AuthenticateJwtOptions

class aws_cdk.aws_elasticloadbalancingv2.AuthenticateJwtOptions(*, issuer, jwks_endpoint, next)

Bases: object

Options for ListenerAction.authenticateJwt().

Parameters:

• issuer (str) – The issuer of the JWT token. This must be a full URL, including the HTTPS protocol, the domain, and the path.

• jwks_endpoint (str) – The JWKS (JSON Web Key Set) endpoint URL. The endpoint must be publicly accessible and return the public keys used to verify JWT signatures.

• next (ListenerAction) – What action to execute next. Multiple actions form a linked chain; the chain must always terminate in a (weighted)forward, fixedResponse or redirect action.

ExampleMetadata:

infused

Example:

# lb: elbv2.ApplicationLoadBalancer
# certificate: elbv2.IListenerCertificate
# my_target_group: elbv2.ApplicationTargetGroup


# JWT authentication requires HTTPS
listener = lb.add_listener("Listener",
    protocol=elbv2.ApplicationProtocol.HTTPS,
    port=443,
    certificates=[certificate],
    default_action=elbv2.ListenerAction.authenticate_jwt(
        issuer="https://issuer.example.com",
        jwks_endpoint="https://issuer.example.com/.well-known/jwks.json",
        next=elbv2.ListenerAction.forward([my_target_group])
    )
)

Attributes

issuer

The issuer of the JWT token.

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Example:

"https://issuer.example.com"

jwks_endpoint

The JWKS (JSON Web Key Set) endpoint URL.

The endpoint must be publicly accessible and return the public keys used to verify JWT signatures.

Example:

"https://issuer.example.com/jwks"

next

What action to execute next.

Multiple actions form a linked chain; the chain must always terminate in a (weighted)forward, fixedResponse or redirect action.