interface TlsClientPolicy
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.AppMesh.TlsClientPolicy |
 Java | software.amazon.awscdk.services.appmesh.TlsClientPolicy |
 Python | aws_cdk.aws_appmesh.TlsClientPolicy |
 TypeScript (source) | @aws-cdk/aws-appmesh » TlsClientPolicy |
Represents the properties needed to define client policy.
Example
declare const mesh: appmesh.Mesh;
declare const service: cloudmap.Service;
const node = new appmesh.VirtualNode(this, 'node', {
mesh,
serviceDiscovery: appmesh.ServiceDiscovery.cloudMap(service),
listeners: [appmesh.VirtualNodeListener.http({
port: 8080,
healthCheck: appmesh.HealthCheck.http({
healthyThreshold: 3,
interval: cdk.Duration.seconds(5),
path: '/ping',
timeout: cdk.Duration.seconds(2),
unhealthyThreshold: 2,
}),
timeout: {
idle: cdk.Duration.seconds(5),
},
})],
backendDefaults: {
tlsClientPolicy: {
validation: {
trust: appmesh.TlsValidationTrust.file('/keys/local_cert_chain.pem'),
},
},
},
accessLog: appmesh.AccessLog.fromFilePath('/dev/stdout'),
});
cdk.Tags.of(node).add('Environment', 'Dev');
Properties
| Name | Type | Description |
|---|---|---|
| validation | Tls | Represents the object for TLS validation context. |
| enforce? | boolean | Whether the policy is enforced. |
| mutual | Mutual | Represents a client TLS certificate. |
| ports? | number[] | TLS is enforced on the ports specified here. |
validation
Type:
Tls
Represents the object for TLS validation context.
enforce?
Type:
boolean
(optional, default: true)
Whether the policy is enforced.
mutualTlsCertificate?
Type:
Mutual
(optional, default: client TLS certificate is not provided)
Represents a client TLS certificate.
The certificate will be sent only if the server requests it, enabling mutual TLS.
ports?
Type:
number[]
(optional, default: all ports)
TLS is enforced on the ports specified here.
If no ports are specified, TLS will be enforced on all the ports.