TlsClientPolicy
- class aws_cdk.aws_appmesh.TlsClientPolicy(*, validation, enforce=None, mutual_tls_certificate=None, ports=None)
Bases:
object
Represents the properties needed to define client policy.
- Parameters:
validation (
Union
[TlsValidation
,Dict
[str
,Any
]]) – Represents the object for TLS validation context.enforce (
Optional
[bool
]) – Whether the policy is enforced. Default: truemutual_tls_certificate (
Optional
[MutualTlsCertificate
]) – Represents a client TLS certificate. The certificate will be sent only if the server requests it, enabling mutual TLS. Default: - client TLS certificate is not providedports (
Optional
[Sequence
[Union
[int
,float
]]]) – TLS is enforced on the ports specified here. If no ports are specified, TLS will be enforced on all the ports. Default: - all ports
- ExampleMetadata:
infused
Example:
# mesh: appmesh.Mesh # service: cloudmap.Service node = appmesh.VirtualNode(self, "node", mesh=mesh, service_discovery=appmesh.ServiceDiscovery.cloud_map(service), listeners=[appmesh.VirtualNodeListener.http( port=8080, health_check=appmesh.HealthCheck.http( healthy_threshold=3, interval=Duration.seconds(5), path="/ping", timeout=Duration.seconds(2), unhealthy_threshold=2 ), timeout=appmesh.HttpTimeout( idle=Duration.seconds(5) ) )], backend_defaults=appmesh.BackendDefaults( tls_client_policy=appmesh.TlsClientPolicy( validation=appmesh.TlsValidation( trust=appmesh.TlsValidationTrust.file("/keys/local_cert_chain.pem") ) ) ), access_log=appmesh.AccessLog.from_file_path("/dev/stdout") ) cdk.Tags.of(node).add("Environment", "Dev")
Attributes
- enforce
Whether the policy is enforced.
- Default:
true
- mutual_tls_certificate
Represents a client TLS certificate.
The certificate will be sent only if the server requests it, enabling mutual TLS.
- Default:
client TLS certificate is not provided
- ports
TLS is enforced on the ports specified here.
If no ports are specified, TLS will be enforced on all the ports.
- Default:
all ports
- validation
Represents the object for TLS validation context.