From d16060339e8831267ff7cb5a9d2550419eb609f3 Mon Sep 17 00:00:00 2001
From: Byungjin Park <posquit0.bj@gmail.com>
Date: Sat, 2 Sep 2023 23:26:58 +0900
Subject: [PATCH] Migrate msk-cluster to terraform-aws-messaging

---
 .github/labeler.yaml                  |   3 -
 .github/labels.yaml                   |   3 -
 modules/msk-cluster/README.md         | 108 ----------
 modules/msk-cluster/cluster.tf        | 172 ----------------
 modules/msk-cluster/migrations.tf     |   5 -
 modules/msk-cluster/outputs.tf        | 185 -----------------
 modules/msk-cluster/resource-group.tf |  31 ---
 modules/msk-cluster/scram-secrets.tf  |  55 -----
 modules/msk-cluster/security-group.tf | 124 ------------
 modules/msk-cluster/variables.tf      | 278 --------------------------
 modules/msk-cluster/versions.tf       |  14 --
 11 files changed, 978 deletions(-)
 delete mode 100644 modules/msk-cluster/README.md
 delete mode 100644 modules/msk-cluster/cluster.tf
 delete mode 100644 modules/msk-cluster/migrations.tf
 delete mode 100644 modules/msk-cluster/outputs.tf
 delete mode 100644 modules/msk-cluster/resource-group.tf
 delete mode 100644 modules/msk-cluster/scram-secrets.tf
 delete mode 100644 modules/msk-cluster/security-group.tf
 delete mode 100644 modules/msk-cluster/variables.tf
 delete mode 100644 modules/msk-cluster/versions.tf

diff --git a/.github/labeler.yaml b/.github/labeler.yaml
index 30da008..3977b4a 100644
--- a/.github/labeler.yaml
+++ b/.github/labeler.yaml
@@ -1,7 +1,4 @@
 # Modules
-":floppy_disk: msk-cluster":
-- modules/msk-cluster/**/*
-
 ":floppy_disk: resource-group":
 - modules/resource-group/**/*
 
diff --git a/.github/labels.yaml b/.github/labels.yaml
index b2de133..1272df1 100644
--- a/.github/labels.yaml
+++ b/.github/labels.yaml
@@ -40,9 +40,6 @@
   name: "size/XL"
 
 # Modules
-- color: "fbca04"
-  description: "This issue or pull request is related to msk-cluster module."
-  name: ":floppy_disk: msk-cluster"
 - color: "fbca04"
   description: "This issue or pull request is related to resource-group module."
   name: ":floppy_disk: resource-group"
diff --git a/modules/msk-cluster/README.md b/modules/msk-cluster/README.md
deleted file mode 100644
index 55e1239..0000000
--- a/modules/msk-cluster/README.md
+++ /dev/null
@@ -1,108 +0,0 @@
-# msk-cluster
-
-This module creates following resources.
-
-- `aws_msk_cluster`
-- `aws_msk_configuration`
-- `aws_msk_scram_secret_association` (optional)
-- `aws_security_group` (optional)
-- `aws_security_group_rule` (optional)
-- `aws_secretsmanager_secret` (optional)
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Requirements
-
-| Name | Version |
-|------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 |
-| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | >= 3.3 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.52.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | 3.4.3 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| <a name="module_resource_group"></a> [resource\_group](#module\_resource\_group) | tedilabs/misc/aws//modules/resource-group | ~> 0.10.0 |
-| <a name="module_secret"></a> [secret](#module\_secret) | tedilabs/secret/aws//modules/secrets-manager-secret | ~> 0.2.0 |
-| <a name="module_security_group"></a> [security\_group](#module\_security\_group) | tedilabs/network/aws//modules/security-group | 0.26.0 |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [aws_msk_cluster.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_cluster) | resource |
-| [aws_msk_configuration.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_configuration) | resource |
-| [aws_msk_scram_secret_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/msk_scram_secret_association) | resource |
-| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
-| [aws_msk_broker_nodes.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/msk_broker_nodes) | data source |
-| [aws_subnet.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| <a name="input_broker_size"></a> [broker\_size](#input\_broker\_size) | (Required) The desired total number of broker nodes in the kafka cluster. It must be a multiple of the number of specified client subnets. | `number` | n/a | yes |
-| <a name="input_broker_subnets"></a> [broker\_subnets](#input\_broker\_subnets) | (Required) A list of subnet IDs to place ENIs of the MSK cluster broker nodes within. | `list(string)` | n/a | yes |
-| <a name="input_name"></a> [name](#input\_name) | (Required) Name of the MSK cluster. | `string` | n/a | yes |
-| <a name="input_auth_sasl_iam_enabled"></a> [auth\_sasl\_iam\_enabled](#input\_auth\_sasl\_iam\_enabled) | (Optional) Enables IAM client authentication. | `bool` | `false` | no |
-| <a name="input_auth_sasl_scram_enabled"></a> [auth\_sasl\_scram\_enabled](#input\_auth\_sasl\_scram\_enabled) | (Optional) Enables SCRAM client authentication via AWS Secrets Manager. | `bool` | `false` | no |
-| <a name="input_auth_sasl_scram_kms_key"></a> [auth\_sasl\_scram\_kms\_key](#input\_auth\_sasl\_scram\_kms\_key) | (Optional) The ARN of a KMS key to encrypt AWS SeecretsManager Secret resources for storing SASL/SCRAM authentication data. Only required when the MSK cluster has SASL/SCRAM authentication enabled. The Username/Password Authentication based on SASL/SCRAM needs to create a Secret resource in AWS SecretsManager with a custom AWS KMS Key. A secret created with the default AWS KMS key cannot be used with an Amazon MSK cluster. | `string` | `null` | no |
-| <a name="input_auth_sasl_scram_users"></a> [auth\_sasl\_scram\_users](#input\_auth\_sasl\_scram\_users) | (Optional) A list of usernames to be allowed for SASL/SCRAM authentication to the MSK cluster. The password for each username is randomly generated and stored in AWS SecretsManager secret. | `set(string)` | `[]` | no |
-| <a name="input_auth_tls_acm_ca_arns"></a> [auth\_tls\_acm\_ca\_arns](#input\_auth\_tls\_acm\_ca\_arns) | (Optional) List of ACM Certificate Authority Amazon Resource Names (ARNs). | `list(string)` | `[]` | no |
-| <a name="input_auth_tls_enabled"></a> [auth\_tls\_enabled](#input\_auth\_tls\_enabled) | (Optional) Enables TLS client authentication. | `bool` | `false` | no |
-| <a name="input_auth_unauthenticated_access_enabled"></a> [auth\_unauthenticated\_access\_enabled](#input\_auth\_unauthenticated\_access\_enabled) | (Optional) Enables unauthenticated access. Defaults to `true`. | `bool` | `true` | no |
-| <a name="input_broker_additional_security_groups"></a> [broker\_additional\_security\_groups](#input\_broker\_additional\_security\_groups) | (Optional) A list of security group IDs to associate with ENIs to control who can communicate with the cluster. | `list(string)` | `[]` | no |
-| <a name="input_broker_allowed_ingress_cidrs"></a> [broker\_allowed\_ingress\_cidrs](#input\_broker\_allowed\_ingress\_cidrs) | (Optional) A list of CIDR for MSK ingress access. | `list(string)` | `[]` | no |
-| <a name="input_broker_instance_type"></a> [broker\_instance\_type](#input\_broker\_instance\_type) | (Optional) The instance type to use for the kafka brokers. | `string` | `"kafka.m5.large"` | no |
-| <a name="input_broker_public_access_enabled"></a> [broker\_public\_access\_enabled](#input\_broker\_public\_access\_enabled) | (Optional) Whether to allow public access to MSK brokers. | `bool` | `false` | no |
-| <a name="input_broker_volume_provisioned_throughput"></a> [broker\_volume\_provisioned\_throughput](#input\_broker\_volume\_provisioned\_throughput) | (Optional) Throughput value of the EBS volumes for the data drive on each kafka broker node in MiB per second. The minimum value is `250`. The maximum value varies between broker type. | `number` | `null` | no |
-| <a name="input_broker_volume_provisioned_throughput_enabled"></a> [broker\_volume\_provisioned\_throughput\_enabled](#input\_broker\_volume\_provisioned\_throughput\_enabled) | (Optional) Whether provisioned throughput is enabled or not. You can specify the provisioned throughput rate in MiB per second for clusters whose brokers are of type `kafka.m5.4xlarge` or larger and if the storage volume is 10 GiB or greater. Defaults to `false`. | `bool` | `false` | no |
-| <a name="input_broker_volume_size"></a> [broker\_volume\_size](#input\_broker\_volume\_size) | (Optional) The size in GiB of the EBS volume for the data drive on each broker node. Minimum value of `1` and maximum value of `16384`. Defaults to `1000`. | `number` | `1000` | no |
-| <a name="input_encryption_at_rest_kms_key"></a> [encryption\_at\_rest\_kms\_key](#input\_encryption\_at\_rest\_kms\_key) | (Optional) Specify a KMS key short ID or ARN (it will always output an ARN) to use for encrypting your data at rest. If no key is specified, an AWS managed KMS ('aws/msk' managed service) key will be used for encrypting the data at rest. | `string` | `""` | no |
-| <a name="input_encryption_in_transit_client_mode"></a> [encryption\_in\_transit\_client\_mode](#input\_encryption\_in\_transit\_client\_mode) | (Optional) Encryption setting for data in transit between clients and brokers. `TLS`, `TLS_PLAINTEXT`, `PLAINTEXT` are available. | `string` | `"TLS_PLAINTEXT"` | no |
-| <a name="input_encryption_in_transit_in_cluster_enabled"></a> [encryption\_in\_transit\_in\_cluster\_enabled](#input\_encryption\_in\_transit\_in\_cluster\_enabled) | (Optional) Whether data communication among broker nodes is encrypted. | `bool` | `true` | no |
-| <a name="input_kafka_server_properties"></a> [kafka\_server\_properties](#input\_kafka\_server\_properties) | (Optional) Contents of the `server.properties` file for configuration of Kafka. | `map(string)` | `{}` | no |
-| <a name="input_kafka_version"></a> [kafka\_version](#input\_kafka\_version) | (Optional) Kafka version to use for the MSK cluster. | `string` | `"2.8.0"` | no |
-| <a name="input_logging_cloudwatch_enabled"></a> [logging\_cloudwatch\_enabled](#input\_logging\_cloudwatch\_enabled) | (Optional) Indicates whether you want to enable or disable streaming broker logs to Cloudwatch Logs. | `bool` | `false` | no |
-| <a name="input_logging_cloudwatch_log_group"></a> [logging\_cloudwatch\_log\_group](#input\_logging\_cloudwatch\_log\_group) | (Optional) The name of log group on CloudWatch Logs to deliver logs to. | `string` | `""` | no |
-| <a name="input_logging_firehose_delivery_stream"></a> [logging\_firehose\_delivery\_stream](#input\_logging\_firehose\_delivery\_stream) | (Optional) Name of the Kinesis Data Firehose delivery stream to deliver logs to. | `string` | `""` | no |
-| <a name="input_logging_firehose_enabled"></a> [logging\_firehose\_enabled](#input\_logging\_firehose\_enabled) | (Optional) Indicates whether you want to enable or disable streaming broker logs to Kinesis Data Firehose. | `bool` | `false` | no |
-| <a name="input_logging_s3_bucket"></a> [logging\_s3\_bucket](#input\_logging\_s3\_bucket) | (Optional) The name of the S3 bucket to deliver logs to. | `string` | `""` | no |
-| <a name="input_logging_s3_enabled"></a> [logging\_s3\_enabled](#input\_logging\_s3\_enabled) | (Optional) Indicates whether you want to enable or disable streaming broker logs to S3. | `bool` | `false` | no |
-| <a name="input_logging_s3_prefix"></a> [logging\_s3\_prefix](#input\_logging\_s3\_prefix) | (Optional) The prefix to append to the folder name. | `string` | `""` | no |
-| <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no |
-| <a name="input_monitoring_cloudwatch_level"></a> [monitoring\_cloudwatch\_level](#input\_monitoring\_cloudwatch\_level) | (Optional) The desired enhanced MSK CloudWatch monitoring level. `DEFAULT`, `PER_BROKER`, `PER_TOPIC_PER_BROKER`, `PER_TOPIC_PER_PARTITION` are available. | `string` | `"DEFAULT"` | no |
-| <a name="input_monitoring_prometheus_jmx_exporter_enabled"></a> [monitoring\_prometheus\_jmx\_exporter\_enabled](#input\_monitoring\_prometheus\_jmx\_exporter\_enabled) | (Optional) Indicates whether you want to enable or disable the JMX Exporter. | `bool` | `false` | no |
-| <a name="input_monitoring_prometheus_node_exporter_enabled"></a> [monitoring\_prometheus\_node\_exporter\_enabled](#input\_monitoring\_prometheus\_node\_exporter\_enabled) | (Optional) Indicates whether you want to enable or disable the Node Exporter. | `bool` | `false` | no |
-| <a name="input_resource_group_description"></a> [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no |
-| <a name="input_resource_group_enabled"></a> [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no |
-| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no |
-| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no |
-| <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | (Optional) How long to wait for the MSK cluster to be created/updated/deleted. | `map(string)` | <pre>{<br>  "create": "120m",<br>  "delete": "120m",<br>  "update": "120m"<br>}</pre> | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| <a name="output_arn"></a> [arn](#output\_arn) | The ARN of the MSK cluster. |
-| <a name="output_auth"></a> [auth](#output\_auth) | A configuration for authentication of the Kafka cluster. |
-| <a name="output_bootstrap_brokers"></a> [bootstrap\_brokers](#output\_bootstrap\_brokers) | A configuration for connecting to the Kafka cluster.<br>    `plaintext` - A comma separated list of one or more hostname:port pairs of kafka brokers suitable to boostrap connectivity to the kafka cluster. Only contains value if `client_encryption_in_transit_mode` is set to PLAINTEXT or TLS\_PLAINTEXT. AWS may not always return all endpoints so the values may not be stable across applies.<br>    `sasl_iam` - A comma separated list of one or more DNS names (or IPs) and SASL IAM port pairs. Only contains value if `client_encryption_in_transit_mode` is set to TLS\_PLAINTEXT or TLS. AWS may not always return all endpoints so the values may not be stable across applies.<br>    `sasl_scram` - A comma separated list of one or more DNS names (or IPs) and SASL SCRAM port pairs. Only contains value if `client_encryption_in_transit_mode` is set to TLS\_PLAINTEXT or TLS. AWS may not always return all endpoints so the values may not be stable across applies.<br>    `tls` - A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity to the kafka cluster. Only contains value if `client_encryption_in_transit_mode is set to TLS_PLAINTEXT or TLS. AWS may not always return all endpoints so the values may not be stable across applies.<br>    `public\_sasl\_iam` - A comma separated list of one or more DNS names (or IPs) and SASL IAM port pairs. Only contains value if `client\_encryption\_in\_transit\_mode` is set to TLS_PLAINTEXT or TLS and `auth\_sasl\_iam\_enabled` is `true` and `broker\_public\_access\_enabled` is `true`. AWS may not always return all endpoints so the values may not be stable across applies.<br>    `public\_sasl\_scram` - A comma separated list of one or more DNS names (or IPs) and SASL SCRAM port pairs. Only contains value if `client\_encryption\_in\_transit\_mode` is set to TLS_PLAINTEXT or TLS and `auth\_sasl\_scram\_enabled` is `true` and `broker\_public\_access\_enabled` is `true`. AWS may not always return all endpoints so the values may not be stable across applies.<br>    `public\_tls` - A comma separated list of one or more DNS names (or IPs) and TLS port pairs. Only contains value if `client\_encryption\_in\_transit\_mode` is set to TLS_PLAINTEXT or TLS and `broker\_public\_access\_enabled` is `true`. AWS may not always return all endpoints so the values may not be stable across applies.<br>` |
-| <a name="output_broker"></a> [broker](#output\_broker) | A configuration for brokers of the Kafka cluster.<br>    `size` - The number of broker nodes in the kafka cluster.<br>    `instance_type` - The instance type used by the kafka brokers.<br><br>    `public_access_enabled` - Whether public access to MSK brokers is enabled.<br>    `security_groups` - A list of the security groups associated with the MSK cluster.<br><br>    `volume` - A EBS volume information for MSK brokers. |
-| <a name="output_broker_nodes"></a> [broker\_nodes](#output\_broker\_nodes) | The information of broker nodes in the kafka cluster. |
-| <a name="output_broker_security_group_id"></a> [broker\_security\_group\_id](#output\_broker\_security\_group\_id) | The id of security group that were created for the MSK cluster. |
-| <a name="output_encryption"></a> [encryption](#output\_encryption) | A configuration for encryption of the Kafka cluster.<br>    `at_rest` - The configuration for encryption at rest.<br>    `in_transit` - The configuration for encryption in transit. |
-| <a name="output_kafka_config"></a> [kafka\_config](#output\_kafka\_config) | The MSK configuration. |
-| <a name="output_kafka_version"></a> [kafka\_version](#output\_kafka\_version) | The MSK cluster version. |
-| <a name="output_logging"></a> [logging](#output\_logging) | A configuration for logging of the Kafka cluster.<br>    `cloudwatch` - The configuration for MSK broker logs to CloudWatch Logs.<br>    `firehose` - The configuration for MSK broker logs to Kinesis Firehose.<br>    `s3` - The configuration for MSK broker logs to S3 Bucket. |
-| <a name="output_monitoring"></a> [monitoring](#output\_monitoring) | A configuration for monitoring of the Kafka cluster.<br>    `cloudwatch` - The configuration for MSK CloudWatch Metrics.<br>    `prometheus` - The configuration for Prometheus open monitoring. |
-| <a name="output_name"></a> [name](#output\_name) | The MSK cluster name. |
-| <a name="output_version"></a> [version](#output\_version) | Current version of the MSK Cluster used for updates. |
-| <a name="output_zookeeper_connections"></a> [zookeeper\_connections](#output\_zookeeper\_connections) | A configuration for connecting to the Apache Zookeeper cluster.<br>    `tcp` - A comma separated list of one or more IP:port pairs to use to connect to the Apache Zookeeper cluster.<br>    `tls` - A comma separated list of one or more IP:port pairs to use to connect to the Apache Zookeeper cluster via TLS. |
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/modules/msk-cluster/cluster.tf b/modules/msk-cluster/cluster.tf
deleted file mode 100644
index 0d83526..0000000
--- a/modules/msk-cluster/cluster.tf
+++ /dev/null
@@ -1,172 +0,0 @@
-locals {
-  metadata = {
-    package = "terraform-aws-misc"
-    version = trimspace(file("${path.module}/../../VERSION"))
-    module  = basename(path.module)
-    name    = var.name
-  }
-  module_tags = var.module_tags_enabled ? {
-    "module.terraform.io/package"   = local.metadata.package
-    "module.terraform.io/version"   = local.metadata.version
-    "module.terraform.io/name"      = local.metadata.module
-    "module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}"
-    "module.terraform.io/instance"  = local.metadata.name
-  } : {}
-}
-
-
-###################################################
-# Configuration for MSK Cluster
-###################################################
-
-locals {
-  server_properties = <<EOT
-%{for k, v in var.kafka_server_properties~}
-${k} = ${v}
-%{endfor~}
-EOT
-}
-
-resource "aws_msk_configuration" "this" {
-  name           = var.name
-  description    = "Configuration for ${var.name} Kafka Cluster."
-  kafka_versions = [var.kafka_version]
-
-  server_properties = local.server_properties
-
-  lifecycle {
-    create_before_destroy = true
-  }
-}
-
-
-###################################################
-# MSK Cluster
-###################################################
-
-# TODO: public access cidrs
-resource "aws_msk_cluster" "this" {
-  cluster_name           = var.name
-  kafka_version          = var.kafka_version
-  number_of_broker_nodes = var.broker_size
-
-  broker_node_group_info {
-    instance_type   = var.broker_instance_type
-    az_distribution = "DEFAULT"
-    client_subnets  = var.broker_subnets
-    security_groups = concat(
-      module.security_group[*].id,
-      var.broker_additional_security_groups
-    )
-
-    connectivity_info {
-      public_access {
-        type = var.broker_public_access_enabled ? "SERVICE_PROVIDED_EIPS" : "DISABLED"
-      }
-    }
-
-    storage_info {
-      ebs_storage_info {
-        volume_size = var.broker_volume_size
-
-        dynamic "provisioned_throughput" {
-          for_each = var.broker_volume_provisioned_throughput_enabled ? ["go"] : []
-
-          content {
-            enabled           = true
-            volume_throughput = var.broker_volume_provisioned_throughput
-          }
-        }
-      }
-    }
-  }
-
-  configuration_info {
-    arn      = aws_msk_configuration.this.arn
-    revision = aws_msk_configuration.this.latest_revision
-  }
-
-
-  ## Auth
-  client_authentication {
-    unauthenticated = var.auth_unauthenticated_access_enabled
-
-    sasl {
-      iam   = var.auth_sasl_iam_enabled
-      scram = var.auth_sasl_scram_enabled
-    }
-
-    dynamic "tls" {
-      for_each = var.auth_tls_enabled ? ["go"] : []
-
-      content {
-        certificate_authority_arns = var.auth_tls_acm_ca_arns
-      }
-    }
-  }
-
-
-  ## Encryption
-  encryption_info {
-    encryption_at_rest_kms_key_arn = var.encryption_at_rest_kms_key
-
-    encryption_in_transit {
-      in_cluster    = var.encryption_in_transit_in_cluster_enabled
-      client_broker = var.encryption_in_transit_client_mode
-    }
-  }
-
-
-  ## Logging
-  logging_info {
-    broker_logs {
-      cloudwatch_logs {
-        enabled   = var.logging_cloudwatch_enabled
-        log_group = var.logging_cloudwatch_log_group
-      }
-      firehose {
-        enabled         = var.logging_firehose_enabled
-        delivery_stream = var.logging_firehose_delivery_stream
-      }
-      s3 {
-        enabled = var.logging_s3_enabled
-        bucket  = var.logging_s3_bucket
-        prefix  = var.logging_s3_prefix
-      }
-    }
-  }
-
-
-  ## Monitoring
-  enhanced_monitoring = var.monitoring_cloudwatch_level
-
-  open_monitoring {
-    prometheus {
-      jmx_exporter {
-        enabled_in_broker = var.monitoring_prometheus_jmx_exporter_enabled
-      }
-
-      node_exporter {
-        enabled_in_broker = var.monitoring_prometheus_node_exporter_enabled
-      }
-    }
-  }
-
-  timeouts {
-    create = var.timeouts.create
-    update = var.timeouts.update
-    delete = var.timeouts.delete
-  }
-
-  tags = merge(
-    {
-      "Name" = local.metadata.name
-    },
-    local.module_tags,
-    var.tags,
-  )
-}
-
-data "aws_msk_broker_nodes" "this" {
-  cluster_arn = aws_msk_cluster.this.arn
-}
diff --git a/modules/msk-cluster/migrations.tf b/modules/msk-cluster/migrations.tf
deleted file mode 100644
index 83a0f7e..0000000
--- a/modules/msk-cluster/migrations.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-# 2023-02-01
-moved {
-  from = aws_resourcegroups_group.this[0]
-  to   = module.resource_group[0].aws_resourcegroups_group.this
-}
diff --git a/modules/msk-cluster/outputs.tf b/modules/msk-cluster/outputs.tf
deleted file mode 100644
index 844179e..0000000
--- a/modules/msk-cluster/outputs.tf
+++ /dev/null
@@ -1,185 +0,0 @@
-output "arn" {
-  description = "The ARN of the MSK cluster."
-  value       = aws_msk_cluster.this.arn
-}
-
-output "name" {
-  description = "The MSK cluster name."
-  value       = var.name
-}
-
-output "version" {
-  description = "Current version of the MSK Cluster used for updates."
-  value       = aws_msk_cluster.this.current_version
-}
-
-output "kafka_version" {
-  description = "The MSK cluster version."
-  value       = var.kafka_version
-}
-
-output "kafka_config" {
-  description = "The MSK configuration."
-  value = {
-    arn             = aws_msk_configuration.this.arn
-    name            = aws_msk_configuration.this.name
-    latest_revision = aws_msk_configuration.this.latest_revision
-    properties      = aws_msk_configuration.this.server_properties
-  }
-}
-
-output "broker_security_group_id" {
-  description = "The id of security group that were created for the MSK cluster."
-  value       = try(module.security_group[*].id[0], null)
-}
-
-output "broker_nodes" {
-  description = "The information of broker nodes in the kafka cluster."
-  value       = data.aws_msk_broker_nodes.this.node_info_list
-}
-
-output "broker" {
-  description = <<EOF
-  A configuration for brokers of the Kafka cluster.
-    `size` - The number of broker nodes in the kafka cluster.
-    `instance_type` - The instance type used by the kafka brokers.
-
-    `public_access_enabled` - Whether public access to MSK brokers is enabled.
-    `security_groups` - A list of the security groups associated with the MSK cluster.
-
-    `volume` - A EBS volume information for MSK brokers.
-  EOF
-  value = {
-    size          = aws_msk_cluster.this.number_of_broker_nodes
-    instance_type = aws_msk_cluster.this.broker_node_group_info[0].instance_type
-
-    subnets                   = aws_msk_cluster.this.broker_node_group_info[0].client_subnets
-    public_access_enabled     = var.broker_public_access_enabled
-    security_groups           = aws_msk_cluster.this.broker_node_group_info[0].security_groups
-    default_security_group_id = try(module.security_group[*].id[0], null)
-
-    volume = {
-      size = aws_msk_cluster.this.broker_node_group_info[0].storage_info[0].ebs_storage_info[0].volume_size
-      provisioned_throughput = {
-        enabled    = try(aws_msk_cluster.this.broker_node_group_info[0].storage_info[0].ebs_storage_info[0].provisioned_throughput[0].enabled, false)
-        throughput = try(aws_msk_cluster.this.broker_node_group_info[0].storage_info[0].ebs_storage_info[0].provisioned_throughput[0].volume_throughput, null)
-      }
-    }
-  }
-}
-
-output "auth" {
-  description = "A configuration for authentication of the Kafka cluster."
-  value = {
-    unauthenticated_access = {
-      enabled = aws_msk_cluster.this.client_authentication[0].unauthenticated
-    }
-    sasl = {
-      iam = {
-        enabled = aws_msk_cluster.this.client_authentication[0].sasl[0].iam
-      }
-      scram = {
-        enabled = aws_msk_cluster.this.client_authentication[0].sasl[0].scram
-        kms_key = var.auth_sasl_scram_kms_key
-        users   = var.auth_sasl_scram_users
-      }
-    }
-    tls = {
-      enabled     = var.auth_tls_enabled
-      acm_ca_arns = try(aws_msk_cluster.this.client_authentication[0].tls[0].certificate_authority_arns, [])
-    }
-  }
-}
-
-output "encryption" {
-  description = <<EOF
-  A configuration for encryption of the Kafka cluster.
-    `at_rest` - The configuration for encryption at rest.
-    `in_transit` - The configuration for encryption in transit.
-  EOF
-  value = {
-    at_rest = {
-      kms_key = aws_msk_cluster.this.encryption_info[0].encryption_at_rest_kms_key_arn
-    }
-    in_transit = {
-      in_cluster_enabled = aws_msk_cluster.this.encryption_info[0].encryption_in_transit[0].in_cluster
-      client_mode        = aws_msk_cluster.this.encryption_info[0].encryption_in_transit[0].client_broker
-    }
-  }
-}
-
-output "logging" {
-  description = <<EOF
-  A configuration for logging of the Kafka cluster.
-    `cloudwatch` - The configuration for MSK broker logs to CloudWatch Logs.
-    `firehose` - The configuration for MSK broker logs to Kinesis Firehose.
-    `s3` - The configuration for MSK broker logs to S3 Bucket.
-  EOF
-  value = {
-    cloudwatch = {
-      enabled   = aws_msk_cluster.this.logging_info[0].broker_logs[0].cloudwatch_logs[0].enabled
-      log_group = aws_msk_cluster.this.logging_info[0].broker_logs[0].cloudwatch_logs[0].log_group
-    }
-    firehose = {
-      enabled         = aws_msk_cluster.this.logging_info[0].broker_logs[0].firehose[0].enabled
-      delivery_stream = aws_msk_cluster.this.logging_info[0].broker_logs[0].firehose[0].delivery_stream
-    }
-    s3 = {
-      enabled = aws_msk_cluster.this.logging_info[0].broker_logs[0].s3[0].enabled
-      bucket  = aws_msk_cluster.this.logging_info[0].broker_logs[0].s3[0].bucket
-      prefix  = aws_msk_cluster.this.logging_info[0].broker_logs[0].s3[0].prefix
-    }
-  }
-}
-
-output "monitoring" {
-  description = <<EOF
-  A configuration for monitoring of the Kafka cluster.
-    `cloudwatch` - The configuration for MSK CloudWatch Metrics.
-    `prometheus` - The configuration for Prometheus open monitoring.
-  EOF
-  value = {
-    cloudwatch = {
-      level = aws_msk_cluster.this.enhanced_monitoring
-    }
-    prometheus = {
-      jmx_exporter_enabled  = aws_msk_cluster.this.open_monitoring[0].prometheus[0].jmx_exporter[0].enabled_in_broker
-      node_exporter_enabled = aws_msk_cluster.this.open_monitoring[0].prometheus[0].node_exporter[0].enabled_in_broker
-    }
-  }
-}
-
-output "bootstrap_brokers" {
-  description = <<EOF
-  A configuration for connecting to the Kafka cluster.
-    `plaintext` - A comma separated list of one or more hostname:port pairs of kafka brokers suitable to boostrap connectivity to the kafka cluster. Only contains value if `client_encryption_in_transit_mode` is set to PLAINTEXT or TLS_PLAINTEXT. AWS may not always return all endpoints so the values may not be stable across applies.
-    `sasl_iam` - A comma separated list of one or more DNS names (or IPs) and SASL IAM port pairs. Only contains value if `client_encryption_in_transit_mode` is set to TLS_PLAINTEXT or TLS. AWS may not always return all endpoints so the values may not be stable across applies.
-    `sasl_scram` - A comma separated list of one or more DNS names (or IPs) and SASL SCRAM port pairs. Only contains value if `client_encryption_in_transit_mode` is set to TLS_PLAINTEXT or TLS. AWS may not always return all endpoints so the values may not be stable across applies.
-    `tls` - A comma separated list of one or more DNS names (or IPs) and TLS port pairs kafka brokers suitable to boostrap connectivity to the kafka cluster. Only contains value if `client_encryption_in_transit_mode is set to TLS_PLAINTEXT or TLS. AWS may not always return all endpoints so the values may not be stable across applies.
-    `public_sasl_iam` - A comma separated list of one or more DNS names (or IPs) and SASL IAM port pairs. Only contains value if `client_encryption_in_transit_mode` is set to TLS_PLAINTEXT or TLS and `auth_sasl_iam_enabled` is `true` and `broker_public_access_enabled` is `true`. AWS may not always return all endpoints so the values may not be stable across applies.
-    `public_sasl_scram` - A comma separated list of one or more DNS names (or IPs) and SASL SCRAM port pairs. Only contains value if `client_encryption_in_transit_mode` is set to TLS_PLAINTEXT or TLS and `auth_sasl_scram_enabled` is `true` and `broker_public_access_enabled` is `true`. AWS may not always return all endpoints so the values may not be stable across applies.
-    `public_tls` - A comma separated list of one or more DNS names (or IPs) and TLS port pairs. Only contains value if `client_encryption_in_transit_mode` is set to TLS_PLAINTEXT or TLS and `broker_public_access_enabled` is `true`. AWS may not always return all endpoints so the values may not be stable across applies.
-  EOF
-  value = {
-    plaintext  = aws_msk_cluster.this.bootstrap_brokers
-    sasl_iam   = aws_msk_cluster.this.bootstrap_brokers_sasl_iam
-    sasl_scram = aws_msk_cluster.this.bootstrap_brokers_sasl_scram
-    tls        = aws_msk_cluster.this.bootstrap_brokers_tls
-
-    public_sasl_iam   = aws_msk_cluster.this.bootstrap_brokers_public_sasl_iam
-    public_sasl_scram = aws_msk_cluster.this.bootstrap_brokers_public_sasl_scram
-    public_tls        = aws_msk_cluster.this.bootstrap_brokers_public_tls
-  }
-}
-
-output "zookeeper_connections" {
-  description = <<EOF
-  A configuration for connecting to the Apache Zookeeper cluster.
-    `tcp` - A comma separated list of one or more IP:port pairs to use to connect to the Apache Zookeeper cluster.
-    `tls` - A comma separated list of one or more IP:port pairs to use to connect to the Apache Zookeeper cluster via TLS.
-  EOF
-  value = {
-    tcp = aws_msk_cluster.this.zookeeper_connect_string
-    tls = aws_msk_cluster.this.zookeeper_connect_string_tls
-  }
-}
diff --git a/modules/msk-cluster/resource-group.tf b/modules/msk-cluster/resource-group.tf
deleted file mode 100644
index 7487ba0..0000000
--- a/modules/msk-cluster/resource-group.tf
+++ /dev/null
@@ -1,31 +0,0 @@
-locals {
-  resource_group_name = (var.resource_group_name != ""
-    ? var.resource_group_name
-    : join(".", [
-      local.metadata.package,
-      local.metadata.module,
-      replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"),
-    ])
-  )
-}
-
-
-module "resource_group" {
-  source  = "tedilabs/misc/aws//modules/resource-group"
-  version = "~> 0.10.0"
-
-  count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0
-
-  name        = local.resource_group_name
-  description = var.resource_group_description
-
-  query = {
-    resource_tags = local.module_tags
-  }
-
-  module_tags_enabled = false
-  tags = merge(
-    local.module_tags,
-    var.tags,
-  )
-}
diff --git a/modules/msk-cluster/scram-secrets.tf b/modules/msk-cluster/scram-secrets.tf
deleted file mode 100644
index 19047cb..0000000
--- a/modules/msk-cluster/scram-secrets.tf
+++ /dev/null
@@ -1,55 +0,0 @@
-resource "random_password" "this" {
-  for_each = var.auth_sasl_scram_users
-
-  length = 16
-
-  min_lower   = 2
-  min_upper   = 1
-  min_numeric = 2
-  min_special = 1
-
-  override_special = "!#$%&*()-=<>:"
-}
-
-
-###################################################
-# SASL/SCRAM User & Password for MSK Cluster
-###################################################
-
-# TODO: Create an independant module for msk-scram-users
-module "secret" {
-  source  = "tedilabs/secret/aws//modules/secrets-manager-secret"
-  version = "~> 0.2.0"
-
-  for_each = var.auth_sasl_scram_users
-
-  name        = "AmazonMSK_SCRAM/${var.name}/${each.key}"
-  description = "The SASL/SCRAM secret to provide username and password for MSK cluster authenticaiton."
-
-  type = "KEY_VALUE"
-  value = {
-    username = each.key
-    password = random_password.this[each.key].result
-  }
-
-  kms_key             = var.auth_sasl_scram_kms_key
-  policy              = null
-  block_public_policy = true
-
-  deletion_window_in_days = 7
-
-  resource_group_enabled = false
-  module_tags_enabled    = false
-
-  tags = merge(
-    local.module_tags,
-    var.tags,
-  )
-}
-
-resource "aws_msk_scram_secret_association" "this" {
-  count = length(module.secret) > 0 ? 1 : 0
-
-  cluster_arn     = aws_msk_cluster.this.arn
-  secret_arn_list = values(module.secret).*.arn
-}
diff --git a/modules/msk-cluster/security-group.tf b/modules/msk-cluster/security-group.tf
deleted file mode 100644
index be49bf1..0000000
--- a/modules/msk-cluster/security-group.tf
+++ /dev/null
@@ -1,124 +0,0 @@
-data "aws_subnet" "this" {
-  id = var.broker_subnets[0]
-}
-
-locals {
-  vpc_id = data.aws_subnet.this.vpc_id
-}
-
-
-###################################################
-# Security Group
-###################################################
-
-module "security_group" {
-  source  = "tedilabs/network/aws//modules/security-group"
-  version = "0.26.0"
-
-  count = length(var.broker_allowed_ingress_cidrs) > 0 ? 1 : 0
-
-  name        = var.name
-  description = "Security group for MSK Cluster."
-  vpc_id      = local.vpc_id
-
-  ingress_rules = [
-    {
-      id          = "broker-plaintext/cidrs"
-      description = "Allow CIDRs to communicate with Kafka brokers in plaintext."
-      protocol    = "tcp"
-      from_port   = 9092
-      to_port     = 9092
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-    {
-      id          = "broker-tls/cidrs"
-      description = "Allow CIDRs to communicate with Kafka brokers in tls."
-      protocol    = "tcp"
-      from_port   = 9094
-      to_port     = 9094
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-    {
-      id          = "broker-sasl-scram/cidrs"
-      description = "Allow CIDRs to communicate with Kafka brokers in SASL SCRAM."
-      protocol    = "tcp"
-      from_port   = 9096
-      to_port     = 9096
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-    {
-      id          = "broker-sasl-iam/cidrs"
-      description = "Allow CIDRs to communicate with Kafka brokers in SASL IAM."
-      protocol    = "tcp"
-      from_port   = 9098
-      to_port     = 9098
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-    {
-      id          = "broker-public-tls/cidrs"
-      description = "Allow CIDRs to communicate with Kafka brokers in tls (public)."
-      protocol    = "tcp"
-      from_port   = 9194
-      to_port     = 9194
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-    {
-      id          = "broker-public-sasl-scram/cidrs"
-      description = "Allow CIDRs to communicate with Kafka brokers in SASL SCRAM (public)."
-      protocol    = "tcp"
-      from_port   = 9196
-      to_port     = 9196
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-    {
-      id          = "broker-public-sasl-iam/cidrs"
-      description = "Allow CIDRs to communicate with Kafka brokers in SASL IAM (public)."
-      protocol    = "tcp"
-      from_port   = 9198
-      to_port     = 9198
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-    {
-      id          = "zookeeper/cidrs"
-      description = "Allow CIDRs to communicate with Kafka zookeepers."
-      protocol    = "tcp"
-      from_port   = 2181
-      to_port     = 2181
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-    {
-      id          = "prometheus-jmx-exporter/cidrs"
-      description = "Allow CIDRs to communicate with Prometheus JMX Exporter."
-      protocol    = "tcp"
-      from_port   = 11001
-      to_port     = 11001
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-    {
-      id          = "prometheus-node-exporter/cidrs"
-      description = "Allow CIDRs to communicate with Prometheus Node Exporter."
-      protocol    = "tcp"
-      from_port   = 11002
-      to_port     = 11002
-
-      cidr_blocks = var.broker_allowed_ingress_cidrs
-    },
-  ]
-
-  resource_group_enabled = false
-  module_tags_enabled    = false
-
-  tags = merge(
-    local.module_tags,
-    var.tags,
-  )
-}
diff --git a/modules/msk-cluster/variables.tf b/modules/msk-cluster/variables.tf
deleted file mode 100644
index 634de59..0000000
--- a/modules/msk-cluster/variables.tf
+++ /dev/null
@@ -1,278 +0,0 @@
-variable "name" {
-  description = "(Required) Name of the MSK cluster."
-  type        = string
-}
-
-variable "kafka_version" {
-  description = "(Optional) Kafka version to use for the MSK cluster."
-  type        = string
-  default     = "2.8.0"
-  nullable    = false
-}
-
-variable "kafka_server_properties" {
-  description = "(Optional) Contents of the `server.properties` file for configuration of Kafka."
-  type        = map(string)
-  default     = {}
-  nullable    = false
-}
-
-variable "broker_size" {
-  description = "(Required) The desired total number of broker nodes in the kafka cluster. It must be a multiple of the number of specified client subnets."
-  type        = number
-}
-
-variable "broker_instance_type" {
-  description = "(Optional) The instance type to use for the kafka brokers."
-  type        = string
-  default     = "kafka.m5.large"
-  nullable    = false
-}
-
-variable "broker_volume_size" {
-  description = "(Optional) The size in GiB of the EBS volume for the data drive on each broker node. Minimum value of `1` and maximum value of `16384`. Defaults to `1000`."
-  type        = number
-  default     = 1000
-  nullable    = false
-
-  validation {
-    condition = alltrue([
-      var.broker_volume_size >= 1,
-      var.broker_volume_size <= 16384,
-    ])
-    error_message = "Valid value for `broker_volume_size` is between `1` and `16384`."
-  }
-}
-
-variable "broker_volume_provisioned_throughput_enabled" {
-  description = "(Optional) Whether provisioned throughput is enabled or not. You can specify the provisioned throughput rate in MiB per second for clusters whose brokers are of type `kafka.m5.4xlarge` or larger and if the storage volume is 10 GiB or greater. Defaults to `false`."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "broker_volume_provisioned_throughput" {
-  description = "(Optional) Throughput value of the EBS volumes for the data drive on each kafka broker node in MiB per second. The minimum value is `250`. The maximum value varies between broker type."
-  type        = number
-  default     = null
-}
-
-variable "broker_subnets" {
-  description = "(Required) A list of subnet IDs to place ENIs of the MSK cluster broker nodes within."
-  type        = list(string)
-}
-
-variable "broker_public_access_enabled" {
-  description = "(Optional) Whether to allow public access to MSK brokers."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "broker_allowed_ingress_cidrs" {
-  description = "(Optional) A list of CIDR for MSK ingress access."
-  type        = list(string)
-  default     = []
-}
-
-variable "broker_additional_security_groups" {
-  description = "(Optional) A list of security group IDs to associate with ENIs to control who can communicate with the cluster."
-  type        = list(string)
-  default     = []
-}
-
-variable "auth_unauthenticated_access_enabled" {
-  description = "(Optional) Enables unauthenticated access. Defaults to `true`."
-  type        = bool
-  default     = true
-  nullable    = false
-}
-
-variable "auth_sasl_iam_enabled" {
-  description = "(Optional) Enables IAM client authentication."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "auth_sasl_scram_enabled" {
-  description = "(Optional) Enables SCRAM client authentication via AWS Secrets Manager."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "auth_sasl_scram_kms_key" {
-  description = "(Optional) The ARN of a KMS key to encrypt AWS SeecretsManager Secret resources for storing SASL/SCRAM authentication data. Only required when the MSK cluster has SASL/SCRAM authentication enabled. The Username/Password Authentication based on SASL/SCRAM needs to create a Secret resource in AWS SecretsManager with a custom AWS KMS Key. A secret created with the default AWS KMS key cannot be used with an Amazon MSK cluster."
-  type        = string
-  default     = null
-}
-
-variable "auth_sasl_scram_users" {
-  description = "(Optional) A list of usernames to be allowed for SASL/SCRAM authentication to the MSK cluster. The password for each username is randomly generated and stored in AWS SecretsManager secret."
-  type        = set(string)
-  default     = []
-  nullable    = false
-}
-
-variable "auth_tls_enabled" {
-  description = "(Optional) Enables TLS client authentication."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "auth_tls_acm_ca_arns" {
-  description = "(Optional) List of ACM Certificate Authority Amazon Resource Names (ARNs)."
-  type        = list(string)
-  default     = []
-  nullable    = false
-}
-
-variable "encryption_at_rest_kms_key" {
-  description = "(Optional) Specify a KMS key short ID or ARN (it will always output an ARN) to use for encrypting your data at rest. If no key is specified, an AWS managed KMS ('aws/msk' managed service) key will be used for encrypting the data at rest."
-  type        = string
-  default     = ""
-}
-
-variable "encryption_in_transit_in_cluster_enabled" {
-  description = "(Optional) Whether data communication among broker nodes is encrypted."
-  type        = bool
-  default     = true
-  nullable    = false
-}
-
-variable "encryption_in_transit_client_mode" {
-  description = "(Optional) Encryption setting for data in transit between clients and brokers. `TLS`, `TLS_PLAINTEXT`, `PLAINTEXT` are available."
-  type        = string
-  default     = "TLS_PLAINTEXT"
-  nullable    = false
-
-  validation {
-    condition     = contains(["TLS", "TLS_PLAINTEXT", "PLAINTEXT"], var.encryption_in_transit_client_mode)
-    error_message = "Valid values are `TLS`, `TLS_PLAINTEXT`, `PLAINTEXT`."
-  }
-}
-
-variable "logging_cloudwatch_enabled" {
-  description = "(Optional) Indicates whether you want to enable or disable streaming broker logs to Cloudwatch Logs."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "logging_cloudwatch_log_group" {
-  description = "(Optional) The name of log group on CloudWatch Logs to deliver logs to."
-  type        = string
-  default     = ""
-  nullable    = false
-}
-
-variable "logging_firehose_enabled" {
-  description = "(Optional) Indicates whether you want to enable or disable streaming broker logs to Kinesis Data Firehose."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "logging_firehose_delivery_stream" {
-  description = "(Optional) Name of the Kinesis Data Firehose delivery stream to deliver logs to."
-  type        = string
-  default     = ""
-  nullable    = false
-}
-
-variable "logging_s3_enabled" {
-  description = "(Optional) Indicates whether you want to enable or disable streaming broker logs to S3."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "logging_s3_bucket" {
-  description = "(Optional) The name of the S3 bucket to deliver logs to."
-  type        = string
-  default     = ""
-  nullable    = false
-}
-
-variable "logging_s3_prefix" {
-  description = "(Optional) The prefix to append to the folder name."
-  type        = string
-  default     = ""
-  nullable    = false
-}
-
-variable "monitoring_cloudwatch_level" {
-  description = "(Optional) The desired enhanced MSK CloudWatch monitoring level. `DEFAULT`, `PER_BROKER`, `PER_TOPIC_PER_BROKER`, `PER_TOPIC_PER_PARTITION` are available."
-  type        = string
-  default     = "DEFAULT"
-  nullable    = false
-
-  validation {
-    condition     = contains(["DEFAULT", "PER_BROKER", "PER_TOPIC_PER_BROKER", "PER_TOPIC_PER_PARTITION"], var.monitoring_cloudwatch_level)
-    error_message = "Valid values are `DEFAULT`, `PER_BROKER`, `PER_TOPIC_PER_BROKER`, `PER_TOPIC_PER_PARTITION`."
-  }
-}
-
-variable "monitoring_prometheus_jmx_exporter_enabled" {
-  description = "(Optional) Indicates whether you want to enable or disable the JMX Exporter."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "monitoring_prometheus_node_exporter_enabled" {
-  description = "(Optional) Indicates whether you want to enable or disable the Node Exporter."
-  type        = bool
-  default     = false
-  nullable    = false
-}
-
-variable "timeouts" {
-  description = "(Optional) How long to wait for the MSK cluster to be created/updated/deleted."
-  type        = map(string)
-  default = {
-    create = "120m"
-    update = "120m"
-    delete = "120m"
-  }
-  nullable = false
-}
-
-variable "tags" {
-  description = "(Optional) A map of tags to add to all resources."
-  type        = map(string)
-  default     = {}
-  nullable    = false
-}
-
-variable "module_tags_enabled" {
-  description = "(Optional) Whether to create AWS Resource Tags for the module informations."
-  type        = bool
-  default     = true
-  nullable    = false
-}
-
-
-###################################################
-# Resource Group
-###################################################
-
-variable "resource_group_enabled" {
-  description = "(Optional) Whether to create Resource Group to find and group AWS resources which are created by this module."
-  type        = bool
-  default     = true
-}
-
-variable "resource_group_name" {
-  description = "(Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`."
-  type        = string
-  default     = ""
-}
-
-variable "resource_group_description" {
-  description = "(Optional) The description of Resource Group."
-  type        = string
-  default     = "Managed by Terraform."
-}
diff --git a/modules/msk-cluster/versions.tf b/modules/msk-cluster/versions.tf
deleted file mode 100644
index 583387c..0000000
--- a/modules/msk-cluster/versions.tf
+++ /dev/null
@@ -1,14 +0,0 @@
-terraform {
-  required_version = ">= 1.2"
-
-  required_providers {
-    aws = {
-      source  = "hashicorp/aws"
-      version = ">= 4.22"
-    }
-    random = {
-      source  = "hashicorp/random"
-      version = ">= 3.3"
-    }
-  }
-}