Resource: awsAppmeshVirtualGateway
Provides an AWS App Mesh virtual gateway resource.
Example Usage
Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.appmeshVirtualGateway.AppmeshVirtualGateway(this, "example", {
meshName: "example-service-mesh",
name: "example-virtual-gateway",
spec: {
listener: [
{
portMapping: {
port: 8080,
protocol: "http",
},
},
],
},
tags: {
Environment: "test",
},
});
Access Logs and TLS
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.appmeshVirtualGateway.AppmeshVirtualGateway(this, "example", {
meshName: "example-service-mesh",
name: "example-virtual-gateway",
spec: {
listener: [
{
portMapping: {
port: 8080,
protocol: "http",
},
tls: {
certificate: {
acm: {
certificateArn: "${aws_acm_certificate.example.arn}",
},
},
mode: "STRICT",
},
},
],
logging: {
accessLog: {
file: {
path: "/var/log/access.log",
},
},
},
},
});
Argument Reference
The following arguments are supported:
name
- (Required) Name to use for the virtual gateway. Must be between 1 and 255 characters in length.meshName
- (Required) Name of the service mesh in which to create the virtual gateway. Must be between 1 and 255 characters in length.meshOwner
- (Optional) AWS account ID of the service mesh's owner. Defaults to the account ID the AWS provider is currently connected to.spec
- (Required) Virtual gateway specification to apply.tags
- (Optional) Map of tags to assign to the resource. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
The spec
object supports the following:
listener
- (Required) Listeners that the mesh endpoint is expected to receive inbound traffic from. You can specify one listener.backendDefaults
- (Optional) Defaults for backends.logging
- (Optional) Inbound and outbound access logging information for the virtual gateway.
The backendDefaults
object supports the following:
clientPolicy
- (Optional) Default client policy for virtual gateway backends.
The clientPolicy
object supports the following:
tls
- (Optional) Transport Layer Security (TLS) client policy.
The tls
object supports the following:
certificate
(Optional) Virtual gateway's client's Transport Layer Security (TLS) certificate.enforce
- (Optional) Whether the policy is enforced. Default istrue
.ports
- (Optional) One or more ports that the policy is enforced for.validation
- (Required) TLS validation context.
The certificate
object supports the following:
file
- (Optional) Local file certificate.sds
- (Optional) A Secret Discovery Service certificate.
The file
object supports the following:
certificateChain
- (Required) Certificate chain for the certificate.privateKey
- (Required) Private key for a certificate stored on the file system of the mesh endpoint that the proxy is running on.
The sds
object supports the following:
secretName
- (Required) Name of the secret secret requested from the Secret Discovery Service provider representing Transport Layer Security (TLS) materials like a certificate or certificate chain.
The validation
object supports the following:
subjectAlternativeNames
- (Optional) SANs for a virtual gateway's listener's Transport Layer Security (TLS) validation context.trust
- (Required) TLS validation context trust.
The subjectAlternativeNames
object supports the following:
match
- (Required) Criteria for determining a SAN's match.
The match
object supports the following:
exact
- (Required) Values sent must match the specified values exactly.
The trust
object supports the following:
acm
- (Optional) TLS validation context trust for an AWS Certificate Manager (ACM) certificate.file
- (Optional) TLS validation context trust for a local file certificate.sds
- (Optional) TLS validation context trust for a Secret Discovery Service certificate.
The acm
object supports the following:
certificateAuthorityArns
- (Required) One or more ACM ARNs.
The file
object supports the following:
certificateChain
- (Required) Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.
The sds
object supports the following:
secretName
- (Required) Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust.
The listener
object supports the following:
portMapping
- (Required) Port mapping information for the listener.connectionPool
- (Optional) Connection pool information for the listener.healthCheck
- (Optional) Health check information for the listener.tls
- (Optional) Transport Layer Security (TLS) properties for the listener
The logging
object supports the following:
accessLog
- (Optional) Access log configuration for a virtual gateway.
The accessLog
object supports the following:
file
- (Optional) File object to send virtual gateway access logs to.
The file
object supports the following:
format
- (Optional) The specified format for the logs.path
- (Required) File path to write access logs to. You can use/dev/stdout
to send access logs to standard out. Must be between 1 and 255 characters in length.
The format
object supports the following:
json
- (Optional) The logging format for JSON.text
- (Optional) The logging format for text. Must be between 1 and 1000 characters in length.
The json
object supports the following:
key
- (Required) The specified key for the JSON. Must be between 1 and 100 characters in length.value
- (Required) The specified value for the JSON. Must be between 1 and 100 characters in length.
The portMapping
object supports the following:
port
- (Required) Port used for the port mapping.protocol
- (Required) Protocol used for the port mapping. Valid values arehttp
,http2
,tcp
andgrpc
.
The connectionPool
object supports the following:
grpc
- (Optional) Connection pool information for gRPC listeners.http
- (Optional) Connection pool information for HTTP listeners.http2
- (Optional) Connection pool information for HTTP2 listeners.
The grpc
connection pool object supports the following:
maxRequests
- (Required) Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of1
.
The http
connection pool object supports the following:
maxConnections
- (Required) Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of1
.maxPendingRequests
- (Optional) Number of overflowing requests aftermaxConnections
Envoy will queue to upstream cluster. Minimum value of1
.
The http2
connection pool object supports the following:
maxRequests
- (Required) Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of1
.
The healthCheck
object supports the following:
healthyThreshold
- (Required) Number of consecutive successful health checks that must occur before declaring listener healthy.intervalMillis
- (Required) Time period in milliseconds between each health check execution.protocol
- (Required) Protocol for the health check request. Valid values arehttp
,http2
, andgrpc
.timeoutMillis
- (Required) Amount of time to wait when receiving a response from the health check, in milliseconds.unhealthyThreshold
- (Required) Number of consecutive failed health checks that must occur before declaring a virtual gateway unhealthy.path
- (Optional) Destination path for the health check request. This is only required if the specified protocol ishttp
orhttp2
.port
- (Optional) Destination port for the health check request. This port must match the port defined in theportMapping
for the listener.
The tls
object supports the following:
certificate
- (Required) Listener's TLS certificate.mode
- (Required) Listener's TLS mode. Valid values:disabled
,permissive
,strict
.validation
- (Optional) Listener's Transport Layer Security (TLS) validation context.
The certificate
object supports the following:
acm
- (Optional) An AWS Certificate Manager (ACM) certificate.file
- (Optional) Local file certificate.sds
- (Optional) A Secret Discovery Service certificate.
The acm
object supports the following:
certificateArn
- (Required) ARN for the certificate.
The file
object supports the following:
certificateChain
- (Required) Certificate chain for the certificate. Must be between 1 and 255 characters in length.privateKey
- (Required) Private key for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.
The sds
object supports the following:
secretName
- (Required) Name of the secret secret requested from the Secret Discovery Service provider representing Transport Layer Security (TLS) materials like a certificate or certificate chain.
The validation
object supports the following:
subjectAlternativeNames
- (Optional) SANs for a virtual gateway's listener's Transport Layer Security (TLS) validation context.trust
- (Required) TLS validation context trust.
The subjectAlternativeNames
object supports the following:
match
- (Required) Criteria for determining a SAN's match.
The match
object supports the following:
exact
- (Required) Values sent must match the specified values exactly.
The trust
object supports the following:
file
- (Optional) TLS validation context trust for a local file certificate.sds
- (Optional) TLS validation context trust for a Secret Discovery Service certificate.
The file
object supports the following:
certificateChain
- (Required) Certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.
The sds
object supports the following:
secretName
- (Required) Name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- ID of the virtual gateway.arn
- ARN of the virtual gateway.createdDate
- Creation date of the virtual gateway.lastUpdatedDate
- Last update date of the virtual gateway.resourceOwner
- Resource owner's AWS account ID.tagsAll
- Map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.
Import
App Mesh virtual gateway can be imported using meshName
together with the virtual gateway's name
, e.g.,