aws-cdk-lib.aws_appmesh.TlsClientPolicy

interface TlsClientPolicy

LanguageType name
.NETAmazon.CDK.AWS.AppMesh.TlsClientPolicy
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsappmesh#TlsClientPolicy
Javasoftware.amazon.awscdk.services.appmesh.TlsClientPolicy
Pythonaws_cdk.aws_appmesh.TlsClientPolicy
TypeScript (source)aws-cdk-lib » aws_appmesh » TlsClientPolicy

Represents the properties needed to define client policy.

Example

declare const mesh: appmesh.Mesh;
declare const service: cloudmap.Service;

const node = new appmesh.VirtualNode(this, 'node', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service),
  listeners: [appmesh.VirtualNodeListener.http({
    port: 8080,
    healthCheck: appmesh.HealthCheck.http({
      healthyThreshold: 3,
      interval: Duration.seconds(5),
      path: '/ping',
      timeout: Duration.seconds(2),
      unhealthyThreshold: 2,
    }),
    timeout: {
      idle: Duration.seconds(5),
    },
  })],
  backendDefaults: {
    tlsClientPolicy: {
      validation: {
        trust: appmesh.TlsValidationTrust.file('/keys/local_cert_chain.pem'),
      },
    },
  },
  accessLog: appmesh.AccessLog.fromFilePath('/dev/stdout'),
});

cdk.Tags.of(node).add('Environment', 'Dev');

Properties

NameTypeDescription
validationTlsValidationRepresents the object for TLS validation context.
enforce?booleanWhether the policy is enforced.
mutualTlsCertificate?MutualTlsCertificateRepresents a client TLS certificate.
ports?number[]TLS is enforced on the ports specified here.

validation

Type: TlsValidation

Represents the object for TLS validation context.


enforce?

Type: boolean (optional, default: true)

Whether the policy is enforced.


mutualTlsCertificate?

Type: MutualTlsCertificate (optional, default: client TLS certificate is not provided)

Represents a client TLS certificate.

The certificate will be sent only if the server requests it, enabling mutual TLS.


ports?

Type: number[] (optional, default: all ports)

TLS is enforced on the ports specified here.

If no ports are specified, TLS will be enforced on all the ports.