CfnTLSInspectionConfigurationProps

class aws_cdk.aws_networkfirewall.CfnTLSInspectionConfigurationProps(*, tls_inspection_configuration, tls_inspection_configuration_name, description=None, tags=None)

Bases: object

Properties for defining a CfnTLSInspectionConfiguration.

Parameters:

  • tls_inspection_configuration (Union[IResolvable, TLSInspectionConfigurationProperty, Dict[str, Any]]) – The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall’s inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy’s stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall’s inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .

  • tls_inspection_configuration_name (str) – The descriptive name of the TLS inspection configuration. You can’t change the name of a TLS inspection configuration after you create it.

  • description (Optional[str]) – A description of the TLS inspection configuration.

  • tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – The key:value pairs to associate with the resource.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_networkfirewall as networkfirewall

cfn_tLSInspection_configuration_props = networkfirewall.CfnTLSInspectionConfigurationProps(
    tls_inspection_configuration=networkfirewall.CfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty(
        server_certificate_configurations=[networkfirewall.CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty(
            certificate_authority_arn="certificateAuthorityArn",
            check_certificate_revocation_status=networkfirewall.CfnTLSInspectionConfiguration.CheckCertificateRevocationStatusProperty(
                revoked_status_action="revokedStatusAction",
                unknown_status_action="unknownStatusAction"
            ),
            scopes=[networkfirewall.CfnTLSInspectionConfiguration.ServerCertificateScopeProperty(
                destination_ports=[networkfirewall.CfnTLSInspectionConfiguration.PortRangeProperty(
                    from_port=123,
                    to_port=123
                )],
                destinations=[networkfirewall.CfnTLSInspectionConfiguration.AddressProperty(
                    address_definition="addressDefinition"
                )],
                protocols=[123],
                source_ports=[networkfirewall.CfnTLSInspectionConfiguration.PortRangeProperty(
                    from_port=123,
                    to_port=123
                )],
                sources=[networkfirewall.CfnTLSInspectionConfiguration.AddressProperty(
                    address_definition="addressDefinition"
                )]
            )],
            server_certificates=[networkfirewall.CfnTLSInspectionConfiguration.ServerCertificateProperty(
                resource_arn="resourceArn"
            )]
        )]
    ),
    tls_inspection_configuration_name="tlsInspectionConfigurationName",

    # the properties below are optional
    description="description",
    tags=[CfnTag(
        key="key",
        value="value"
    )]
)

Attributes

description

A description of the TLS inspection configuration.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-description

tags

value pairs to associate with the resource.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-tags

Type:

The key

tls_inspection_configuration

The object that defines a TLS inspection configuration.

AWS Network Firewall uses TLS inspection configurations to decrypt your firewall’s inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy’s stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall’s inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-tlsinspectionconfiguration

tls_inspection_configuration_name

The descriptive name of the TLS inspection configuration.

You can’t change the name of a TLS inspection configuration after you create it.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-tlsinspectionconfigurationname