Package software.amazon.awscdk.services.appmesh
AWS App Mesh Construct Library
AWS App Mesh is a service mesh based on the Envoy proxy that makes it easy to monitor and control microservices. App Mesh standardizes how your microservices communicate, giving you end-to-end visibility and helping to ensure high-availability for your applications.
App Mesh gives you consistent visibility and network traffic controls for every microservice in an application.
App Mesh supports microservice applications that use service discovery naming for their components. To use App Mesh, you must have an existing application running on AWS Fargate, Amazon ECS, Amazon EKS, Kubernetes on AWS, or Amazon EC2.
For further information on AWS App Mesh, visit the AWS App Mesh Documentation.
Create the App and Stack
App app = new App(); Stack stack = new Stack(app, "stack");
Creating the Mesh
A service mesh is a logical boundary for network traffic between the services that reside within it.
After you create your service mesh, you can create virtual services, virtual nodes, virtual routers, and routes to distribute traffic between the applications in your mesh.
The following example creates the AppMesh
service mesh with the default egress filter of DROP_ALL
. See the AWS CloudFormation EgressFilter
resource for more info on egress filters.
Mesh mesh = Mesh.Builder.create(this, "AppMesh") .meshName("myAwsMesh") .build();
The mesh can instead be created with the ALLOW_ALL
egress filter by providing the egressFilter
property.
Mesh mesh = Mesh.Builder.create(this, "AppMesh") .meshName("myAwsMesh") .egressFilter(MeshFilterType.ALLOW_ALL) .build();
A mesh with an IP preference can be created by providing the property serviceDiscovery
that specifes an ipPreference
.
Mesh mesh = Mesh.Builder.create(this, "AppMesh") .meshName("myAwsMesh") .serviceDiscovery(MeshServiceDiscovery.builder() .ipPreference(IpPreference.IPV4_ONLY) .build()) .build();
Adding VirtualRouters
A mesh uses virtual routers as logical units to route requests to virtual nodes.
Virtual routers handle traffic for one or more virtual services within your mesh. After you create a virtual router, you can create and associate routes to your virtual router that direct incoming requests to different virtual nodes.
Mesh mesh; VirtualRouter router = mesh.addVirtualRouter("router", VirtualRouterBaseProps.builder() .listeners(List.of(VirtualRouterListener.http(8080))) .build());
Note that creating the router using the addVirtualRouter()
method places it in the same stack as the mesh
(which might be different from the current stack).
The router can also be created using the VirtualRouter
constructor (passing in the mesh) instead of calling the addVirtualRouter()
method.
This is particularly useful when splitting your resources between many stacks: for example, defining the mesh itself as part of an infrastructure stack, but defining the other resources, such as routers, in the application stack:
Stack infraStack; Stack appStack; Mesh mesh = Mesh.Builder.create(infraStack, "AppMesh") .meshName("myAwsMesh") .egressFilter(MeshFilterType.ALLOW_ALL) .build(); // the VirtualRouter will belong to 'appStack', // even though the Mesh belongs to 'infraStack' VirtualRouter router = VirtualRouter.Builder.create(appStack, "router") .mesh(mesh) // notice that mesh is a required property when creating a router with the 'new' statement .listeners(List.of(VirtualRouterListener.http(8081))) .build();
The same is true for other add*()
methods in the App Mesh construct library.
The VirtualRouterListener
class lets you define protocol-specific listeners.
The http()
, http2()
, grpc()
and tcp()
methods create listeners for the named protocols.
They accept a single parameter that defines the port to on which requests will be matched.
The port parameter defaults to 8080 if omitted.
Adding a VirtualService
A virtual service is an abstraction of a real service that is provided by a virtual node directly, or indirectly by means of a virtual router. Dependent services call your virtual service by its virtualServiceName
, and those requests are routed to the virtual node or virtual router specified as the provider for the virtual service.
We recommend that you use the service discovery name of the real service that you're targeting (such as my-service.default.svc.cluster.local
).
When creating a virtual service:
- If you want the virtual service to spread traffic across multiple virtual nodes, specify a virtual router.
- If you want the virtual service to reach a virtual node directly, without a virtual router, specify a virtual node.
Adding a virtual router as the provider:
VirtualRouter router; VirtualService.Builder.create(this, "virtual-service") .virtualServiceName("my-service.default.svc.cluster.local") // optional .virtualServiceProvider(VirtualServiceProvider.virtualRouter(router)) .build();
Adding a virtual node as the provider:
VirtualNode node; VirtualService.Builder.create(this, "virtual-service") .virtualServiceName("my-service.default.svc.cluster.local") // optional .virtualServiceProvider(VirtualServiceProvider.virtualNode(node)) .build();
Adding a VirtualNode
A virtual node acts as a logical pointer to a particular task group, such as an Amazon ECS service or a Kubernetes deployment.
When you create a virtual node, accept inbound traffic by specifying a listener. Outbound traffic that your virtual node expects to send should be specified as a back end.
The response metadata for your new virtual node contains the Amazon Resource Name (ARN) that is associated with the virtual node. Set this value (either the full ARN or the truncated resource name) as the APPMESH_VIRTUAL_NODE_NAME
environment variable for your task group's Envoy proxy container in your task definition or pod spec. For example, the value could be mesh/default/virtualNode/simpleapp
. This is then mapped to the node.id
and node.cluster
Envoy parameters.
Note If you require your Envoy stats or tracing to use a different name, you can override the
node.cluster
value that is set byAPPMESH_VIRTUAL_NODE_NAME
with theAPPMESH_VIRTUAL_NODE_CLUSTER
environment variable.
Mesh mesh; Vpc vpc = new Vpc(this, "vpc"); PrivateDnsNamespace namespace = PrivateDnsNamespace.Builder.create(this, "test-namespace") .vpc(vpc) .name("domain.local") .build(); Service service = namespace.createService("Svc"); VirtualNode node = mesh.addVirtualNode("virtual-node", VirtualNodeBaseProps.builder() .serviceDiscovery(ServiceDiscovery.cloudMap(service)) .listeners(List.of(VirtualNodeListener.http(HttpVirtualNodeListenerOptions.builder() .port(8081) .healthCheck(HealthCheck.http(HttpHealthCheckOptions.builder() .healthyThreshold(3) .interval(Duration.seconds(5)) // minimum .path("/health-check-path") .timeout(Duration.seconds(2)) // minimum .unhealthyThreshold(2) .build())) .build()))) .accessLog(AccessLog.fromFilePath("/dev/stdout")) .build());
Create a VirtualNode
with the constructor and add tags.
Mesh mesh; Service service; VirtualNode node = VirtualNode.Builder.create(this, "node") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.cloudMap(service)) .listeners(List.of(VirtualNodeListener.http(HttpVirtualNodeListenerOptions.builder() .port(8080) .healthCheck(HealthCheck.http(HttpHealthCheckOptions.builder() .healthyThreshold(3) .interval(Duration.seconds(5)) .path("/ping") .timeout(Duration.seconds(2)) .unhealthyThreshold(2) .build())) .timeout(HttpTimeout.builder() .idle(Duration.seconds(5)) .build()) .build()))) .backendDefaults(BackendDefaults.builder() .tlsClientPolicy(TlsClientPolicy.builder() .validation(TlsValidation.builder() .trust(TlsValidationTrust.file("/keys/local_cert_chain.pem")) .build()) .build()) .build()) .accessLog(AccessLog.fromFilePath("/dev/stdout")) .build(); Tags.of(node).add("Environment", "Dev");
Create a VirtualNode
with the customized access logging format.
Mesh mesh; Service service; VirtualNode node = VirtualNode.Builder.create(this, "node") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.cloudMap(service)) .listeners(List.of(VirtualNodeListener.http(HttpVirtualNodeListenerOptions.builder() .port(8080) .healthCheck(HealthCheck.http(HttpHealthCheckOptions.builder() .healthyThreshold(3) .interval(Duration.seconds(5)) .path("/ping") .timeout(Duration.seconds(2)) .unhealthyThreshold(2) .build())) .timeout(HttpTimeout.builder() .idle(Duration.seconds(5)) .build()) .build()))) .backendDefaults(BackendDefaults.builder() .tlsClientPolicy(TlsClientPolicy.builder() .validation(TlsValidation.builder() .trust(TlsValidationTrust.file("/keys/local_cert_chain.pem")) .build()) .build()) .build()) .accessLog(AccessLog.fromFilePath("/dev/stdout", LoggingFormat.fromJson(Map.of("testKey1", "testValue1", "testKey2", "testValue2")))) .build();
By using a key-value pair indexed signature, you can specify json key pairs to customize the log entry pattern. You can also use text format as below. You can only specify one of these 2 formats.
accessLog: appmesh.AccessLog.fromFilePath('/dev/stdout', appmesh.LoggingFormat.fromText('test_pattern')),
For what values and operators you can use for these two formats, please visit the latest envoy documentation. (https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage)
Create a VirtualNode
with the constructor and add backend virtual service.
Mesh mesh; VirtualRouter router; Service service; VirtualNode node = VirtualNode.Builder.create(this, "node") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.cloudMap(service)) .listeners(List.of(VirtualNodeListener.http(HttpVirtualNodeListenerOptions.builder() .port(8080) .healthCheck(HealthCheck.http(HttpHealthCheckOptions.builder() .healthyThreshold(3) .interval(Duration.seconds(5)) .path("/ping") .timeout(Duration.seconds(2)) .unhealthyThreshold(2) .build())) .timeout(HttpTimeout.builder() .idle(Duration.seconds(5)) .build()) .build()))) .accessLog(AccessLog.fromFilePath("/dev/stdout")) .build(); VirtualService virtualService = VirtualService.Builder.create(this, "service-1") .virtualServiceProvider(VirtualServiceProvider.virtualRouter(router)) .virtualServiceName("service1.domain.local") .build(); node.addBackend(Backend.virtualService(virtualService));
The listeners
property can be left blank and added later with the node.addListener()
method. The serviceDiscovery
property must be specified when specifying a listener.
The backends
property can be added with node.addBackend()
. In the example, we define a virtual service and add it to the virtual node to allow egress traffic to other nodes.
The backendDefaults
property is added to the node while creating the virtual node. These are the virtual node's default settings for all backends.
The VirtualNode.addBackend()
method is especially useful if you want to create a circular traffic flow by having a Virtual Service as a backend whose provider is that same Virtual Node:
Mesh mesh; VirtualNode node = VirtualNode.Builder.create(this, "node") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.dns("node")) .build(); VirtualService virtualService = VirtualService.Builder.create(this, "service-1") .virtualServiceProvider(VirtualServiceProvider.virtualNode(node)) .virtualServiceName("service1.domain.local") .build(); node.addBackend(Backend.virtualService(virtualService));
Adding TLS to a listener
The tls
property specifies TLS configuration when creating a listener for a virtual node or a virtual gateway.
Provide the TLS certificate to the proxy in one of the following ways:
- A certificate from AWS Certificate Manager (ACM).
- A customer-provided certificate (specify a
certificateChain
path file and aprivateKey
file path). - A certificate provided by a Secrets Discovery Service (SDS) endpoint over local Unix Domain Socket (specify its
secretName
).
// A Virtual Node with listener TLS from an ACM provided certificate Certificate cert; Mesh mesh; VirtualNode node = VirtualNode.Builder.create(this, "node") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.dns("node")) .listeners(List.of(VirtualNodeListener.grpc(GrpcVirtualNodeListenerOptions.builder() .port(80) .tls(ListenerTlsOptions.builder() .mode(TlsMode.STRICT) .certificate(TlsCertificate.acm(cert)) .build()) .build()))) .build(); // A Virtual Gateway with listener TLS from a customer provided file certificate VirtualGateway gateway = VirtualGateway.Builder.create(this, "gateway") .mesh(mesh) .listeners(List.of(VirtualGatewayListener.grpc(GrpcGatewayListenerOptions.builder() .port(8080) .tls(ListenerTlsOptions.builder() .mode(TlsMode.STRICT) .certificate(TlsCertificate.file("path/to/certChain", "path/to/privateKey")) .build()) .build()))) .virtualGatewayName("gateway") .build(); // A Virtual Gateway with listener TLS from a SDS provided certificate VirtualGateway gateway2 = VirtualGateway.Builder.create(this, "gateway2") .mesh(mesh) .listeners(List.of(VirtualGatewayListener.http2(Http2GatewayListenerOptions.builder() .port(8080) .tls(ListenerTlsOptions.builder() .mode(TlsMode.STRICT) .certificate(TlsCertificate.sds("secrete_certificate")) .build()) .build()))) .virtualGatewayName("gateway2") .build();
Adding mutual TLS authentication
Mutual TLS authentication is an optional component of TLS that offers two-way peer authentication.
To enable mutual TLS authentication, add the mutualTlsCertificate
property to TLS client policy and/or the mutualTlsValidation
property to your TLS listener.
tls.mutualTlsValidation
and tlsClientPolicy.mutualTlsCertificate
can be sourced from either:
- A customer-provided certificate (specify a
certificateChain
path file and aprivateKey
file path). - A certificate provided by a Secrets Discovery Service (SDS) endpoint over local Unix Domain Socket (specify its
secretName
).
Note Currently, a certificate from AWS Certificate Manager (ACM) cannot be used for mutual TLS authentication.
Mesh mesh; VirtualNode node1 = VirtualNode.Builder.create(this, "node1") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.dns("node")) .listeners(List.of(VirtualNodeListener.grpc(GrpcVirtualNodeListenerOptions.builder() .port(80) .tls(ListenerTlsOptions.builder() .mode(TlsMode.STRICT) .certificate(TlsCertificate.file("path/to/certChain", "path/to/privateKey")) // Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate. .mutualTlsValidation(MutualTlsValidation.builder() .trust(TlsValidationTrust.file("path-to-certificate")) .build()) .build()) .build()))) .build(); String certificateAuthorityArn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012"; VirtualNode node2 = VirtualNode.Builder.create(this, "node2") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.dns("node2")) .backendDefaults(BackendDefaults.builder() .tlsClientPolicy(TlsClientPolicy.builder() .ports(List.of(8080, 8081)) .validation(TlsValidation.builder() .subjectAlternativeNames(SubjectAlternativeNames.matchingExactly("mesh-endpoint.apps.local")) .trust(TlsValidationTrust.acm(List.of(CertificateAuthority.fromCertificateAuthorityArn(this, "certificate", certificateAuthorityArn)))) .build()) // Provide a SDS client certificate when a server requests it and enable mutual TLS authentication. .mutualTlsCertificate(TlsCertificate.sds("secret_certificate")) .build()) .build()) .build();
Adding outlier detection to a Virtual Node listener
The outlierDetection
property adds outlier detection to a Virtual Node listener. The properties
baseEjectionDuration
, interval
, maxEjectionPercent
, and maxServerErrors
are required.
Mesh mesh; // Cloud Map service discovery is currently required for host ejection by outlier detection Vpc vpc = new Vpc(this, "vpc"); PrivateDnsNamespace namespace = PrivateDnsNamespace.Builder.create(this, "test-namespace") .vpc(vpc) .name("domain.local") .build(); Service service = namespace.createService("Svc"); VirtualNode node = mesh.addVirtualNode("virtual-node", VirtualNodeBaseProps.builder() .serviceDiscovery(ServiceDiscovery.cloudMap(service)) .listeners(List.of(VirtualNodeListener.http(HttpVirtualNodeListenerOptions.builder() .outlierDetection(OutlierDetection.builder() .baseEjectionDuration(Duration.seconds(10)) .interval(Duration.seconds(30)) .maxEjectionPercent(50) .maxServerErrors(5) .build()) .build()))) .build());
Adding a connection pool to a listener
The connectionPool
property can be added to a Virtual Node listener or Virtual Gateway listener to add a request connection pool. Each listener protocol type has its own connection pool properties.
// A Virtual Node with a gRPC listener with a connection pool set Mesh mesh; VirtualNode node = VirtualNode.Builder.create(this, "node") .mesh(mesh) // DNS service discovery can optionally specify the DNS response type as either LOAD_BALANCER or ENDPOINTS. // LOAD_BALANCER means that the DNS resolver returns a loadbalanced set of endpoints, // whereas ENDPOINTS means that the DNS resolver is returning all the endpoints. // By default, the response type is assumed to be LOAD_BALANCER .serviceDiscovery(ServiceDiscovery.dns("node", DnsResponseType.ENDPOINTS)) .listeners(List.of(VirtualNodeListener.http(HttpVirtualNodeListenerOptions.builder() .port(80) .connectionPool(HttpConnectionPool.builder() .maxConnections(100) .maxPendingRequests(10) .build()) .build()))) .build(); // A Virtual Gateway with a gRPC listener with a connection pool set VirtualGateway gateway = VirtualGateway.Builder.create(this, "gateway") .mesh(mesh) .listeners(List.of(VirtualGatewayListener.grpc(GrpcGatewayListenerOptions.builder() .port(8080) .connectionPool(GrpcConnectionPool.builder() .maxRequests(10) .build()) .build()))) .virtualGatewayName("gateway") .build();
Adding an IP Preference to a Virtual Node
An ipPreference
can be specified as part of a Virtual Node's service discovery. An IP preference defines how clients for this Virtual Node will interact with it.
There a four different IP preferences available to use which each specify what IP versions this Virtual Node will use and prefer.
IPv4_ONLY
- Only use IPv4. For CloudMap service discovery, only IPv4 addresses returned from CloudMap will be used. For DNS service discovery, Envoy's DNS resolver will only resolve DNS queries for IPv4.IPv4_PREFERRED
- Prefer IPv4 and fall back to IPv6. For CloudMap service discovery, an IPv4 address will be used if returned from CloudMap. Otherwise, an IPv6 address will be used if available. For DNS service discovery, Envoy's DNS resolver will first attempt to resolve DNS queries using IPv4 and fall back to IPv6.IPv6_ONLY
- Only use IPv6. For CloudMap service discovery, only IPv6 addresses returned from CloudMap will be used. For DNS service discovery, Envoy's DNS resolver will only resolve DNS queries for IPv6.IPv6_PREFERRED
- Prefer IPv6 and fall back to IPv4. For CloudMap service discovery, an IPv6 address will be used if returned from CloudMap. Otherwise, an IPv4 address will be used if available. For DNS service discovery, Envoy's DNS resolver will first attempt to resolve DNS queries using IPv6 and fall back to IPv4.
Mesh mesh = Mesh.Builder.create(this, "mesh") .meshName("mesh-with-preference") .build(); // Virtual Node with DNS service discovery and an IP preference VirtualNode dnsNode = VirtualNode.Builder.create(this, "dns-node") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.dns("test", DnsResponseType.LOAD_BALANCER, IpPreference.IPV4_ONLY)) .build(); // Virtual Node with CloudMap service discovery and an IP preference Vpc vpc = new Vpc(this, "vpc"); PrivateDnsNamespace namespace = PrivateDnsNamespace.Builder.create(this, "test-namespace") .vpc(vpc) .name("domain.local") .build(); Service service = namespace.createService("Svc"); Map<String, String> instanceAttribute = Map.of(); instanceAttribute.getTestKey() = "testValue"; VirtualNode cloudmapNode = VirtualNode.Builder.create(this, "cloudmap-node") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.cloudMap(service, instanceAttribute, IpPreference.IPV4_ONLY)) .build();
Adding a Route
A route matches requests with an associated virtual router and distributes traffic to its associated virtual nodes. The route distributes matching requests to one or more target virtual nodes with relative weighting.
The RouteSpec
class lets you define protocol-specific route specifications.
The tcp()
, http()
, http2()
, and grpc()
methods create a specification for the named protocols.
For HTTP-based routes, the match field can match on path (prefix, exact, or regex), HTTP method, scheme, HTTP headers, and query parameters. By default, HTTP-based routes match all requests.
For gRPC-based routes, the match field can match on service name, method name, and metadata. When specifying the method name, the service name must also be specified.
For example, here's how to add an HTTP route that matches based on a prefix of the URL path:
VirtualRouter router; VirtualNode node; router.addRoute("route-http", RouteBaseProps.builder() .routeSpec(RouteSpec.http(HttpRouteSpecOptions.builder() .weightedTargets(List.of(WeightedTarget.builder() .virtualNode(node) .build())) .match(HttpRouteMatch.builder() // Path that is passed to this method must start with '/'. .path(HttpRoutePathMatch.startsWith("/path-to-app")) .build()) .build())) .build());
Add an HTTP2 route that matches based on exact path, method, scheme, headers, and query parameters:
VirtualRouter router; VirtualNode node; router.addRoute("route-http2", RouteBaseProps.builder() .routeSpec(RouteSpec.http2(HttpRouteSpecOptions.builder() .weightedTargets(List.of(WeightedTarget.builder() .virtualNode(node) .build())) .match(HttpRouteMatch.builder() .path(HttpRoutePathMatch.exactly("/exact")) .method(HttpRouteMethod.POST) .protocol(HttpRouteProtocol.HTTPS) .headers(List.of(HeaderMatch.valueIs("Content-Type", "application/json"), HeaderMatch.valueIsNot("Content-Type", "application/json"))) .queryParameters(List.of(QueryParameterMatch.valueIs("query-field", "value"))) .build()) .build())) .build());
Add a single route with two targets and split traffic 50/50:
VirtualRouter router; VirtualNode node; router.addRoute("route-http", RouteBaseProps.builder() .routeSpec(RouteSpec.http(HttpRouteSpecOptions.builder() .weightedTargets(List.of(WeightedTarget.builder() .virtualNode(node) .weight(50) .build(), WeightedTarget.builder() .virtualNode(node) .weight(50) .build())) .match(HttpRouteMatch.builder() .path(HttpRoutePathMatch.startsWith("/path-to-app")) .build()) .build())) .build());
Add an http2 route with retries:
VirtualRouter router; VirtualNode node; router.addRoute("route-http2-retry", RouteBaseProps.builder() .routeSpec(RouteSpec.http2(HttpRouteSpecOptions.builder() .weightedTargets(List.of(WeightedTarget.builder().virtualNode(node).build())) .retryPolicy(HttpRetryPolicy.builder() // Retry if the connection failed .tcpRetryEvents(List.of(TcpRetryEvent.CONNECTION_ERROR)) // Retry if HTTP responds with a gateway error (502, 503, 504) .httpRetryEvents(List.of(HttpRetryEvent.GATEWAY_ERROR)) // Retry five times .retryAttempts(5) // Use a 1 second timeout per retry .retryTimeout(Duration.seconds(1)) .build()) .build())) .build());
Add a gRPC route with retries:
VirtualRouter router; VirtualNode node; router.addRoute("route-grpc-retry", RouteBaseProps.builder() .routeSpec(RouteSpec.grpc(GrpcRouteSpecOptions.builder() .weightedTargets(List.of(WeightedTarget.builder().virtualNode(node).build())) .match(GrpcRouteMatch.builder().serviceName("servicename").build()) .retryPolicy(GrpcRetryPolicy.builder() .tcpRetryEvents(List.of(TcpRetryEvent.CONNECTION_ERROR)) .httpRetryEvents(List.of(HttpRetryEvent.GATEWAY_ERROR)) // Retry if gRPC responds that the request was cancelled, a resource // was exhausted, or if the service is unavailable .grpcRetryEvents(List.of(GrpcRetryEvent.CANCELLED, GrpcRetryEvent.RESOURCE_EXHAUSTED, GrpcRetryEvent.UNAVAILABLE)) .retryAttempts(5) .retryTimeout(Duration.seconds(1)) .build()) .build())) .build());
Add an gRPC route that matches based on method name and metadata:
VirtualRouter router; VirtualNode node; router.addRoute("route-grpc-retry", RouteBaseProps.builder() .routeSpec(RouteSpec.grpc(GrpcRouteSpecOptions.builder() .weightedTargets(List.of(WeightedTarget.builder().virtualNode(node).build())) .match(GrpcRouteMatch.builder() // When method name is specified, service name must be also specified. .methodName("methodname") .serviceName("servicename") .metadata(List.of(HeaderMatch.valueStartsWith("Content-Type", "application/"), HeaderMatch.valueDoesNotStartWith("Content-Type", "text/"))) .build()) .build())) .build());
Add a gRPC route that matches based on port:
VirtualRouter router; VirtualNode node; router.addRoute("route-grpc-port", RouteBaseProps.builder() .routeSpec(RouteSpec.grpc(GrpcRouteSpecOptions.builder() .weightedTargets(List.of(WeightedTarget.builder() .virtualNode(node) .build())) .match(GrpcRouteMatch.builder() .port(1234) .build()) .build())) .build());
Add a gRPC route with timeout:
VirtualRouter router; VirtualNode node; router.addRoute("route-http", RouteBaseProps.builder() .routeSpec(RouteSpec.grpc(GrpcRouteSpecOptions.builder() .weightedTargets(List.of(WeightedTarget.builder() .virtualNode(node) .build())) .match(GrpcRouteMatch.builder() .serviceName("my-service.default.svc.cluster.local") .build()) .timeout(GrpcTimeout.builder() .idle(Duration.seconds(2)) .perRequest(Duration.seconds(1)) .build()) .build())) .build());
Adding a Virtual Gateway
A virtual gateway allows resources outside your mesh to communicate with resources inside your mesh. The virtual gateway represents an Envoy proxy running in an Amazon ECS task, in a Kubernetes service, or on an Amazon EC2 instance. Unlike a virtual node, which represents Envoy running with an application, a virtual gateway represents Envoy deployed by itself.
A virtual gateway is similar to a virtual node in that it has a listener that accepts traffic for a particular port and protocol (HTTP, HTTP2, gRPC). Traffic received by the virtual gateway is directed to other services in your mesh using rules defined in gateway routes which can be added to your virtual gateway.
Create a virtual gateway with the constructor:
Mesh mesh; String certificateAuthorityArn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012"; VirtualGateway gateway = VirtualGateway.Builder.create(this, "gateway") .mesh(mesh) .listeners(List.of(VirtualGatewayListener.http(HttpGatewayListenerOptions.builder() .port(443) .healthCheck(HealthCheck.http(HttpHealthCheckOptions.builder() .interval(Duration.seconds(10)) .build())) .build()))) .backendDefaults(BackendDefaults.builder() .tlsClientPolicy(TlsClientPolicy.builder() .ports(List.of(8080, 8081)) .validation(TlsValidation.builder() .trust(TlsValidationTrust.acm(List.of(CertificateAuthority.fromCertificateAuthorityArn(this, "certificate", certificateAuthorityArn)))) .build()) .build()) .build()) .accessLog(AccessLog.fromFilePath("/dev/stdout")) .virtualGatewayName("virtualGateway") .build();
Add a virtual gateway directly to the mesh:
Mesh mesh; VirtualGateway gateway = mesh.addVirtualGateway("gateway", VirtualGatewayBaseProps.builder() .accessLog(AccessLog.fromFilePath("/dev/stdout")) .virtualGatewayName("virtualGateway") .listeners(List.of(VirtualGatewayListener.http(HttpGatewayListenerOptions.builder() .port(443) .healthCheck(HealthCheck.http(HttpHealthCheckOptions.builder() .interval(Duration.seconds(10)) .build())) .build()))) .build());
The listeners
field defaults to an HTTP Listener on port 8080 if omitted.
A gateway route can be added using the gateway.addGatewayRoute()
method.
The backendDefaults
property, provided when creating the virtual gateway, specifies the virtual gateway's default settings for all backends.
Adding a Gateway Route
A gateway route is attached to a virtual gateway and routes matching traffic to an existing virtual service.
For HTTP-based gateway routes, the match
field can be used to match on
path (prefix, exact, or regex), HTTP method, host name, HTTP headers, and query parameters.
By default, HTTP-based gateway routes match all requests.
VirtualGateway gateway; VirtualService virtualService; gateway.addGatewayRoute("gateway-route-http", GatewayRouteBaseProps.builder() .routeSpec(GatewayRouteSpec.http(HttpGatewayRouteSpecOptions.builder() .routeTarget(virtualService) .match(HttpGatewayRouteMatch.builder() .path(HttpGatewayRoutePathMatch.regex("regex")) .build()) .build())) .build());
For gRPC-based gateway routes, the match
field can be used to match on service name, host name, port and metadata.
VirtualGateway gateway; VirtualService virtualService; gateway.addGatewayRoute("gateway-route-grpc", GatewayRouteBaseProps.builder() .routeSpec(GatewayRouteSpec.grpc(GrpcGatewayRouteSpecOptions.builder() .routeTarget(virtualService) .match(GrpcGatewayRouteMatch.builder() .hostname(GatewayRouteHostnameMatch.endsWith(".example.com")) .build()) .build())) .build());
For HTTP based gateway routes, App Mesh automatically rewrites the matched prefix path in Gateway Route to “/”. This automatic rewrite configuration can be overwritten in following ways:
VirtualGateway gateway; VirtualService virtualService; gateway.addGatewayRoute("gateway-route-http", GatewayRouteBaseProps.builder() .routeSpec(GatewayRouteSpec.http(HttpGatewayRouteSpecOptions.builder() .routeTarget(virtualService) .match(HttpGatewayRouteMatch.builder() // This disables the default rewrite to '/', and retains original path. .path(HttpGatewayRoutePathMatch.startsWith("/path-to-app/", "")) .build()) .build())) .build()); gateway.addGatewayRoute("gateway-route-http-1", GatewayRouteBaseProps.builder() .routeSpec(GatewayRouteSpec.http(HttpGatewayRouteSpecOptions.builder() .routeTarget(virtualService) .match(HttpGatewayRouteMatch.builder() // If the request full path is '/path-to-app/xxxxx', this rewrites the path to '/rewrittenUri/xxxxx'. // Please note both `prefixPathMatch` and `rewriteTo` must start and end with the `/` character. .path(HttpGatewayRoutePathMatch.startsWith("/path-to-app/", "/rewrittenUri/")) .build()) .build())) .build());
If matching other path (exact or regex), only specific rewrite path can be specified.
Unlike startsWith()
method above, no default rewrite is performed.
VirtualGateway gateway; VirtualService virtualService; gateway.addGatewayRoute("gateway-route-http-2", GatewayRouteBaseProps.builder() .routeSpec(GatewayRouteSpec.http(HttpGatewayRouteSpecOptions.builder() .routeTarget(virtualService) .match(HttpGatewayRouteMatch.builder() // This rewrites the path from '/test' to '/rewrittenPath'. .path(HttpGatewayRoutePathMatch.exactly("/test", "/rewrittenPath")) .build()) .build())) .build());
For HTTP/gRPC based routes, App Mesh automatically rewrites
the original request received at the Virtual Gateway to the destination Virtual Service name.
This default host name rewrite can be configured by specifying the rewrite rule as one of the match
property:
VirtualGateway gateway; VirtualService virtualService; gateway.addGatewayRoute("gateway-route-grpc", GatewayRouteBaseProps.builder() .routeSpec(GatewayRouteSpec.grpc(GrpcGatewayRouteSpecOptions.builder() .routeTarget(virtualService) .match(GrpcGatewayRouteMatch.builder() .hostname(GatewayRouteHostnameMatch.exactly("example.com")) // This disables the default rewrite to virtual service name and retain original request. .rewriteRequestHostname(false) .build()) .build())) .build());
Importing Resources
Each App Mesh resource class comes with two static methods, from<Resource>Arn
and from<Resource>Attributes
(where <Resource>
is replaced with the resource name, such as VirtualNode
) for importing a reference to an existing App Mesh resource.
These imported resources can be used with other resources in your mesh as if they were defined directly in your CDK application.
String arn = "arn:aws:appmesh:us-east-1:123456789012:mesh/testMesh/virtualNode/testNode"; VirtualNode.fromVirtualNodeArn(this, "importedVirtualNode", arn);
String virtualNodeName = "my-virtual-node"; VirtualNode.fromVirtualNodeAttributes(this, "imported-virtual-node", VirtualNodeAttributes.builder() .mesh(Mesh.fromMeshName(this, "Mesh", "testMesh")) .virtualNodeName(virtualNodeName) .build());
To import a mesh, again there are two static methods, fromMeshArn
and fromMeshName
.
String arn = "arn:aws:appmesh:us-east-1:123456789012:mesh/testMesh"; Mesh.fromMeshArn(this, "imported-mesh", arn);
Mesh.fromMeshName(this, "imported-mesh", "abc");
IAM Grants
VirtualNode
and VirtualGateway
provide grantStreamAggregatedResources
methods that grant identities that are running
Envoy access to stream generated config from App Mesh.
Mesh mesh; VirtualGateway gateway = VirtualGateway.Builder.create(this, "testGateway").mesh(mesh).build(); User envoyUser = new User(this, "envoyUser"); /** * This will grant `grantStreamAggregatedResources` ONLY for this gateway. */ gateway.grantStreamAggregatedResources(envoyUser);
Adding Resources to shared meshes
A shared mesh allows resources created by different accounts to communicate with each other in the same mesh:
// This is the ARN for the mesh from different AWS IAM account ID. // Ensure mesh is properly shared with your account. For more details, see: https://github.com/aws/aws-cdk/issues/15404 String arn = "arn:aws:appmesh:us-east-1:123456789012:mesh/testMesh"; IMesh sharedMesh = Mesh.fromMeshArn(this, "imported-mesh", arn); // This VirtualNode resource can communicate with the resources in the mesh from different AWS IAM account ID. // This VirtualNode resource can communicate with the resources in the mesh from different AWS IAM account ID. VirtualNode.Builder.create(this, "test-node") .mesh(sharedMesh) .build();
-
ClassDescriptionConfiguration for Envoy Access logs for mesh endpoints.All Properties for Envoy Access logs for mesh endpoints.A builder for
AccessLogConfig
An implementation forAccessLogConfig
Contains static factory methods to create backends.Properties for a backend.A builder forBackendConfig
An implementation forBackendConfig
Represents the properties needed to define backend defaults.A builder forBackendDefaults
An implementation forBackendDefaults
Creates a gateway route.A fluent builder forCfnGatewayRoute
.An object representing the gateway route host name to match.A builder forCfnGatewayRoute.GatewayRouteHostnameMatchProperty
An implementation forCfnGatewayRoute.GatewayRouteHostnameMatchProperty
An object representing the gateway route host name to rewrite.A builder forCfnGatewayRoute.GatewayRouteHostnameRewriteProperty
An implementation forCfnGatewayRoute.GatewayRouteHostnameRewriteProperty
An object representing the method header to be matched.A builder forCfnGatewayRoute.GatewayRouteMetadataMatchProperty
An implementation forCfnGatewayRoute.GatewayRouteMetadataMatchProperty
An object that represents the range of values to match on.A builder forCfnGatewayRoute.GatewayRouteRangeMatchProperty
An implementation forCfnGatewayRoute.GatewayRouteRangeMatchProperty
An object that represents a gateway route specification.A builder forCfnGatewayRoute.GatewayRouteSpecProperty
An implementation forCfnGatewayRoute.GatewayRouteSpecProperty
An object that represents a gateway route target.A builder forCfnGatewayRoute.GatewayRouteTargetProperty
An implementation forCfnGatewayRoute.GatewayRouteTargetProperty
An object that represents the virtual service that traffic is routed to.A builder forCfnGatewayRoute.GatewayRouteVirtualServiceProperty
An implementation forCfnGatewayRoute.GatewayRouteVirtualServiceProperty
An object that represents the action to take if a match is determined.A builder forCfnGatewayRoute.GrpcGatewayRouteActionProperty
An implementation forCfnGatewayRoute.GrpcGatewayRouteActionProperty
An object that represents the criteria for determining a request match.A builder forCfnGatewayRoute.GrpcGatewayRouteMatchProperty
An implementation forCfnGatewayRoute.GrpcGatewayRouteMatchProperty
An object representing the metadata of the gateway route.A builder forCfnGatewayRoute.GrpcGatewayRouteMetadataProperty
An implementation forCfnGatewayRoute.GrpcGatewayRouteMetadataProperty
An object that represents a gRPC gateway route.A builder forCfnGatewayRoute.GrpcGatewayRouteProperty
An implementation forCfnGatewayRoute.GrpcGatewayRouteProperty
An object that represents the gateway route to rewrite.A builder forCfnGatewayRoute.GrpcGatewayRouteRewriteProperty
An implementation forCfnGatewayRoute.GrpcGatewayRouteRewriteProperty
An object that represents the action to take if a match is determined.A builder forCfnGatewayRoute.HttpGatewayRouteActionProperty
An implementation forCfnGatewayRoute.HttpGatewayRouteActionProperty
An object that represents the method and value to match with the header value sent in a request.A builder forCfnGatewayRoute.HttpGatewayRouteHeaderMatchProperty
An implementation forCfnGatewayRoute.HttpGatewayRouteHeaderMatchProperty
An object that represents the HTTP header in the gateway route.A builder forCfnGatewayRoute.HttpGatewayRouteHeaderProperty
An implementation forCfnGatewayRoute.HttpGatewayRouteHeaderProperty
An object that represents the criteria for determining a request match.A builder forCfnGatewayRoute.HttpGatewayRouteMatchProperty
An implementation forCfnGatewayRoute.HttpGatewayRouteMatchProperty
An object that represents the path to rewrite.A builder forCfnGatewayRoute.HttpGatewayRoutePathRewriteProperty
An implementation forCfnGatewayRoute.HttpGatewayRoutePathRewriteProperty
An object representing the beginning characters of the route to rewrite.A builder forCfnGatewayRoute.HttpGatewayRoutePrefixRewriteProperty
An implementation forCfnGatewayRoute.HttpGatewayRoutePrefixRewriteProperty
An object that represents an HTTP gateway route.A builder forCfnGatewayRoute.HttpGatewayRouteProperty
An implementation forCfnGatewayRoute.HttpGatewayRouteProperty
An object representing the gateway route to rewrite.A builder forCfnGatewayRoute.HttpGatewayRouteRewriteProperty
An implementation forCfnGatewayRoute.HttpGatewayRouteRewriteProperty
An object representing the path to match in the request.A builder forCfnGatewayRoute.HttpPathMatchProperty
An implementation forCfnGatewayRoute.HttpPathMatchProperty
An object representing the query parameter to match.A builder forCfnGatewayRoute.HttpQueryParameterMatchProperty
An implementation forCfnGatewayRoute.HttpQueryParameterMatchProperty
An object that represents the query parameter in the request.A builder forCfnGatewayRoute.QueryParameterProperty
An implementation forCfnGatewayRoute.QueryParameterProperty
Properties for defining aCfnGatewayRoute
.A builder forCfnGatewayRouteProps
An implementation forCfnGatewayRouteProps
Creates a service mesh.A fluent builder forCfnMesh
.An object that represents the egress filter rules for a service mesh.A builder forCfnMesh.EgressFilterProperty
An implementation forCfnMesh.EgressFilterProperty
An object that represents the service discovery information for a service mesh.A builder forCfnMesh.MeshServiceDiscoveryProperty
An implementation forCfnMesh.MeshServiceDiscoveryProperty
An object that represents the specification of a service mesh.A builder forCfnMesh.MeshSpecProperty
An implementation forCfnMesh.MeshSpecProperty
Properties for defining aCfnMesh
.A builder forCfnMeshProps
An implementation forCfnMeshProps
Creates a route that is associated with a virtual router.A fluent builder forCfnRoute
.An object that represents a duration of time.A builder forCfnRoute.DurationProperty
An implementation forCfnRoute.DurationProperty
An object that represents a retry policy.A builder forCfnRoute.GrpcRetryPolicyProperty
An implementation forCfnRoute.GrpcRetryPolicyProperty
An object that represents the action to take if a match is determined.A builder forCfnRoute.GrpcRouteActionProperty
An implementation forCfnRoute.GrpcRouteActionProperty
An object that represents the criteria for determining a request match.A builder forCfnRoute.GrpcRouteMatchProperty
An implementation forCfnRoute.GrpcRouteMatchProperty
An object that represents the match method.A builder forCfnRoute.GrpcRouteMetadataMatchMethodProperty
An implementation forCfnRoute.GrpcRouteMetadataMatchMethodProperty
An object that represents the match metadata for the route.A builder forCfnRoute.GrpcRouteMetadataProperty
An implementation forCfnRoute.GrpcRouteMetadataProperty
An object that represents a gRPC route type.A builder forCfnRoute.GrpcRouteProperty
An implementation forCfnRoute.GrpcRouteProperty
An object that represents types of timeouts.A builder forCfnRoute.GrpcTimeoutProperty
An implementation forCfnRoute.GrpcTimeoutProperty
An object that represents the method and value to match with the header value sent in a request.A builder forCfnRoute.HeaderMatchMethodProperty
An implementation forCfnRoute.HeaderMatchMethodProperty
An object representing the path to match in the request.A builder forCfnRoute.HttpPathMatchProperty
An implementation forCfnRoute.HttpPathMatchProperty
An object representing the query parameter to match.A builder forCfnRoute.HttpQueryParameterMatchProperty
An implementation forCfnRoute.HttpQueryParameterMatchProperty
An object that represents a retry policy.A builder forCfnRoute.HttpRetryPolicyProperty
An implementation forCfnRoute.HttpRetryPolicyProperty
An object that represents the action to take if a match is determined.A builder forCfnRoute.HttpRouteActionProperty
An implementation forCfnRoute.HttpRouteActionProperty
An object that represents the HTTP header in the request.A builder forCfnRoute.HttpRouteHeaderProperty
An implementation forCfnRoute.HttpRouteHeaderProperty
An object that represents the requirements for a route to match HTTP requests for a virtual router.A builder forCfnRoute.HttpRouteMatchProperty
An implementation forCfnRoute.HttpRouteMatchProperty
An object that represents an HTTP or HTTP/2 route type.A builder forCfnRoute.HttpRouteProperty
An implementation forCfnRoute.HttpRouteProperty
An object that represents types of timeouts.A builder forCfnRoute.HttpTimeoutProperty
An implementation forCfnRoute.HttpTimeoutProperty
An object that represents the range of values to match on.A builder forCfnRoute.MatchRangeProperty
An implementation forCfnRoute.MatchRangeProperty
An object that represents the query parameter in the request.A builder forCfnRoute.QueryParameterProperty
An implementation forCfnRoute.QueryParameterProperty
An object that represents a route specification.A builder forCfnRoute.RouteSpecProperty
An implementation forCfnRoute.RouteSpecProperty
An object that represents the action to take if a match is determined.A builder forCfnRoute.TcpRouteActionProperty
An implementation forCfnRoute.TcpRouteActionProperty
An object representing the TCP route to match.A builder forCfnRoute.TcpRouteMatchProperty
An implementation forCfnRoute.TcpRouteMatchProperty
An object that represents a TCP route type.A builder forCfnRoute.TcpRouteProperty
An implementation forCfnRoute.TcpRouteProperty
An object that represents types of timeouts.A builder forCfnRoute.TcpTimeoutProperty
An implementation forCfnRoute.TcpTimeoutProperty
An object that represents a target and its relative weight.A builder forCfnRoute.WeightedTargetProperty
An implementation forCfnRoute.WeightedTargetProperty
Properties for defining aCfnRoute
.A builder forCfnRouteProps
An implementation forCfnRouteProps
Creates a virtual gateway.A fluent builder forCfnVirtualGateway
.An object that represents the key value pairs for the JSON.A builder forCfnVirtualGateway.JsonFormatRefProperty
An implementation forCfnVirtualGateway.JsonFormatRefProperty
An object that represents the format for the logs.A builder forCfnVirtualGateway.LoggingFormatProperty
An implementation forCfnVirtualGateway.LoggingFormatProperty
An object that represents the methods by which a subject alternative name on a peer Transport Layer Security (TLS) certificate can be matched.A builder forCfnVirtualGateway.SubjectAlternativeNameMatchersProperty
An implementation forCfnVirtualGateway.SubjectAlternativeNameMatchersProperty
An object that represents the subject alternative names secured by the certificate.A builder forCfnVirtualGateway.SubjectAlternativeNamesProperty
An implementation forCfnVirtualGateway.SubjectAlternativeNamesProperty
The access log configuration for a virtual gateway.A builder forCfnVirtualGateway.VirtualGatewayAccessLogProperty
An implementation forCfnVirtualGateway.VirtualGatewayAccessLogProperty
An object that represents the default properties for a backend.A builder forCfnVirtualGateway.VirtualGatewayBackendDefaultsProperty
An implementation forCfnVirtualGateway.VirtualGatewayBackendDefaultsProperty
An object that represents a client policy.A builder forCfnVirtualGateway.VirtualGatewayClientPolicyProperty
An implementation forCfnVirtualGateway.VirtualGatewayClientPolicyProperty
An object that represents a Transport Layer Security (TLS) client policy.A builder forCfnVirtualGateway.VirtualGatewayClientPolicyTlsProperty
An implementation forCfnVirtualGateway.VirtualGatewayClientPolicyTlsProperty
An object that represents the virtual gateway's client's Transport Layer Security (TLS) certificate.An implementation forCfnVirtualGateway.VirtualGatewayClientTlsCertificateProperty
An object that represents the type of virtual gateway connection pool.A builder forCfnVirtualGateway.VirtualGatewayConnectionPoolProperty
An implementation forCfnVirtualGateway.VirtualGatewayConnectionPoolProperty
An object that represents an access log file.A builder forCfnVirtualGateway.VirtualGatewayFileAccessLogProperty
An implementation forCfnVirtualGateway.VirtualGatewayFileAccessLogProperty
An object that represents a type of connection pool.An implementation forCfnVirtualGateway.VirtualGatewayGrpcConnectionPoolProperty
An object that represents the health check policy for a virtual gateway's listener.An implementation forCfnVirtualGateway.VirtualGatewayHealthCheckPolicyProperty
An object that represents a type of connection pool.An implementation forCfnVirtualGateway.VirtualGatewayHttp2ConnectionPoolProperty
An object that represents a type of connection pool.An implementation forCfnVirtualGateway.VirtualGatewayHttpConnectionPoolProperty
An object that represents a listener for a virtual gateway.A builder forCfnVirtualGateway.VirtualGatewayListenerProperty
An implementation forCfnVirtualGateway.VirtualGatewayListenerProperty
An object that represents an AWS Certificate Manager certificate.An implementation forCfnVirtualGateway.VirtualGatewayListenerTlsAcmCertificateProperty
An object that represents a listener's Transport Layer Security (TLS) certificate.An implementation forCfnVirtualGateway.VirtualGatewayListenerTlsCertificateProperty
An object that represents a local file certificate.An implementation forCfnVirtualGateway.VirtualGatewayListenerTlsFileCertificateProperty
An object that represents the Transport Layer Security (TLS) properties for a listener.A builder forCfnVirtualGateway.VirtualGatewayListenerTlsProperty
An implementation forCfnVirtualGateway.VirtualGatewayListenerTlsProperty
An object that represents the virtual gateway's listener's Secret Discovery Service certificate.The proxy must be configured with a local SDS provider via a Unix Domain Socket.An implementation forCfnVirtualGateway.VirtualGatewayListenerTlsSdsCertificateProperty
An object that represents a virtual gateway's listener's Transport Layer Security (TLS) validation context.An implementation forCfnVirtualGateway.VirtualGatewayListenerTlsValidationContextProperty
An object that represents a virtual gateway's listener's Transport Layer Security (TLS) validation context trust.An implementation forCfnVirtualGateway.VirtualGatewayListenerTlsValidationContextTrustProperty
An object that represents logging information.A builder forCfnVirtualGateway.VirtualGatewayLoggingProperty
An implementation forCfnVirtualGateway.VirtualGatewayLoggingProperty
An object that represents a port mapping.A builder forCfnVirtualGateway.VirtualGatewayPortMappingProperty
An implementation forCfnVirtualGateway.VirtualGatewayPortMappingProperty
An object that represents the specification of a service mesh resource.A builder forCfnVirtualGateway.VirtualGatewaySpecProperty
An implementation forCfnVirtualGateway.VirtualGatewaySpecProperty
An object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certificate Manager certificate.An implementation forCfnVirtualGateway.VirtualGatewayTlsValidationContextAcmTrustProperty
An object that represents a Transport Layer Security (TLS) validation context trust for a local file.An implementation forCfnVirtualGateway.VirtualGatewayTlsValidationContextFileTrustProperty
An object that represents a Transport Layer Security (TLS) validation context.An implementation forCfnVirtualGateway.VirtualGatewayTlsValidationContextProperty
An object that represents a virtual gateway's listener's Transport Layer Security (TLS) Secret Discovery Service validation context trust.An implementation forCfnVirtualGateway.VirtualGatewayTlsValidationContextSdsTrustProperty
An object that represents a Transport Layer Security (TLS) validation context trust.An implementation forCfnVirtualGateway.VirtualGatewayTlsValidationContextTrustProperty
Properties for defining aCfnVirtualGateway
.A builder forCfnVirtualGatewayProps
An implementation forCfnVirtualGatewayProps
Creates a virtual node within a service mesh.An object that represents the access logging information for a virtual node.A builder forCfnVirtualNode.AccessLogProperty
An implementation forCfnVirtualNode.AccessLogProperty
An object that represents the AWS Cloud Map attribute information for your virtual node.A builder forCfnVirtualNode.AwsCloudMapInstanceAttributeProperty
An implementation forCfnVirtualNode.AwsCloudMapInstanceAttributeProperty
An object that represents the AWS Cloud Map service discovery information for your virtual node.A builder forCfnVirtualNode.AwsCloudMapServiceDiscoveryProperty
An implementation forCfnVirtualNode.AwsCloudMapServiceDiscoveryProperty
An object that represents the default properties for a backend.A builder forCfnVirtualNode.BackendDefaultsProperty
An implementation forCfnVirtualNode.BackendDefaultsProperty
An object that represents the backends that a virtual node is expected to send outbound traffic to.A builder forCfnVirtualNode.BackendProperty
An implementation forCfnVirtualNode.BackendProperty
A fluent builder forCfnVirtualNode
.An object that represents a client policy.A builder forCfnVirtualNode.ClientPolicyProperty
An implementation forCfnVirtualNode.ClientPolicyProperty
A reference to an object that represents a Transport Layer Security (TLS) client policy.A builder forCfnVirtualNode.ClientPolicyTlsProperty
An implementation forCfnVirtualNode.ClientPolicyTlsProperty
An object that represents the client's certificate.A builder forCfnVirtualNode.ClientTlsCertificateProperty
An implementation forCfnVirtualNode.ClientTlsCertificateProperty
An object that represents the DNS service discovery information for your virtual node.A builder forCfnVirtualNode.DnsServiceDiscoveryProperty
An implementation forCfnVirtualNode.DnsServiceDiscoveryProperty
An object that represents a duration of time.A builder forCfnVirtualNode.DurationProperty
An implementation forCfnVirtualNode.DurationProperty
An object that represents an access log file.A builder forCfnVirtualNode.FileAccessLogProperty
An implementation forCfnVirtualNode.FileAccessLogProperty
An object that represents types of timeouts.A builder forCfnVirtualNode.GrpcTimeoutProperty
An implementation forCfnVirtualNode.GrpcTimeoutProperty
An object that represents the health check policy for a virtual node's listener.A builder forCfnVirtualNode.HealthCheckProperty
An implementation forCfnVirtualNode.HealthCheckProperty
An object that represents types of timeouts.A builder forCfnVirtualNode.HttpTimeoutProperty
An implementation forCfnVirtualNode.HttpTimeoutProperty
An object that represents the key value pairs for the JSON.A builder forCfnVirtualNode.JsonFormatRefProperty
An implementation forCfnVirtualNode.JsonFormatRefProperty
An object that represents a listener for a virtual node.A builder forCfnVirtualNode.ListenerProperty
An implementation forCfnVirtualNode.ListenerProperty
An object that represents timeouts for different protocols.A builder forCfnVirtualNode.ListenerTimeoutProperty
An implementation forCfnVirtualNode.ListenerTimeoutProperty
An object that represents an AWS Certificate Manager certificate.A builder forCfnVirtualNode.ListenerTlsAcmCertificateProperty
An implementation forCfnVirtualNode.ListenerTlsAcmCertificateProperty
An object that represents a listener's Transport Layer Security (TLS) certificate.A builder forCfnVirtualNode.ListenerTlsCertificateProperty
An implementation forCfnVirtualNode.ListenerTlsCertificateProperty
An object that represents a local file certificate.A builder forCfnVirtualNode.ListenerTlsFileCertificateProperty
An implementation forCfnVirtualNode.ListenerTlsFileCertificateProperty
An object that represents the Transport Layer Security (TLS) properties for a listener.A builder forCfnVirtualNode.ListenerTlsProperty
An implementation forCfnVirtualNode.ListenerTlsProperty
An object that represents the listener's Secret Discovery Service certificate.A builder forCfnVirtualNode.ListenerTlsSdsCertificateProperty
An implementation forCfnVirtualNode.ListenerTlsSdsCertificateProperty
An object that represents a listener's Transport Layer Security (TLS) validation context.A builder forCfnVirtualNode.ListenerTlsValidationContextProperty
An implementation forCfnVirtualNode.ListenerTlsValidationContextProperty
An object that represents a listener's Transport Layer Security (TLS) validation context trust.A builder forCfnVirtualNode.ListenerTlsValidationContextTrustProperty
An implementation forCfnVirtualNode.ListenerTlsValidationContextTrustProperty
An object that represents the format for the logs.A builder forCfnVirtualNode.LoggingFormatProperty
An implementation forCfnVirtualNode.LoggingFormatProperty
An object that represents the logging information for a virtual node.A builder forCfnVirtualNode.LoggingProperty
An implementation forCfnVirtualNode.LoggingProperty
An object that represents the outlier detection for a virtual node's listener.A builder forCfnVirtualNode.OutlierDetectionProperty
An implementation forCfnVirtualNode.OutlierDetectionProperty
An object representing a virtual node or virtual router listener port mapping.A builder forCfnVirtualNode.PortMappingProperty
An implementation forCfnVirtualNode.PortMappingProperty
An object that represents the service discovery information for a virtual node.A builder forCfnVirtualNode.ServiceDiscoveryProperty
An implementation forCfnVirtualNode.ServiceDiscoveryProperty
An object that represents the methods by which a subject alternative name on a peer Transport Layer Security (TLS) certificate can be matched.A builder forCfnVirtualNode.SubjectAlternativeNameMatchersProperty
An implementation forCfnVirtualNode.SubjectAlternativeNameMatchersProperty
An object that represents the subject alternative names secured by the certificate.A builder forCfnVirtualNode.SubjectAlternativeNamesProperty
An implementation forCfnVirtualNode.SubjectAlternativeNamesProperty
An object that represents types of timeouts.A builder forCfnVirtualNode.TcpTimeoutProperty
An implementation forCfnVirtualNode.TcpTimeoutProperty
An object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certificate Manager certificate.A builder forCfnVirtualNode.TlsValidationContextAcmTrustProperty
An implementation forCfnVirtualNode.TlsValidationContextAcmTrustProperty
An object that represents a Transport Layer Security (TLS) validation context trust for a local file.A builder forCfnVirtualNode.TlsValidationContextFileTrustProperty
An implementation forCfnVirtualNode.TlsValidationContextFileTrustProperty
An object that represents how the proxy will validate its peer during Transport Layer Security (TLS) negotiation.A builder forCfnVirtualNode.TlsValidationContextProperty
An implementation forCfnVirtualNode.TlsValidationContextProperty
An object that represents a Transport Layer Security (TLS) Secret Discovery Service validation context trust.A builder forCfnVirtualNode.TlsValidationContextSdsTrustProperty
An implementation forCfnVirtualNode.TlsValidationContextSdsTrustProperty
An object that represents a Transport Layer Security (TLS) validation context trust.A builder forCfnVirtualNode.TlsValidationContextTrustProperty
An implementation forCfnVirtualNode.TlsValidationContextTrustProperty
An object that represents the type of virtual node connection pool.A builder forCfnVirtualNode.VirtualNodeConnectionPoolProperty
An implementation forCfnVirtualNode.VirtualNodeConnectionPoolProperty
An object that represents a type of connection pool.A builder forCfnVirtualNode.VirtualNodeGrpcConnectionPoolProperty
An implementation forCfnVirtualNode.VirtualNodeGrpcConnectionPoolProperty
An object that represents a type of connection pool.A builder forCfnVirtualNode.VirtualNodeHttp2ConnectionPoolProperty
An implementation forCfnVirtualNode.VirtualNodeHttp2ConnectionPoolProperty
An object that represents a type of connection pool.A builder forCfnVirtualNode.VirtualNodeHttpConnectionPoolProperty
An implementation forCfnVirtualNode.VirtualNodeHttpConnectionPoolProperty
An object that represents the specification of a virtual node.A builder forCfnVirtualNode.VirtualNodeSpecProperty
An implementation forCfnVirtualNode.VirtualNodeSpecProperty
An object that represents a type of connection pool.A builder forCfnVirtualNode.VirtualNodeTcpConnectionPoolProperty
An implementation forCfnVirtualNode.VirtualNodeTcpConnectionPoolProperty
An object that represents a virtual service backend for a virtual node.A builder forCfnVirtualNode.VirtualServiceBackendProperty
An implementation forCfnVirtualNode.VirtualServiceBackendProperty
Properties for defining aCfnVirtualNode
.A builder forCfnVirtualNodeProps
An implementation forCfnVirtualNodeProps
Creates a virtual router within a service mesh.A fluent builder forCfnVirtualRouter
.An object representing a virtual router listener port mapping.A builder forCfnVirtualRouter.PortMappingProperty
An implementation forCfnVirtualRouter.PortMappingProperty
An object that represents a virtual router listener.A builder forCfnVirtualRouter.VirtualRouterListenerProperty
An implementation forCfnVirtualRouter.VirtualRouterListenerProperty
An object that represents the specification of a virtual router.A builder forCfnVirtualRouter.VirtualRouterSpecProperty
An implementation forCfnVirtualRouter.VirtualRouterSpecProperty
Properties for defining aCfnVirtualRouter
.A builder forCfnVirtualRouterProps
An implementation forCfnVirtualRouterProps
Creates a virtual service within a service mesh.A fluent builder forCfnVirtualService
.An object that represents a virtual node service provider.A builder forCfnVirtualService.VirtualNodeServiceProviderProperty
An implementation forCfnVirtualService.VirtualNodeServiceProviderProperty
An object that represents a virtual node service provider.A builder forCfnVirtualService.VirtualRouterServiceProviderProperty
An implementation forCfnVirtualService.VirtualRouterServiceProviderProperty
An object that represents the provider for a virtual service.A builder forCfnVirtualService.VirtualServiceProviderProperty
An implementation forCfnVirtualService.VirtualServiceProviderProperty
An object that represents the specification of a virtual service.A builder forCfnVirtualService.VirtualServiceSpecProperty
An implementation forCfnVirtualService.VirtualServiceSpecProperty
Properties for defining aCfnVirtualService
.A builder forCfnVirtualServiceProps
An implementation forCfnVirtualServiceProps
Base options for all gateway route specs.A builder forCommonGatewayRouteSpecOptions
An implementation forCommonGatewayRouteSpecOptions
Enum of DNS service discovery response type.GatewayRoute represents a new or existing gateway route attached to a VirtualGateway and Mesh.A fluent builder forGatewayRoute
.Interface with properties necessary to import a reusable GatewayRoute.A builder forGatewayRouteAttributes
An implementation forGatewayRouteAttributes
Basic configuration properties for a GatewayRoute.A builder forGatewayRouteBaseProps
An implementation forGatewayRouteBaseProps
Used to generate host name matching methods.Configuration for gateway route host name match.A builder forGatewayRouteHostnameMatchConfig
An implementation forGatewayRouteHostnameMatchConfig
Properties to define a new GatewayRoute.A builder forGatewayRouteProps
An implementation forGatewayRouteProps
Used to generate specs with different protocols for a GatewayRoute.All Properties for GatewayRoute Specs.A builder forGatewayRouteSpecConfig
An implementation forGatewayRouteSpecConfig
Connection pool properties for gRPC listeners.A builder forGrpcConnectionPool
An implementation forGrpcConnectionPool
Represents the properties needed to define GRPC Listeners for a VirtualGateway.A builder forGrpcGatewayListenerOptions
An implementation forGrpcGatewayListenerOptions
The criterion for determining a request match for this GatewayRoute.A builder forGrpcGatewayRouteMatch
An implementation forGrpcGatewayRouteMatch
Properties specific for a gRPC GatewayRoute.A builder forGrpcGatewayRouteSpecOptions
An implementation forGrpcGatewayRouteSpecOptions
Properties used to define GRPC Based healthchecks.A builder forGrpcHealthCheckOptions
An implementation forGrpcHealthCheckOptions
gRPC events.gRPC retry policy.A builder forGrpcRetryPolicy
An implementation forGrpcRetryPolicy
The criterion for determining a request match for this Route.A builder forGrpcRouteMatch
An implementation forGrpcRouteMatch
Properties specific for a GRPC Based Routes.A builder forGrpcRouteSpecOptions
An implementation forGrpcRouteSpecOptions
Represents timeouts for GRPC protocols.A builder forGrpcTimeout
An implementation forGrpcTimeout
Represent the GRPC Node Listener property.A builder forGrpcVirtualNodeListenerOptions
An implementation forGrpcVirtualNodeListenerOptions
Used to generate header matching methods.Configuration forHeaderMatch
.A builder forHeaderMatchConfig
An implementation forHeaderMatchConfig
Contains static factory methods for creating health checks for different protocols.Options used for creating the Health Check object.A builder forHealthCheckBindOptions
An implementation forHealthCheckBindOptions
All Properties for Health Checks for mesh endpoints.A builder forHealthCheckConfig
An implementation forHealthCheckConfig
Connection pool properties for HTTP2 listeners.A builder forHttp2ConnectionPool
An implementation forHttp2ConnectionPool
Represents the properties needed to define HTTP2 Listeners for a VirtualGateway.A builder forHttp2GatewayListenerOptions
An implementation forHttp2GatewayListenerOptions
Represent the HTTP2 Node Listener property.A builder forHttp2VirtualNodeListenerOptions
An implementation forHttp2VirtualNodeListenerOptions
Connection pool properties for HTTP listeners.A builder forHttpConnectionPool
An implementation forHttpConnectionPool
Represents the properties needed to define HTTP Listeners for a VirtualGateway.A builder forHttpGatewayListenerOptions
An implementation forHttpGatewayListenerOptions
The criterion for determining a request match for this GatewayRoute.A builder forHttpGatewayRouteMatch
An implementation forHttpGatewayRouteMatch
Defines HTTP gateway route matching based on the URL path of the request.The type returned from thebind()
method inHttpGatewayRoutePathMatch
.A builder forHttpGatewayRoutePathMatchConfig
An implementation forHttpGatewayRoutePathMatchConfig
Properties specific for HTTP Based GatewayRoutes.A builder forHttpGatewayRouteSpecOptions
An implementation forHttpGatewayRouteSpecOptions
Properties used to define HTTP Based healthchecks.A builder forHttpHealthCheckOptions
An implementation forHttpHealthCheckOptions
HTTP events on which to retry.HTTP retry policy.A builder forHttpRetryPolicy
An implementation forHttpRetryPolicy
The criterion for determining a request match for this Route.A builder forHttpRouteMatch
An implementation forHttpRouteMatch
Supported values for matching routes based on the HTTP request method.Defines HTTP route matching based on the URL path of the request.The type returned from thebind()
method inHttpRoutePathMatch
.A builder forHttpRoutePathMatchConfig
An implementation forHttpRoutePathMatchConfig
Supported :scheme options for HTTP2.Properties specific for HTTP Based Routes.A builder forHttpRouteSpecOptions
An implementation forHttpRouteSpecOptions
Represents timeouts for HTTP protocols.A builder forHttpTimeout
An implementation forHttpTimeout
Represent the HTTP Node Listener property.A builder forHttpVirtualNodeListenerOptions
An implementation forHttpVirtualNodeListenerOptions
Interface for which all GatewayRoute based classes MUST implement.Internal default implementation forIGatewayRoute
.A proxy class which represents a concrete javascript instance of this type.Interface which all Mesh based classes MUST implement.Internal default implementation forIMesh
.A proxy class which represents a concrete javascript instance of this type.Enum of supported IP preferences.Interface for which all Route based classes MUST implement.Internal default implementation forIRoute
.A proxy class which represents a concrete javascript instance of this type.Interface which all Virtual Gateway based classes must implement.Internal default implementation forIVirtualGateway
.A proxy class which represents a concrete javascript instance of this type.Interface which all VirtualNode based classes must implement.Internal default implementation forIVirtualNode
.A proxy class which represents a concrete javascript instance of this type.Interface which all VirtualRouter based classes MUST implement.Internal default implementation forIVirtualRouter
.A proxy class which represents a concrete javascript instance of this type.Represents the interface which all VirtualService based classes MUST implement.Internal default implementation forIVirtualService
.A proxy class which represents a concrete javascript instance of this type.Represents TLS properties for listener.A builder forListenerTlsOptions
An implementation forListenerTlsOptions
Configuration for Envoy Access Logging Format for mesh endpoints.All Properties for Envoy Access Logging Format for mesh endpoints.A builder forLoggingFormatConfig
An implementation forLoggingFormatConfig
Define a new AppMesh mesh.A fluent builder forMesh
.A utility enum defined for the egressFilter type property, the default of DROP_ALL, allows traffic only to other resources inside the mesh, or API calls to amazon resources.The set of properties used when creating a Mesh.A builder forMeshProps
An implementation forMeshProps
Properties for Mesh Service Discovery.A builder forMeshServiceDiscovery
An implementation forMeshServiceDiscovery
Represents a TLS certificate that is supported for mutual TLS authentication.Represents the properties needed to define TLS Validation context that is supported for mutual TLS authentication.A builder forMutualTlsValidation
An implementation forMutualTlsValidation
Represents a TLS Validation Context Trust that is supported for mutual TLS authentication.Represents the outlier detection for a listener.A builder forOutlierDetection
An implementation forOutlierDetection
Used to generate query parameter matching methods.Configuration forQueryParameterMatch
.A builder forQueryParameterMatchConfig
An implementation forQueryParameterMatchConfig
Route represents a new or existing route attached to a VirtualRouter and Mesh.A fluent builder forRoute
.Interface with properties ncecessary to import a reusable Route.A builder forRouteAttributes
An implementation forRouteAttributes
Base interface properties for all Routes.A builder forRouteBaseProps
An implementation forRouteBaseProps
Properties to define new Routes.A builder forRouteProps
An implementation forRouteProps
Used to generate specs with different protocols for a RouteSpec.All Properties for Route Specs.A builder forRouteSpecConfig
An implementation forRouteSpecConfig
Base options for all route specs.A builder forRouteSpecOptionsBase
An implementation forRouteSpecOptionsBase
Provides the Service Discovery method a VirtualNode uses.Properties for VirtualNode Service Discovery.A builder forServiceDiscoveryConfig
An implementation forServiceDiscoveryConfig
Used to generate Subject Alternative Names Matchers.All Properties for Subject Alternative Names Matcher for both Client Policy and Listener.A builder forSubjectAlternativeNamesMatcherConfig
An implementation forSubjectAlternativeNamesMatcherConfig
Connection pool properties for TCP listeners.A builder forTcpConnectionPool
An implementation forTcpConnectionPool
Properties used to define TCP Based healthchecks.A builder forTcpHealthCheckOptions
An implementation forTcpHealthCheckOptions
TCP events on which you may retry.Properties specific for a TCP Based Routes.A builder forTcpRouteSpecOptions
An implementation forTcpRouteSpecOptions
Represents timeouts for TCP protocols.A builder forTcpTimeout
An implementation forTcpTimeout
Represent the TCP Node Listener property.A builder forTcpVirtualNodeListenerOptions
An implementation forTcpVirtualNodeListenerOptions
Represents a TLS certificate.A wrapper for the tls config returned byTlsCertificate.bind
.A builder forTlsCertificateConfig
An implementation forTlsCertificateConfig
Represents the properties needed to define client policy.A builder forTlsClientPolicy
An implementation forTlsClientPolicy
Enum of supported TLS modes.Represents the properties needed to define TLS Validation context.A builder forTlsValidation
An implementation forTlsValidation
Defines the TLS Validation Context Trust.All Properties for TLS Validation Trusts for both Client Policy and Listener.A builder forTlsValidationTrustConfig
An implementation forTlsValidationTrustConfig
VirtualGateway represents a newly defined App Mesh Virtual Gateway.A fluent builder forVirtualGateway
.Unterface with properties necessary to import a reusable VirtualGateway.A builder forVirtualGatewayAttributes
An implementation forVirtualGatewayAttributes
Basic configuration properties for a VirtualGateway.A builder forVirtualGatewayBaseProps
An implementation forVirtualGatewayBaseProps
Represents the properties needed to define listeners for a VirtualGateway.Properties for a VirtualGateway listener.A builder forVirtualGatewayListenerConfig
An implementation forVirtualGatewayListenerConfig
Properties used when creating a new VirtualGateway.A builder forVirtualGatewayProps
An implementation forVirtualGatewayProps
VirtualNode represents a newly defined AppMesh VirtualNode.A fluent builder forVirtualNode
.Interface with properties necessary to import a reusable VirtualNode.A builder forVirtualNodeAttributes
An implementation forVirtualNodeAttributes
Basic configuration properties for a VirtualNode.A builder forVirtualNodeBaseProps
An implementation forVirtualNodeBaseProps
Defines listener for a VirtualNode.Properties for a VirtualNode listener.A builder forVirtualNodeListenerConfig
An implementation forVirtualNodeListenerConfig
The properties used when creating a new VirtualNode.A builder forVirtualNodeProps
An implementation forVirtualNodeProps
Example:A fluent builder forVirtualRouter
.Interface with properties ncecessary to import a reusable VirtualRouter.A builder forVirtualRouterAttributes
An implementation forVirtualRouterAttributes
Interface with base properties all routers willl inherit.A builder forVirtualRouterBaseProps
An implementation forVirtualRouterBaseProps
Represents the properties needed to define listeners for a VirtualRouter.Properties for a VirtualRouter listener.A builder forVirtualRouterListenerConfig
An implementation forVirtualRouterListenerConfig
The properties used when creating a new VirtualRouter.A builder forVirtualRouterProps
An implementation forVirtualRouterProps
VirtualService represents a service inside an AppMesh.A fluent builder forVirtualService
.Interface with properties ncecessary to import a reusable VirtualService.A builder forVirtualServiceAttributes
An implementation forVirtualServiceAttributes
Represents the properties needed to define a Virtual Service backend.A builder forVirtualServiceBackendOptions
An implementation forVirtualServiceBackendOptions
The properties applied to the VirtualService being defined.A builder forVirtualServiceProps
An implementation forVirtualServiceProps
Represents the properties needed to define the provider for a VirtualService.Properties for a VirtualService provider.A builder forVirtualServiceProviderConfig
An implementation forVirtualServiceProviderConfig
Properties for the Weighted Targets in the route.A builder forWeightedTarget
An implementation forWeightedTarget