MutualTlsCertificate
- class aws_cdk.aws_appmesh.MutualTlsCertificate
Bases:
TlsCertificate
Represents a TLS certificate that is supported for mutual TLS authentication.
- ExampleMetadata:
infused
Example:
# mesh: appmesh.Mesh node1 = appmesh.VirtualNode(self, "node1", mesh=mesh, service_discovery=appmesh.ServiceDiscovery.dns("node"), listeners=[appmesh.VirtualNodeListener.grpc( port=80, tls=appmesh.ListenerTlsOptions( mode=appmesh.TlsMode.STRICT, certificate=appmesh.TlsCertificate.file("path/to/certChain", "path/to/privateKey"), # Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate. mutual_tls_validation=appmesh.MutualTlsValidation( trust=appmesh.TlsValidationTrust.file("path-to-certificate") ) ) )] ) certificate_authority_arn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012" node2 = appmesh.VirtualNode(self, "node2", mesh=mesh, service_discovery=appmesh.ServiceDiscovery.dns("node2"), backend_defaults=appmesh.BackendDefaults( tls_client_policy=appmesh.TlsClientPolicy( ports=[8080, 8081], validation=appmesh.TlsValidation( subject_alternative_names=appmesh.SubjectAlternativeNames.matching_exactly("mesh-endpoint.apps.local"), trust=appmesh.TlsValidationTrust.acm([ acmpca.CertificateAuthority.from_certificate_authority_arn(self, "certificate", certificate_authority_arn) ]) ), # Provide a SDS client certificate when a server requests it and enable mutual TLS authentication. mutual_tls_certificate=appmesh.TlsCertificate.sds("secret_certificate") ) ) )
Methods
- abstract bind(_scope)
Returns TLS certificate based provider.
- Parameters:
_scope (
Construct
) –- Return type:
Static Methods
- classmethod acm(certificate)
Returns an ACM TLS Certificate.
- Parameters:
certificate (
ICertificate
) –- Return type:
- classmethod file(certificate_chain_path, private_key_path)
Returns an File TLS Certificate.
- Parameters:
certificate_chain_path (
str
) –private_key_path (
str
) –
- Return type:
- classmethod sds(secret_name)
Returns an SDS TLS Certificate.
- Parameters:
secret_name (
str
) –- Return type: