AWS Tools for Windows PowerShell
Command Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Synopsis

Calls the AWS App Mesh CreateVirtualNode API operation.

Syntax

New-AMSHVirtualNode
-VirtualNodeName <String>
-AwsCloudMap_Attribute <AwsCloudMapInstanceAttribute[]>
-Spec_Backend <Backend[]>
-Acm_CertificateAuthorityArn <String[]>
-Spec_BackendDefaults_ClientPolicy_Tls_Certificate_File_CertificateChain <String>
-Spec_BackendDefaults_ClientPolicy_Tls_Validation_Trust_File_CertificateChain <String>
-Tls_Enforce <Boolean>
-Match_Exact <String[]>
-Dns_Hostname <String>
-Spec_Listener <Listener[]>
-MeshName <String>
-MeshOwner <String>
-AwsCloudMap_NamespaceName <String>
-File_Path <String>
-Tls_Port <Int32[]>
-File_PrivateKey <String>
-Dns_ResponseType <DnsResponseType>
-Spec_BackendDefaults_ClientPolicy_Tls_Certificate_Sds_SecretName <String>
-Spec_BackendDefaults_ClientPolicy_Tls_Validation_Trust_Sds_SecretName <String>
-AwsCloudMap_ServiceName <String>
-Tag <TagRef[]>
-ClientToken <String>
-Select <String>
-PassThru <SwitchParameter>
-Force <SwitchParameter>

Description

Creates a virtual node within a service mesh. A virtual node acts as a logical pointer to a particular task group, such as an Amazon ECS service or a Kubernetes deployment. When you create a virtual node, you can specify the service discovery information for your task group, and whether the proxy running in a task group will communicate with other proxies using Transport Layer Security (TLS). You define a listener for any inbound traffic that your virtual node expects. Any virtual service that your virtual node expects to communicate to is specified as a backend. The response metadata for your new virtual node contains the arn that is associated with the virtual node. Set this value to the full ARN; for example, arn:aws:appmesh:us-west-2:123456789012:myMesh/default/virtualNode/myApp) as the APPMESH_RESOURCE_ARN environment variable for your task group's Envoy proxy container in your task definition or pod spec. This is then mapped to the node.id and node.cluster Envoy parameters. By default, App Mesh uses the name of the resource you specified in APPMESH_RESOURCE_ARN when Envoy is referring to itself in metrics and traces. You can override this behavior by setting the APPMESH_RESOURCE_CLUSTER environment variable with your own name. For more information about virtual nodes, see Virtual nodes. You must be using 1.15.0 or later of the Envoy image when setting these variables. For more information aboutApp Mesh Envoy variables, see Envoy image in the AWS App Mesh User Guide.

Parameters

-Acm_CertificateAuthorityArn <String[]>
One or more ACM Amazon Resource Name (ARN)s.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_BackendDefaults_ClientPolicy_Tls_Validation_Trust_Acm_CertificateAuthorityArns
-AwsCloudMap_Attribute <AwsCloudMapInstanceAttribute[]>
A string map that contains attributes with values that you can use to filter instances by any custom attribute that you specified when you registered the instance. Only instances that match all of the specified key/value pairs will be returned.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_ServiceDiscovery_AwsCloudMap_Attributes
-AwsCloudMap_NamespaceName <String>
The name of the Cloud Map namespace to use.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_ServiceDiscovery_AwsCloudMap_NamespaceName
-AwsCloudMap_ServiceName <String>
The name of the Cloud Map service to use.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_ServiceDiscovery_AwsCloudMap_ServiceName
-ClientToken <String>
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Up to 36 letters, numbers, hyphens, and underscores are allowed.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Dns_Hostname <String>
Specifies the DNS service discovery hostname for the virtual node.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_ServiceDiscovery_Dns_Hostname
-Dns_ResponseType <DnsResponseType>
Specifies the DNS response type for the virtual node.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_ServiceDiscovery_Dns_ResponseType
-File_Path <String>
The file path to write access logs to. You can use /dev/stdout to send access logs to standard out and configure your Envoy container to use a log driver, such as awslogs, to export the access logs to a log storage service such as Amazon CloudWatch Logs. You can also specify a path in the Envoy container's file system to write the files to disk.The Envoy process must have write permissions to the path that you specify here. Otherwise, Envoy fails to bootstrap properly.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_Logging_AccessLog_File_Path
-File_PrivateKey <String>
The private key for a certificate stored on the file system of the virtual node that the proxy is running on.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_BackendDefaults_ClientPolicy_Tls_Certificate_File_PrivateKey
-Force <SwitchParameter>
This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Match_Exact <String[]>
The values sent must match the specified values exactly.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_BackendDefaults_ClientPolicy_Tls_Validation_SubjectAlternativeNames_Match_Exact
-MeshName <String>
The name of the service mesh to create the virtual node in.
Required?True
Position?Named
Accept pipeline input?True (ByPropertyName)
-MeshOwner <String>
The AWS IAM account ID of the service mesh owner. If the account ID is not your own, then the account that you specify must share the mesh with your account before you can create the resource in the service mesh. For more information about mesh sharing, see Working with shared meshes.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-PassThru <SwitchParameter>
Changes the cmdlet behavior to return the value passed to the VirtualNodeName parameter. The -PassThru parameter is deprecated, use -Select '^VirtualNodeName' instead. This parameter will be removed in a future version.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Select <String>
Use the -Select parameter to control the cmdlet output. The default value is 'VirtualNode'. Specifying -Select '*' will result in the cmdlet returning the whole service response (Amazon.AppMesh.Model.CreateVirtualNodeResponse). Specifying the name of a property of type Amazon.AppMesh.Model.CreateVirtualNodeResponse will result in that property being returned. Specifying -Select '^ParameterName' will result in the cmdlet returning the selected cmdlet parameter value.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Spec_Backend <Backend[]>
The backends that the virtual node is expected to send outbound traffic to.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_Backends
-Spec_BackendDefaults_ClientPolicy_Tls_Certificate_File_CertificateChain <String>
The certificate chain for the certificate.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Spec_BackendDefaults_ClientPolicy_Tls_Certificate_Sds_SecretName <String>
A reference to an object that represents the name of the secret requested from the Secret Discovery Service provider representing Transport Layer Security (TLS) materials like a certificate or certificate chain.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSds_SecretName
-Spec_BackendDefaults_ClientPolicy_Tls_Validation_Trust_File_CertificateChain <String>
The certificate trust chain for a certificate stored on the file system of the virtual node that the proxy is running on.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesFile_CertificateChain
-Spec_BackendDefaults_ClientPolicy_Tls_Validation_Trust_Sds_SecretName <String>
A reference to an object that represents the name of the secret for a Transport Layer Security (TLS) Secret Discovery Service validation context trust.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-Spec_Listener <Listener[]>
The listener that the virtual node is expected to receive inbound traffic from. You can specify one listener.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_Listeners
-Tag <TagRef[]>
Optional metadata that you can apply to the virtual node to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesTags
-Tls_Enforce <Boolean>
Whether the policy is enforced. The default is True, if a value isn't specified.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_BackendDefaults_ClientPolicy_Tls_Enforce
-Tls_Port <Int32[]>
One or more ports that the policy is enforced for.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSpec_BackendDefaults_ClientPolicy_Tls_Ports
-VirtualNodeName <String>
The name to use for the virtual node.
Required?True
Position?1
Accept pipeline input?True (ByValue, ByPropertyName)

Common Credential and Region Parameters

-AccessKey <String>
The AWS access key for the user account. This can be a temporary access key if the corresponding session token is supplied to the -SessionToken parameter.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAK
-Credential <AWSCredentials>
An AWSCredentials object instance containing access and secret key information, and optionally a token for session-based credentials.
Required?False
Position?Named
Accept pipeline input?True (ByValue, ByPropertyName)
-EndpointUrl <String>
The endpoint to make the call against.Note: This parameter is primarily for internal AWS use and is not required/should not be specified for normal usage. The cmdlets normally determine which endpoint to call based on the region specified to the -Region parameter or set as default in the shell (via Set-DefaultAWSRegion). Only specify this parameter if you must direct the call to a specific custom endpoint.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
-NetworkCredential <PSCredential>
Used with SAML-based authentication when ProfileName references a SAML role profile. Contains the network credentials to be supplied during authentication with the configured identity provider's endpoint. This parameter is not required if the user's default network identity can or should be used during authentication.
Required?False
Position?Named
Accept pipeline input?True (ByValue, ByPropertyName)
-ProfileLocation <String>
Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)If this optional parameter is omitted this cmdlet will search the encrypted credential file used by the AWS SDK for .NET and AWS Toolkit for Visual Studio first. If the profile is not found then the cmdlet will search in the ini-format credential file at the default location: (user's home directory)\.aws\credentials.If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesAWSProfilesLocation, ProfilesLocation
-ProfileName <String>
The user-defined name of an AWS credentials or SAML-based role profile containing credential information. The profile is expected to be found in the secure credential file shared with the AWS SDK for .NET and AWS Toolkit for Visual Studio. You can also specify the name of a profile stored in the .ini-format credential file used with the AWS CLI and other AWS SDKs.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesStoredCredentials, AWSProfileName
-Region <Object>
The system name of an AWS region or an AWSRegion instance. This governs the endpoint that will be used when calling service operations. Note that the AWS resources referenced in a call are usually region-specific.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesRegionToCall
-SecretKey <String>
The AWS secret key for the user account. This can be a temporary secret key if the corresponding session token is supplied to the -SessionToken parameter.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesSK, SecretAccessKey
-SessionToken <String>
The session token if the access and secret keys are temporary session-based credentials.
Required?False
Position?Named
Accept pipeline input?True (ByPropertyName)
AliasesST

Outputs

Amazon.AppMesh.Model.VirtualNodeData or Amazon.AppMesh.Model.CreateVirtualNodeResponse
This cmdlet returns an Amazon.AppMesh.Model.VirtualNodeData object. The service call response (type Amazon.AppMesh.Model.CreateVirtualNodeResponse) can also be referenced from properties attached to the cmdlet entry in the $AWSHistory stack.
User Guide
Service API Reference
AWS Tools for PowerShell User Guide

Supported Version

AWS Tools for PowerShell: 2.x.y.z