We recommend new projects start with resources from the AWS provider.
aws-native.networkfirewall.TlsInspectionConfiguration
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
Resource type definition for AWS::NetworkFirewall::TLSInspectionConfiguration
Create TlsInspectionConfiguration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TlsInspectionConfiguration(name: string, args: TlsInspectionConfigurationArgs, opts?: CustomResourceOptions);
@overload
def TlsInspectionConfiguration(resource_name: str,
args: TlsInspectionConfigurationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def TlsInspectionConfiguration(resource_name: str,
opts: Optional[ResourceOptions] = None,
tls_inspection_configuration: Optional[TlsInspectionConfigurationTlsInspectionConfigurationArgs] = None,
description: Optional[str] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
tls_inspection_configuration_name: Optional[str] = None)
func NewTlsInspectionConfiguration(ctx *Context, name string, args TlsInspectionConfigurationArgs, opts ...ResourceOption) (*TlsInspectionConfiguration, error)
public TlsInspectionConfiguration(string name, TlsInspectionConfigurationArgs args, CustomResourceOptions? opts = null)
public TlsInspectionConfiguration(String name, TlsInspectionConfigurationArgs args)
public TlsInspectionConfiguration(String name, TlsInspectionConfigurationArgs args, CustomResourceOptions options)
type: aws-native:networkfirewall:TlsInspectionConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
TlsInspectionConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The TlsInspectionConfiguration resource accepts the following input properties:
- TLSInspection
Configuration Pulumi.Value Aws Native. Network Firewall. Inputs. Tls Inspection Configuration Tls Inspection Configuration - The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
- Description string
- A description of the TLS inspection configuration.
- List<Pulumi.
Aws Native. Inputs. Tag> - The key:value pairs to associate with the resource.
- Tls
Inspection stringConfiguration Name - The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
- Tls
Inspection TlsConfiguration Inspection Configuration Tls Inspection Configuration Args - The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
- Description string
- A description of the TLS inspection configuration.
- Tag
Args - The key:value pairs to associate with the resource.
- Tls
Inspection stringConfiguration Name - The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
- tls
Inspection TlsConfiguration Inspection Configuration Tls Inspection Configuration - The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
- description String
- A description of the TLS inspection configuration.
- List<Tag>
- The key:value pairs to associate with the resource.
- tls
Inspection StringConfiguration Name - The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
- tls
Inspection TlsConfiguration Inspection Configuration Tls Inspection Configuration - The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
- description string
- A description of the TLS inspection configuration.
- Tag[]
- The key:value pairs to associate with the resource.
- tls
Inspection stringConfiguration Name - The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
- tls_
inspection_ Tlsconfiguration Inspection Configuration Tls Inspection Configuration Args - The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
- description str
- A description of the TLS inspection configuration.
- Sequence[Tag
Args] - The key:value pairs to associate with the resource.
- tls_
inspection_ strconfiguration_ name - The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
- tls
Inspection Property MapConfiguration - The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
- description String
- A description of the TLS inspection configuration.
- List<Property Map>
- The key:value pairs to associate with the resource.
- tls
Inspection StringConfiguration Name - The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
Outputs
All input properties are implicitly available as output properties. Additionally, the TlsInspectionConfiguration resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Tls
Inspection stringConfiguration Arn - The Amazon Resource Name (ARN) of the TLS inspection configuration.
- Tls
Inspection stringConfiguration Id - A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
- Id string
- The provider-assigned unique ID for this managed resource.
- Tls
Inspection stringConfiguration Arn - The Amazon Resource Name (ARN) of the TLS inspection configuration.
- Tls
Inspection stringConfiguration Id - A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
- id String
- The provider-assigned unique ID for this managed resource.
- tls
Inspection StringConfiguration Arn - The Amazon Resource Name (ARN) of the TLS inspection configuration.
- tls
Inspection StringConfiguration Id - A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
- id string
- The provider-assigned unique ID for this managed resource.
- tls
Inspection stringConfiguration Arn - The Amazon Resource Name (ARN) of the TLS inspection configuration.
- tls
Inspection stringConfiguration Id - A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
- id str
- The provider-assigned unique ID for this managed resource.
- tls_
inspection_ strconfiguration_ arn - The Amazon Resource Name (ARN) of the TLS inspection configuration.
- tls_
inspection_ strconfiguration_ id - A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
- id String
- The provider-assigned unique ID for this managed resource.
- tls
Inspection StringConfiguration Arn - The Amazon Resource Name (ARN) of the TLS inspection configuration.
- tls
Inspection StringConfiguration Id - A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
Supporting Types
Tag, TagArgs
TlsInspectionConfigurationAddress, TlsInspectionConfigurationAddressArgs
- Address
Definition string Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.
Examples:
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
192.0.2.44/32
. - To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify
192.0.2.0/24
. - To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
1111:0000:0000:0000:0000:0000:0000:0111/128
. - To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1111:0000:0000:0000:0000:0000:0000:0000/64
.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
- Address
Definition string Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.
Examples:
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
192.0.2.44/32
. - To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify
192.0.2.0/24
. - To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
1111:0000:0000:0000:0000:0000:0000:0111/128
. - To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1111:0000:0000:0000:0000:0000:0000:0000/64
.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
- address
Definition String Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.
Examples:
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
192.0.2.44/32
. - To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify
192.0.2.0/24
. - To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
1111:0000:0000:0000:0000:0000:0000:0111/128
. - To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1111:0000:0000:0000:0000:0000:0000:0000/64
.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
- address
Definition string Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.
Examples:
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
192.0.2.44/32
. - To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify
192.0.2.0/24
. - To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
1111:0000:0000:0000:0000:0000:0000:0111/128
. - To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1111:0000:0000:0000:0000:0000:0000:0000/64
.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
- address_
definition str Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.
Examples:
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
192.0.2.44/32
. - To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify
192.0.2.0/24
. - To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
1111:0000:0000:0000:0000:0000:0000:0111/128
. - To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1111:0000:0000:0000:0000:0000:0000:0000/64
.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
- address
Definition String Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.
Examples:
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
192.0.2.44/32
. - To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify
192.0.2.0/24
. - To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
1111:0000:0000:0000:0000:0000:0000:0111/128
. - To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1111:0000:0000:0000:0000:0000:0000:0000/64
.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
- To configure Network Firewall to inspect for the IP address 192.0.2.44, specify
TlsInspectionConfigurationPortRange, TlsInspectionConfigurationPortRangeArgs
TlsInspectionConfigurationRevokedStatusAction, TlsInspectionConfigurationRevokedStatusActionArgs
- Pass
- PASS
- Drop
- DROP
- Reject
- REJECT
- Tls
Inspection Configuration Revoked Status Action Pass - PASS
- Tls
Inspection Configuration Revoked Status Action Drop - DROP
- Tls
Inspection Configuration Revoked Status Action Reject - REJECT
- Pass
- PASS
- Drop
- DROP
- Reject
- REJECT
- Pass
- PASS
- Drop
- DROP
- Reject
- REJECT
- PASS_
- PASS
- DROP
- DROP
- REJECT
- REJECT
- "PASS"
- PASS
- "DROP"
- DROP
- "REJECT"
- REJECT
TlsInspectionConfigurationServerCertificate, TlsInspectionConfigurationServerCertificateArgs
- Resource
Arn string - The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- Resource
Arn string - The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- resource
Arn String - The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- resource
Arn string - The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- resource_
arn str - The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- resource
Arn String - The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
TlsInspectionConfigurationServerCertificateConfiguration, TlsInspectionConfigurationServerCertificateConfigurationArgs
- string
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
- You can't use certificates issued by AWS Private Certificate Authority .
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .
- Check
Certificate Pulumi.Revocation Status Aws Native. Network Firewall. Inputs. Tls Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status Properties - When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a
CertificateAuthorityArn
in ServerCertificateConfiguration . - Scopes
List<Pulumi.
Aws Native. Network Firewall. Inputs. Tls Inspection Configuration Server Certificate Scope> - A list of scopes.
- Server
Certificates List<Pulumi.Aws Native. Network Firewall. Inputs. Tls Inspection Configuration Server Certificate> - The list of server certificates to use for inbound SSL/TLS inspection.
- string
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
- You can't use certificates issued by AWS Private Certificate Authority .
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .
- Check
Certificate TlsRevocation Status Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status Properties - When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a
CertificateAuthorityArn
in ServerCertificateConfiguration . - Scopes
[]Tls
Inspection Configuration Server Certificate Scope - A list of scopes.
- Server
Certificates []TlsInspection Configuration Server Certificate - The list of server certificates to use for inbound SSL/TLS inspection.
- String
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
- You can't use certificates issued by AWS Private Certificate Authority .
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .
- check
Certificate TlsRevocation Status Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status Properties - When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a
CertificateAuthorityArn
in ServerCertificateConfiguration . - scopes
List<Tls
Inspection Configuration Server Certificate Scope> - A list of scopes.
- server
Certificates List<TlsInspection Configuration Server Certificate> - The list of server certificates to use for inbound SSL/TLS inspection.
- string
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
- You can't use certificates issued by AWS Private Certificate Authority .
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .
- check
Certificate TlsRevocation Status Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status Properties - When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a
CertificateAuthorityArn
in ServerCertificateConfiguration . - scopes
Tls
Inspection Configuration Server Certificate Scope[] - A list of scopes.
- server
Certificates TlsInspection Configuration Server Certificate[] - The list of server certificates to use for inbound SSL/TLS inspection.
- str
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
- You can't use certificates issued by AWS Private Certificate Authority .
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .
- check_
certificate_ Tlsrevocation_ status Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status Properties - When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a
CertificateAuthorityArn
in ServerCertificateConfiguration . - scopes
Sequence[Tls
Inspection Configuration Server Certificate Scope] - A list of scopes.
- server_
certificates Sequence[TlsInspection Configuration Server Certificate] - The list of server certificates to use for inbound SSL/TLS inspection.
- String
The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
- You can't use certificates issued by AWS Private Certificate Authority .
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .
For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .
- check
Certificate Property MapRevocation Status - When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a
CertificateAuthorityArn
in ServerCertificateConfiguration . - scopes List<Property Map>
- A list of scopes.
- server
Certificates List<Property Map> - The list of server certificates to use for inbound SSL/TLS inspection.
TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusProperties, TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusPropertiesArgs
TlsInspectionConfigurationServerCertificateScope, TlsInspectionConfigurationServerCertificateScopeArgs
- Destination
Ports List<Pulumi.Aws Native. Network Firewall. Inputs. Tls Inspection Configuration Port Range> The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- Destinations
List<Pulumi.
Aws Native. Network Firewall. Inputs. Tls Inspection Configuration Address> - The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
- Protocols List<int>
- The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
- Source
Ports List<Pulumi.Aws Native. Network Firewall. Inputs. Tls Inspection Configuration Port Range> The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- Sources
List<Pulumi.
Aws Native. Network Firewall. Inputs. Tls Inspection Configuration Address> - The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
- Destination
Ports []TlsInspection Configuration Port Range The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- Destinations
[]Tls
Inspection Configuration Address - The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
- Protocols []int
- The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
- Source
Ports []TlsInspection Configuration Port Range The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- Sources
[]Tls
Inspection Configuration Address - The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
- destination
Ports List<TlsInspection Configuration Port Range> The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- destinations
List<Tls
Inspection Configuration Address> - The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
- protocols List<Integer>
- The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
- source
Ports List<TlsInspection Configuration Port Range> The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- sources
List<Tls
Inspection Configuration Address> - The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
- destination
Ports TlsInspection Configuration Port Range[] The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- destinations
Tls
Inspection Configuration Address[] - The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
- protocols number[]
- The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
- source
Ports TlsInspection Configuration Port Range[] The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- sources
Tls
Inspection Configuration Address[] - The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
- destination_
ports Sequence[TlsInspection Configuration Port Range] The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- destinations
Sequence[Tls
Inspection Configuration Address] - The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
- protocols Sequence[int]
- The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
- source_
ports Sequence[TlsInspection Configuration Port Range] The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- sources
Sequence[Tls
Inspection Configuration Address] - The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
- destination
Ports List<Property Map> The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- destinations List<Property Map>
- The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
- protocols List<Number>
- The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
- source
Ports List<Property Map> The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.- sources List<Property Map>
- The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
TlsInspectionConfigurationTlsInspectionConfiguration, TlsInspectionConfigurationTlsInspectionConfigurationArgs
- Server
Certificate List<Pulumi.Configurations Aws Native. Network Firewall. Inputs. Tls Inspection Configuration Server Certificate Configuration> - Lists the server certificate configurations that are associated with the TLS configuration.
- Server
Certificate []TlsConfigurations Inspection Configuration Server Certificate Configuration - Lists the server certificate configurations that are associated with the TLS configuration.
- server
Certificate List<TlsConfigurations Inspection Configuration Server Certificate Configuration> - Lists the server certificate configurations that are associated with the TLS configuration.
- server
Certificate TlsConfigurations Inspection Configuration Server Certificate Configuration[] - Lists the server certificate configurations that are associated with the TLS configuration.
- server_
certificate_ Sequence[Tlsconfigurations Inspection Configuration Server Certificate Configuration] - Lists the server certificate configurations that are associated with the TLS configuration.
- server
Certificate List<Property Map>Configurations - Lists the server certificate configurations that are associated with the TLS configuration.
TlsInspectionConfigurationUnknownStatusAction, TlsInspectionConfigurationUnknownStatusActionArgs
- Pass
- PASS
- Drop
- DROP
- Reject
- REJECT
- Tls
Inspection Configuration Unknown Status Action Pass - PASS
- Tls
Inspection Configuration Unknown Status Action Drop - DROP
- Tls
Inspection Configuration Unknown Status Action Reject - REJECT
- Pass
- PASS
- Drop
- DROP
- Reject
- REJECT
- Pass
- PASS
- Drop
- DROP
- Reject
- REJECT
- PASS_
- PASS
- DROP
- DROP
- REJECT
- REJECT
- "PASS"
- PASS
- "DROP"
- DROP
- "REJECT"
- REJECT
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.