Class SubjectAlternativeNames

Used to generate Subject Alternative Names Matchers.

Inheritance

object

SubjectAlternativeNames

Namespace: Amazon.CDK.AWS.AppMesh

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public abstract class SubjectAlternativeNames : DeputyBase

Syntax (vb)

Public MustInherit Class SubjectAlternativeNames Inherits DeputyBase

Remarks

ExampleMetadata: infused

Examples

Mesh mesh;


            var node1 = new VirtualNode(this, "node1", new VirtualNodeProps {
                Mesh = mesh,
                ServiceDiscovery = ServiceDiscovery.Dns("node"),
                Listeners = new [] { VirtualNodeListener.Grpc(new GrpcVirtualNodeListenerOptions {
                    Port = 80,
                    Tls = new ListenerTlsOptions {
                        Mode = TlsMode.STRICT,
                        Certificate = TlsCertificate.File("path/to/certChain", "path/to/privateKey"),
                        // Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate.
                        MutualTlsValidation = new MutualTlsValidation {
                            Trust = TlsValidationTrust.File("path-to-certificate")
                        }
                    }
                }) }
            });

            var certificateAuthorityArn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012";
            var node2 = new VirtualNode(this, "node2", new VirtualNodeProps {
                Mesh = mesh,
                ServiceDiscovery = ServiceDiscovery.Dns("node2"),
                BackendDefaults = new BackendDefaults {
                    TlsClientPolicy = new TlsClientPolicy {
                        Ports = new [] { 8080, 8081 },
                        Validation = new TlsValidation {
                            SubjectAlternativeNames = SubjectAlternativeNames.MatchingExactly("mesh-endpoint.apps.local"),
                            Trust = TlsValidationTrust.Acm(new [] { CertificateAuthority.FromCertificateAuthorityArn(this, "certificate", certificateAuthorityArn) })
                        },
                        // Provide a SDS client certificate when a server requests it and enable mutual TLS authentication.
                        MutualTlsCertificate = TlsCertificate.Sds("secret_certificate")
                    }
                }
            });

Synopsis

Constructors

SubjectAlternativeNames()

Used to generate Subject Alternative Names Matchers.

Methods

Bind(Construct)	Returns Subject Alternative Names Matcher based on method type.
MatchingExactly(params string[])	The values of the SAN must match the specified values exactly.

Constructors

SubjectAlternativeNames()

Used to generate Subject Alternative Names Matchers.

protected SubjectAlternativeNames()

Remarks

ExampleMetadata: infused

Examples

Mesh mesh;


            var node1 = new VirtualNode(this, "node1", new VirtualNodeProps {
                Mesh = mesh,
                ServiceDiscovery = ServiceDiscovery.Dns("node"),
                Listeners = new [] { VirtualNodeListener.Grpc(new GrpcVirtualNodeListenerOptions {
                    Port = 80,
                    Tls = new ListenerTlsOptions {
                        Mode = TlsMode.STRICT,
                        Certificate = TlsCertificate.File("path/to/certChain", "path/to/privateKey"),
                        // Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate.
                        MutualTlsValidation = new MutualTlsValidation {
                            Trust = TlsValidationTrust.File("path-to-certificate")
                        }
                    }
                }) }
            });

            var certificateAuthorityArn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012";
            var node2 = new VirtualNode(this, "node2", new VirtualNodeProps {
                Mesh = mesh,
                ServiceDiscovery = ServiceDiscovery.Dns("node2"),
                BackendDefaults = new BackendDefaults {
                    TlsClientPolicy = new TlsClientPolicy {
                        Ports = new [] { 8080, 8081 },
                        Validation = new TlsValidation {
                            SubjectAlternativeNames = SubjectAlternativeNames.MatchingExactly("mesh-endpoint.apps.local"),
                            Trust = TlsValidationTrust.Acm(new [] { CertificateAuthority.FromCertificateAuthorityArn(this, "certificate", certificateAuthorityArn) })
                        },
                        // Provide a SDS client certificate when a server requests it and enable mutual TLS authentication.
                        MutualTlsCertificate = TlsCertificate.Sds("secret_certificate")
                    }
                }
            });

Methods

Bind(Construct)

Returns Subject Alternative Names Matcher based on method type.

public abstract ISubjectAlternativeNamesMatcherConfig Bind(Construct scope)

Parameters

scope Construct

Returns

ISubjectAlternativeNamesMatcherConfig

Remarks

ExampleMetadata: infused

MatchingExactly(params string[])

The values of the SAN must match the specified values exactly.

public static SubjectAlternativeNames MatchingExactly(params string[] names)

Parameters

names string[]

The exact values to test against.

Returns

SubjectAlternativeNames

Remarks

ExampleMetadata: infused