Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. networkfirewall
  5. TlsInspectionConfiguration

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native

aws-native.networkfirewall.TlsInspectionConfiguration

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native

    Resource type definition for AWS::NetworkFirewall::TLSInspectionConfiguration

    Create TlsInspectionConfiguration Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new TlsInspectionConfiguration(name: string, args: TlsInspectionConfigurationArgs, opts?: CustomResourceOptions);
    @overload
def TlsInspectionConfiguration(resource_name: str,
                               args: TlsInspectionConfigurationArgs,
                               opts: Optional[ResourceOptions] = None)

@overload
def TlsInspectionConfiguration(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               tls_inspection_configuration: Optional[TlsInspectionConfigurationTlsInspectionConfigurationArgs] = None,
                               description: Optional[str] = None,
                               tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
                               tls_inspection_configuration_name: Optional[str] = None)
    func NewTlsInspectionConfiguration(ctx *Context, name string, args TlsInspectionConfigurationArgs, opts ...ResourceOption) (*TlsInspectionConfiguration, error)
    public TlsInspectionConfiguration(string name, TlsInspectionConfigurationArgs args, CustomResourceOptions? opts = null)
    public TlsInspectionConfiguration(String name, TlsInspectionConfigurationArgs args)
public TlsInspectionConfiguration(String name, TlsInspectionConfigurationArgs args, CustomResourceOptions options)

    type: aws-native:networkfirewall:TlsInspectionConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

    Parameters

    name string
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    TlsInspectionConfiguration Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The TlsInspectionConfiguration resource accepts the following input properties:

    TLSInspectionConfigurationValue Pulumi.AwsNative.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfiguration
    The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
    Description string
    A description of the TLS inspection configuration.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    The key:value pairs to associate with the resource.
    TlsInspectionConfigurationName string
    The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
    TlsInspectionConfiguration TlsInspectionConfigurationTlsInspectionConfigurationArgs
    The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
    Description string
    A description of the TLS inspection configuration.
    Tags TagArgs
    The key:value pairs to associate with the resource.
    TlsInspectionConfigurationName string
    The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
    tlsInspectionConfiguration TlsInspectionConfigurationTlsInspectionConfiguration
    The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
    description String
    A description of the TLS inspection configuration.
    tags List<Tag>
    The key:value pairs to associate with the resource.
    tlsInspectionConfigurationName String
    The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
    tlsInspectionConfiguration TlsInspectionConfigurationTlsInspectionConfiguration
    The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
    description string
    A description of the TLS inspection configuration.
    tags Tag[]
    The key:value pairs to associate with the resource.
    tlsInspectionConfigurationName string
    The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
    tls_inspection_configuration TlsInspectionConfigurationTlsInspectionConfigurationArgs
    The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
    description str
    A description of the TLS inspection configuration.
    tags Sequence[TagArgs]
    The key:value pairs to associate with the resource.
    tls_inspection_configuration_name str
    The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.
    tlsInspectionConfiguration Property Map
    The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
    description String
    A description of the TLS inspection configuration.
    tags List<Property Map>
    The key:value pairs to associate with the resource.
    tlsInspectionConfigurationName String
    The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the TlsInspectionConfiguration resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    TlsInspectionConfigurationArn string
    The Amazon Resource Name (ARN) of the TLS inspection configuration.
    TlsInspectionConfigurationId string
    A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
    Id string
    The provider-assigned unique ID for this managed resource.
    TlsInspectionConfigurationArn string
    The Amazon Resource Name (ARN) of the TLS inspection configuration.
    TlsInspectionConfigurationId string
    A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
    id String
    The provider-assigned unique ID for this managed resource.
    tlsInspectionConfigurationArn String
    The Amazon Resource Name (ARN) of the TLS inspection configuration.
    tlsInspectionConfigurationId String
    A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
    id string
    The provider-assigned unique ID for this managed resource.
    tlsInspectionConfigurationArn string
    The Amazon Resource Name (ARN) of the TLS inspection configuration.
    tlsInspectionConfigurationId string
    A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
    id str
    The provider-assigned unique ID for this managed resource.
    tls_inspection_configuration_arn str
    The Amazon Resource Name (ARN) of the TLS inspection configuration.
    tls_inspection_configuration_id str
    A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
    id String
    The provider-assigned unique ID for this managed resource.
    tlsInspectionConfigurationArn String
    The Amazon Resource Name (ARN) of the TLS inspection configuration.
    tlsInspectionConfigurationId String
    A unique identifier for the TLS inspection configuration. This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.

    Supporting Types

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    TlsInspectionConfigurationAddress, TlsInspectionConfigurationAddressArgs

    AddressDefinition string

    Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

    Examples:

    • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32 .
    • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .
    • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 .
    • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .

    For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .

    AddressDefinition string

    Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

    Examples:

    • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32 .
    • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .
    • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 .
    • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .

    For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .

    addressDefinition String

    Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

    Examples:

    • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32 .
    • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .
    • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 .
    • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .

    For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .

    addressDefinition string

    Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

    Examples:

    • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32 .
    • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .
    • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 .
    • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .

    For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .

    address_definition str

    Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

    Examples:

    • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32 .
    • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .
    • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 .
    • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .

    For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .

    addressDefinition String

    Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

    Examples:

    • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32 .
    • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .
    • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 .
    • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .

    For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .

    TlsInspectionConfigurationPortRange, TlsInspectionConfigurationPortRangeArgs

    FromPort int
    The lower limit of the port range. This must be less than or equal to the ToPort specification.
    ToPort int
    The upper limit of the port range. This must be greater than or equal to the FromPort specification.
    FromPort int
    The lower limit of the port range. This must be less than or equal to the ToPort specification.
    ToPort int
    The upper limit of the port range. This must be greater than or equal to the FromPort specification.
    fromPort Integer
    The lower limit of the port range. This must be less than or equal to the ToPort specification.
    toPort Integer
    The upper limit of the port range. This must be greater than or equal to the FromPort specification.
    fromPort number
    The lower limit of the port range. This must be less than or equal to the ToPort specification.
    toPort number
    The upper limit of the port range. This must be greater than or equal to the FromPort specification.
    from_port int
    The lower limit of the port range. This must be less than or equal to the ToPort specification.
    to_port int
    The upper limit of the port range. This must be greater than or equal to the FromPort specification.
    fromPort Number
    The lower limit of the port range. This must be less than or equal to the ToPort specification.
    toPort Number
    The upper limit of the port range. This must be greater than or equal to the FromPort specification.

    TlsInspectionConfigurationRevokedStatusAction, TlsInspectionConfigurationRevokedStatusActionArgs

    Pass
    PASS
    Drop
    DROP
    Reject
    REJECT
    TlsInspectionConfigurationRevokedStatusActionPass
    PASS
    TlsInspectionConfigurationRevokedStatusActionDrop
    DROP
    TlsInspectionConfigurationRevokedStatusActionReject
    REJECT
    Pass
    PASS
    Drop
    DROP
    Reject
    REJECT
    Pass
    PASS
    Drop
    DROP
    Reject
    REJECT
    PASS_
    PASS
    DROP
    DROP
    REJECT
    REJECT
    "PASS"
    PASS
    "DROP"
    DROP
    "REJECT"
    REJECT

    TlsInspectionConfigurationServerCertificate, TlsInspectionConfigurationServerCertificateArgs

    ResourceArn string
    The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    ResourceArn string
    The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    resourceArn String
    The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    resourceArn string
    The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    resource_arn str
    The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    resourceArn String
    The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.

    TlsInspectionConfigurationServerCertificateConfiguration, TlsInspectionConfigurationServerCertificateConfigurationArgs

    CertificateAuthorityArn string

    The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

    The following limitations apply:

    • You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
    • You can't use certificates issued by AWS Private Certificate Authority .

    For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .

    For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .

    CheckCertificateRevocationStatus Pulumi.AwsNative.NetworkFirewall.Inputs.TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusProperties
    When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration .
    Scopes List<Pulumi.AwsNative.NetworkFirewall.Inputs.TlsInspectionConfigurationServerCertificateScope>
    A list of scopes.
    ServerCertificates List<Pulumi.AwsNative.NetworkFirewall.Inputs.TlsInspectionConfigurationServerCertificate>
    The list of server certificates to use for inbound SSL/TLS inspection.
    CertificateAuthorityArn string

    The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

    The following limitations apply:

    • You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
    • You can't use certificates issued by AWS Private Certificate Authority .

    For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .

    For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .

    CheckCertificateRevocationStatus TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusProperties
    When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration .
    Scopes []TlsInspectionConfigurationServerCertificateScope
    A list of scopes.
    ServerCertificates []TlsInspectionConfigurationServerCertificate
    The list of server certificates to use for inbound SSL/TLS inspection.
    certificateAuthorityArn String

    The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

    The following limitations apply:

    • You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
    • You can't use certificates issued by AWS Private Certificate Authority .

    For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .

    For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .

    checkCertificateRevocationStatus TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusProperties
    When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration .
    scopes List<TlsInspectionConfigurationServerCertificateScope>
    A list of scopes.
    serverCertificates List<TlsInspectionConfigurationServerCertificate>
    The list of server certificates to use for inbound SSL/TLS inspection.
    certificateAuthorityArn string

    The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

    The following limitations apply:

    • You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
    • You can't use certificates issued by AWS Private Certificate Authority .

    For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .

    For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .

    checkCertificateRevocationStatus TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusProperties
    When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration .
    scopes TlsInspectionConfigurationServerCertificateScope[]
    A list of scopes.
    serverCertificates TlsInspectionConfigurationServerCertificate[]
    The list of server certificates to use for inbound SSL/TLS inspection.
    certificate_authority_arn str

    The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

    The following limitations apply:

    • You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
    • You can't use certificates issued by AWS Private Certificate Authority .

    For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .

    For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .

    check_certificate_revocation_status TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusProperties
    When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration .
    scopes Sequence[TlsInspectionConfigurationServerCertificateScope]
    A list of scopes.
    server_certificates Sequence[TlsInspectionConfigurationServerCertificate]
    The list of server certificates to use for inbound SSL/TLS inspection.
    certificateAuthorityArn String

    The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

    The following limitations apply:

    • You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
    • You can't use certificates issued by AWS Private Certificate Authority .

    For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .

    For information about working with certificates in ACM, see Importing certificates in the AWS Certificate Manager User Guide .

    checkCertificateRevocationStatus Property Map
    When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration .
    scopes List<Property Map>
    A list of scopes.
    serverCertificates List<Property Map>
    The list of server certificates to use for inbound SSL/TLS inspection.

    TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusProperties, TlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusPropertiesArgs

    TlsInspectionConfigurationServerCertificateScope, TlsInspectionConfigurationServerCertificateScopeArgs

    DestinationPorts List<Pulumi.AwsNative.NetworkFirewall.Inputs.TlsInspectionConfigurationPortRange>

    The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    Destinations List<Pulumi.AwsNative.NetworkFirewall.Inputs.TlsInspectionConfigurationAddress>
    The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
    Protocols List<int>
    The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
    SourcePorts List<Pulumi.AwsNative.NetworkFirewall.Inputs.TlsInspectionConfigurationPortRange>

    The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    Sources List<Pulumi.AwsNative.NetworkFirewall.Inputs.TlsInspectionConfigurationAddress>
    The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
    DestinationPorts []TlsInspectionConfigurationPortRange

    The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    Destinations []TlsInspectionConfigurationAddress
    The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
    Protocols []int
    The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
    SourcePorts []TlsInspectionConfigurationPortRange

    The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    Sources []TlsInspectionConfigurationAddress
    The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
    destinationPorts List<TlsInspectionConfigurationPortRange>

    The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    destinations List<TlsInspectionConfigurationAddress>
    The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
    protocols List<Integer>
    The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
    sourcePorts List<TlsInspectionConfigurationPortRange>

    The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    sources List<TlsInspectionConfigurationAddress>
    The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
    destinationPorts TlsInspectionConfigurationPortRange[]

    The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    destinations TlsInspectionConfigurationAddress[]
    The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
    protocols number[]
    The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
    sourcePorts TlsInspectionConfigurationPortRange[]

    The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    sources TlsInspectionConfigurationAddress[]
    The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
    destination_ports Sequence[TlsInspectionConfigurationPortRange]

    The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    destinations Sequence[TlsInspectionConfigurationAddress]
    The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
    protocols Sequence[int]
    The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
    source_ports Sequence[TlsInspectionConfigurationPortRange]

    The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    sources Sequence[TlsInspectionConfigurationAddress]
    The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
    destinationPorts List<Property Map>

    The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    destinations List<Property Map>
    The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
    protocols List<Number>
    The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
    sourcePorts List<Property Map>

    The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.

    You can specify individual ports, for example 1994 , and you can specify port ranges, such as 1990:1994 .

    sources List<Property Map>
    The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.

    TlsInspectionConfigurationTlsInspectionConfiguration, TlsInspectionConfigurationTlsInspectionConfigurationArgs

    ServerCertificateConfigurations List<Pulumi.AwsNative.NetworkFirewall.Inputs.TlsInspectionConfigurationServerCertificateConfiguration>
    Lists the server certificate configurations that are associated with the TLS configuration.
    ServerCertificateConfigurations []TlsInspectionConfigurationServerCertificateConfiguration
    Lists the server certificate configurations that are associated with the TLS configuration.
    serverCertificateConfigurations List<TlsInspectionConfigurationServerCertificateConfiguration>
    Lists the server certificate configurations that are associated with the TLS configuration.
    serverCertificateConfigurations TlsInspectionConfigurationServerCertificateConfiguration[]
    Lists the server certificate configurations that are associated with the TLS configuration.
    server_certificate_configurations Sequence[TlsInspectionConfigurationServerCertificateConfiguration]
    Lists the server certificate configurations that are associated with the TLS configuration.
    serverCertificateConfigurations List<Property Map>
    Lists the server certificate configurations that are associated with the TLS configuration.

    TlsInspectionConfigurationUnknownStatusAction, TlsInspectionConfigurationUnknownStatusActionArgs

    Pass
    PASS
    Drop
    DROP
    Reject
    REJECT
    TlsInspectionConfigurationUnknownStatusActionPass
    PASS
    TlsInspectionConfigurationUnknownStatusActionDrop
    DROP
    TlsInspectionConfigurationUnknownStatusActionReject
    REJECT
    Pass
    PASS
    Drop
    DROP
    Reject
    REJECT
    Pass
    PASS
    Drop
    DROP
    Reject
    REJECT
    PASS_
    PASS
    DROP
    DROP
    REJECT
    REJECT
    "PASS"
    PASS
    "DROP"
    DROP
    "REJECT"
    REJECT

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
    pulumi/pulumi-aws-native