Terraform AWS MSK Kafka Cluster
MSK clusters with broker configuration, encryption in transit and at rest, client authentication, logging, VPC networking, and cluster policies for streaming workloads.
Controls Enforced
The following compliance controls are enforced by this module at terraform plan time.
- MSK clusters should be encrypted in transit among broker nodes low effort
- MSK clusters should have public access disabled low effort
- MSK clusters should disable unauthenticated access low effort
Quick Start
module "msk_kafka_cluster" {
source = "acscessentialeight.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "acscism2023.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "awscontroltower.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "awsgenai.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "awswellarchitected.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "cccsmedium.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "cfrpart11.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "cisv140.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "cisv500.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "cis.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "cisv80ig1.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "cisacyberessentials.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "eugmpannex11.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "fedramplow.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "fedrampmoderate.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "ffiec.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "gdpr.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "hipaa.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "iso27001.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "nis2.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "nist800171.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "nist80053.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "nistcsf.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "nydfs23.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "pcidss.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "rbicybersecurity.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "rbiitfnbfc.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
module "msk_kafka_cluster" {
source = "soc2.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "<version>"
# ... your arguments here
}
See the Get Started guide to get started and read the Features section for more details on how to customize the module for your requirements.
Migration from Upstream
Already using terraform-aws-modules? Change only the source URL:
module "msk_kafka_cluster" {
source = "terraform-aws-modules/msk-kafka-cluster/aws"
version = "1.0"
}
module "msk_kafka_cluster" {
source = "soc2.compliance.tf/terraform-aws-modules/msk-kafka-cluster/aws"
version = "1.0"
}
Same arguments. Same outputs. Compliance controls are enforced automatically at terraform plan. If a required value is missing, you get a clear validation error telling you what to set.
See the Migration Guide for step-by-step instructions.
Reversibility
No lock-in. Switch back by reverting the source URL to the upstream path:
module "msk_kafka_cluster" {
source = "terraform-aws-modules/msk-kafka-cluster/aws"
}
Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.
Mapped compliance frameworks
A.8.12 Data leakage prevention
A.8.24 Use of cryptography
6 Security in network and information systems acquisition, development and maintenance
PR.DS-02
PR.DS-2
2.2.7: System components are configured and managed securely.
4.2.1: PAN is protected with strong cryptography during transmission.
4.2.1.1: An inventory of the entity's trusted keys and certificates used to protect PAN during transmission is maintained
4.2.1.1: PAN is protected with strong cryptography during transmission.
8.3.2: Strong authentication for users and administrators is established and managed.
8.3.2: Strong cryptography is used to render all authentication factors unreadable during transmission and storage on all system components
CC6.7 The entity restricts the transmission, movement, and removal of information to authorized internal and external users and processes, and protects it during transmission, movement, or removal to meet the entity's objectives
Framework Coverage
Which controls from this module are active under each framework endpoint. ● enforced by default · ○ not activated by this endpoint
| Control | ISO/IEC 27001:2022 | NIS2 Directive (EU 2022/2555) | NIST Cybersecurity Framework v2.0 | PCI DSS v4.0 | SOC 2 |
|---|---|---|---|---|---|
| MSK clusters should be encrypted in transit among broker nodes | ● | ● | ● | ● | ● |
| MSK clusters should have public access disabled | ○ | ○ | ○ | ○ | ○ |
| MSK clusters should disable unauthenticated access | ○ | ○ | ○ | ○ | ○ |
Showing top 5 frameworks by coverage. All framework endpoints →