MutualTlsValidationTrust

class aws_cdk.aws_appmesh.MutualTlsValidationTrust

Bases: TlsValidationTrust

Represents a TLS Validation Context Trust that is supported for mutual TLS authentication.

ExampleMetadata:

infused

Example:

# mesh: appmesh.Mesh


node1 = appmesh.VirtualNode(self, "node1",
    mesh=mesh,
    service_discovery=appmesh.ServiceDiscovery.dns("node"),
    listeners=[appmesh.VirtualNodeListener.grpc(
        port=80,
        tls=appmesh.ListenerTlsOptions(
            mode=appmesh.TlsMode.STRICT,
            certificate=appmesh.TlsCertificate.file("path/to/certChain", "path/to/privateKey"),
            # Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate.
            mutual_tls_validation=appmesh.MutualTlsValidation(
                trust=appmesh.TlsValidationTrust.file("path-to-certificate")
            )
        )
    )]
)

certificate_authority_arn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012"
node2 = appmesh.VirtualNode(self, "node2",
    mesh=mesh,
    service_discovery=appmesh.ServiceDiscovery.dns("node2"),
    backend_defaults=appmesh.BackendDefaults(
        tls_client_policy=appmesh.TlsClientPolicy(
            ports=[8080, 8081],
            validation=appmesh.TlsValidation(
                subject_alternative_names=appmesh.SubjectAlternativeNames.matching_exactly("mesh-endpoint.apps.local"),
                trust=appmesh.TlsValidationTrust.acm([
                    acmpca.CertificateAuthority.from_certificate_authority_arn(self, "certificate", certificate_authority_arn)
                ])
            ),
            # Provide a SDS client certificate when a server requests it and enable mutual TLS authentication.
            mutual_tls_certificate=appmesh.TlsCertificate.sds("secret_certificate")
        )
    )
)

Methods

abstract bind(scope)

Returns Trust context based on trust type.

Parameters:

scope (Construct) –

Return type:

TlsValidationTrustConfig

Static Methods

classmethod acm(certificate_authorities)

TLS Validation Context Trust for ACM Private Certificate Authority (CA).

Parameters:

certificate_authorities (Sequence[ICertificateAuthority]) –

Return type:

TlsValidationTrust

classmethod file(certificate_chain)

Tells envoy where to fetch the validation context from.

Parameters:

certificate_chain (str) –

Return type:

MutualTlsValidationTrust

classmethod sds(secret_name)

TLS Validation Context Trust for Envoy’ service discovery service.

Parameters:

secret_name (str) –

Return type:

MutualTlsValidationTrust