AWS::ElasticLoadBalancingV2::Listener MutualAuthentication - AWS CloudFormation

This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::ElasticLoadBalancingV2::Listener MutualAuthentication

The mutual authentication configuration information.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "AdvertiseTrustStoreCaNames" : String, "IgnoreClientCertificateExpiry" : Boolean, "Mode" : String, "TrustStoreArn" : String }

Properties

AdvertiseTrustStoreCaNames

Indicates whether trust store CA certificate names are advertised.

Required: No

Type: String

Allowed values: on | off

Update requires: No interruption

IgnoreClientCertificateExpiry

Indicates whether expired client certificates are ignored.

Required: No

Type: Boolean

Update requires: No interruption

Mode

The client certificate handling method. Options are off, passthrough or verify. The default value is off.

Required: No

Type: String

Update requires: No interruption

TrustStoreArn

The Amazon Resource Name (ARN) of the trust store.

Required: No

Type: String

Update requires: No interruption

Examples

The following example configures mutual TLS verify mode.

YAML

myHTTPSListener: Type: 'AWS::ElasticLoadBalancingV2::Listener' Properties: LoadBalancerArn: !Ref myLoadBalancer Protocol: HTTPS Port: 443 DefaultActions: - Type: forward TargetGroupArn: !Ref myTargetGroup SslPolicy: "ELBSecurityPolicy-TLS13-1-2-2021-06" Certificates: - CertificateArn: "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE" MutualAuthentication: - Mode: verify TrustStoreArn: !Ref myTrustStore

JSON

{ "myHTTPSListener": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "LoadBalancerArn": { "Ref": "myLoadBalancer" }, "Protocol": "HTTPS", "Port": 443, "DefaultActions": [ { "Type": "forward", "TargetGroupArn": { "Ref": "myTargetGroup" } } ], "SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06", "Certificates": [ { "CertificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE" } ], "MutualAuthentication": [ { "Mode": "verify", "TrustStoreArn": { "Ref": "myTrustStore" } } ] } } }