AWS::ElasticLoadBalancingV2::Listener MutualAuthentication - Amazon CloudFormation
SyntaxPropertiesExamples
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::ElasticLoadBalancingV2::Listener MutualAuthentication

The mutual authentication configuration information.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "AdvertiseTrustStoreCaNames" : String,
  "IgnoreClientCertificateExpiry" : Boolean,
  "Mode" : String,
  "TrustStoreArn" : String
}

Properties

AdvertiseTrustStoreCaNames

Indicates whether trust store CA certificate names are advertised.

Required: No

Type: String

Allowed values: on | off

Update requires: No interruption

IgnoreClientCertificateExpiry

Indicates whether expired client certificates are ignored.

Required: No

Type: Boolean

Update requires: No interruption

Mode

The client certificate handling method. Options are off, passthrough or verify. The default value is off.

Required: No

Type: String

Update requires: No interruption

TrustStoreArn

The Amazon Resource Name (ARN) of the trust store.

Required: No

Type: String

Update requires: No interruption

Examples

The following example configures mutual TLS verify mode.

YAML

myHTTPSListener:
  Type: 'AWS::ElasticLoadBalancingV2::Listener'
  Properties: 
    LoadBalancerArn: !Ref myLoadBalancer
    Protocol: HTTPS
    Port: 443
    DefaultActions:
      - Type: forward
        TargetGroupArn: !Ref myTargetGroup
    SslPolicy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
    Certificates: 
      - CertificateArn: "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE"
    MutualAuthentication:
      - Mode: verify
        TrustStoreArn: !Ref myTrustStore

JSON

{
    "myHTTPSListener": {
        "Type": "AWS::ElasticLoadBalancingV2::Listener",
        "Properties": {
            "LoadBalancerArn": {
                "Ref": "myLoadBalancer"
            },
            "Protocol": "HTTPS",
            "Port": 443,
            "DefaultActions": [
                {
                    "Type": "forward",
                    "TargetGroupArn": {
                        "Ref": "myTargetGroup"
                    }
                }
            ],
            "SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06",
            "Certificates": [
                {
                    "CertificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE"
                }
            ],
            "MutualAuthentication": [
                {
                    "Mode": "verify",
                    "TrustStoreArn": {
                        "Ref": "myTrustStore"
                    }
                }
            ]
        }
    }
}