AWS::ElasticLoadBalancingV2::Listener MutualAuthentication

The mutual authentication configuration information.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "AdvertiseTrustStoreCaNames" : String,
  "IgnoreClientCertificateExpiry" : Boolean,
  "Mode" : String,
  "TrustStoreArn" : String
}

YAML


  AdvertiseTrustStoreCaNames: String
  IgnoreClientCertificateExpiry: Boolean
  Mode: String
  TrustStoreArn: String

Properties

AdvertiseTrustStoreCaNames

Indicates whether trust store CA certificate names are advertised.

Required: No

Type: String

Allowed values: on | off

Update requires: No interruption

IgnoreClientCertificateExpiry

Indicates whether expired client certificates are ignored.

Required: No

Type: Boolean

Update requires: No interruption

Mode

The client certificate handling method. Options are off, passthrough or verify. The default value is off.

Required: No

Type: String

Update requires: No interruption

TrustStoreArn

The Amazon Resource Name (ARN) of the trust store.

Required: No

Type: String

Update requires: No interruption

Examples

The following example configures mutual TLS verify mode.

YAML


myHTTPSListener:
  Type: 'AWS::ElasticLoadBalancingV2::Listener'
  Properties: 
    LoadBalancerArn: !Ref myLoadBalancer
    Protocol: HTTPS
    Port: 443
    DefaultActions:
      - Type: forward
        TargetGroupArn: !Ref myTargetGroup
    SslPolicy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
    Certificates: 
      - CertificateArn: "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE"
    MutualAuthentication:
      - Mode: verify
        TrustStoreArn: !Ref myTrustStore

JSON


{
    "myHTTPSListener": {
        "Type": "AWS::ElasticLoadBalancingV2::Listener",
        "Properties": {
            "LoadBalancerArn": {
                "Ref": "myLoadBalancer"
            },
            "Protocol": "HTTPS",
            "Port": 443,
            "DefaultActions": [
                {
                    "Type": "forward",
                    "TargetGroupArn": {
                        "Ref": "myTargetGroup"
                    }
                }
            ],
            "SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06",
            "Certificates": [
                {
                    "CertificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE"
                }
            ],
            "MutualAuthentication": [
                {
                    "Mode": "verify",
                    "TrustStoreArn": {
                        "Ref": "myTrustStore"
                    }
                }
            ]
        }
    }
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ListenerAttribute

RedirectConfig