aws-cdk-lib.aws_appmesh.ListenerTlsOptions

interface ListenerTlsOptions

LanguageType name
.NETAmazon.CDK.AWS.AppMesh.ListenerTlsOptions
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsappmesh#ListenerTlsOptions
Javasoftware.amazon.awscdk.services.appmesh.ListenerTlsOptions
Pythonaws_cdk.aws_appmesh.ListenerTlsOptions
TypeScript (source)aws-cdk-lib » aws_appmesh » ListenerTlsOptions

Represents TLS properties for listener.

Example

// A Virtual Node with listener TLS from an ACM provided certificate
declare const cert: certificatemanager.Certificate;
declare const mesh: appmesh.Mesh;

const node = new appmesh.VirtualNode(this, 'node', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.dns('node'),
  listeners: [appmesh.VirtualNodeListener.grpc({
    port: 80,
    tls: {
      mode: appmesh.TlsMode.STRICT,
      certificate: appmesh.TlsCertificate.acm(cert),
    },
  })],
});

// A Virtual Gateway with listener TLS from a customer provided file certificate
const gateway = new appmesh.VirtualGateway(this, 'gateway', {
  mesh,
  listeners: [appmesh.VirtualGatewayListener.grpc({
    port: 8080,
    tls: {
      mode: appmesh.TlsMode.STRICT,
      certificate: appmesh.TlsCertificate.file('path/to/certChain', 'path/to/privateKey'),
    },
  })],
  virtualGatewayName: 'gateway',
});

// A Virtual Gateway with listener TLS from a SDS provided certificate
const gateway2 = new appmesh.VirtualGateway(this, 'gateway2', {
  mesh,
  listeners: [appmesh.VirtualGatewayListener.http2({
    port: 8080,
    tls: {
      mode: appmesh.TlsMode.STRICT,
      certificate: appmesh.TlsCertificate.sds('secrete_certificate'),
    },
  })],
  virtualGatewayName: 'gateway2',
});

Properties

NameTypeDescription
certificateTlsCertificateRepresents TLS certificate.
modeTlsModeThe TLS mode.
mutualTlsValidation?MutualTlsValidationRepresents a listener's TLS validation context.

certificate

Type: TlsCertificate

Represents TLS certificate.


mode

Type: TlsMode

The TLS mode.


mutualTlsValidation?

Type: MutualTlsValidation (optional, default: client TLS certificate is not required)

Represents a listener's TLS validation context.

The client certificate will only be validated if the client provides it, enabling mutual TLS.