TlsValidationTrust

class aws_cdk.aws_appmesh.TlsValidationTrust

Bases: object

Defines the TLS Validation Context Trust.

ExampleMetadata:

infused

Example:

# mesh: appmesh.Mesh
# service: cloudmap.Service


node = appmesh.VirtualNode(self, "node",
    mesh=mesh,
    service_discovery=appmesh.ServiceDiscovery.cloud_map(service),
    listeners=[appmesh.VirtualNodeListener.http(
        port=8080,
        health_check=appmesh.HealthCheck.http(
            healthy_threshold=3,
            interval=Duration.seconds(5),
            path="/ping",
            timeout=Duration.seconds(2),
            unhealthy_threshold=2
        ),
        timeout=appmesh.HttpTimeout(
            idle=Duration.seconds(5)
        )
    )],
    backend_defaults=appmesh.BackendDefaults(
        tls_client_policy=appmesh.TlsClientPolicy(
            validation=appmesh.TlsValidation(
                trust=appmesh.TlsValidationTrust.file("/keys/local_cert_chain.pem")
            )
        )
    ),
    access_log=appmesh.AccessLog.from_file_path("/dev/stdout")
)

cdk.Tags.of(node).add("Environment", "Dev")

Methods

abstract bind(scope)

Returns Trust context based on trust type.

Parameters:

scope (Construct) –

Return type:

TlsValidationTrustConfig

Static Methods

classmethod acm(certificate_authorities)

TLS Validation Context Trust for ACM Private Certificate Authority (CA).

Parameters:

certificate_authorities (Sequence[ICertificateAuthority]) –

Return type:

TlsValidationTrust

classmethod file(certificate_chain)

Tells envoy where to fetch the validation context from.

Parameters:

certificate_chain (str) –

Return type:

MutualTlsValidationTrust

classmethod sds(secret_name)

TLS Validation Context Trust for Envoy’ service discovery service.

Parameters:

secret_name (str) –

Return type:

MutualTlsValidationTrust