AWS::NetworkFirewall::TLSInspectionConfiguration ServerCertificate - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::NetworkFirewall::TLSInspectionConfiguration ServerCertificate

Any Amazon Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a ServerCertificateConfiguration. Used in a TLSInspectionConfiguration for inspection of inbound traffic to your firewall. You must request or import a SSL/TLS certificate into ACM for each domain Network Firewall needs to decrypt and inspect. Amazon Network Firewall uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic going to your firewall. For information about working with certificates in Amazon Certificate Manager, see Request a public certificate or Importing certificates in the Amazon Certificate Manager User Guide.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "ResourceArn" : String }


ResourceArn: String



The Amazon Resource Name (ARN) of the Amazon Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.

Required: No

Type: String

Pattern: ^(arn:aws.*)$

Minimum: 1

Maximum: 256

Update requires: No interruption