@Generated(value="jsii-pacmak/1.57.0 (build f614666)", date="2022-04-22T09:30:45.205Z") @Stability(value=Stable) public interface MutualTlsValidation extends software.amazon.jsii.JsiiSerializable
Example:
// Example automatically generated from non-compiling source. May contain errors.
Mesh mesh;
VirtualNode node1 = VirtualNode.Builder.create(this, "node1")
.mesh(mesh)
.serviceDiscovery(ServiceDiscovery.dns("node"))
.listeners(List.of(VirtualNodeListener.grpc(GrpcVirtualNodeListenerOptions.builder()
.port(80)
.tls(ListenerTlsOptions.builder()
.mode(TlsMode.STRICT)
.certificate(TlsCertificate.file("path/to/certChain", "path/to/privateKey"))
// Validate a file client certificates to enable mutual TLS authentication when a client provides a certificate.
.mutualTlsValidation(MutualTlsValidation.builder()
.trust(TlsValidationTrust.file("path-to-certificate"))
.build())
.build())
.build())))
.build();
String certificateAuthorityArn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012";
VirtualNode node2 = VirtualNode.Builder.create(this, "node2")
.mesh(mesh)
.serviceDiscovery(ServiceDiscovery.dns("node2"))
.backendDefaults(BackendDefaults.builder()
.tlsClientPolicy(TlsClientPolicy.builder()
.ports(List.of(8080, 8081))
.validation(TlsValidation.builder()
.subjectAlternativeNames(SubjectAlternativeNames.matchingExactly("mesh-endpoint.apps.local"))
.trust(TlsValidationTrust.acm(List.of(CertificateAuthority.fromCertificateAuthorityArn(this, "certificate", certificateAuthorityArn))))
.build())
// Provide a SDS client certificate when a server requests it and enable mutual TLS authentication.
.mutualTlsCertificate(TlsCertificate.sds("secret_certificate"))
.build())
.build())
.build();
| Modifier and Type | Interface and Description |
|---|---|
static class |
MutualTlsValidation.Builder
A builder for
MutualTlsValidation |
static class |
MutualTlsValidation.Jsii$Proxy
An implementation for
MutualTlsValidation |
| Modifier and Type | Method and Description |
|---|---|
static MutualTlsValidation.Builder |
builder() |
default SubjectAlternativeNames |
getSubjectAlternativeNames()
Represents the subject alternative names (SANs) secured by the certificate.
|
MutualTlsValidationTrust |
getTrust()
Reference to where to retrieve the trust chain.
|
@Stability(value=Stable) @NotNull MutualTlsValidationTrust getTrust()
@Stability(value=Stable) @Nullable default SubjectAlternativeNames getSubjectAlternativeNames()
SANs must be in the FQDN or URI format.
Default: - If you don't specify SANs on the terminating mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the originating mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration.
@Stability(value=Stable) static MutualTlsValidation.Builder builder()
MutualTlsValidation.Builder of MutualTlsValidationCopyright © 2022. All rights reserved.