MutualTlsCertificate

class aws_cdk.aws_appmesh.MutualTlsCertificate

Bases: TlsCertificate

Represents a TLS certificate that is supported for mutual TLS authentication.

ExampleMetadata:

infused

Example:

# mesh: appmesh.Mesh


node1 = appmesh.VirtualNode(self, "node1",
    mesh=mesh,
    service_discovery=appmesh.ServiceDiscovery.dns("node"),
    listeners=[appmesh.VirtualNodeListener.grpc(
        port=80,
        tls=appmesh.ListenerTlsOptions(
            mode=appmesh.TlsMode.STRICT,
            certificate=appmesh.TlsCertificate.file("path/to/certChain", "path/to/privateKey"),
            # Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate.
            mutual_tls_validation=appmesh.MutualTlsValidation(
                trust=appmesh.TlsValidationTrust.file("path-to-certificate")
            )
        )
    )]
)

certificate_authority_arn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012"
node2 = appmesh.VirtualNode(self, "node2",
    mesh=mesh,
    service_discovery=appmesh.ServiceDiscovery.dns("node2"),
    backend_defaults=appmesh.BackendDefaults(
        tls_client_policy=appmesh.TlsClientPolicy(
            ports=[8080, 8081],
            validation=appmesh.TlsValidation(
                subject_alternative_names=appmesh.SubjectAlternativeNames.matching_exactly("mesh-endpoint.apps.local"),
                trust=appmesh.TlsValidationTrust.acm([
                    acmpca.CertificateAuthority.from_certificate_authority_arn(self, "certificate", certificate_authority_arn)
                ])
            ),
            # Provide a SDS client certificate when a server requests it and enable mutual TLS authentication.
            mutual_tls_certificate=appmesh.TlsCertificate.sds("secret_certificate")
        )
    )
)

Methods

abstract bind(_scope)

Returns TLS certificate based provider.

Parameters:

_scope (Construct) –

Return type:

TlsCertificateConfig

Static Methods

classmethod acm(certificate)

Returns an ACM TLS Certificate.

Parameters:

certificate (ICertificate) –

Return type:

TlsCertificate

classmethod file(certificate_chain_path, private_key_path)

Returns an File TLS Certificate.

Parameters:
  • certificate_chain_path (str) –

  • private_key_path (str) –

Return type:

MutualTlsCertificate

classmethod sds(secret_name)

Returns an SDS TLS Certificate.

Parameters:

secret_name (str) –

Return type:

MutualTlsCertificate