aklivity · ankitk-me · Feb 24, 2025 · Feb 22, 2025
diff --git a/src/.vuepress/public/secure_public_access.png b/src/.vuepress/public/secure_public_access.png
diff --git a/src/.vuepress/public/zilla-overview.svg b/src/.vuepress/public/zilla-overview.svg
diff --git a/src/.vuepress/sidebar/en.ts b/src/.vuepress/sidebar/en.ts
@@ -158,6 +158,7 @@ export const enSidebar = sidebar({
         },
         {
           text: "Amazon MSK",
+          collapsible: true,
           children: [
             {
               text: "CDK",
@@ -178,8 +179,17 @@ export const enSidebar = sidebar({
         },
         {
           text: "Amazon MSK",
-          link: "how-tos/amazon-msk/iot-ingest-control.md",
-          children: [],
+          collapsible: true,
+          children: [
+            {
+              text: "CDK",
+              link: "https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdk/iot-ingest-and-control",
+            },
+            {
+              text: "CloudFormation",
+              link: "how-tos/amazon-msk/iot-ingest-control.md"
+            }
+          ],
         },
         {
           text: "Confluent Cloud",
@@ -204,7 +214,12 @@ export const enSidebar = sidebar({
         },
         {
           text: "Amazon MSK",
+          collapsible: true,
           children: [
+            {
+              text: "CDK",
+              link: "https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdk/web-streaming",
+            },
             {
               text: "Terraform",
               link: "https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdktf/web-streaming",

diff --git a/src/solutions/concepts/kafka-proxies/iot-ingest-control.md b/src/solutions/concepts/kafka-proxies/iot-ingest-control.md
@@ -18,6 +18,10 @@ You will need to choose a wildcard DNS pattern to use for public internet access
 
 The [Zilla Plus for Amazon MSK](https://aws.amazon.com/marketplace/pp/prodview-jshnzslazfm44) IoT Ingest and Control Broker lets authorized Kafka clients connect, publish messages and subscribe to topics in your Confluent Cloud cluster via the internet.
 
+### Deploy with CDK
+
+Follow the [IOT Ingest and Control deploy with CDK](https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdk/iot-ingest-and-control) guide to generate or deploy a custom AWS CDK stack. This stack sets up an MQTT broker using a globally trusted TLS server certificate with a wildcard DNS pattern `*.example.aklivity.io`.
+
 ### Deploy with CloudFormation
 
 Follow the [Amazon MSK IoT Ingest and Control](../../how-tos/confluent-cloud/iot-ingest-control.md) guide to setup an MQTT broker using a globally trusted TLS server certificate with a wildcard DNS pattern `*.example.aklivity.io` to illustrate the steps.

diff --git a/src/solutions/concepts/kafka-proxies/secure-public-access.md b/src/solutions/concepts/kafka-proxies/secure-public-access.md
@@ -23,6 +23,18 @@ The <ZillaPlus/> proxy can securely expose any Kafka cluster with these deployme
 
 The [Zilla Plus for Amazon MSK](https://aws.amazon.com/marketplace/pp/prodview-jshnzslazfm44) Secure Public Access proxy lets authorized Kafka clients connect, publish messages and subscribe to topics in your Amazon MSK cluster via the internet.
 
+![Secure Public Access Overview](/secure_public_access.png)
+
+## Key Features
+
+- No modifications to the MSK cluster are required to enable a **custom bootstrap domain** over the internet.
+- **Custom Wildcard DNS** & Route 53 Hosted Zone Integration.
+- Seamless end-to-end **TLS** handshake.
+- Supports `IAM`, `SASL` and `mTLS` authentication via integrations with `AWS Secrets Manager` and `AWS Certificate Manager`.
+- **Auto-Scaling** <ZillaPlus/> Instances.
+- Deployed behind a **Network Load Balancer** for high availability and efficient request routing.
+- Integrates with **AWS Nitro Enclaves**, enabling automated certificate renewal.
+
 ### Deploy with CDK
 
 Follow the [Secure Public Access with CDK](https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdk/secure-public-access) guide to generate or deploy a custom AWS CDK stack, enabling `IAM access control`, `SASL/SCRAM authentication`, `Mutual TLS (mTLS) authentication` or `Unauthorized access` to setup connectivity to your MSK cluster using a wildcard DNS pattern.

diff --git a/src/solutions/concepts/kafka-proxies/web-streaming.md b/src/solutions/concepts/kafka-proxies/web-streaming.md
@@ -14,6 +14,10 @@ By automating the configuration of a network load balancer and auto-scaling grou
 
 You will need to choose a wildcard DNS pattern to use for public internet access to the Web Streaming proxies. These wildcard DNS names must resolve to the public IP address(es) where the <ZillaPlus/> proxy is deployed. The <ZillaPlus/> proxy must also be configured with a TLS server certificate representing the same wildcard DNS pattern.
 
+## Deploy with CDK
+
+Follow the [Web Streaming with CDK](https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdk/web-streaming) guide to generate or deploy a custom AWS CDK stack. This stack exposes a custom `REST` path and uses `SASL/SCRAM` authentication.
+
 ## Deployment with Terraform
 
 Follow the [Web Streaming with Terraform](https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdktf/web-streaming) guide to generated or deploy a custom Terraform template using [CDKTF](https://developer.hashicorp.com/terraform/cdktf). This Terraform script can be configured to expose a custom REST path and uses `SASL/SCRAM` authentication.
diff --git a/src/solutions/how-tos/amazon-msk/web-streaming.md b/src/solutions/how-tos/amazon-msk/web-streaming.md
@@ -14,6 +14,10 @@ By automating the configuration of a network load balancer and auto-scaling grou
 
 You will need to choose a wildcard DNS pattern to use for public internet access to the Web Streaming proxies. These wildcard DNS names must resolve to the public IP address(es) where the <ZillaPlus/> proxy is deployed. The <ZillaPlus/> proxy must also be configured with a TLS server certificate representing the same wildcard DNS pattern.
 
+## Deploy with CDK
+
+Follow the [Web Streaming with CDK](https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdk/web-streaming) guide to generate or deploy a custom AWS CDK stack. This stack exposes a custom `REST` path and uses `SASL/SCRAM` authentication.
+
 ## Deployment with Terraform
 
 Follow the [Web Streaming with Terraform](https://github.com/aklivity/zilla-plus-aws-templates/tree/main/amazon-msk/cdktf/web-streaming) guide to generated or deploy a custom Terraform template using [CDKTF](https://developer.hashicorp.com/terraform/cdktf). This Terraform script can be configured to expose a custom REST path and uses `SASL/SCRAM` authentication.