Package software.amazon.awscdk.services.networkfirewall

Interface CfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
CfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty.Jsii$Proxy
Enclosing class:
CfnTLSInspectionConfiguration
@Stability(Stable) public static interface CfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty extends software.amazon.jsii.JsiiSerializable
The object that defines a TLS inspection configuration. This defines the TLS inspection configuration.

AWS Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.

To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.networkfirewall.*;
 TLSInspectionConfigurationProperty tLSInspectionConfigurationProperty = TLSInspectionConfigurationProperty.builder()
         .serverCertificateConfigurations(List.of(ServerCertificateConfigurationProperty.builder()
                 .certificateAuthorityArn("certificateAuthorityArn")
                 .checkCertificateRevocationStatus(CheckCertificateRevocationStatusProperty.builder()
                         .revokedStatusAction("revokedStatusAction")
                         .unknownStatusAction("unknownStatusAction")
                         .build())
                 .scopes(List.of(ServerCertificateScopeProperty.builder()
                         .destinationPorts(List.of(PortRangeProperty.builder()
                                 .fromPort(123)
                                 .toPort(123)
                                 .build()))
                         .destinations(List.of(AddressProperty.builder()
                                 .addressDefinition("addressDefinition")
                                 .build()))
                         .protocols(List.of(123))
                         .sourcePorts(List.of(PortRangeProperty.builder()
                                 .fromPort(123)
                                 .toPort(123)
                                 .build()))
                         .sources(List.of(AddressProperty.builder()
                                 .addressDefinition("addressDefinition")
                                 .build()))
                         .build()))
                 .serverCertificates(List.of(ServerCertificateProperty.builder()
                         .resourceArn("resourceArn")
                         .build()))
                 .build()))
         .build();

See Also: