(lambda-event-sources): (Improve configuring authentication in SelfManagedKafkaEventSourceProps)

[WtfJoke]

trafficstars

Describe the feature

In AWS its possible to configure a self hosted Kafka as an eventsource for a Lambda, described here.

Theres a variety of ways how to authenticate against your kafka cluster (vpc, certificates, root-ca or a combination of these).

During the review of #21422 we (@TheRealAmazonKendra, @mrgrain) came to the conclusion that the SelfManagedKafkaEventSourceProps could take an overhaul on how to configure authentication (this includes, vpc + authentication method + rootCACertificate) in these props.

Use Case

When configuring a Kafka Eventsource Trigger for your Lambda on the aws console/ui its easier than with cdk.

There is a combination of required values, which isnt obvious through use of the cdk code (for example you required to either configure a vpc or a secret, but both are declared as optional values in the props). This could be simplified and could make the live of the dev easier.

Proposed Solution

This is the rough proposed idea/solution which can be more improved/discussed (there is already some feedback in there).

https://gist.github.com/WtfJoke/bd20e0bf74d77a158f41970204560ee4

This change would most likely result in some sort of a breaking change and would need some sort of feature flag.

Other Information

https://github.com/aws/aws-cdk/pull/21422

Acknowledgements

• [X] I may be able to implement this feature request
• [X] This feature might incur a breaking change

CDK version used

v2.35.0

Environment details (OS name and version, etc.)

windows 11 (wsl)

[mrgrain]

@WtfJoke Like I said in the gist, I like the direction of this API but we'll need to find a way how to encode VPC and Auth. Maybe they are separate things and we are really only need a contract for AuthenticationMethod that enforces certain rules (i.e. require a secret).

[kaizencc]

Labeling effort-medium as there seems to be some design work still on this issue.