AWS::NetworkFirewall::TLSInspectionConfiguration ServerCertificateScope
Settings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic that Network Firewall should decrypt for inspection by the stateful rule engine.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "DestinationPorts" :[ PortRange, ... ], "Destinations" :[ Address, ... ], "Protocols" :[ Integer, ... ], "SourcePorts" :[ PortRange, ... ], "Sources" :[ Address, ... ]}
YAML
DestinationPorts:- PortRangeDestinations:- AddressProtocols:- IntegerSourcePorts:- PortRangeSources:- Address
Properties
DestinationPorts-
The destination ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any destination port.
You can specify individual ports, for example
1994, and you can specify port ranges, such as1990:1994.Required: No
Type: Array of PortRange
Update requires: No interruption
Destinations-
The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
Required: No
Type: Array of Address
Update requires: No interruption
Protocols-
The protocols to decrypt for inspection, specified using each protocol's assigned internet protocol number (IANA). Network Firewall currently supports only TCP.
Required: No
Type: Array of Integer
Update requires: No interruption
SourcePorts-
The source ports to decrypt for inspection, in Transmission Control Protocol (TCP) format. If not specified, this matches with any source port.
You can specify individual ports, for example
1994, and you can specify port ranges, such as1990:1994.Required: No
Type: Array of PortRange
Update requires: No interruption
Sources-
The source IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any source address.
Required: No
Type: Array of Address
Update requires: No interruption
