Class MutualTlsValidation
Represents the properties needed to define TLS Validation context that is supported for mutual TLS authentication.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.AppMesh
Assembly: Amazon.CDK.AWS.AppMesh.dll
Syntax (csharp)
public class MutualTlsValidation : Object, IMutualTlsValidation
Syntax (vb)
Public Class MutualTlsValidation
Inherits Object
Implements IMutualTlsValidation
Remarks
ExampleMetadata: infused
Examples
Mesh mesh;
var node1 = new VirtualNode(this, "node1", new VirtualNodeProps {
Mesh = mesh,
ServiceDiscovery = ServiceDiscovery.Dns("node"),
Listeners = new [] { VirtualNodeListener.Grpc(new GrpcVirtualNodeListenerOptions {
Port = 80,
Tls = new ListenerTlsOptions {
Mode = TlsMode.STRICT,
Certificate = TlsCertificate.File("path/to/certChain", "path/to/privateKey"),
// Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate.
MutualTlsValidation = new MutualTlsValidation {
Trust = TlsValidationTrust.File("path-to-certificate")
}
}
}) }
});
var certificateAuthorityArn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012";
var node2 = new VirtualNode(this, "node2", new VirtualNodeProps {
Mesh = mesh,
ServiceDiscovery = ServiceDiscovery.Dns("node2"),
BackendDefaults = new BackendDefaults {
TlsClientPolicy = new TlsClientPolicy {
Ports = new [] { 8080, 8081 },
Validation = new TlsValidation {
SubjectAlternativeNames = SubjectAlternativeNames.MatchingExactly("mesh-endpoint.apps.local"),
Trust = TlsValidationTrust.Acm(new [] { CertificateAuthority.FromCertificateAuthorityArn(this, "certificate", certificateAuthorityArn) })
},
// Provide a SDS client certificate when a server requests it and enable mutual TLS authentication.
MutualTlsCertificate = TlsCertificate.Sds("secret_certificate")
}
}
});
Synopsis
Constructors
MutualTlsValidation() |
Properties
SubjectAlternativeNames | Represents the subject alternative names (SANs) secured by the certificate. |
Trust | Reference to where to retrieve the trust chain. |
Constructors
MutualTlsValidation()
public MutualTlsValidation()
Properties
SubjectAlternativeNames
Represents the subject alternative names (SANs) secured by the certificate.
public SubjectAlternativeNames SubjectAlternativeNames { get; set; }
Property Value
Remarks
SANs must be in the FQDN or URI format.
Default: - If you don't specify SANs on the terminating mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the originating mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration.
Trust
Reference to where to retrieve the trust chain.
public MutualTlsValidationTrust Trust { get; set; }
Property Value