AWS v7.10.0 published on Friday, Oct 24, 2025 by Pulumi
aws.networkfirewall.TlsInspectionConfiguration
Resource for managing an AWS Network Firewall TLS Inspection Configuration.
Example Usage
NOTE: You must configure either inbound inspection, outbound inspection, or both.
Basic inbound/ingress inspection
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.networkfirewall.TlsInspectionConfiguration("example", {
name: "example",
description: "example",
encryptionConfigurations: [{
keyId: "AWS_OWNED_KMS_KEY",
type: "AWS_OWNED_KMS_KEY",
}],
tlsInspectionConfiguration: {
serverCertificateConfiguration: {
serverCertificates: [{
resourceArn: example1.arn,
}],
scopes: [{
protocols: [6],
destinationPorts: [{
fromPort: 443,
toPort: 443,
}],
destinations: [{
addressDefinition: "0.0.0.0/0",
}],
sourcePorts: [{
fromPort: 0,
toPort: 65535,
}],
sources: [{
addressDefinition: "0.0.0.0/0",
}],
}],
},
},
});
import pulumi
import pulumi_aws as aws
example = aws.networkfirewall.TlsInspectionConfiguration("example",
name="example",
description="example",
encryption_configurations=[{
"key_id": "AWS_OWNED_KMS_KEY",
"type": "AWS_OWNED_KMS_KEY",
}],
tls_inspection_configuration={
"server_certificate_configuration": {
"server_certificates": [{
"resource_arn": example1["arn"],
}],
"scopes": [{
"protocols": [6],
"destination_ports": [{
"from_port": 443,
"to_port": 443,
}],
"destinations": [{
"address_definition": "0.0.0.0/0",
}],
"source_ports": [{
"from_port": 0,
"to_port": 65535,
}],
"sources": [{
"address_definition": "0.0.0.0/0",
}],
}],
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/networkfirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkfirewall.NewTlsInspectionConfiguration(ctx, "example", &networkfirewall.TlsInspectionConfigurationArgs{
Name: pulumi.String("example"),
Description: pulumi.String("example"),
EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
KeyId: pulumi.String("AWS_OWNED_KMS_KEY"),
Type: pulumi.String("AWS_OWNED_KMS_KEY"),
},
},
TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
ServerCertificates: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs{
ResourceArn: pulumi.Any(example1.Arn),
},
},
Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
Protocols: pulumi.IntArray{
pulumi.Int(6),
},
DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
},
},
Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
AddressDefinition: pulumi.String("0.0.0.0/0"),
},
},
SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(65535),
},
},
Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
AddressDefinition: pulumi.String("0.0.0.0/0"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.NetworkFirewall.TlsInspectionConfiguration("example", new()
{
Name = "example",
Description = "example",
EncryptionConfigurations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
{
KeyId = "AWS_OWNED_KMS_KEY",
Type = "AWS_OWNED_KMS_KEY",
},
},
TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
{
ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
{
ServerCertificates = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs
{
ResourceArn = example1.Arn,
},
},
Scopes = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
{
Protocols = new[]
{
6,
},
DestinationPorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
{
FromPort = 443,
ToPort = 443,
},
},
Destinations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
{
AddressDefinition = "0.0.0.0/0",
},
},
SourcePorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
{
FromPort = 0,
ToPort = 65535,
},
},
Sources = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
{
AddressDefinition = "0.0.0.0/0",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.TlsInspectionConfiguration;
import com.pulumi.aws.networkfirewall.TlsInspectionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationEncryptionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new TlsInspectionConfiguration("example", TlsInspectionConfigurationArgs.builder()
.name("example")
.description("example")
.encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
.keyId("AWS_OWNED_KMS_KEY")
.type("AWS_OWNED_KMS_KEY")
.build())
.tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
.serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
.serverCertificates(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs.builder()
.resourceArn(example1.arn())
.build())
.scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
.protocols(6)
.destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
.fromPort(443)
.toPort(443)
.build())
.destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
.addressDefinition("0.0.0.0/0")
.build())
.sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
.fromPort(0)
.toPort(65535)
.build())
.sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
.addressDefinition("0.0.0.0/0")
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:networkfirewall:TlsInspectionConfiguration
properties:
name: example
description: example
encryptionConfigurations:
- keyId: AWS_OWNED_KMS_KEY
type: AWS_OWNED_KMS_KEY
tlsInspectionConfiguration:
serverCertificateConfiguration:
serverCertificates:
- resourceArn: ${example1.arn}
scopes:
- protocols:
- 6
destinationPorts:
- fromPort: 443
toPort: 443
destinations:
- addressDefinition: 0.0.0.0/0
sourcePorts:
- fromPort: 0
toPort: 65535
sources:
- addressDefinition: 0.0.0.0/0
Basic outbound/engress inspection
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.networkfirewall.TlsInspectionConfiguration("example", {
name: "example",
description: "example",
encryptionConfigurations: [{
keyId: "AWS_OWNED_KMS_KEY",
type: "AWS_OWNED_KMS_KEY",
}],
tlsInspectionConfiguration: {
serverCertificateConfiguration: {
certificateAuthorityArn: example1.arn,
checkCertificateRevocationStatus: {
revokedStatusAction: "REJECT",
unknownStatusAction: "PASS",
},
scopes: [{
protocols: [6],
destinationPorts: [{
fromPort: 443,
toPort: 443,
}],
destinations: [{
addressDefinition: "0.0.0.0/0",
}],
sourcePorts: [{
fromPort: 0,
toPort: 65535,
}],
sources: [{
addressDefinition: "0.0.0.0/0",
}],
}],
},
},
});
import pulumi
import pulumi_aws as aws
example = aws.networkfirewall.TlsInspectionConfiguration("example",
name="example",
description="example",
encryption_configurations=[{
"key_id": "AWS_OWNED_KMS_KEY",
"type": "AWS_OWNED_KMS_KEY",
}],
tls_inspection_configuration={
"server_certificate_configuration": {
"certificate_authority_arn": example1["arn"],
"check_certificate_revocation_status": {
"revoked_status_action": "REJECT",
"unknown_status_action": "PASS",
},
"scopes": [{
"protocols": [6],
"destination_ports": [{
"from_port": 443,
"to_port": 443,
}],
"destinations": [{
"address_definition": "0.0.0.0/0",
}],
"source_ports": [{
"from_port": 0,
"to_port": 65535,
}],
"sources": [{
"address_definition": "0.0.0.0/0",
}],
}],
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/networkfirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkfirewall.NewTlsInspectionConfiguration(ctx, "example", &networkfirewall.TlsInspectionConfigurationArgs{
Name: pulumi.String("example"),
Description: pulumi.String("example"),
EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
KeyId: pulumi.String("AWS_OWNED_KMS_KEY"),
Type: pulumi.String("AWS_OWNED_KMS_KEY"),
},
},
TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
CertificateAuthorityArn: pulumi.Any(example1.Arn),
CheckCertificateRevocationStatus: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs{
RevokedStatusAction: pulumi.String("REJECT"),
UnknownStatusAction: pulumi.String("PASS"),
},
Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
Protocols: pulumi.IntArray{
pulumi.Int(6),
},
DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
},
},
Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
AddressDefinition: pulumi.String("0.0.0.0/0"),
},
},
SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(65535),
},
},
Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
AddressDefinition: pulumi.String("0.0.0.0/0"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.NetworkFirewall.TlsInspectionConfiguration("example", new()
{
Name = "example",
Description = "example",
EncryptionConfigurations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
{
KeyId = "AWS_OWNED_KMS_KEY",
Type = "AWS_OWNED_KMS_KEY",
},
},
TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
{
ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
{
CertificateAuthorityArn = example1.Arn,
CheckCertificateRevocationStatus = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs
{
RevokedStatusAction = "REJECT",
UnknownStatusAction = "PASS",
},
Scopes = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
{
Protocols = new[]
{
6,
},
DestinationPorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
{
FromPort = 443,
ToPort = 443,
},
},
Destinations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
{
AddressDefinition = "0.0.0.0/0",
},
},
SourcePorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
{
FromPort = 0,
ToPort = 65535,
},
},
Sources = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
{
AddressDefinition = "0.0.0.0/0",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.TlsInspectionConfiguration;
import com.pulumi.aws.networkfirewall.TlsInspectionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationEncryptionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new TlsInspectionConfiguration("example", TlsInspectionConfigurationArgs.builder()
.name("example")
.description("example")
.encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
.keyId("AWS_OWNED_KMS_KEY")
.type("AWS_OWNED_KMS_KEY")
.build())
.tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
.serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
.certificateAuthorityArn(example1.arn())
.checkCertificateRevocationStatus(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs.builder()
.revokedStatusAction("REJECT")
.unknownStatusAction("PASS")
.build())
.scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
.protocols(6)
.destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
.fromPort(443)
.toPort(443)
.build())
.destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
.addressDefinition("0.0.0.0/0")
.build())
.sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
.fromPort(0)
.toPort(65535)
.build())
.sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
.addressDefinition("0.0.0.0/0")
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:networkfirewall:TlsInspectionConfiguration
properties:
name: example
description: example
encryptionConfigurations:
- keyId: AWS_OWNED_KMS_KEY
type: AWS_OWNED_KMS_KEY
tlsInspectionConfiguration:
serverCertificateConfiguration:
certificateAuthorityArn: ${example1.arn}
checkCertificateRevocationStatus:
revokedStatusAction: REJECT
unknownStatusAction: PASS
scopes:
- protocols:
- 6
destinationPorts:
- fromPort: 443
toPort: 443
destinations:
- addressDefinition: 0.0.0.0/0
sourcePorts:
- fromPort: 0
toPort: 65535
sources:
- addressDefinition: 0.0.0.0/0
Inbound with encryption configuration
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.kms.Key("example", {
description: "example",
deletionWindowInDays: 7,
});
const exampleTlsInspectionConfiguration = new aws.networkfirewall.TlsInspectionConfiguration("example", {
name: "example",
description: "example",
encryptionConfigurations: [{
keyId: example.arn,
type: "CUSTOMER_KMS",
}],
tlsInspectionConfiguration: {
serverCertificateConfiguration: {
serverCertificates: [{
resourceArn: example1.arn,
}],
scopes: [{
protocols: [6],
destinationPorts: [{
fromPort: 443,
toPort: 443,
}],
destinations: [{
addressDefinition: "0.0.0.0/0",
}],
sourcePorts: [{
fromPort: 0,
toPort: 65535,
}],
sources: [{
addressDefinition: "0.0.0.0/0",
}],
}],
},
},
});
import pulumi
import pulumi_aws as aws
example = aws.kms.Key("example",
description="example",
deletion_window_in_days=7)
example_tls_inspection_configuration = aws.networkfirewall.TlsInspectionConfiguration("example",
name="example",
description="example",
encryption_configurations=[{
"key_id": example.arn,
"type": "CUSTOMER_KMS",
}],
tls_inspection_configuration={
"server_certificate_configuration": {
"server_certificates": [{
"resource_arn": example1["arn"],
}],
"scopes": [{
"protocols": [6],
"destination_ports": [{
"from_port": 443,
"to_port": 443,
}],
"destinations": [{
"address_definition": "0.0.0.0/0",
}],
"source_ports": [{
"from_port": 0,
"to_port": 65535,
}],
"sources": [{
"address_definition": "0.0.0.0/0",
}],
}],
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/kms"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/networkfirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := kms.NewKey(ctx, "example", &kms.KeyArgs{
Description: pulumi.String("example"),
DeletionWindowInDays: pulumi.Int(7),
})
if err != nil {
return err
}
_, err = networkfirewall.NewTlsInspectionConfiguration(ctx, "example", &networkfirewall.TlsInspectionConfigurationArgs{
Name: pulumi.String("example"),
Description: pulumi.String("example"),
EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
KeyId: example.Arn,
Type: pulumi.String("CUSTOMER_KMS"),
},
},
TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
ServerCertificates: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs{
ResourceArn: pulumi.Any(example1.Arn),
},
},
Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
Protocols: pulumi.IntArray{
pulumi.Int(6),
},
DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
},
},
Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
AddressDefinition: pulumi.String("0.0.0.0/0"),
},
},
SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(65535),
},
},
Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
AddressDefinition: pulumi.String("0.0.0.0/0"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Kms.Key("example", new()
{
Description = "example",
DeletionWindowInDays = 7,
});
var exampleTlsInspectionConfiguration = new Aws.NetworkFirewall.TlsInspectionConfiguration("example", new()
{
Name = "example",
Description = "example",
EncryptionConfigurations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
{
KeyId = example.Arn,
Type = "CUSTOMER_KMS",
},
},
TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
{
ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
{
ServerCertificates = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs
{
ResourceArn = example1.Arn,
},
},
Scopes = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
{
Protocols = new[]
{
6,
},
DestinationPorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
{
FromPort = 443,
ToPort = 443,
},
},
Destinations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
{
AddressDefinition = "0.0.0.0/0",
},
},
SourcePorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
{
FromPort = 0,
ToPort = 65535,
},
},
Sources = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
{
AddressDefinition = "0.0.0.0/0",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.networkfirewall.TlsInspectionConfiguration;
import com.pulumi.aws.networkfirewall.TlsInspectionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationEncryptionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Key("example", KeyArgs.builder()
.description("example")
.deletionWindowInDays(7)
.build());
var exampleTlsInspectionConfiguration = new TlsInspectionConfiguration("exampleTlsInspectionConfiguration", TlsInspectionConfigurationArgs.builder()
.name("example")
.description("example")
.encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
.keyId(example.arn())
.type("CUSTOMER_KMS")
.build())
.tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
.serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
.serverCertificates(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs.builder()
.resourceArn(example1.arn())
.build())
.scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
.protocols(6)
.destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
.fromPort(443)
.toPort(443)
.build())
.destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
.addressDefinition("0.0.0.0/0")
.build())
.sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
.fromPort(0)
.toPort(65535)
.build())
.sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
.addressDefinition("0.0.0.0/0")
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:kms:Key
properties:
description: example
deletionWindowInDays: 7
exampleTlsInspectionConfiguration:
type: aws:networkfirewall:TlsInspectionConfiguration
name: example
properties:
name: example
description: example
encryptionConfigurations:
- keyId: ${example.arn}
type: CUSTOMER_KMS
tlsInspectionConfiguration:
serverCertificateConfiguration:
serverCertificates:
- resourceArn: ${example1.arn}
scopes:
- protocols:
- 6
destinationPorts:
- fromPort: 443
toPort: 443
destinations:
- addressDefinition: 0.0.0.0/0
sourcePorts:
- fromPort: 0
toPort: 65535
sources:
- addressDefinition: 0.0.0.0/0
Outbound with encryption configuration
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
resources:
example:
type: aws:kms:Key
properties:
description: example
deletionWindowInDays: 7
exampleTlsInspectionConfiguration:
type: aws:networkfirewall:TlsInspectionConfiguration
name: example
properties:
name: example
description: example
encryptionConfigurations:
- keyId: ${example.arn}
type: CUSTOMER_KMS
tlsInspectionConfiguration:
serverCertificateConfigurations:
- certificateAuthorityArn: ${example1.arn}
checkCertificateRevocationStatus:
- revokedStatusAction: REJECT
unknownStatusAction: PASS
scope:
- protocols:
- 6
destinationPorts:
- fromPort: 443
toPort: 443
destination:
- addressDefinition: 0.0.0.0/0
sourcePorts:
- fromPort: 0
toPort: 65535
source:
- addressDefinition: 0.0.0.0/0
Combined inbound and outbound
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.networkfirewall.TlsInspectionConfiguration("example", {
name: "example",
description: "example",
encryptionConfigurations: [{
keyId: "AWS_OWNED_KMS_KEY",
type: "AWS_OWNED_KMS_KEY",
}],
tlsInspectionConfiguration: {
serverCertificateConfiguration: {
certificateAuthorityArn: example1.arn,
checkCertificateRevocationStatus: {
revokedStatusAction: "REJECT",
unknownStatusAction: "PASS",
},
serverCertificates: [{
resourceArn: example2.arn,
}],
scopes: [{
protocols: [6],
destinationPorts: [{
fromPort: 443,
toPort: 443,
}],
destinations: [{
addressDefinition: "0.0.0.0/0",
}],
sourcePorts: [{
fromPort: 0,
toPort: 65535,
}],
sources: [{
addressDefinition: "0.0.0.0/0",
}],
}],
},
},
});
import pulumi
import pulumi_aws as aws
example = aws.networkfirewall.TlsInspectionConfiguration("example",
name="example",
description="example",
encryption_configurations=[{
"key_id": "AWS_OWNED_KMS_KEY",
"type": "AWS_OWNED_KMS_KEY",
}],
tls_inspection_configuration={
"server_certificate_configuration": {
"certificate_authority_arn": example1["arn"],
"check_certificate_revocation_status": {
"revoked_status_action": "REJECT",
"unknown_status_action": "PASS",
},
"server_certificates": [{
"resource_arn": example2["arn"],
}],
"scopes": [{
"protocols": [6],
"destination_ports": [{
"from_port": 443,
"to_port": 443,
}],
"destinations": [{
"address_definition": "0.0.0.0/0",
}],
"source_ports": [{
"from_port": 0,
"to_port": 65535,
}],
"sources": [{
"address_definition": "0.0.0.0/0",
}],
}],
},
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/networkfirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkfirewall.NewTlsInspectionConfiguration(ctx, "example", &networkfirewall.TlsInspectionConfigurationArgs{
Name: pulumi.String("example"),
Description: pulumi.String("example"),
EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
KeyId: pulumi.String("AWS_OWNED_KMS_KEY"),
Type: pulumi.String("AWS_OWNED_KMS_KEY"),
},
},
TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
CertificateAuthorityArn: pulumi.Any(example1.Arn),
CheckCertificateRevocationStatus: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs{
RevokedStatusAction: pulumi.String("REJECT"),
UnknownStatusAction: pulumi.String("PASS"),
},
ServerCertificates: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs{
ResourceArn: pulumi.Any(example2.Arn),
},
},
Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
Protocols: pulumi.IntArray{
pulumi.Int(6),
},
DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
FromPort: pulumi.Int(443),
ToPort: pulumi.Int(443),
},
},
Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
AddressDefinition: pulumi.String("0.0.0.0/0"),
},
},
SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(65535),
},
},
Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
AddressDefinition: pulumi.String("0.0.0.0/0"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.NetworkFirewall.TlsInspectionConfiguration("example", new()
{
Name = "example",
Description = "example",
EncryptionConfigurations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
{
KeyId = "AWS_OWNED_KMS_KEY",
Type = "AWS_OWNED_KMS_KEY",
},
},
TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
{
ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
{
CertificateAuthorityArn = example1.Arn,
CheckCertificateRevocationStatus = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs
{
RevokedStatusAction = "REJECT",
UnknownStatusAction = "PASS",
},
ServerCertificates = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs
{
ResourceArn = example2.Arn,
},
},
Scopes = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
{
Protocols = new[]
{
6,
},
DestinationPorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
{
FromPort = 443,
ToPort = 443,
},
},
Destinations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
{
AddressDefinition = "0.0.0.0/0",
},
},
SourcePorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
{
FromPort = 0,
ToPort = 65535,
},
},
Sources = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
{
AddressDefinition = "0.0.0.0/0",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.TlsInspectionConfiguration;
import com.pulumi.aws.networkfirewall.TlsInspectionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationEncryptionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs;
import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new TlsInspectionConfiguration("example", TlsInspectionConfigurationArgs.builder()
.name("example")
.description("example")
.encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
.keyId("AWS_OWNED_KMS_KEY")
.type("AWS_OWNED_KMS_KEY")
.build())
.tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
.serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
.certificateAuthorityArn(example1.arn())
.checkCertificateRevocationStatus(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs.builder()
.revokedStatusAction("REJECT")
.unknownStatusAction("PASS")
.build())
.serverCertificates(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs.builder()
.resourceArn(example2.arn())
.build())
.scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
.protocols(6)
.destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
.fromPort(443)
.toPort(443)
.build())
.destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
.addressDefinition("0.0.0.0/0")
.build())
.sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
.fromPort(0)
.toPort(65535)
.build())
.sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
.addressDefinition("0.0.0.0/0")
.build())
.build())
.build())
.build())
.build());
}
}
resources:
example:
type: aws:networkfirewall:TlsInspectionConfiguration
properties:
name: example
description: example
encryptionConfigurations:
- keyId: AWS_OWNED_KMS_KEY
type: AWS_OWNED_KMS_KEY
tlsInspectionConfiguration:
serverCertificateConfiguration:
certificateAuthorityArn: ${example1.arn}
checkCertificateRevocationStatus:
revokedStatusAction: REJECT
unknownStatusAction: PASS
serverCertificates:
- resourceArn: ${example2.arn}
scopes:
- protocols:
- 6
destinationPorts:
- fromPort: 443
toPort: 443
destinations:
- addressDefinition: 0.0.0.0/0
sourcePorts:
- fromPort: 0
toPort: 65535
sources:
- addressDefinition: 0.0.0.0/0
Create TlsInspectionConfiguration Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new TlsInspectionConfiguration(name: string, args?: TlsInspectionConfigurationArgs, opts?: CustomResourceOptions);@overload
def TlsInspectionConfiguration(resource_name: str,
args: Optional[TlsInspectionConfigurationArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def TlsInspectionConfiguration(resource_name: str,
opts: Optional[ResourceOptions] = None,
description: Optional[str] = None,
encryption_configurations: Optional[Sequence[TlsInspectionConfigurationEncryptionConfigurationArgs]] = None,
name: Optional[str] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
timeouts: Optional[TlsInspectionConfigurationTimeoutsArgs] = None,
tls_inspection_configuration: Optional[TlsInspectionConfigurationTlsInspectionConfigurationArgs] = None)func NewTlsInspectionConfiguration(ctx *Context, name string, args *TlsInspectionConfigurationArgs, opts ...ResourceOption) (*TlsInspectionConfiguration, error)public TlsInspectionConfiguration(string name, TlsInspectionConfigurationArgs? args = null, CustomResourceOptions? opts = null)
public TlsInspectionConfiguration(String name, TlsInspectionConfigurationArgs args)
public TlsInspectionConfiguration(String name, TlsInspectionConfigurationArgs args, CustomResourceOptions options)
type: aws:networkfirewall:TlsInspectionConfiguration
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args TlsInspectionConfigurationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var tlsInspectionConfigurationResource = new Aws.NetworkFirewall.TlsInspectionConfiguration("tlsInspectionConfigurationResource", new()
{
Description = "string",
EncryptionConfigurations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
{
KeyId = "string",
Type = "string",
},
},
Name = "string",
Region = "string",
Tags =
{
{ "string", "string" },
},
Timeouts = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTimeoutsArgs
{
Create = "string",
Delete = "string",
Update = "string",
},
TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
{
ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
{
CertificateAuthorityArn = "string",
CheckCertificateRevocationStatus = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs
{
RevokedStatusAction = "string",
UnknownStatusAction = "string",
},
Scopes = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
{
Protocols = new[]
{
0,
},
DestinationPorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
{
FromPort = 0,
ToPort = 0,
},
},
Destinations = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
{
AddressDefinition = "string",
},
},
SourcePorts = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
{
FromPort = 0,
ToPort = 0,
},
},
Sources = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
{
AddressDefinition = "string",
},
},
},
},
ServerCertificates = new[]
{
new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs
{
ResourceArn = "string",
},
},
},
},
});
example, err := networkfirewall.NewTlsInspectionConfiguration(ctx, "tlsInspectionConfigurationResource", &networkfirewall.TlsInspectionConfigurationArgs{
Description: pulumi.String("string"),
EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
KeyId: pulumi.String("string"),
Type: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
Region: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
Timeouts: &networkfirewall.TlsInspectionConfigurationTimeoutsArgs{
Create: pulumi.String("string"),
Delete: pulumi.String("string"),
Update: pulumi.String("string"),
},
TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
CertificateAuthorityArn: pulumi.String("string"),
CheckCertificateRevocationStatus: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs{
RevokedStatusAction: pulumi.String("string"),
UnknownStatusAction: pulumi.String("string"),
},
Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
Protocols: pulumi.IntArray{
pulumi.Int(0),
},
DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
},
},
Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
AddressDefinition: pulumi.String("string"),
},
},
SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
},
},
Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
AddressDefinition: pulumi.String("string"),
},
},
},
},
ServerCertificates: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArray{
&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs{
ResourceArn: pulumi.String("string"),
},
},
},
},
})
var tlsInspectionConfigurationResource = new TlsInspectionConfiguration("tlsInspectionConfigurationResource", TlsInspectionConfigurationArgs.builder()
.description("string")
.encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
.keyId("string")
.type("string")
.build())
.name("string")
.region("string")
.tags(Map.of("string", "string"))
.timeouts(TlsInspectionConfigurationTimeoutsArgs.builder()
.create("string")
.delete("string")
.update("string")
.build())
.tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
.serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
.certificateAuthorityArn("string")
.checkCertificateRevocationStatus(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs.builder()
.revokedStatusAction("string")
.unknownStatusAction("string")
.build())
.scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
.protocols(0)
.destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
.fromPort(0)
.toPort(0)
.build())
.destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
.addressDefinition("string")
.build())
.sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
.fromPort(0)
.toPort(0)
.build())
.sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
.addressDefinition("string")
.build())
.build())
.serverCertificates(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs.builder()
.resourceArn("string")
.build())
.build())
.build())
.build());
tls_inspection_configuration_resource = aws.networkfirewall.TlsInspectionConfiguration("tlsInspectionConfigurationResource",
description="string",
encryption_configurations=[{
"key_id": "string",
"type": "string",
}],
name="string",
region="string",
tags={
"string": "string",
},
timeouts={
"create": "string",
"delete": "string",
"update": "string",
},
tls_inspection_configuration={
"server_certificate_configuration": {
"certificate_authority_arn": "string",
"check_certificate_revocation_status": {
"revoked_status_action": "string",
"unknown_status_action": "string",
},
"scopes": [{
"protocols": [0],
"destination_ports": [{
"from_port": 0,
"to_port": 0,
}],
"destinations": [{
"address_definition": "string",
}],
"source_ports": [{
"from_port": 0,
"to_port": 0,
}],
"sources": [{
"address_definition": "string",
}],
}],
"server_certificates": [{
"resource_arn": "string",
}],
},
})
const tlsInspectionConfigurationResource = new aws.networkfirewall.TlsInspectionConfiguration("tlsInspectionConfigurationResource", {
description: "string",
encryptionConfigurations: [{
keyId: "string",
type: "string",
}],
name: "string",
region: "string",
tags: {
string: "string",
},
timeouts: {
create: "string",
"delete": "string",
update: "string",
},
tlsInspectionConfiguration: {
serverCertificateConfiguration: {
certificateAuthorityArn: "string",
checkCertificateRevocationStatus: {
revokedStatusAction: "string",
unknownStatusAction: "string",
},
scopes: [{
protocols: [0],
destinationPorts: [{
fromPort: 0,
toPort: 0,
}],
destinations: [{
addressDefinition: "string",
}],
sourcePorts: [{
fromPort: 0,
toPort: 0,
}],
sources: [{
addressDefinition: "string",
}],
}],
serverCertificates: [{
resourceArn: "string",
}],
},
},
});
type: aws:networkfirewall:TlsInspectionConfiguration
properties:
description: string
encryptionConfigurations:
- keyId: string
type: string
name: string
region: string
tags:
string: string
timeouts:
create: string
delete: string
update: string
tlsInspectionConfiguration:
serverCertificateConfiguration:
certificateAuthorityArn: string
checkCertificateRevocationStatus:
revokedStatusAction: string
unknownStatusAction: string
scopes:
- destinationPorts:
- fromPort: 0
toPort: 0
destinations:
- addressDefinition: string
protocols:
- 0
sourcePorts:
- fromPort: 0
toPort: 0
sources:
- addressDefinition: string
serverCertificates:
- resourceArn: string
TlsInspectionConfiguration Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The TlsInspectionConfiguration resource accepts the following input properties:
- Description string
- Description of the TLS inspection configuration.
- Encryption
Configurations List<TlsInspection Configuration Encryption Configuration> - Encryption configuration block. Detailed below.
- Name string
- Descriptive name of the TLS inspection configuration.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Timeouts
Tls
Inspection Configuration Timeouts - Tls
Inspection TlsConfig Inspection Configuration Tls Inspection Configuration TLS inspection configuration block. Detailed below.
The following arguments are optional:
- Description string
- Description of the TLS inspection configuration.
- Encryption
Configurations []TlsInspection Configuration Encryption Configuration Args - Encryption configuration block. Detailed below.
- Name string
- Descriptive name of the TLS inspection configuration.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- Timeouts
Tls
Inspection Configuration Timeouts Args - Tls
Inspection TlsConfiguration Inspection Configuration Tls Inspection Configuration Args TLS inspection configuration block. Detailed below.
The following arguments are optional:
- description String
- Description of the TLS inspection configuration.
- encryption
Configurations List<TlsInspection Configuration Encryption Configuration> - Encryption configuration block. Detailed below.
- name String
- Descriptive name of the TLS inspection configuration.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- timeouts
Tls
Inspection Configuration Timeouts - tls
Inspection TlsConfiguration Inspection Configuration Tls Inspection Configuration TLS inspection configuration block. Detailed below.
The following arguments are optional:
- description string
- Description of the TLS inspection configuration.
- encryption
Configurations TlsInspection Configuration Encryption Configuration[] - Encryption configuration block. Detailed below.
- name string
- Descriptive name of the TLS inspection configuration.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- timeouts
Tls
Inspection Configuration Timeouts - tls
Inspection TlsConfiguration Inspection Configuration Tls Inspection Configuration TLS inspection configuration block. Detailed below.
The following arguments are optional:
- description str
- Description of the TLS inspection configuration.
- encryption_
configurations Sequence[TlsInspection Configuration Encryption Configuration Args] - Encryption configuration block. Detailed below.
- name str
- Descriptive name of the TLS inspection configuration.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- timeouts
Tls
Inspection Configuration Timeouts Args - tls_
inspection_ Tlsconfiguration Inspection Configuration Tls Inspection Configuration Args TLS inspection configuration block. Detailed below.
The following arguments are optional:
- description String
- Description of the TLS inspection configuration.
- encryption
Configurations List<Property Map> - Encryption configuration block. Detailed below.
- name String
- Descriptive name of the TLS inspection configuration.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- timeouts Property Map
- tls
Inspection Property MapConfiguration TLS inspection configuration block. Detailed below.
The following arguments are optional:
Outputs
All input properties are implicitly available as output properties. Additionally, the TlsInspectionConfiguration resource produces the following output properties:
- Arn string
- ARN of the TLS Inspection Configuration.
-
List<Tls
Inspection Configuration Certificate Authority> - Certificate Manager certificate block. See Certificate Authority below for details.
- Certificates
List<Tls
Inspection Configuration Certificate> - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- Id string
- The provider-assigned unique ID for this managed resource.
- Number
Of intAssociations - Number of firewall policies that use this TLS inspection configuration.
- Dictionary<string, string>
- Tls
Inspection stringConfiguration Id - A unique identifier for the TLS inspection configuration.
- Update
Token string - String token used when updating the rule group.
- Arn string
- ARN of the TLS Inspection Configuration.
-
[]Tls
Inspection Configuration Certificate Authority - Certificate Manager certificate block. See Certificate Authority below for details.
- Certificates
[]Tls
Inspection Configuration Certificate - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- Id string
- The provider-assigned unique ID for this managed resource.
- Number
Of intAssociations - Number of firewall policies that use this TLS inspection configuration.
- map[string]string
- Tls
Inspection stringConfiguration Id - A unique identifier for the TLS inspection configuration.
- Update
Token string - String token used when updating the rule group.
- arn String
- ARN of the TLS Inspection Configuration.
-
List<Tls
Inspection Configuration Certificate Authority> - Certificate Manager certificate block. See Certificate Authority below for details.
- certificates
List<Tls
Inspection Configuration Certificate> - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- id String
- The provider-assigned unique ID for this managed resource.
- number
Of IntegerAssociations - Number of firewall policies that use this TLS inspection configuration.
- Map<String,String>
- tls
Inspection StringConfiguration Id - A unique identifier for the TLS inspection configuration.
- update
Token String - String token used when updating the rule group.
- arn string
- ARN of the TLS Inspection Configuration.
-
Tls
Inspection Configuration Certificate Authority[] - Certificate Manager certificate block. See Certificate Authority below for details.
- certificates
Tls
Inspection Configuration Certificate[] - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- id string
- The provider-assigned unique ID for this managed resource.
- number
Of numberAssociations - Number of firewall policies that use this TLS inspection configuration.
- {[key: string]: string}
- tls
Inspection stringConfiguration Id - A unique identifier for the TLS inspection configuration.
- update
Token string - String token used when updating the rule group.
- arn str
- ARN of the TLS Inspection Configuration.
-
Sequence[Tls
Inspection Configuration Certificate Authority] - Certificate Manager certificate block. See Certificate Authority below for details.
- certificates
Sequence[Tls
Inspection Configuration Certificate] - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- id str
- The provider-assigned unique ID for this managed resource.
- number_
of_ intassociations - Number of firewall policies that use this TLS inspection configuration.
- Mapping[str, str]
- tls_
inspection_ strconfiguration_ id - A unique identifier for the TLS inspection configuration.
- update_
token str - String token used when updating the rule group.
- arn String
- ARN of the TLS Inspection Configuration.
- List<Property Map>
- Certificate Manager certificate block. See Certificate Authority below for details.
- certificates List<Property Map>
- List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- id String
- The provider-assigned unique ID for this managed resource.
- number
Of NumberAssociations - Number of firewall policies that use this TLS inspection configuration.
- Map<String>
- tls
Inspection StringConfiguration Id - A unique identifier for the TLS inspection configuration.
- update
Token String - String token used when updating the rule group.
Look up Existing TlsInspectionConfiguration Resource
Get an existing TlsInspectionConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: TlsInspectionConfigurationState, opts?: CustomResourceOptions): TlsInspectionConfiguration@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
certificate_authorities: Optional[Sequence[TlsInspectionConfigurationCertificateAuthorityArgs]] = None,
certificates: Optional[Sequence[TlsInspectionConfigurationCertificateArgs]] = None,
description: Optional[str] = None,
encryption_configurations: Optional[Sequence[TlsInspectionConfigurationEncryptionConfigurationArgs]] = None,
name: Optional[str] = None,
number_of_associations: Optional[int] = None,
region: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
timeouts: Optional[TlsInspectionConfigurationTimeoutsArgs] = None,
tls_inspection_configuration: Optional[TlsInspectionConfigurationTlsInspectionConfigurationArgs] = None,
tls_inspection_configuration_id: Optional[str] = None,
update_token: Optional[str] = None) -> TlsInspectionConfigurationfunc GetTlsInspectionConfiguration(ctx *Context, name string, id IDInput, state *TlsInspectionConfigurationState, opts ...ResourceOption) (*TlsInspectionConfiguration, error)public static TlsInspectionConfiguration Get(string name, Input<string> id, TlsInspectionConfigurationState? state, CustomResourceOptions? opts = null)public static TlsInspectionConfiguration get(String name, Output<String> id, TlsInspectionConfigurationState state, CustomResourceOptions options)resources: _: type: aws:networkfirewall:TlsInspectionConfiguration get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- ARN of the TLS Inspection Configuration.
-
List<Tls
Inspection Configuration Certificate Authority> - Certificate Manager certificate block. See Certificate Authority below for details.
- Certificates
List<Tls
Inspection Configuration Certificate> - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- Description string
- Description of the TLS inspection configuration.
- Encryption
Configurations List<TlsInspection Configuration Encryption Configuration> - Encryption configuration block. Detailed below.
- Name string
- Descriptive name of the TLS inspection configuration.
- Number
Of intAssociations - Number of firewall policies that use this TLS inspection configuration.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Dictionary<string, string>
- Dictionary<string, string>
- Timeouts
Tls
Inspection Configuration Timeouts - Tls
Inspection TlsConfig Inspection Configuration Tls Inspection Configuration TLS inspection configuration block. Detailed below.
The following arguments are optional:
- Tls
Inspection stringConfiguration Id - A unique identifier for the TLS inspection configuration.
- Update
Token string - String token used when updating the rule group.
- Arn string
- ARN of the TLS Inspection Configuration.
-
[]Tls
Inspection Configuration Certificate Authority Args - Certificate Manager certificate block. See Certificate Authority below for details.
- Certificates
[]Tls
Inspection Configuration Certificate Args - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- Description string
- Description of the TLS inspection configuration.
- Encryption
Configurations []TlsInspection Configuration Encryption Configuration Args - Encryption configuration block. Detailed below.
- Name string
- Descriptive name of the TLS inspection configuration.
- Number
Of intAssociations - Number of firewall policies that use this TLS inspection configuration.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- map[string]string
- map[string]string
- Timeouts
Tls
Inspection Configuration Timeouts Args - Tls
Inspection TlsConfiguration Inspection Configuration Tls Inspection Configuration Args TLS inspection configuration block. Detailed below.
The following arguments are optional:
- Tls
Inspection stringConfiguration Id - A unique identifier for the TLS inspection configuration.
- Update
Token string - String token used when updating the rule group.
- arn String
- ARN of the TLS Inspection Configuration.
-
List<Tls
Inspection Configuration Certificate Authority> - Certificate Manager certificate block. See Certificate Authority below for details.
- certificates
List<Tls
Inspection Configuration Certificate> - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- description String
- Description of the TLS inspection configuration.
- encryption
Configurations List<TlsInspection Configuration Encryption Configuration> - Encryption configuration block. Detailed below.
- name String
- Descriptive name of the TLS inspection configuration.
- number
Of IntegerAssociations - Number of firewall policies that use this TLS inspection configuration.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String,String>
- Map<String,String>
- timeouts
Tls
Inspection Configuration Timeouts - tls
Inspection TlsConfiguration Inspection Configuration Tls Inspection Configuration TLS inspection configuration block. Detailed below.
The following arguments are optional:
- tls
Inspection StringConfiguration Id - A unique identifier for the TLS inspection configuration.
- update
Token String - String token used when updating the rule group.
- arn string
- ARN of the TLS Inspection Configuration.
-
Tls
Inspection Configuration Certificate Authority[] - Certificate Manager certificate block. See Certificate Authority below for details.
- certificates
Tls
Inspection Configuration Certificate[] - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- description string
- Description of the TLS inspection configuration.
- encryption
Configurations TlsInspection Configuration Encryption Configuration[] - Encryption configuration block. Detailed below.
- name string
- Descriptive name of the TLS inspection configuration.
- number
Of numberAssociations - Number of firewall policies that use this TLS inspection configuration.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- {[key: string]: string}
- {[key: string]: string}
- timeouts
Tls
Inspection Configuration Timeouts - tls
Inspection TlsConfiguration Inspection Configuration Tls Inspection Configuration TLS inspection configuration block. Detailed below.
The following arguments are optional:
- tls
Inspection stringConfiguration Id - A unique identifier for the TLS inspection configuration.
- update
Token string - String token used when updating the rule group.
- arn str
- ARN of the TLS Inspection Configuration.
-
Sequence[Tls
Inspection Configuration Certificate Authority Args] - Certificate Manager certificate block. See Certificate Authority below for details.
- certificates
Sequence[Tls
Inspection Configuration Certificate Args] - List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- description str
- Description of the TLS inspection configuration.
- encryption_
configurations Sequence[TlsInspection Configuration Encryption Configuration Args] - Encryption configuration block. Detailed below.
- name str
- Descriptive name of the TLS inspection configuration.
- number_
of_ intassociations - Number of firewall policies that use this TLS inspection configuration.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Mapping[str, str]
- Mapping[str, str]
- timeouts
Tls
Inspection Configuration Timeouts Args - tls_
inspection_ Tlsconfiguration Inspection Configuration Tls Inspection Configuration Args TLS inspection configuration block. Detailed below.
The following arguments are optional:
- tls_
inspection_ strconfiguration_ id - A unique identifier for the TLS inspection configuration.
- update_
token str - String token used when updating the rule group.
- arn String
- ARN of the TLS Inspection Configuration.
- List<Property Map>
- Certificate Manager certificate block. See Certificate Authority below for details.
- certificates List<Property Map>
- List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
- description String
- Description of the TLS inspection configuration.
- encryption
Configurations List<Property Map> - Encryption configuration block. Detailed below.
- name String
- Descriptive name of the TLS inspection configuration.
- number
Of NumberAssociations - Number of firewall policies that use this TLS inspection configuration.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Map<String>
- Map<String>
- timeouts Property Map
- tls
Inspection Property MapConfiguration TLS inspection configuration block. Detailed below.
The following arguments are optional:
- tls
Inspection StringConfiguration Id - A unique identifier for the TLS inspection configuration.
- update
Token String - String token used when updating the rule group.
Supporting Types
TlsInspectionConfigurationCertificate, TlsInspectionConfigurationCertificateArgs
- Certificate
Arn string - ARN of the certificate.
- Certificate
Serial string - Serial number of the certificate.
- Status string
- Status of the certificate.
- Status
Message string - Details about the certificate status, including information about certificate errors.
- Certificate
Arn string - ARN of the certificate.
- Certificate
Serial string - Serial number of the certificate.
- Status string
- Status of the certificate.
- Status
Message string - Details about the certificate status, including information about certificate errors.
- certificate
Arn String - ARN of the certificate.
- certificate
Serial String - Serial number of the certificate.
- status String
- Status of the certificate.
- status
Message String - Details about the certificate status, including information about certificate errors.
- certificate
Arn string - ARN of the certificate.
- certificate
Serial string - Serial number of the certificate.
- status string
- Status of the certificate.
- status
Message string - Details about the certificate status, including information about certificate errors.
- certificate_
arn str - ARN of the certificate.
- certificate_
serial str - Serial number of the certificate.
- status str
- Status of the certificate.
- status_
message str - Details about the certificate status, including information about certificate errors.
- certificate
Arn String - ARN of the certificate.
- certificate
Serial String - Serial number of the certificate.
- status String
- Status of the certificate.
- status
Message String - Details about the certificate status, including information about certificate errors.
TlsInspectionConfigurationCertificateAuthority, TlsInspectionConfigurationCertificateAuthorityArgs
- Certificate
Arn string - ARN of the certificate.
- Certificate
Serial string - Serial number of the certificate.
- Status string
- Status of the certificate.
- Status
Message string - Details about the certificate status, including information about certificate errors.
- Certificate
Arn string - ARN of the certificate.
- Certificate
Serial string - Serial number of the certificate.
- Status string
- Status of the certificate.
- Status
Message string - Details about the certificate status, including information about certificate errors.
- certificate
Arn String - ARN of the certificate.
- certificate
Serial String - Serial number of the certificate.
- status String
- Status of the certificate.
- status
Message String - Details about the certificate status, including information about certificate errors.
- certificate
Arn string - ARN of the certificate.
- certificate
Serial string - Serial number of the certificate.
- status string
- Status of the certificate.
- status
Message string - Details about the certificate status, including information about certificate errors.
- certificate_
arn str - ARN of the certificate.
- certificate_
serial str - Serial number of the certificate.
- status str
- Status of the certificate.
- status_
message str - Details about the certificate status, including information about certificate errors.
- certificate
Arn String - ARN of the certificate.
- certificate
Serial String - Serial number of the certificate.
- status String
- Status of the certificate.
- status
Message String - Details about the certificate status, including information about certificate errors.
TlsInspectionConfigurationEncryptionConfiguration, TlsInspectionConfigurationEncryptionConfigurationArgs
TlsInspectionConfigurationTimeouts, TlsInspectionConfigurationTimeoutsArgs
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- Delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- Update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update string
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update str
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- create String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
- delete String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
- update String
- A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
TlsInspectionConfigurationTlsInspectionConfiguration, TlsInspectionConfigurationTlsInspectionConfigurationArgs
- Server
Certificate TlsConfiguration Inspection Configuration Tls Inspection Configuration Server Certificate Configuration - Server certificate configurations that are associated with the TLS configuration. Detailed below.
- Server
Certificate TlsConfiguration Inspection Configuration Tls Inspection Configuration Server Certificate Configuration - Server certificate configurations that are associated with the TLS configuration. Detailed below.
- server
Certificate TlsConfiguration Inspection Configuration Tls Inspection Configuration Server Certificate Configuration - Server certificate configurations that are associated with the TLS configuration. Detailed below.
- server
Certificate TlsConfiguration Inspection Configuration Tls Inspection Configuration Server Certificate Configuration - Server certificate configurations that are associated with the TLS configuration. Detailed below.
- server_
certificate_ Tlsconfiguration Inspection Configuration Tls Inspection Configuration Server Certificate Configuration - Server certificate configurations that are associated with the TLS configuration. Detailed below.
- server
Certificate Property MapConfiguration - Server certificate configurations that are associated with the TLS configuration. Detailed below.
TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfiguration, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
- string
- ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
- Check
Certificate TlsRevocation Status Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status - Check Certificate Revocation Status block. Detailed below.
- Scopes
List<Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope> - Scope block. Detailed below.
- Server
Certificates List<TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Server Certificate> - Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
- string
- ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
- Check
Certificate TlsRevocation Status Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status - Check Certificate Revocation Status block. Detailed below.
- Scopes
[]Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope - Scope block. Detailed below.
- Server
Certificates []TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Server Certificate - Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
- String
- ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
- check
Certificate TlsRevocation Status Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status - Check Certificate Revocation Status block. Detailed below.
- scopes
List<Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope> - Scope block. Detailed below.
- server
Certificates List<TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Server Certificate> - Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
- string
- ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
- check
Certificate TlsRevocation Status Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status - Check Certificate Revocation Status block. Detailed below.
- scopes
Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope[] - Scope block. Detailed below.
- server
Certificates TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Server Certificate[] - Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
- str
- ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
- check_
certificate_ Tlsrevocation_ status Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Check Certificate Revocation Status - Check Certificate Revocation Status block. Detailed below.
- scopes
Sequence[Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope] - Scope block. Detailed below.
- server_
certificates Sequence[TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Server Certificate] - Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
- String
- ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
- check
Certificate Property MapRevocation Status - Check Certificate Revocation Status block. Detailed below.
- scopes List<Property Map>
- Scope block. Detailed below.
- server
Certificates List<Property Map> - Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatus, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs
- Revoked
Status stringAction - Unknown
Status stringAction
- Revoked
Status stringAction - Unknown
Status stringAction
- revoked
Status StringAction - unknown
Status StringAction
- revoked
Status stringAction - unknown
Status stringAction
- revoked
Status StringAction - unknown
Status StringAction
TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScope, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
- Protocols List<int>
- Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values:
6 - Destination
Ports List<TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination Port> - Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
- Destinations
List<Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination> - Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
- Source
Ports List<TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source Port> - Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
- Sources
List<Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source> - Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
- Protocols []int
- Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values:
6 - Destination
Ports []TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination Port - Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
- Destinations
[]Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination - Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
- Source
Ports []TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source Port - Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
- Sources
[]Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source - Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
- protocols List<Integer>
- Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values:
6 - destination
Ports List<TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination Port> - Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
- destinations
List<Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination> - Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
- source
Ports List<TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source Port> - Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
- sources
List<Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source> - Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
- protocols number[]
- Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values:
6 - destination
Ports TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination Port[] - Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
- destinations
Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination[] - Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
- source
Ports TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source Port[] - Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
- sources
Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source[] - Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
- protocols Sequence[int]
- Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values:
6 - destination_
ports Sequence[TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination Port] - Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
- destinations
Sequence[Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Destination] - Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
- source_
ports Sequence[TlsInspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source Port] - Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
- sources
Sequence[Tls
Inspection Configuration Tls Inspection Configuration Server Certificate Configuration Scope Source] - Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
- protocols List<Number>
- Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values:
6 - destination
Ports List<Property Map> - Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
- destinations List<Property Map>
- Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
- source
Ports List<Property Map> - Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
- sources List<Property Map>
- Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestination, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
- Address
Definition string - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- Address
Definition string - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- address
Definition String - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- address
Definition string - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- address_
definition str - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- address
Definition String - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPort, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSource, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
- Address
Definition string - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- Address
Definition string - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- address
Definition String - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- address
Definition string - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- address_
definition str - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
- address
Definition String - An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePort, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificate, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs
- Resource
Arn string - ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- Resource
Arn string - ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- resource
Arn String - ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- resource
Arn string - ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- resource_
arn str - ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
- resource
Arn String - ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
Import
Identity Schema
Required
arn(String) Amazon Resource Name (ARN) of the Network Firewall TLS inspection configuration.
Using pulumi import, import Network Firewall TLS Inspection Configuration using the arn. For example:
console
% pulumi import aws_networkfirewall_tls_inspection_configuration.example arn:aws:network-firewall::
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
