Skip to content

feat(lambda): support for schema registry for kafka #34746

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jun 18, 2025
Merged

feat(lambda): support for schema registry for kafka #34746

merged 5 commits into from
Jun 18, 2025

Conversation

@DamFlancoz
Copy link
Contributor

@DamFlancoz DamFlancoz commented Jun 18, 2025

Reason for this change

Lambda is introducing a new property in Event Sources named SchemaRegistryConfig in SelfManagedKafkaEventSourceConfig and AmazonManagedKafkaEventSourceConfig to set configuration settings for a schema registry that will be used to de-serialize the event read from these Kafka event sources. When specified, it allows de-serialization events before they are passed to target function and validation of their format. The users may use a Confluent registry, a self managed registry or AWS Glue Registry. Note, the even source mapping must have ProvisionedPollerConfig set (be on provisioned mode) for this feature to be used.

This feature is currently supported for MSK and Self-managed Kafka event sources.

Description of changes

This new property can be opted in by setting SchemaRegistryConfig in SelfManagedKafkaEventSourceConfig or AmazonManagedKafkaEventSourceConfig. An example is shown bellow:

myFunction.addEventSource(new ManagedKafkaEventSource({
  clusterArn,
  topic,
  startingPosition: lambda.StartingPosition.TRIM_HORIZON,
  provisionedPollerConfig: {
    minimumPollers: 1,
    maximumPollers: 3,
  },
  schemaRegistryConfig: {
    schemaRegistryUri: 'https://example.com',
    eventRecordFormat: lambda.EventRecordFormat.JSON,
    accessConfigs: [
      {
        type: lambda.SchemaRegistryAccessConfigType.BASIC_AUTH,
        uri: 'https://example.com',
      },
      ],
    schemaValidationConfigs: [{ attribute: lambda.SchemaValidationAttribute.KEY }],
  },
}));

Describe any new or updated permissions being added

Following IAM permissions will be added to the target function execution role only if user passed a Glue registry.

{
  Action: 'glue:GetRegistry',
  Effect: 'Allow',
  Resource: {
    'Fn::GetAtt': ['Registry', 'Arn'], // Glue registry ARN
  },
},
{
  Action: [
    'glue:GetSchemaVersion',
    'glue:GetSchema',
  ],
  Effect: 'Allow',
  Resource: [
    {
      'Fn::GetAtt': ['Registry', 'Arn'],
    },
    'arn:${AWS::Partition}:glue:${AWS::Region}:${AWS::AccountId}:schema/lambda-gp-test-glue-schema-registry/*',
  ],
},

Description of how you validated changes

Unit tests for each case have been added in the PR. Note, MSK and SMK validations follow the same path so for validations there are only unit tests for MSK cases which should apply for both.

Integration test for both Glue and confluent case have been added for SMK. Since, MSK requires a Kafka cluster in VPC that we typically do not add integration tests for it.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team June 18, 2025 09:48
@github-actions github-actions bot added beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK p2 labels Jun 18, 2025
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Jun 18, 2025
kumvprat
kumvprat reviewed Jun 18, 2025
View reviewed changes
...dk-testing/framework-integ/test/aws-lambda-event-sources/test/integ.kafka-schema-registry.ts Outdated
// Create the app and stacks
const app = new App({
postCliContext: {
'@aws-cdk/aws-lambda:createNewPoliciesWithAddToRolePolicy': true,
Copy link
Contributor

@kumvprat kumvprat Jun 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you regenerate the snapshots by setting this flag as false ?

This the default value of the flag it would be good to have that as a guidance for anyone working with these set of features in the future

Copy link
Contributor Author

@DamFlancoz DamFlancoz Jun 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing the flag added the destructive actions warning back. It also updated manifest to have those warnings:

"/lambda-event-source-glue-schema-registry/GlueFunction/inlinePolicyAddedToExecutionRole-0/Resource": [
          {
            "type": "aws:cdk:logicalId",
            "data": "GlueFunctioninlinePolicyAddedToExecutionRole043C5A5B3",
            "trace": [
              "!!DESTRUCTIVE_CHANGES: WILL_DESTROY"
            ]
          }
        ],

kumvprat
kumvprat approved these changes Jun 18, 2025
View reviewed changes
Copy link
Contributor

@kumvprat kumvprat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Jun 18, 2025
@mergify
Copy link
Contributor

mergify bot commented Jun 18, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Jun 18, 2025

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 5d96c4f
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Jun 18, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit c6ea664 into aws:main Jun 18, 2025
17 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Jun 18, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 18, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@kumvprat kumvprat kumvprat approved these changes

Assignees

No one assigned

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK p2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@DamFlancoz @aws-cdk-automation @kumvprat @gasolima