Description: > This template deploys the mesh and all of its components. Parameters: MeshName: Description: The name of the mesh to create Type: String ServicesDomain: Description: The DNS suffice applied to virtual service names (e.g. default.svc.cluster.local) Type: String ColorTellerGreenRouteWeight: Description: The weight to apply to the Green Color Teller Route Type: Number AllowedValues: [0, 1] Default: 0 ColorGatewayTlsValidationPath: Description: The path to use for TLS client validation on the Color Gateway Type: String Default: "" EnableClientValidationFlag: Description: Flag to determine whether or not to enforce client policy tls validation AllowedValues: ["true", "false"] Type: String Conditions: EnableClientValidation: !Equals [!Ref EnableClientValidationFlag, "true"] ColorGatewayTlsValidationPathPresent: !Not [!Equals [!Ref ColorGatewayTlsValidationPath, ""]] Resources: Mesh: Type: AWS::AppMesh::Mesh Properties: MeshName: !Ref MeshName ColorVirtualGateway: Type: AWS::AppMesh::VirtualGateway Properties: MeshName: !GetAtt Mesh.MeshName VirtualGatewayName: ColorGateway Spec: BackendDefaults: ClientPolicy: TLS: Fn::If: - ColorGatewayTlsValidationPathPresent - Enforce: !If [EnableClientValidation, True, False] Validation: Trust: File: CertificateChain: !Ref ColorGatewayTlsValidationPath - !Ref AWS::NoValue Listeners: - PortMapping: Port: 80 Protocol: http GatewayRoute: DependsOn: - ColorVirtualGateway - ColorTellerVirtualService Type: AWS::AppMesh::GatewayRoute Properties: GatewayRouteName: gateway-gr MeshName: !GetAtt Mesh.MeshName Spec: HttpRoute: Action: Target: VirtualService: VirtualServiceName: !Sub "colorteller.${ServicesDomain}" Match: Prefix: / VirtualGatewayName: ColorGateway ColorTellerWhiteVirtualNode: Type: AWS::AppMesh::VirtualNode Properties: MeshName: !GetAtt Mesh.MeshName VirtualNodeName: ColorTellerWhite Spec: Listeners: - PortMapping: Port: 80 Protocol: http HealthCheck: Protocol: http Path: /ping HealthyThreshold: 2 UnhealthyThreshold: 3 TimeoutMillis: 2000 IntervalMillis: 5000 TLS: Mode: STRICT Certificate: File: CertificateChain: "/keys/colorteller_white_cert_chain.pem" PrivateKey: "/keys/colorteller_white_key.pem" ServiceDiscovery: DNS: Hostname: !Sub "colorteller.${ServicesDomain}" ColorTellerGreenVirtualNode: Type: AWS::AppMesh::VirtualNode Properties: MeshName: !GetAtt Mesh.MeshName VirtualNodeName: ColorTellerGreen Spec: Listeners: - PortMapping: Port: 80 Protocol: http HealthCheck: Protocol: http Path: /ping HealthyThreshold: 2 UnhealthyThreshold: 3 TimeoutMillis: 2000 IntervalMillis: 5000 TLS: Mode: STRICT Certificate: File: CertificateChain: "/keys/colorteller_green_cert_chain.pem" PrivateKey: "/keys/colorteller_green_key.pem" ServiceDiscovery: DNS: Hostname: !Sub "colorteller-green.${ServicesDomain}" ColorTellerVirtualRouter: Type: AWS::AppMesh::VirtualRouter Properties: MeshName: !GetAtt Mesh.MeshName VirtualRouterName: "ColorTellerVirtualRouter" Spec: Listeners: - PortMapping: Port: 80 Protocol: "http" ColorTellerRoute: Type: AWS::AppMesh::Route Properties: MeshName: !GetAtt Mesh.MeshName RouteName: "ColorTellerRoute" VirtualRouterName: !GetAtt ColorTellerVirtualRouter.VirtualRouterName Spec: HttpRoute: Action: WeightedTargets: - VirtualNode: !GetAtt ColorTellerWhiteVirtualNode.VirtualNodeName Weight: 1 - VirtualNode: !GetAtt ColorTellerGreenVirtualNode.VirtualNodeName Weight: Ref: ColorTellerGreenRouteWeight Match: Prefix: "/" ColorTellerVirtualService: Type: AWS::AppMesh::VirtualService Properties: MeshName: !GetAtt Mesh.MeshName VirtualServiceName: !Sub "colorteller.${ServicesDomain}" Spec: Provider: VirtualRouter: VirtualRouterName: !GetAtt ColorTellerVirtualRouter.VirtualRouterName