aws-cdk-lib.aws_appmesh.TlsMode

enum TlsMode

LanguageType name
.NETAmazon.CDK.AWS.AppMesh.TlsMode
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsappmesh#TlsMode
Javasoftware.amazon.awscdk.services.appmesh.TlsMode
Pythonaws_cdk.aws_appmesh.TlsMode
TypeScript (source)aws-cdk-lib » aws_appmesh » TlsMode

Enum of supported TLS modes.

Example

// A Virtual Node with listener TLS from an ACM provided certificate
declare const cert: certificatemanager.Certificate;
declare const mesh: appmesh.Mesh;

const node = new appmesh.VirtualNode(this, 'node', {
  mesh,
  serviceDiscovery: appmesh.ServiceDiscovery.dns('node'),
  listeners: [appmesh.VirtualNodeListener.grpc({
    port: 80,
    tls: {
      mode: appmesh.TlsMode.STRICT,
      certificate: appmesh.TlsCertificate.acm(cert),
    },
  })],
});

// A Virtual Gateway with listener TLS from a customer provided file certificate
const gateway = new appmesh.VirtualGateway(this, 'gateway', {
  mesh,
  listeners: [appmesh.VirtualGatewayListener.grpc({
    port: 8080,
    tls: {
      mode: appmesh.TlsMode.STRICT,
      certificate: appmesh.TlsCertificate.file('path/to/certChain', 'path/to/privateKey'),
    },
  })],
  virtualGatewayName: 'gateway',
});

// A Virtual Gateway with listener TLS from a SDS provided certificate
const gateway2 = new appmesh.VirtualGateway(this, 'gateway2', {
  mesh,
  listeners: [appmesh.VirtualGatewayListener.http2({
    port: 8080,
    tls: {
      mode: appmesh.TlsMode.STRICT,
      certificate: appmesh.TlsCertificate.sds('secrete_certificate'),
    },
  })],
  virtualGatewayName: 'gateway2',
});

Members

NameDescription
STRICTOnly accept encrypted traffic.
PERMISSIVEAccept encrypted and plaintext traffic.
DISABLEDTLS is disabled, only accept plaintext traffic.

STRICT

Only accept encrypted traffic.


PERMISSIVE

Accept encrypted and plaintext traffic.


DISABLED

TLS is disabled, only accept plaintext traffic.