interface ListenerTlsOptions
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.AppMesh.ListenerTlsOptions |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsappmesh#ListenerTlsOptions |
 Java | software.amazon.awscdk.services.appmesh.ListenerTlsOptions |
 Python | aws_cdk.aws_appmesh.ListenerTlsOptions |
 TypeScript (source) | aws-cdk-lib » aws_appmesh » ListenerTlsOptions |
Represents TLS properties for listener.
Example
// A Virtual Node with listener TLS from an ACM provided certificate
declare const cert: certificatemanager.Certificate;
declare const mesh: appmesh.Mesh;
const node = new appmesh.VirtualNode(this, 'node', {
mesh,
serviceDiscovery: appmesh.ServiceDiscovery.dns('node'),
listeners: [appmesh.VirtualNodeListener.grpc({
port: 80,
tls: {
mode: appmesh.TlsMode.STRICT,
certificate: appmesh.TlsCertificate.acm(cert),
},
})],
});
// A Virtual Gateway with listener TLS from a customer provided file certificate
const gateway = new appmesh.VirtualGateway(this, 'gateway', {
mesh,
listeners: [appmesh.VirtualGatewayListener.grpc({
port: 8080,
tls: {
mode: appmesh.TlsMode.STRICT,
certificate: appmesh.TlsCertificate.file('path/to/certChain', 'path/to/privateKey'),
},
})],
virtualGatewayName: 'gateway',
});
// A Virtual Gateway with listener TLS from a SDS provided certificate
const gateway2 = new appmesh.VirtualGateway(this, 'gateway2', {
mesh,
listeners: [appmesh.VirtualGatewayListener.http2({
port: 8080,
tls: {
mode: appmesh.TlsMode.STRICT,
certificate: appmesh.TlsCertificate.sds('secrete_certificate'),
},
})],
virtualGatewayName: 'gateway2',
});
Properties
| Name | Type | Description |
|---|---|---|
| certificate | Tls | Represents TLS certificate. |
| mode | Tls | The TLS mode. |
| mutual | Mutual | Represents a listener's TLS validation context. |
certificate
Type:
Tls
Represents TLS certificate.
mode
Type:
Tls
The TLS mode.
mutualTlsValidation?
Type:
Mutual
(optional, default: client TLS certificate is not required)
Represents a listener's TLS validation context.
The client certificate will only be validated if the client provides it, enabling mutual TLS.