Class CfnTLSInspectionConfiguration
- All Implemented Interfaces:
IInspectable
,ITaggableV2
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
AWS Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.
To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.networkfirewall.*; CfnTLSInspectionConfiguration cfnTLSInspectionConfiguration = CfnTLSInspectionConfiguration.Builder.create(this, "MyCfnTLSInspectionConfiguration") .tlsInspectionConfiguration(TLSInspectionConfigurationProperty.builder() .serverCertificateConfigurations(List.of(ServerCertificateConfigurationProperty.builder() .certificateAuthorityArn("certificateAuthorityArn") .checkCertificateRevocationStatus(CheckCertificateRevocationStatusProperty.builder() .revokedStatusAction("revokedStatusAction") .unknownStatusAction("unknownStatusAction") .build()) .scopes(List.of(ServerCertificateScopeProperty.builder() .destinationPorts(List.of(PortRangeProperty.builder() .fromPort(123) .toPort(123) .build())) .destinations(List.of(AddressProperty.builder() .addressDefinition("addressDefinition") .build())) .protocols(List.of(123)) .sourcePorts(List.of(PortRangeProperty.builder() .fromPort(123) .toPort(123) .build())) .sources(List.of(AddressProperty.builder() .addressDefinition("addressDefinition") .build())) .build())) .serverCertificates(List.of(ServerCertificateProperty.builder() .resourceArn("resourceArn") .build())) .build())) .build()) .tlsInspectionConfigurationName("tlsInspectionConfigurationName") // the properties below are optional .description("description") .tags(List.of(CfnTag.builder() .key("key") .value("value") .build())) .build();
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
A single IP address specification.static final class
A fluent builder forCfnTLSInspectionConfiguration
.static interface
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.static interface
A single port range specification.static interface
Configures the AWS Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration .static interface
Any AWS Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a ServerCertificateConfiguration .static interface
Settings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic that Network Firewall should decrypt for inspection by the stateful rule engine.static interface
The object that defines a TLS inspection configuration.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
Nested classes/interfaces inherited from interface software.amazon.awscdk.ITaggableV2
ITaggableV2.Jsii$Default, ITaggableV2.Jsii$Proxy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ModifierConstructorDescriptionprotected
CfnTLSInspectionConfiguration
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnTLSInspectionConfiguration
(software.amazon.jsii.JsiiObjectRef objRef) CfnTLSInspectionConfiguration
(software.constructs.Construct scope, String id, CfnTLSInspectionConfigurationProps props) -
Method Summary
Modifier and TypeMethodDescriptionThe Amazon Resource Name (ARN) of the TLS inspection configuration.A unique identifier for the TLS inspection configuration.Tag Manager which manages the tags for this resource.A description of the TLS inspection configuration.getTags()
The key:value pairs to associate with the resource.The object that defines a TLS inspection configuration.The descriptive name of the TLS inspection configuration.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setDescription
(String value) A description of the TLS inspection configuration.void
The key:value pairs to associate with the resource.void
The object that defines a TLS inspection configuration.void
setTlsInspectionConfiguration
(CfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty value) The object that defines a TLS inspection configuration.void
The descriptive name of the TLS inspection configuration.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.constructs.Construct
getNode, isConstruct
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnTLSInspectionConfiguration
protected CfnTLSInspectionConfiguration(software.amazon.jsii.JsiiObjectRef objRef) -
CfnTLSInspectionConfiguration
protected CfnTLSInspectionConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnTLSInspectionConfiguration
@Stability(Stable) public CfnTLSInspectionConfiguration(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnTLSInspectionConfigurationProps props) - Parameters:
scope
- Scope in which this resource is defined. This parameter is required.id
- Construct identifier for this resource (unique in its scope). This parameter is required.props
- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrTlsInspectionConfigurationArn
The Amazon Resource Name (ARN) of the TLS inspection configuration. -
getAttrTlsInspectionConfigurationId
A unique identifier for the TLS inspection configuration.This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
-
getCdkTagManager
Tag Manager which manages the tags for this resource.- Specified by:
getCdkTagManager
in interfaceITaggableV2
-
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getTlsInspectionConfiguration
The object that defines a TLS inspection configuration. -
setTlsInspectionConfiguration
The object that defines a TLS inspection configuration. -
setTlsInspectionConfiguration
@Stability(Stable) public void setTlsInspectionConfiguration(@NotNull CfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty value) The object that defines a TLS inspection configuration. -
getTlsInspectionConfigurationName
The descriptive name of the TLS inspection configuration. -
setTlsInspectionConfigurationName
The descriptive name of the TLS inspection configuration. -
getDescription
A description of the TLS inspection configuration. -
setDescription
A description of the TLS inspection configuration. -
getTags
The key:value pairs to associate with the resource. -
setTags
The key:value pairs to associate with the resource.
-