TlsClientPolicy
- class aws_cdk.aws_appmesh.TlsClientPolicy(*, validation, enforce=None, mutual_tls_certificate=None, ports=None)
Bases:
objectRepresents the properties needed to define client policy.
- Parameters:
validation (
Union[TlsValidation,Dict[str,Any]]) – Represents the object for TLS validation context.enforce (
Optional[bool]) – Whether the policy is enforced. Default: truemutual_tls_certificate (
Optional[MutualTlsCertificate]) – Represents a client TLS certificate. The certificate will be sent only if the server requests it, enabling mutual TLS. Default: - client TLS certificate is not providedports (
Optional[Sequence[Union[int,float]]]) – TLS is enforced on the ports specified here. If no ports are specified, TLS will be enforced on all the ports. Default: - all ports
- ExampleMetadata:
infused
Example:
# mesh: appmesh.Mesh # service: cloudmap.Service node = appmesh.VirtualNode(self, "node", mesh=mesh, service_discovery=appmesh.ServiceDiscovery.cloud_map(service), listeners=[appmesh.VirtualNodeListener.http( port=8080, health_check=appmesh.HealthCheck.http( healthy_threshold=3, interval=cdk.Duration.seconds(5), path="/ping", timeout=cdk.Duration.seconds(2), unhealthy_threshold=2 ), timeout=appmesh.HttpTimeout( idle=cdk.Duration.seconds(5) ) )], backend_defaults=appmesh.BackendDefaults( tls_client_policy=appmesh.TlsClientPolicy( validation=appmesh.TlsValidation( trust=appmesh.TlsValidationTrust.file("/keys/local_cert_chain.pem") ) ) ), access_log=appmesh.AccessLog.from_file_path("/dev/stdout") ) cdk.Tags.of(node).add("Environment", "Dev")
Attributes
- enforce
Whether the policy is enforced.
- Default:
true
- mutual_tls_certificate
Represents a client TLS certificate.
The certificate will be sent only if the server requests it, enabling mutual TLS.
- Default:
client TLS certificate is not provided
- ports
TLS is enforced on the ports specified here.
If no ports are specified, TLS will be enforced on all the ports.
- Default:
all ports
- validation
Represents the object for TLS validation context.