aws-cdk-lib.aws_appmesh.MutualTlsCertificate

class MutualTlsCertificate

LanguageType name
.NETAmazon.CDK.AWS.AppMesh.MutualTlsCertificate
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsappmesh#MutualTlsCertificate
Javasoftware.amazon.awscdk.services.appmesh.MutualTlsCertificate
Pythonaws_cdk.aws_appmesh.MutualTlsCertificate
TypeScript (source)aws-cdk-lib » aws_appmesh » MutualTlsCertificate

Extends TlsCertificate

Obtainable from TlsCertificate.file(), TlsCertificate.sds()

Represents a TLS certificate that is supported for mutual TLS authentication.

Example

declare const mesh: appmesh.Mesh;

const node1 = new appmesh.VirtualNode(this, 'node1', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.dns('node'),
  listeners: [appmesh.VirtualNodeListener.grpc({
    port: 80,
    tls: {
      mode: appmesh.TlsMode.STRICT,
      certificate: appmesh.TlsCertificate.file('path/to/certChain', 'path/to/privateKey'),
      // Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate.
      mutualTlsValidation: {
        trust: appmesh.TlsValidationTrust.file('path-to-certificate'),
      },
    },
  })],
});

const certificateAuthorityArn = 'arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012';
const node2 = new appmesh.VirtualNode(this, 'node2', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.dns('node2'),
  backendDefaults: {
    tlsClientPolicy: {
      ports: [8080, 8081],
      validation: {
        subjectAlternativeNames: appmesh.SubjectAlternativeNames.matchingExactly('mesh-endpoint.apps.local'),
        trust: appmesh.TlsValidationTrust.acm([
          acmpca.CertificateAuthority.fromCertificateAuthorityArn(this, 'certificate', certificateAuthorityArn)]),
      },
      // Provide a SDS client certificate when a server requests it and enable mutual TLS authentication.
      mutualTlsCertificate: appmesh.TlsCertificate.sds('secret_certificate'),
    },
  },
});

Initializer

new MutualTlsCertificate()

Properties

NameTypeDescription
differentiatorboolean

differentiator

Type: boolean

Methods

NameDescription
bind(_scope)Returns TLS certificate based provider.

bind(_scope)

public bind(_scope: Construct): TlsCertificateConfig

Parameters

  • _scope Construct

Returns

  • TlsCertificateConfig

Returns TLS certificate based provider.