AWS::NetworkFirewall::TLSInspectionConfiguration TLSInspectionConfiguration - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::NetworkFirewall::TLSInspectionConfiguration TLSInspectionConfiguration

The object that defines a TLS inspection configuration. This defines the TLS inspection configuration.

Amazon Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.

To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Amazon Network Firewall Developer Guide.


To declare this entity in your Amazon CloudFormation template, use the following syntax:



Lists the server certificate configurations that are associated with the TLS configuration.

Required: No

Type: Array of ServerCertificateConfiguration

Update requires: No interruption