AWS::NetworkFirewall::TLSInspectionConfiguration ServerCertificateScope
Settings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic that Network Firewall should decrypt for inspection by the stateful rule engine.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "DestinationPorts" :
[ PortRange, ... ]
, "Destinations" :[ Address, ... ]
, "Protocols" :[ Integer, ... ]
, "SourcePorts" :[ PortRange, ... ]
, "Sources" :[ Address, ... ]
}
YAML
DestinationPorts:
- PortRange
Destinations:- Address
Protocols:- Integer
SourcePorts:- PortRange
Sources:- Address
Properties
DestinationPorts
-
The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.Required: No
Type: Array of PortRange
Update requires: No interruption
Destinations
-
The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
Required: No
Type: Array of Address
Update requires: No interruption
Protocols
-
The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
Required: No
Type: Array of Integer
Update requires: No interruption
SourcePorts
-
The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.
You can specify individual ports, for example
1994
, and you can specify port ranges, such as1990:1994
.Required: No
Type: Array of PortRange
Update requires: No interruption
Sources
-
The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
Required: No
Type: Array of Address
Update requires: No interruption