Interface CfnVirtualNodePropsMixin.ITlsValidationContextProperty

An object that represents how the proxy will validate its peer during Transport Layer Security (TLS) negotiation.

Namespace: Amazon.CDK.Mixins.Preview.AWS.AppMesh.Mixins

Assembly: Amazon.CDK.Mixins.Preview.dll

Syntax (csharp)

public interface CfnVirtualNodePropsMixin.ITlsValidationContextProperty

Syntax (vb)

Public Interface CfnVirtualNodePropsMixin.ITlsValidationContextProperty

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontext.html

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
             // The values are placeholders you should change.
             using Amazon.CDK.Mixins.Preview.AWS.AppMesh.Mixins;

             var tlsValidationContextProperty = new TlsValidationContextProperty {
                 SubjectAlternativeNames = new SubjectAlternativeNamesProperty {
                     Match = new SubjectAlternativeNameMatchersProperty {
                         Exact = new [] { "exact" }
                     }
                 },
                 Trust = new TlsValidationContextTrustProperty {
                     Acm = new TlsValidationContextAcmTrustProperty {
                         CertificateAuthorityArns = new [] { "certificateAuthorityArns" }
                     },
                     File = new TlsValidationContextFileTrustProperty {
                         CertificateChain = "certificateChain"
                     },
                     Sds = new TlsValidationContextSdsTrustProperty {
                         SecretName = "secretName"
                     }
                 }
             };

Synopsis

Properties

SubjectAlternativeNames	A reference to an object that represents the SANs for a Transport Layer Security (TLS) validation context.
Trust	A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.

Properties

SubjectAlternativeNames

A reference to an object that represents the SANs for a Transport Layer Security (TLS) validation context.

object? SubjectAlternativeNames { get; }

Property Value

object

Remarks

If you don't specify SANs on the terminating mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the originating mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration. Since SPIRE vended certificates have a SPIFFE ID as a name, you must set the SAN since the name doesn't match the service discovery name.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontext.html#cfn-appmesh-virtualnode-tlsvalidationcontext-subjectalternativenames

Type union: either IResolvable or CfnVirtualNodePropsMixin.ISubjectAlternativeNamesProperty

Trust

A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.

object? Trust { get; }

Property Value

object

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-appmesh-virtualnode-tlsvalidationcontext.html#cfn-appmesh-virtualnode-tlsvalidationcontext-trust

Type union: either IResolvable or CfnVirtualNodePropsMixin.ITlsValidationContextTrustProperty