class MutualTlsCertificate
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.AppMesh.MutualTlsCertificate |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsappmesh#MutualTlsCertificate |
 Java | software.amazon.awscdk.services.appmesh.MutualTlsCertificate |
 Python | aws_cdk.aws_appmesh.MutualTlsCertificate |
 TypeScript (source) | aws-cdk-lib » aws_appmesh » MutualTlsCertificate |
Extends
Tls
Obtainable from
Tls.file(), Tls.sds()
Represents a TLS certificate that is supported for mutual TLS authentication.
Example
declare const mesh: appmesh.Mesh;
const node1 = new appmesh.VirtualNode(this, 'node1', {
mesh,
serviceDiscovery: appmesh.ServiceDiscovery.dns('node'),
listeners: [appmesh.VirtualNodeListener.grpc({
port: 80,
tls: {
mode: appmesh.TlsMode.STRICT,
certificate: appmesh.TlsCertificate.file('path/to/certChain', 'path/to/privateKey'),
// Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate.
mutualTlsValidation: {
trust: appmesh.TlsValidationTrust.file('path-to-certificate'),
},
},
})],
});
const certificateAuthorityArn = 'arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012';
const node2 = new appmesh.VirtualNode(this, 'node2', {
mesh,
serviceDiscovery: appmesh.ServiceDiscovery.dns('node2'),
backendDefaults: {
tlsClientPolicy: {
ports: [8080, 8081],
validation: {
subjectAlternativeNames: appmesh.SubjectAlternativeNames.matchingExactly('mesh-endpoint.apps.local'),
trust: appmesh.TlsValidationTrust.acm([
acmpca.CertificateAuthority.fromCertificateAuthorityArn(this, 'certificate', certificateAuthorityArn)]),
},
// Provide a SDS client certificate when a server requests it and enable mutual TLS authentication.
mutualTlsCertificate: appmesh.TlsCertificate.sds('secret_certificate'),
},
},
});
Initializer
new MutualTlsCertificate()
Properties
| Name | Type | Description |
|---|---|---|
| differentiator | boolean |
differentiator
Type:
boolean
Methods
| Name | Description |
|---|---|
| bind(_scope) | Returns TLS certificate based provider. |
bind(_scope)
public bind(_scope: Construct): TlsCertificateConfig
Parameters
- _scope
Construct
Returns
Returns TLS certificate based provider.