pulumi-aws-kotlin/com.pulumi.aws.lb.kotlin/TrustStore

TrustStore

class TrustStore : KotlinCustomResource

Provides a ELBv2 Trust Store for use with Application Load Balancer Listener resources.

Example Usage

Trust Store Load Balancer Listener

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.lb.TrustStore("test", {
    name: "tf-example-lb-ts",
    caCertificatesBundleS3Bucket: "...",
    caCertificatesBundleS3Key: "...",
});
const example = new aws.lb.Listener("example", {
    loadBalancerArn: exampleAwsLb.id,
    defaultActions: [{
        targetGroupArn: exampleAwsLbTargetGroup.id,
        type: "forward",
    }],
    mutualAuthentication: {
        mode: "verify",
        trustStoreArn: test.arn,
    },
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
test = aws.lb.TrustStore("test",
    name="tf-example-lb-ts",
    ca_certificates_bundle_s3_bucket="...",
    ca_certificates_bundle_s3_key="...")
example = aws.lb.Listener("example",
    load_balancer_arn=example_aws_lb["id"],
    default_actions=[{
        "target_group_arn": example_aws_lb_target_group["id"],
        "type": "forward",
    }],
    mutual_authentication={
        "mode": "verify",
        "trust_store_arn": test.arn,
    })
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var test = new Aws.LB.TrustStore("test", new()
    {
        Name = "tf-example-lb-ts",
        CaCertificatesBundleS3Bucket = "...",
        CaCertificatesBundleS3Key = "...",
    });
    var example = new Aws.LB.Listener("example", new()
    {
        LoadBalancerArn = exampleAwsLb.Id,
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                TargetGroupArn = exampleAwsLbTargetGroup.Id,
                Type = "forward",
            },
        },
        MutualAuthentication = new Aws.LB.Inputs.ListenerMutualAuthenticationArgs
        {
            Mode = "verify",
            TrustStoreArn = test.Arn,
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		test, err := lb.NewTrustStore(ctx, "test", &lb.TrustStoreArgs{
			Name:                         pulumi.String("tf-example-lb-ts"),
			CaCertificatesBundleS3Bucket: pulumi.String("..."),
			CaCertificatesBundleS3Key:    pulumi.String("..."),
		})
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "example", &lb.ListenerArgs{
			LoadBalancerArn: pulumi.Any(exampleAwsLb.Id),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					TargetGroupArn: pulumi.Any(exampleAwsLbTargetGroup.Id),
					Type:           pulumi.String("forward"),
				},
			},
			MutualAuthentication: &lb.ListenerMutualAuthenticationArgs{
				Mode:          pulumi.String("verify"),
				TrustStoreArn: test.Arn,
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.TrustStore;
import com.pulumi.aws.lb.TrustStoreArgs;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerMutualAuthenticationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var test = new TrustStore("test", TrustStoreArgs.builder()
            .name("tf-example-lb-ts")
            .caCertificatesBundleS3Bucket("...")
            .caCertificatesBundleS3Key("...")
            .build());
        var example = new Listener("example", ListenerArgs.builder()
            .loadBalancerArn(exampleAwsLb.id())
            .defaultActions(ListenerDefaultActionArgs.builder()
                .targetGroupArn(exampleAwsLbTargetGroup.id())
                .type("forward")
                .build())
            .mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
                .mode("verify")
                .trustStoreArn(test.arn())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  test:
    type: aws:lb:TrustStore
    properties:
      name: tf-example-lb-ts
      caCertificatesBundleS3Bucket: '...'
      caCertificatesBundleS3Key: '...'
  example:
    type: aws:lb:Listener
    properties:
      loadBalancerArn: ${exampleAwsLb.id}
      defaultActions:
        - targetGroupArn: ${exampleAwsLbTargetGroup.id}
          type: forward
      mutualAuthentication:
        mode: verify
        trustStoreArn: ${test.arn}
Content copied to clipboard

Import

Using pulumi import, import Target Groups using their ARN. For example:

$ pulumi import aws:lb/trustStore:TrustStore example arn:aws:elasticloadbalancing:us-west-2:187416307283:truststore/my-trust-store/20cfe21448b66314
Content copied to clipboard

Properties

Link copied to clipboard
val arn: Output<String>

ARN of the Trust Store (matches id).

Link copied to clipboard
val arnSuffix: Output<String>

ARN suffix for use with CloudWatch Metrics.

Link copied to clipboard
val caCertificatesBundleS3Bucket: Output<String>

S3 Bucket name holding the client certificate CA bundle.

Link copied to clipboard
val caCertificatesBundleS3Key: Output<String>

S3 object key holding the client certificate CA bundle.

Link copied to clipboard
val caCertificatesBundleS3ObjectVersion: Output<String>?

Version Id of CA bundle S3 bucket object, if versioned, defaults to latest if omitted.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val name: Output<String>

Name of the Trust Store. If omitted, the provider will assign a random, unique name. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.

Link copied to clipboard
val namePrefix: Output<String>

Creates a unique name beginning with the specified prefix. Conflicts with name. Cannot be longer than 6 characters.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val tags: Output<Map<String, String>>?

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val tagsAll: Output<Map<String, String>>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Link copied to clipboard
val urn: Output<String>