TlsValidationContext - Amazon App Mesh
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


An object that represents how the proxy will validate its peer during Transport Layer Security (TLS) negotiation.



A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.

Type: TlsValidationContextTrust object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: Yes


A reference to an object that represents the SANs for a Transport Layer Security (TLS) validation context. If you don't specify SANs on the terminating mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the originating mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration. Since SPIRE vended certificates have a SPIFFE ID as a name, you must set the SAN since the name doesn't match the service discovery name.

Type: SubjectAlternativeNames object

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: