Interface ITlsValidation
Represents the properties needed to define TLS Validation context.
Namespace: Amazon.CDK.AWS.AppMesh
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface ITlsValidation
Syntax (vb)
Public Interface ITlsValidation
Remarks
ExampleMetadata: infused
Examples
Mesh mesh;
Service service;
var node = new VirtualNode(this, "node", new VirtualNodeProps {
Mesh = mesh,
ServiceDiscovery = ServiceDiscovery.CloudMap(service),
Listeners = new [] { VirtualNodeListener.Http(new HttpVirtualNodeListenerOptions {
Port = 8080,
HealthCheck = HealthCheck.Http(new HttpHealthCheckOptions {
HealthyThreshold = 3,
Interval = Duration.Seconds(5),
Path = "/ping",
Timeout = Duration.Seconds(2),
UnhealthyThreshold = 2
}),
Timeout = new HttpTimeout {
Idle = Duration.Seconds(5)
}
}) },
BackendDefaults = new BackendDefaults {
TlsClientPolicy = new TlsClientPolicy {
Validation = new TlsValidation {
Trust = TlsValidationTrust.File("/keys/local_cert_chain.pem")
}
}
},
AccessLog = AccessLog.FromFilePath("/dev/stdout")
});
Tags.Of(node).Add("Environment", "Dev");
Synopsis
Properties
SubjectAlternativeNames | Represents the subject alternative names (SANs) secured by the certificate. |
Trust | Reference to where to retrieve the trust chain. |
Properties
SubjectAlternativeNames
Represents the subject alternative names (SANs) secured by the certificate.
virtual SubjectAlternativeNames SubjectAlternativeNames { get; }
Property Value
Remarks
SANs must be in the FQDN or URI format.
Default: - If you don't specify SANs on the terminating mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the originating mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration.
Trust
Reference to where to retrieve the trust chain.
TlsValidationTrust Trust { get; }
Property Value