aws-cdk-lib.aws_appmesh.TlsValidation

interface TlsValidation

LanguageType name
.NETAmazon.CDK.AWS.AppMesh.TlsValidation
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsappmesh#TlsValidation
Javasoftware.amazon.awscdk.services.appmesh.TlsValidation
Pythonaws_cdk.aws_appmesh.TlsValidation
TypeScript (source)aws-cdk-lib » aws_appmesh » TlsValidation

Represents the properties needed to define TLS Validation context.

Example

declare const mesh: appmesh.Mesh;
declare const service: cloudmap.Service;

const node = new appmesh.VirtualNode(this, 'node', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service),
  listeners: [appmesh.VirtualNodeListener.http({
    port: 8080,
    healthCheck: appmesh.HealthCheck.http({
      healthyThreshold: 3,
      interval: Duration.seconds(5),
      path: '/ping',
      timeout: Duration.seconds(2),
      unhealthyThreshold: 2,
    }),
    timeout: {
      idle: Duration.seconds(5),
    },
  })],
  backendDefaults: {
    tlsClientPolicy: {
      validation: {
        trust: appmesh.TlsValidationTrust.file('/keys/local_cert_chain.pem'),
      },
    },
  },
  accessLog: appmesh.AccessLog.fromFilePath('/dev/stdout'),
});

cdk.Tags.of(node).add('Environment', 'Dev');

Properties

NameTypeDescription
trustTlsValidationTrustReference to where to retrieve the trust chain.
subjectAlternativeNames?SubjectAlternativeNamesRepresents the subject alternative names (SANs) secured by the certificate.

trust

Type: TlsValidationTrust

Reference to where to retrieve the trust chain.


subjectAlternativeNames?

Type: SubjectAlternativeNames (optional, default: If you don't specify SANs on the terminating mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the originating mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration.)

Represents the subject alternative names (SANs) secured by the certificate.

SANs must be in the FQDN or URI format.