AWS::ElasticLoadBalancingV2::Listener MutualAuthentication - AWS CloudFormation
SyntaxPropertiesExamples

This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.

AWS::ElasticLoadBalancingV2::Listener MutualAuthentication

The mutual authentication configuration information.

Syntax

To declare this entity in your CloudFormation template, use the following syntax:

JSON

{
  "AdvertiseTrustStoreCaNames" : String,
  "IgnoreClientCertificateExpiry" : Boolean,
  "Mode" : String,
  "TrustStoreArn" : String
}

Properties

AdvertiseTrustStoreCaNames

Indicates whether trust store CA certificate names are advertised.

Required: No

Type: String

Allowed values: on | off

Update requires: No interruption

IgnoreClientCertificateExpiry

Indicates whether expired client certificates are ignored.

Required: No

Type: Boolean

Update requires: No interruption

Mode

The client certificate handling method. Options are off, passthrough or verify. The default value on initial resource creation is off. After mutual authentication is turned on, you must explicitly set the Mode to off to turn it off; removing the property from your template will not turn it off.

Required: No

Type: String

Update requires: No interruption

TrustStoreArn

The Amazon Resource Name (ARN) of the trust store.

Required: No

Type: String

Update requires: No interruption

Examples

The following example configures mutual TLS verify mode.

YAML

myHTTPSListener:
  Type: 'AWS::ElasticLoadBalancingV2::Listener'
  Properties: 
    LoadBalancerArn: !Ref myLoadBalancer
    Protocol: HTTPS
    Port: 443
    DefaultActions:
      - Type: forward
        TargetGroupArn: !Ref myTargetGroup
    SslPolicy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
    Certificates: 
      - CertificateArn: "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE"
    MutualAuthentication:
      - Mode: verify
        TrustStoreArn: !Ref myTrustStore

JSON

{
    "myHTTPSListener": {
        "Type": "AWS::ElasticLoadBalancingV2::Listener",
        "Properties": {
            "LoadBalancerArn": {
                "Ref": "myLoadBalancer"
            },
            "Protocol": "HTTPS",
            "Port": 443,
            "DefaultActions": [
                {
                    "Type": "forward",
                    "TargetGroupArn": {
                        "Ref": "myTargetGroup"
                    }
                }
            ],
            "SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06",
            "Certificates": [
                {
                    "CertificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE"
                }
            ],
            "MutualAuthentication": [
                {
                    "Mode": "verify",
                    "TrustStoreArn": {
                        "Ref": "myTrustStore"
                    }
                }
            ]
        }
    }
}