc_connectivity_client_authentication_sasl_scram_enabled"></a> [vpc\_connectivity\_client\_authentication\_sasl\_scram_\_enabled](#input\_vpc\_connectivity\_client\_authentication\_sasl\_scram_\_enabled) |(Optional) Enables SASL/SCRAM authentication for VPC connectivity | `bool` | `false` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br/>Characters matching the regex will be removed from the ID elements.<br/>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_s3_logs_bucket"></a> [s3\_logs\_bucket](#input\_s3\_logs\_bucket) | Name of the S3 bucket to deliver logs to | `string` | `""` | no |
 | <a name="input_s3_logs_enabled"></a> [s3\_logs\_enabled](#input\_s3\_logs\_enabled) | Indicates whether you want to enable or disable streaming broker logs to S3 | `bool` | `false` | no |

main.tf

@@ -152,6 +152,14 @@ resource "aws_msk_cluster" "default" {
       public_access {
         type = var.public_access_enabled ? "SERVICE_PROVIDED_EIPS" : "DISABLED"
       }
+      vpc_connectivity {
+        client_authentication {
+          sasl {
+            iam = var.vpc_connectivity_client_authentication_sasl_iam_enabled 
+            scram = var.vpc_connectivity_client_authentication_sasl_scram_enabled
+          }          
+        } 
+      }
     }
   }
 

variables.tf

@@ -247,3 +247,17 @@ variable "public_access_enabled" {
   description = "Enable public access to MSK cluster (given that all of the requirements are met)"
   nullable    = false
 }
+
+variable "vpc_connectivity_client_authentication_sasl_iam_enabled" {
+  type        = bool
+  default     = false
+  description = "Enables SASL/IAM authentication for VPC connectivity"
+  nullable    = false
+}
+
+variable "vpc_connectivity_client_authentication_sasl_scram_enabled" {
+  type        = bool
+  default     = false
+  description = "Enables SASL/SCRAM authentication for VPC connectivity."
+  nullable    = false
+}