ListenerTlsOptions

class aws_cdk.aws_appmesh.ListenerTlsOptions(*, certificate, mode, mutual_tls_validation=None)

Bases: object

Represents TLS properties for listener.

Parameters:
  • certificate (TlsCertificate) – Represents TLS certificate.

  • mode (TlsMode) – The TLS mode.

  • mutual_tls_validation (Union[MutualTlsValidation, Dict[str, Any], None]) – Represents a listener’s TLS validation context. The client certificate will only be validated if the client provides it, enabling mutual TLS. Default: - client TLS certificate is not required

ExampleMetadata:

infused

Example:

# A Virtual Node with listener TLS from an ACM provided certificate
# cert: certificatemanager.Certificate
# mesh: appmesh.Mesh


node = appmesh.VirtualNode(self, "node",
    mesh=mesh,
    service_discovery=appmesh.ServiceDiscovery.dns("node"),
    listeners=[appmesh.VirtualNodeListener.grpc(
        port=80,
        tls=appmesh.ListenerTlsOptions(
            mode=appmesh.TlsMode.STRICT,
            certificate=appmesh.TlsCertificate.acm(cert)
        )
    )]
)

# A Virtual Gateway with listener TLS from a customer provided file certificate
gateway = appmesh.VirtualGateway(self, "gateway",
    mesh=mesh,
    listeners=[appmesh.VirtualGatewayListener.grpc(
        port=8080,
        tls=appmesh.ListenerTlsOptions(
            mode=appmesh.TlsMode.STRICT,
            certificate=appmesh.TlsCertificate.file("path/to/certChain", "path/to/privateKey")
        )
    )],
    virtual_gateway_name="gateway"
)

# A Virtual Gateway with listener TLS from a SDS provided certificate
gateway2 = appmesh.VirtualGateway(self, "gateway2",
    mesh=mesh,
    listeners=[appmesh.VirtualGatewayListener.http2(
        port=8080,
        tls=appmesh.ListenerTlsOptions(
            mode=appmesh.TlsMode.STRICT,
            certificate=appmesh.TlsCertificate.sds("secrete_certificate")
        )
    )],
    virtual_gateway_name="gateway2"
)

Attributes

certificate

Represents TLS certificate.

mode

The TLS mode.

mutual_tls_validation

Represents a listener’s TLS validation context.

The client certificate will only be validated if the client provides it, enabling mutual TLS.

Default:
  • client TLS certificate is not required