Skip to content

Create Tls Inspection Configuration

networkfirewall_create_tls_inspection_configuration R Documentation

Creates an Network Firewall TLS inspection configuration

Description

Creates an Network Firewall TLS inspection configuration. Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using ACM, create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall.

To update the settings for a TLS inspection configuration, use update_tls_inspection_configuration.

To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, list_tags_for_resource, tag_resource, and untag_resource.

To retrieve information about TLS inspection configurations, use list_tls_inspection_configurations and describe_tls_inspection_configuration.

For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.

Usage

networkfirewall_create_tls_inspection_configuration(
  TLSInspectionConfigurationName, TLSInspectionConfiguration, Description,
  Tags, EncryptionConfiguration)

Arguments

TLSInspectionConfigurationName

[required] The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.

TLSInspectionConfiguration

[required] The object that defines a TLS inspection configuration. This, along with TLSInspectionConfigurationResponse, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling describe_tls_inspection_configuration.

Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.

To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.

Description

A description of the TLS inspection configuration.

Tags

The key:value pairs to associate with the resource.

EncryptionConfiguration

Value

A list with the following syntax: 

list(
  UpdateToken = "string",
  TLSInspectionConfigurationResponse = list(
    TLSInspectionConfigurationArn = "string",
    TLSInspectionConfigurationName = "string",
    TLSInspectionConfigurationId = "string",
    TLSInspectionConfigurationStatus = "ACTIVE"|"DELETING"|"ERROR",
    Description = "string",
    Tags = list(
      list(
        Key = "string",
        Value = "string"
      )
    ),
    LastModifiedTime = as.POSIXct(
      "2015-01-01"
    ),
    NumberOfAssociations = 123,
    EncryptionConfiguration = list(
      KeyId = "string",
      Type = "CUSTOMER_KMS"|"AWS_OWNED_KMS_KEY"
    ),
    Certificates = list(
      list(
        CertificateArn = "string",
        CertificateSerial = "string",
        Status = "string",
        StatusMessage = "string"
      )
    ),
    CertificateAuthority = list(
      CertificateArn = "string",
      CertificateSerial = "string",
      Status = "string",
      StatusMessage = "string"
    )
  )
)

Request syntax

svc$create_tls_inspection_configuration(
  TLSInspectionConfigurationName = "string",
  TLSInspectionConfiguration = list(
    ServerCertificateConfigurations = list(
      list(
        ServerCertificates = list(
          list(
            ResourceArn = "string"
          )
        ),
        Scopes = list(
          list(
            Sources = list(
              list(
                AddressDefinition = "string"
              )
            ),
            Destinations = list(
              list(
                AddressDefinition = "string"
              )
            ),
            SourcePorts = list(
              list(
                FromPort = 123,
                ToPort = 123
              )
            ),
            DestinationPorts = list(
              list(
                FromPort = 123,
                ToPort = 123
              )
            ),
            Protocols = list(
              123
            )
          )
        ),
        CertificateAuthorityArn = "string",
        CheckCertificateRevocationStatus = list(
          RevokedStatusAction = "PASS"|"DROP"|"REJECT",
          UnknownStatusAction = "PASS"|"DROP"|"REJECT"
        )
      )
    )
  ),
  Description = "string",
  Tags = list(
    list(
      Key = "string",
      Value = "string"
    )
  ),
  EncryptionConfiguration = list(
    KeyId = "string",
    Type = "CUSTOMER_KMS"|"AWS_OWNED_KMS_KEY"
  )
)