AWS App Mesh · Schema

TlsValidationContext

An object that represents how the proxy will validate its peer during Transport Layer Security (TLS) negotiation.

DeprecatedEnvoyMicroservicesNetworkingService Mesh

Properties

Name Type Description
subjectAlternativeNames object
trust object
View JSON Schema on GitHub

JSON Schema

app-mesh-tls-validation-context-schema.json Raw ↑ 
{
  "type": "object",
  "properties": {
    "subjectAlternativeNames": {
      "allOf": [
        {
          "$ref": "#/components/schemas/SubjectAlternativeNames"
        },
        {
          "description": "A reference to an object that represents the SANs for a Transport Layer Security (TLS) validation context. If you don't specify SANs on the <i>terminating</i> mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the <i>originating</i> mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration. Since SPIRE vended certificates have a SPIFFE ID as a name, you must set the SAN since the name doesn't match the service discovery name."
        }
      ]
    },
    "trust": {
      "allOf": [
        {
          "$ref": "#/components/schemas/TlsValidationContextTrust"
        },
        {
          "description": "A reference to where to retrieve the trust chain when validating a peer\u2019s Transport Layer Security (TLS) certificate."
        }
      ]
    }
  },
  "required": [
    "trust"
  ],
  "description": "An object that represents how the proxy will validate its peer during Transport Layer Security (TLS) negotiation.",
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/aws-app-mesh/refs/heads/main/json-schema/app-mesh-tls-validation-context-schema.json",
  "title": "TlsValidationContext"
}