MutualAuthentication
- class aws_cdk.aws_elasticloadbalancingv2.MutualAuthentication(*, ignore_client_certificate_expiry=None, mutual_authentication_mode=None, trust_store=None)
Bases:
objectThe mutual authentication configuration information.
- Parameters:
ignore_client_certificate_expiry (
Optional[bool]) – Indicates whether expired client certificates are ignored. Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH Default: falsemutual_authentication_mode (
Optional[MutualAuthenticationMode]) – The client certificate handling method. Default: MutualAuthenticationMode.OFFtrust_store (
Optional[ITrustStore]) – The trust store. Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH Default: - no trust store
- ExampleMetadata:
infused
Example:
import aws_cdk.aws_certificatemanager as acm # certificate: acm.Certificate # lb: elbv2.ApplicationLoadBalancer # bucket: s3.Bucket trust_store = elbv2.TrustStore(self, "Store", bucket=bucket, key="rootCA_cert.pem" ) lb.add_listener("Listener", port=443, protocol=elbv2.ApplicationProtocol.HTTPS, certificates=[certificate], # mTLS settings mutual_authentication=elbv2.MutualAuthentication( ignore_client_certificate_expiry=False, mutual_authentication_mode=elbv2.MutualAuthenticationMode.VERIFY, trust_store=trust_store ), default_action=elbv2.ListenerAction.fixed_response(200, content_type="text/plain", message_body="Success mTLS") )
Attributes
- ignore_client_certificate_expiry
Indicates whether expired client certificates are ignored.
Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH
- Default:
false
- mutual_authentication_mode
The client certificate handling method.
- Default:
MutualAuthenticationMode.OFF
- trust_store
The trust store.
Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH
- Default:
no trust store