AWS::NetworkFirewall::TLSInspectionConfiguration ServerCertificateScope - AWS CloudFormation
SyntaxProperties

This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::NetworkFirewall::TLSInspectionConfiguration ServerCertificateScope

Settings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic that Network Firewall should decrypt for inspection by the stateful rule engine.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "DestinationPorts" : [ PortRange, ... ],
  "Destinations" : [ Address, ... ],
  "Protocols" : [ Integer, ... ],
  "SourcePorts" : [ PortRange, ... ],
  "Sources" : [ Address, ... ]
}

Properties

DestinationPorts

The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.

You can specify individual ports, for example 1994, and you can specify port ranges, such as 1990:1994.

Required: No

Type: Array of PortRange

Update requires: No interruption

Destinations

The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.

Required: No

Type: Array of Address

Update requires: No interruption

Protocols

The protocols to inspect for, specified using the assigned internet protocol number (IANA) for each protocol. If not specified, this matches with any protocol.

Network Firewall currently supports only TCP.

Required: No

Type: Array of Integer

Update requires: No interruption

SourcePorts

The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.

You can specify individual ports, for example 1994, and you can specify port ranges, such as 1990:1994.

Required: No

Type: Array of PortRange

Update requires: No interruption

Sources

The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.

Required: No

Type: Array of Address

Update requires: No interruption