MutualTlsValidationTrust
- class aws_cdk.aws_appmesh.MutualTlsValidationTrust
Bases:
TlsValidationTrust
Represents a TLS Validation Context Trust that is supported for mutual TLS authentication.
- ExampleMetadata:
infused
Example:
# mesh: appmesh.Mesh node1 = appmesh.VirtualNode(self, "node1", mesh=mesh, service_discovery=appmesh.ServiceDiscovery.dns("node"), listeners=[appmesh.VirtualNodeListener.grpc( port=80, tls=appmesh.ListenerTlsOptions( mode=appmesh.TlsMode.STRICT, certificate=appmesh.TlsCertificate.file("path/to/certChain", "path/to/privateKey"), # Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate. mutual_tls_validation=appmesh.MutualTlsValidation( trust=appmesh.TlsValidationTrust.file("path-to-certificate") ) ) )] ) certificate_authority_arn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012" node2 = appmesh.VirtualNode(self, "node2", mesh=mesh, service_discovery=appmesh.ServiceDiscovery.dns("node2"), backend_defaults=appmesh.BackendDefaults( tls_client_policy=appmesh.TlsClientPolicy( ports=[8080, 8081], validation=appmesh.TlsValidation( subject_alternative_names=appmesh.SubjectAlternativeNames.matching_exactly("mesh-endpoint.apps.local"), trust=appmesh.TlsValidationTrust.acm([ acmpca.CertificateAuthority.from_certificate_authority_arn(self, "certificate", certificate_authority_arn) ]) ), # Provide a SDS client certificate when a server requests it and enable mutual TLS authentication. mutual_tls_certificate=appmesh.TlsCertificate.sds("secret_certificate") ) ) )
Methods
- abstract bind(scope)
Returns Trust context based on trust type.
- Parameters:
scope (
Construct
) –- Return type:
Static Methods
- classmethod acm(certificate_authorities)
TLS Validation Context Trust for ACM Private Certificate Authority (CA).
- Parameters:
certificate_authorities (
Sequence
[ICertificateAuthority
]) –- Return type:
- classmethod file(certificate_chain)
Tells envoy where to fetch the validation context from.
- Parameters:
certificate_chain (
str
) –- Return type:
- classmethod sds(secret_name)
TLS Validation Context Trust for Envoy’ service discovery service.
- Parameters:
secret_name (
str
) –- Return type: