L1 ConstructAWS::NetworkFirewall::TLSInspectionConfiguration

CfnTLSInspectionConfiguration

The object that defines a TLS inspection configuration. AWS Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination. To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see [Inspecting SSL/TLS traffic with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html) in the *AWS Network Firewall Developer Guide* .

Import

import { CfnTLSInspectionConfiguration } from 'aws-cdk-lib/aws-networkfirewall';

Or use the module namespace:

import * as networkfirewall from 'aws-cdk-lib/aws-networkfirewall';
// networkfirewall.CfnTLSInspectionConfiguration

Properties

Configuration passed to the constructor as CfnTLSInspectionConfigurationProps.

tlsInspectionConfigurationRequired

IResolvable | TLSInspectionConfigurationProperty

The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see [Inspecting SSL/TLS traffic with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html) in the *AWS Network Firewall Developer Guide* .

tlsInspectionConfigurationNameRequired

string

The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.

descriptionOptional

string

A description of the TLS inspection configuration.

tagsOptional

CfnTag[]

The key:value pairs to associate with the resource.

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::NetworkFirewall::TLSInspectionConfigurationView in CloudFormation Explorer

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

LevelL1 (CloudFormation)

Moduleaws-networkfirewall

CFN TypeAWS::NetworkFirewall::TLSInspectionConfiguration

Properties4

Related Constructs

Explore This Service

External Links

CDK API Documentation