Class CfnTLSInspectionConfiguration
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.networkfirewall.CfnTLSInspectionConfiguration
- All Implemented Interfaces:
IInspectable,IEnvironmentAware,ITLSInspectionConfigurationRef,ITaggableV2,software.amazon.jsii.JsiiSerializable,software.constructs.IConstruct,software.constructs.IDependable
@Generated(value="jsii-pacmak/1.121.0 (build d7af9b9)",
date="2025-12-18T18:20:13.923Z")
@Stability(Stable)
public class CfnTLSInspectionConfiguration
extends CfnResource
implements IInspectable, ITLSInspectionConfigurationRef, ITaggableV2
The object that defines a TLS inspection configuration.
AWS Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.
To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the AWS Network Firewall Developer Guide .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.networkfirewall.*;
CfnTLSInspectionConfiguration cfnTLSInspectionConfiguration = CfnTLSInspectionConfiguration.Builder.create(this, "MyCfnTLSInspectionConfiguration")
.tlsInspectionConfiguration(TLSInspectionConfigurationProperty.builder()
.serverCertificateConfigurations(List.of(ServerCertificateConfigurationProperty.builder()
.certificateAuthorityArn("certificateAuthorityArn")
.checkCertificateRevocationStatus(CheckCertificateRevocationStatusProperty.builder()
.revokedStatusAction("revokedStatusAction")
.unknownStatusAction("unknownStatusAction")
.build())
.scopes(List.of(ServerCertificateScopeProperty.builder()
.destinationPorts(List.of(PortRangeProperty.builder()
.fromPort(123)
.toPort(123)
.build()))
.destinations(List.of(AddressProperty.builder()
.addressDefinition("addressDefinition")
.build()))
.protocols(List.of(123))
.sourcePorts(List.of(PortRangeProperty.builder()
.fromPort(123)
.toPort(123)
.build()))
.sources(List.of(AddressProperty.builder()
.addressDefinition("addressDefinition")
.build()))
.build()))
.serverCertificates(List.of(ServerCertificateProperty.builder()
.resourceArn("resourceArn")
.build()))
.build()))
.build())
.tlsInspectionConfigurationName("tlsInspectionConfigurationName")
// the properties below are optional
.description("description")
.tags(List.of(CfnTag.builder()
.key("key")
.value("value")
.build()))
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceA single IP address specification.static final classA fluent builder forCfnTLSInspectionConfiguration.static interfaceWhen enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.static interfaceA single port range specification.static interfaceConfigures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration .static interfaceAny Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a ServerCertificateConfiguration .static interfaceSettings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic that Network Firewall should decrypt for inspection by the stateful rule engine.static interfaceThe object that defines a TLS inspection configuration.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$ProxyNested classes/interfaces inherited from interface software.amazon.awscdk.ITaggableV2
ITaggableV2.Jsii$Default, ITaggableV2.Jsii$ProxyNested classes/interfaces inherited from interface software.amazon.awscdk.interfaces.networkfirewall.ITLSInspectionConfigurationRef
ITLSInspectionConfigurationRef.Jsii$Default, ITLSInspectionConfigurationRef.Jsii$Proxy -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe CloudFormation resource type name for this resource class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedCfnTLSInspectionConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedCfnTLSInspectionConfiguration(software.amazon.jsii.JsiiObjectRef objRef) CfnTLSInspectionConfiguration(software.constructs.Construct scope, String id, CfnTLSInspectionConfigurationProps props) Create a newAWS::NetworkFirewall::TLSInspectionConfiguration. -
Method Summary
Modifier and TypeMethodDescriptionstatic StringThe Amazon Resource Name (ARN) of the TLS inspection configuration.A unique identifier for the TLS inspection configuration.Tag Manager which manages the tags for this resource.A description of the TLS inspection configuration.getTags()The key:value pairs to associate with the resource.The object that defines a TLS inspection configuration.The descriptive name of the TLS inspection configuration.A reference to a TLSInspectionConfiguration resource.voidinspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.static BooleanChecks whether the given object is a CfnTLSInspectionConfiguration.renderProperties(Map<String, Object> props) voidsetDescription(String value) A description of the TLS inspection configuration.voidThe key:value pairs to associate with the resource.voidThe object that defines a TLS inspection configuration.voidsetTlsInspectionConfiguration(CfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty value) The object that defines a TLS inspection configuration.voidThe descriptive name of the TLS inspection configuration.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getEnv, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validatePropertiesMethods inherited from class software.amazon.awscdk.CfnRefElement
getRefMethods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdMethods inherited from class software.constructs.Construct
getNode, isConstructMethods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface software.constructs.IConstruct
getNodeMethods inherited from interface software.amazon.awscdk.interfaces.IEnvironmentAware
getEnvMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnTLSInspectionConfiguration
protected CfnTLSInspectionConfiguration(software.amazon.jsii.JsiiObjectRef objRef) -
CfnTLSInspectionConfiguration
protected CfnTLSInspectionConfiguration(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnTLSInspectionConfiguration
@Stability(Stable) public CfnTLSInspectionConfiguration(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnTLSInspectionConfigurationProps props) Create a newAWS::NetworkFirewall::TLSInspectionConfiguration.- Parameters:
scope- Scope in which this resource is defined. This parameter is required.id- Construct identifier for this resource (unique in its scope). This parameter is required.props- Resource properties. This parameter is required.
-
-
Method Details
-
arnForTLSInspectionConfiguration
@Stability(Stable) @NotNull public static String arnForTLSInspectionConfiguration(@NotNull ITLSInspectionConfigurationRef resource) - Parameters:
resource- This parameter is required.
-
isCfnTLSInspectionConfiguration
@Stability(Stable) @NotNull public static Boolean isCfnTLSInspectionConfiguration(@NotNull Object x) Checks whether the given object is a CfnTLSInspectionConfiguration.- Parameters:
x- This parameter is required.
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspectin interfaceIInspectable- Parameters:
inspector- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderPropertiesin classCfnResource- Parameters:
props- This parameter is required.
-
getAttrTlsInspectionConfigurationArn
The Amazon Resource Name (ARN) of the TLS inspection configuration. -
getAttrTlsInspectionConfigurationId
A unique identifier for the TLS inspection configuration.This ID is returned in the responses to create and list commands. You provide it to operations such as update and delete.
-
getCdkTagManager
Tag Manager which manages the tags for this resource.- Specified by:
getCdkTagManagerin interfaceITaggableV2
-
getCfnProperties
- Overrides:
getCfnPropertiesin classCfnResource
-
getTlsInspectionConfigurationRef
@Stability(Stable) @NotNull public TLSInspectionConfigurationReference getTlsInspectionConfigurationRef()A reference to a TLSInspectionConfiguration resource.- Specified by:
getTlsInspectionConfigurationRefin interfaceITLSInspectionConfigurationRef
-
getTlsInspectionConfiguration
The object that defines a TLS inspection configuration.Returns union: either
IResolvableorCfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty -
setTlsInspectionConfiguration
The object that defines a TLS inspection configuration. -
setTlsInspectionConfiguration
@Stability(Stable) public void setTlsInspectionConfiguration(@NotNull CfnTLSInspectionConfiguration.TLSInspectionConfigurationProperty value) The object that defines a TLS inspection configuration. -
getTlsInspectionConfigurationName
The descriptive name of the TLS inspection configuration. -
setTlsInspectionConfigurationName
The descriptive name of the TLS inspection configuration. -
getDescription
A description of the TLS inspection configuration. -
setDescription
A description of the TLS inspection configuration. -
getTags
The key:value pairs to associate with the resource. -
setTags
The key:value pairs to associate with the resource.
-