MSK IoT page

[vordimous]

Amazon MSK IoT template (need to replace AMIs with Redpanda / Confluent Cloud AMIs until submitted)

https://s3.amazonaws.com/marketplace.aklivity.io/zilla-plus-amazon-msk/ZillaPlusAmazonMSKIoT.template

=== gotchas ===

1. permissions on AmazonMSK_* secrets
2. KMS policy on AmazonMSK_Key for secretsmanager
   • https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html#security-encryption-policies
3. sasl-scram-512
4. port 9096 in security group
5. launch ec2 instance for topic creation
   • https://docs.aws.amazon.com/msk/latest/developerguide/create-topic.html
6. configure client.properties for alice secret
7. aws.secrets json structure { username: ..., password: ... }

   
   ./kafka-topics.sh --create \
   --bootstrap-server b-1.zpmsk.0ku1a2.c9.kafka.us-east-1.amazonaws.com:9096,b-2.zpmsk.0ku1a2.c9.kafka.us-east-1.amazonaws.com:9096 \
   --command-config client.properties \
   --replication-factor 2 \
   --partitions 1 \
   --config cleanup.policy=delete \
   --topic mqtt-messages

./kafka-topics.sh --create \ --bootstrap-server b-1.zpmsk.0ku1a2.c9.kafka.us-east-1.amazonaws.com:9096,b-2.zpmsk.0ku1a2.c9.kafka.us-east-1.amazonaws.com:9096 \ --command-config client.properties \ --replication-factor 2 \ --partitions 1 \ --config cleanup.policy=compact \ --topic mqtt-retained

./kafka-topics.sh --create \ --bootstrap-server b-1.zpmsk.0ku1a2.c9.kafka.us-east-1.amazonaws.com:9096,b-2.zpmsk.0ku1a2.c9.kafka.us-east-1.amazonaws.com:9096 \ --command-config client.properties \ --replication-factor 2 \ --partitions 1 \ --config cleanup.policy=compact \ --topic mqtt-sessions

cf stack params
|Key|Value|
|---|---|
|KafkaTopicMqttMessages|mqtt-messages|
|KafkaTopicMqttRetained|mqtt-retained|
|KafkaTopicMqttSessions|mqtt-sessions|
|KeyName|john-key-pair|
|MSKAccessCredentials|arn:aws:secretsmanager:us-east-1:445711703002:secret:AmazonMSK_alice-rQAyBy|
|MSKBootstrapServers|b-1.zpmsk.0ku1a2.c9.kafka.us-east-1.amazonaws.com:9096,b-2.zpmsk.0ku1a2.c9.kafka.us-east-1.amazonaws.com:9096|
|PublicDnsWildcard|*.example.aklivity.io|
|PublicTcpPort|8883|
|PublicTlsCertificateKey|arn:aws:secretsmanager:us-east-1:445711703002:secret:wildcard.example.aklivity.io6-Bn8hm9|
|SubnetIds|subnet-09e56b4e294228d74,subnet-088d1e22fe315b4ee|
|VpcId|vpc-0197a3d155f3f5407|
|ZillaPlusCapacity|2|
|ZillaPlusInstanceType|t3.small|
|ZillaPlusRole|aklivity-zilla-proxy|
|ZillaPlusSecurityGroups|sg-055cabb5b6f9ab0c9|

[vordimous]

fixed by https://github.com/aklivity/zilla-docs/pull/188