MutualAuthenticationMode

class aws_cdk.aws_elasticloadbalancingv2.MutualAuthenticationMode(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

The client certificate handling method.

ExampleMetadata:

infused

Example:

import aws_cdk.aws_certificatemanager as acm

# certificate: acm.Certificate
# lb: elbv2.ApplicationLoadBalancer
# bucket: s3.Bucket


trust_store = elbv2.TrustStore(self, "Store",
    bucket=bucket,
    key="rootCA_cert.pem"
)

lb.add_listener("Listener",
    port=443,
    protocol=elbv2.ApplicationProtocol.HTTPS,
    certificates=[certificate],
    # mTLS settings
    mutual_authentication=elbv2.MutualAuthentication(
        ignore_client_certificate_expiry=False,
        mutual_authentication_mode=elbv2.MutualAuthenticationMode.VERIFY,
        trust_store=trust_store
    ),
    default_action=elbv2.ListenerAction.fixed_response(200, content_type="text/plain", message_body="Success mTLS")
)

Attributes

OFF

Off.

PASS_THROUGH

Application Load Balancer sends the whole client certificate chain to the target using HTTP headers.

VERIFY

Application Load Balancer performs X.509 client certificate authentication for clients when a load balancer negotiates TLS connections.