New clusters have "BootstrapBrokerStringTls"

I'm trying to create MSK clusters, and since yesterday somewhen early afternoon in CEST a newly created cluster no longer has a "BootstrapBrokerString", but rather aws kafka get-bootstrap-brokers returns a response with only "BootstrapBrokerStringTls".

This is clearly an unexpected API change, in a GA product. I would have expected that any move towards TLS-support (yeah! great! awesome!) would be announced, and would not affect existing documented things.

Switching to TLS will be quite some work, so right now I rather would not want to do that. How can I get back to the previous behavior?

EDIT: I'm also looking at the AWS console now. The cluste says "TLS client authentication" is "Disabled", and enryption in transit between clients and brokers is "Only TLS encrypted traffic allowed". So I guess that makes sense that the client information only returns "TLS" entries.

I looked at bit further, and it seems that the API behavior indeed changed, and the TLS options appeared. The default is said to be "TLS/Plaintext" at https://aws.amazon.com/msk/faqs/ (which probably would still produce a BootstrapBrokerStringTls), the actual default I saw looks like "TLS" though.

I'm now trying to adapt at least my creation scripts to explicitly configure ClientBroker encryption as 'PLAINTEXT', and then will have to work out how to move towards a "both" situation.

Edited by: ankon on Jun 21, 2019 11:48 AM: Added information for console output, and my next steps.

Edited by: ankon on Jun 21, 2019 12:11 PM: Updated with more information from documentation where I could find references to the change.