TlsClientPolicy

class aws_cdk.aws_appmesh.TlsClientPolicy(*, validation, enforce=None, mutual_tls_certificate=None, ports=None)

Bases: object

Represents the properties needed to define client policy.

Parameters:
  • validation (Union[TlsValidation, Dict[str, Any]]) – Represents the object for TLS validation context.

  • enforce (Optional[bool]) – Whether the policy is enforced. Default: true

  • mutual_tls_certificate (Optional[MutualTlsCertificate]) – Represents a client TLS certificate. The certificate will be sent only if the server requests it, enabling mutual TLS. Default: - client TLS certificate is not provided

  • ports (Optional[Sequence[Union[int, float]]]) – TLS is enforced on the ports specified here. If no ports are specified, TLS will be enforced on all the ports. Default: - all ports

ExampleMetadata:

infused

Example:

# mesh: appmesh.Mesh
# service: cloudmap.Service


node = appmesh.VirtualNode(self, "node",
    mesh=mesh,
    service_discovery=appmesh.ServiceDiscovery.cloud_map(service),
    listeners=[appmesh.VirtualNodeListener.http(
        port=8080,
        health_check=appmesh.HealthCheck.http(
            healthy_threshold=3,
            interval=cdk.Duration.seconds(5),
            path="/ping",
            timeout=cdk.Duration.seconds(2),
            unhealthy_threshold=2
        ),
        timeout=appmesh.HttpTimeout(
            idle=cdk.Duration.seconds(5)
        )
    )],
    backend_defaults=appmesh.BackendDefaults(
        tls_client_policy=appmesh.TlsClientPolicy(
            validation=appmesh.TlsValidation(
                trust=appmesh.TlsValidationTrust.file("/keys/local_cert_chain.pem")
            )
        )
    ),
    access_log=appmesh.AccessLog.from_file_path("/dev/stdout")
)

cdk.Tags.of(node).add("Environment", "Dev")

Attributes

enforce

Whether the policy is enforced.

Default:

true

mutual_tls_certificate

Represents a client TLS certificate.

The certificate will be sent only if the server requests it, enabling mutual TLS.

Default:
  • client TLS certificate is not provided

ports

TLS is enforced on the ports specified here.

If no ports are specified, TLS will be enforced on all the ports.

Default:
  • all ports

validation

Represents the object for TLS validation context.