aws-cdk-lib.aws_appmesh.MutualTlsValidationTrust

class MutualTlsValidationTrust

LanguageType name
.NETAmazon.CDK.AWS.AppMesh.MutualTlsValidationTrust
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsappmesh#MutualTlsValidationTrust
Javasoftware.amazon.awscdk.services.appmesh.MutualTlsValidationTrust
Pythonaws_cdk.aws_appmesh.MutualTlsValidationTrust
TypeScript (source)aws-cdk-lib » aws_appmesh » MutualTlsValidationTrust

Extends TlsValidationTrust

Obtainable from TlsValidationTrust.file(), TlsValidationTrust.sds()

Represents a TLS Validation Context Trust that is supported for mutual TLS authentication.

Example

declare const mesh: appmesh.Mesh;

const node1 = new appmesh.VirtualNode(this, 'node1', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.dns('node'),
  listeners: [appmesh.VirtualNodeListener.grpc({
    port: 80,
    tls: {
      mode: appmesh.TlsMode.STRICT,
      certificate: appmesh.TlsCertificate.file('path/to/certChain', 'path/to/privateKey'),
      // Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate.
      mutualTlsValidation: {
        trust: appmesh.TlsValidationTrust.file('path-to-certificate'),
      },
    },
  })],
});

const certificateAuthorityArn = 'arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012';
const node2 = new appmesh.VirtualNode(this, 'node2', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.dns('node2'),
  backendDefaults: {
    tlsClientPolicy: {
      ports: [8080, 8081],
      validation: {
        subjectAlternativeNames: appmesh.SubjectAlternativeNames.matchingExactly('mesh-endpoint.apps.local'),
        trust: appmesh.TlsValidationTrust.acm([
          acmpca.CertificateAuthority.fromCertificateAuthorityArn(this, 'certificate', certificateAuthorityArn)]),
      },
      // Provide a SDS client certificate when a server requests it and enable mutual TLS authentication.
      mutualTlsCertificate: appmesh.TlsCertificate.sds('secret_certificate'),
    },
  },
});

Initializer

new MutualTlsValidationTrust()

Properties

NameTypeDescription
differentiatorboolean

differentiator

Type: boolean

Methods

NameDescription
bind(scope)Returns Trust context based on trust type.

bind(scope)

public bind(scope: Construct): TlsValidationTrustConfig

Parameters

  • scope Construct

Returns

  • TlsValidationTrustConfig

Returns Trust context based on trust type.