Swiftorial Logo
Home
Swift Lessons
Tutorials
Learn More
Career
Resources

AWS Cloud Native Event Streaming with Amazon MSK

Introduction to AWS Cloud Native Event Streaming with Amazon MSK

Amazon Managed Streaming for Apache Kafka (MSK) is a fully managed service that simplifies the setup, scaling, and management of Apache Kafka clusters on AWS. It enables high-throughput, durable, and replayable event streaming for building event-driven architectures, real-time analytics, and data integration pipelines. MSK integrates seamlessly with AWS services like AWS Lambda, Amazon Kinesis Data Analytics for Apache Flink, and Kafka Connect, supporting use cases such as microservices communication, log aggregation, IoT data processing, and real-time analytics.

MSK provides a managed Apache Kafka environment for scalable, fault-tolerant event streaming with native AWS integrations.

Event Streaming Architecture Diagram

The architecture diagram illustrates the MSK-based event streaming workflow. Producers (e.g., applications, IoT devices) send events to an MSK cluster, which stores and replicates data across topics. Consumers, such as AWS Lambda functions, Apache Flink jobs, or Kafka Connect sinks, process or forward events for real-time analytics or storage in destinations like Amazon S3, DynamoDB, or Redshift. CI/CD pipelines manage Kafka configurations, while Amazon CloudWatch monitors cluster metrics and logs.

graph TD %% Styling for nodes classDef producer fill:#42a5f5,stroke:#1e88e5,stroke-width:2px,rx:5,ry:5; classDef msk fill:#ff6f61,stroke:#c62828,stroke-width:2px,color:#ffffff,rx:5,ry:5; classDef consumer fill:#2ecc71,stroke:#1b5e20,stroke-width:2px,color:#ffffff,rx:5,ry:5; classDef aws fill:#fbc02d,stroke:#f9a825,stroke-width:2px,rx:5,ry:5; classDef storage fill:#9c27b0,stroke:#6a1b9a,stroke-width:2px,color:#ffffff,rx:5,ry:5; %% Flow A["Producers\n(Apps, IoT, Logs)"] -->|Publish Events| B["Amazon MSK Cluster"] B -->|Replicated Topics| C["Consumers\n(Lambda, Flink, Kafka Connect)"] C -->|Store/Analyze| D["Amazon S3"] C -->|Store/Analyze| E["DynamoDB"] C -->|Store/Analyze| F["Redshift"] B -->|Monitor| G["CloudWatch"] H["CI/CD Pipeline"] -->|Manage Configs| B %% Subgraphs for grouping subgraph Event Sources A end subgraph MSK Environment B end subgraph Processing C H end subgraph Data Stores D E F end subgraph Monitoring G end %% Apply styles class A producer; class B msk; class C,H consumer; class D,E,F storage; class G aws; %% Annotations linkStyle 0 stroke:#405de6,stroke-width:2.5px; linkStyle 1 stroke:#ff6f61,stroke-width:2.5px; linkStyle 2,3,4 stroke:#2ecc71,stroke-width:2.5px; linkStyle 5 stroke:#fbc02d,stroke-width:2.5px; linkStyle 6 stroke:#9c27b0,stroke-width:2.5px;
MSK enables event-driven workflows with seamless integration to AWS analytics and storage services.

Key Components

The MSK event streaming architecture relies on the following components:

  • Amazon MSK: Managed Apache Kafka service for hosting and scaling Kafka clusters, supporting topic creation, replication, and partitioning.
  • Kafka Topics: Logical channels in MSK where events are published and consumed, configured for retention and partitioning.
  • Producers: Applications, IoT devices, or services (e.g., EC2, Lambda) that publish events to MSK topics.
  • Consumers: Services like AWS Lambda, Apache Flink, or Kafka Connect that subscribe to MSK topics for processing or forwarding events.
  • AWS Lambda: Serverless compute service for real-time event processing from MSK topics, enabling lightweight consumers.
  • Amazon Kinesis Data Analytics (Flink): Processes MSK event streams for real-time analytics, aggregations, or transformations.
  • Kafka Connect: Framework for integrating MSK with external systems, using connectors for S3, DynamoDB, or Elasticsearch.
  • Amazon S3: Stores processed event data or Kafka Connect outputs for archival or further analysis.
  • Amazon DynamoDB: NoSQL database for storing processed event data with low-latency access.
  • Amazon Redshift: Data warehouse for analytics on aggregated event data from MSK.
  • Amazon CloudWatch: Monitors MSK cluster metrics (e.g., throughput, latency) and logs for operational insights.
  • AWS IAM: Secures MSK cluster access, producer/consumer permissions, and integration with other AWS services.
  • AWS VPC: Isolates MSK clusters in a private network with subnets and security groups for secure communication.
  • CI/CD Pipeline: Manages Kafka topic configurations and consumer application deployments using tools like AWS CodePipeline.

Benefits of AWS MSK Event Streaming

The MSK-based event streaming pattern provides significant advantages:

  • Scalability: MSK scales Kafka clusters automatically or on-demand to handle high-throughput event streams.
  • Durability: Ensures data persistence with replication across multiple AZs and configurable retention periods.
  • Real-Time Processing: Enables low-latency event processing for analytics and microservices with Lambda and Flink.
  • Flexibility: Supports diverse use cases like log aggregation, IoT, and microservices with Kafka-compatible APIs.
  • Cost Efficiency: Pay-per-use pricing with auto-scaling minimizes costs for variable workloads.
  • High Availability: Multi-AZ replication ensures fault tolerance and minimal downtime.
  • Integration: Seamless connectivity with AWS services for storage, analytics, and serverless computing.
  • Simplified Management: MSK handles patching, backups, and cluster maintenance, reducing operational overhead.
  • Security: Integrates with IAM, VPC, and encryption for secure event streaming.

Implementation Considerations

Implementing MSK for event streaming requires addressing key considerations:

  • Cluster Sizing: Choose appropriate broker instance types and storage based on throughput and retention needs.
  • Topic Configuration: Set partition counts and retention policies to balance performance and cost.
  • Security: Use IAM roles, TLS encryption, and VPC security groups to secure MSK clusters and client access.
  • Monitoring: Enable CloudWatch metrics and logs for monitoring broker performance, latency, and errors.
  • Consumer Design: Optimize Lambda or Flink consumers for batch processing to reduce costs and improve throughput.
  • Kafka Connect Setup: Configure connectors for reliable data transfer to S3, DynamoDB, or other sinks.
  • Scalability Planning: Use auto-scaling or adjust broker counts to handle peak loads without over-provisioning.
  • Cost Management: Monitor usage with Cost Explorer and optimize retention policies to control storage costs.
  • Testing: Validate producer/consumer logic with tools like Kafka CLI or custom scripts before production deployment.
  • Backup and Recovery: Enable MSK backups and test restore processes for disaster recovery.
Proper cluster sizing and security configurations ensure efficient and secure MSK deployments.

Example Configuration: CloudFormation Template for MSK Cluster

BelowររBelow is a CloudFormation template to provision an MSK cluster and an IAM role. 

AWSTemplateFormatVersion: '2010-09-09'
Description: Provisions an MSK cluster with IAM role
Resources:
  MSKCluster:
    Type: AWS::MSK::Cluster
    Properties:
      ClusterName: MyMSKCluster
      KafkaVersion: '2.8.1'
      NumberOfBrokerNodes: 3
      BrokerNodeGroupInfo:
        InstanceType: kafka.t3.medium
        ClientSubnets:
          - subnet-12345678
          - subnet-87654321
          - subnet-abcdef12
        StorageInfo:
          EbsStorageInfo:
            VolumeSize: 1000
        SecurityGroups:
          - sg-12345678
      EncryptionInfo:
        EncryptionAtRest:
          KmsKeyId: alias/aws/kafka
      Tags:
        - Key: Environment
          Value: production
  MSKRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: MSKAccessRole
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: kafka.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AmazonMSKFullAccess
Outputs:
  ClusterArn:
    Value: !GetAtt MSKCluster.Arn
  RoleArn:
    Value: !GetAtt MSKRole.Arn
This CloudFormation template provisions an MSK cluster with three brokers and an IAM role for access.

Example Configuration: AWS CDK in Python for MSK and Lambda

Below is an AWS CDK stack in Python to provision an MSK cluster and a Lambda consumer. 

from aws_cdk import (
    core,
    aws_msk as msk,
    aws_lambda as lambda_,
    aws_iam as iam,
    aws_ec2 as ec2
)

class MSKLambdaStack(core.Stack):
    def __init__(self, scope: core.Construct, id: str, **kwargs) -> None:
        super().__init__(scope, id, **kwargs)

        # Define VPC
        vpc = ec2.Vpc(
            self, "MSKVpc",
            max_azs=3,
            cidr="10.0.0.0/16",
            subnet_configuration=[
                ec2.SubnetConfiguration(
                    name="Public",
                    subnet_type=ec2.SubnetType.PUBLIC,
                    cidr_mask=24
                ),
                ec2.SubnetConfiguration(
                    name="Private",
                    subnet_type=ec2.SubnetType.PRIVATE_WITH_NAT,
                    cidr_mask=24
                )
            ]
        )

        # Define MSK cluster
        msk_cluster = msk.CfnCluster(
            self, "MyMSKCluster",
            cluster_name="MyMSKCluster",
            kafka_version="2.8.1",
            number_of_broker_nodes=3,
            broker_node_group_info=msk.CfnCluster.BrokerNodeGroupInfoProperty(
                instance_type="kafka.t3.medium",
                client_subnets=vpc.select_subnets(subnet_type=ec2.SubnetType.PRIVATE_WITH_NAT).subnet_ids,
                storage_info=msk.CfnCluster.StorageInfoProperty(
                    ebs_storage_info=msk.CfnCluster.EBSStorageInfoProperty(
                        volume_size=1000
                    )
                ),
                security_groups=[vpc.vpc_default_security_group]
            ),
            encryption_info=msk.CfnCluster.EncryptionInfoProperty(
                encryption_at_rest=msk.CfnCluster.EncryptionAtRestProperty(
                    kms_key_id="alias/aws/kafka"
                )
            ),
            tags={"Environment": "production"}
        )

        # Define Lambda function to consume MSK events
        msk_lambda = lambda_.Function(
            self, "MSKConsumerLambda",
            runtime=lambda_.Runtime.PYTHON_3_8,
            handler="lambda_function.lambda_handler",
            code=lambda_.Code.from_inline("""
import json

def lambda_handler(event, context):
    # Process MSK events
    for record in event['records']:
        print("Received MSK event:", json.loads(record['value']))
    return {"statusCode": 200}
"""),
            vpc=vpc,
            environment={
                "MSK_CLUSTER_ARN": msk_cluster.ref
            },
            timeout=core.Duration.seconds(30)
        )

        # Grant Lambda access to MSK
        msk_lambda.add_to_role_policy(
            iam.PolicyStatement(
                effect=iam.Effect.ALLOW,
                actions=[
                    "kafka:DescribeCluster",
                    "kafka:GetBootstrapBrokers",
                    "kafka:DescribeClusterV2"
                ],
                resources=[msk_cluster.ref]
            )
        )

app = core.App()
MSKLambdaStack(app, "MSKLambdaStack")
app.synth()
This CDK stack provisions an MSK cluster and a Lambda function to consume events from MSK topics.

Example Configuration: Terraform for MSK and S3 Sink

Below is a Terraform configuration to provision an MSK cluster and an S3 bucket for Kafka Connect sink. 

provider "aws" {
  region = "us-west-2"
}

resource "aws_vpc" "msk_vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Environment = "production"
  }
}

resource "aws_subnet" "msk_subnet_a" {
  vpc_id     = aws_vpc.msk_vpc.id
  cidr_block = "10.0.1.0/24"
  availability_zone = "us-west-2a"
  tags = {
    Environment = "production"
  }
}

resource "aws_subnet" "msk_subnet_b" {
  vpc_id     = aws_vpc.msk_vpc.id
  cidr_block = "10.0.2.0/24"
  availability_zone = "us-west-2b"
  tags = {
    Environment = "production"
  }
}

resource "aws_security_group" "msk_sg" {
  vpc_id = aws_vpc.msk_vpc.id
  ingress {
    from_port   = 9092
    to_port     = 9092
    protocol    = "tcp"
    cidr_blocks = ["10.0.0.0/16"]
  }
  tags = {
    Environment = "production"
  }
}

resource "aws_msk_cluster" "msk_cluster" {
  cluster_name = "my-msk-cluster"
  kafka_version = "2.8.1"
  number_of_broker_nodes = 3
  broker_node_group_info {
    instance_type   = "kafka.t3.medium"
    ebs_volume_size = 1000
    client_subnets  = [aws_subnet.msk_subnet_a.id, aws_subnet.msk_subnet_b.id]
    security_groups = [aws_security_group.msk_sg.id]
  }
  encryption_info {
    encryption_at_rest_kms_key_arn = "arn:aws:kms:us-west-2:aws:kafka"
  }
  tags = {
    Environment = "production"
  }
}

resource "aws_s3_bucket" "msk_sink" {
  bucket = "my-msk-sink-bucket-123"
  tags = {
    Environment = "production"
  }
}

resource "aws_iam_role" "msk_connect_role" {
  name = "msk-connect-role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Principal = {
          Service = "kafkaconnect.amazonaws.com"
        }
      }
    ]
  })
}

resource "aws_iam_role_policy" "msk_connect_policy" {
  name = "msk-connect-policy"
  role = aws_iam_role.msk_connect_role.id
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Action = [
          "s3:PutObject",
          "s3:GetObject",
          "s3:ListBucket"
        ]
        Resource = [
          aws_s3_bucket.msk_sink.arn,
          "${aws_s3_bucket.msk_sink.arn}/*"
        ]
      },
      {
        Effect = "Allow"
        Action = [
          "kafka:DescribeCluster",
          "kafka:GetBootstrapBrokers"
        ]
        Resource = aws_msk_cluster.msk_cluster.arn
      }
    ]
  })
}
This Terraform configuration provisions an MSK cluster, an S3 bucket for Kafka Connect, and necessary IAM permissions.