Package software.amazon.awscdk.services.networkfirewall

Interface CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty.Jsii$Proxy

Enclosing class:

CfnTLSInspectionConfiguration

@Stability(Stable)
public static interface CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty
extends software.amazon.jsii.JsiiSerializable

Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration . You can configure ServerCertificates for inbound SSL/TLS inspection, a CertificateAuthorityArn for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see Using SSL/TLS server certficiates with TLS inspection configurations in the AWS Network Firewall Developer Guide .

If a server certificate that's associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.networkfirewall.*;
 ServerCertificateConfigurationProperty serverCertificateConfigurationProperty = ServerCertificateConfigurationProperty.builder()
         .certificateAuthorityArn("certificateAuthorityArn")
         .checkCertificateRevocationStatus(CheckCertificateRevocationStatusProperty.builder()
                 .revokedStatusAction("revokedStatusAction")
                 .unknownStatusAction("unknownStatusAction")
                 .build())
         .scopes(List.of(ServerCertificateScopeProperty.builder()
                 .destinationPorts(List.of(PortRangeProperty.builder()
                         .fromPort(123)
                         .toPort(123)
                         .build()))
                 .destinations(List.of(AddressProperty.builder()
                         .addressDefinition("addressDefinition")
                         .build()))
                 .protocols(List.of(123))
                 .sourcePorts(List.of(PortRangeProperty.builder()
                         .fromPort(123)
                         .toPort(123)
                         .build()))
                 .sources(List.of(AddressProperty.builder()
                         .addressDefinition("addressDefinition")
                         .build()))
                 .build()))
         .serverCertificates(List.of(ServerCertificateProperty.builder()
                 .resourceArn("resourceArn")
                 .build()))
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty.Builder	A builder for CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty
static final class	CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty.Jsii$Proxy	An implementation for CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty

Method Summary

Modifier and Type	Method	Description
static CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty.Builder	builder()
default String	getCertificateAuthorityArn()	The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
default Object	getCheckCertificateRevocationStatus()	When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.
default Object	getScopes()	A list of scopes.
default Object	getServerCertificates()	The list of server certificates to use for inbound SSL/TLS inspection.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getCertificateAuthorityArn

@Stability(Stable)
@Nullable
default String getCertificateAuthorityArn()

The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.

The following limitations apply:

• You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
• You can't use certificates issued by AWS Private Certificate Authority .

For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with TLS inspection configurations in the AWS Network Firewall Developer Guide .

For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration-certificateauthorityarn

getCheckCertificateRevocationStatus

@Stability(Stable)
@Nullable
default Object getCheckCertificateRevocationStatus()

When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.

If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration .

Returns union: either IResolvable or CfnTLSInspectionConfiguration.CheckCertificateRevocationStatusProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration-checkcertificaterevocationstatus

getScopes

@Stability(Stable)
@Nullable
default Object getScopes()

A list of scopes.

Returns union: either IResolvable or Listinvalid input: '<'either IResolvable or CfnTLSInspectionConfiguration.ServerCertificateScopeProperty>

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration-scopes

getServerCertificates

@Stability(Stable)
@Nullable
default Object getServerCertificates()

The list of server certificates to use for inbound SSL/TLS inspection.

Returns union: either IResolvable or Listinvalid input: '<'either IResolvable or CfnTLSInspectionConfiguration.ServerCertificateProperty>

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html#cfn-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration-servercertificates

builder

@Stability(Stable)
static CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty.Builder builder()

Returns:

a CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty.Builder of CfnTLSInspectionConfiguration.ServerCertificateConfigurationProperty