1. Packages
  2. AWS
  3. API Docs
  4. networkfirewall
  5. TlsInspectionConfiguration
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

aws.networkfirewall.TlsInspectionConfiguration

Explore with Pulumi AI

aws logo
AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi

    Resource for managing an AWS Network Firewall TLS Inspection Configuration.

    Example Usage

    NOTE: You must configure either inbound inspection, outbound inspection, or both.

    Basic inbound/ingress inspection

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.networkfirewall.TlsInspectionConfiguration("example", {
        name: "example",
        description: "example",
        encryptionConfigurations: [{
            keyId: "AWS_OWNED_KMS_KEY",
            type: "AWS_OWNED_KMS_KEY",
        }],
        tlsInspectionConfiguration: {
            serverCertificateConfiguration: {
                serverCertificates: [{
                    resourceArn: example1.arn,
                }],
                scopes: [{
                    protocols: [6],
                    destinationPorts: [{
                        fromPort: 443,
                        toPort: 443,
                    }],
                    destinations: [{
                        addressDefinition: "0.0.0.0/0",
                    }],
                    sourcePorts: [{
                        fromPort: 0,
                        toPort: 65535,
                    }],
                    sources: [{
                        addressDefinition: "0.0.0.0/0",
                    }],
                }],
            },
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.networkfirewall.TlsInspectionConfiguration("example",
        name="example",
        description="example",
        encryption_configurations=[{
            "key_id": "AWS_OWNED_KMS_KEY",
            "type": "AWS_OWNED_KMS_KEY",
        }],
        tls_inspection_configuration={
            "server_certificate_configuration": {
                "server_certificates": [{
                    "resource_arn": example1["arn"],
                }],
                "scopes": [{
                    "protocols": [6],
                    "destination_ports": [{
                        "from_port": 443,
                        "to_port": 443,
                    }],
                    "destinations": [{
                        "address_definition": "0.0.0.0/0",
                    }],
                    "source_ports": [{
                        "from_port": 0,
                        "to_port": 65535,
                    }],
                    "sources": [{
                        "address_definition": "0.0.0.0/0",
                    }],
                }],
            },
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networkfirewall.NewTlsInspectionConfiguration(ctx, "example", &networkfirewall.TlsInspectionConfigurationArgs{
    			Name:        pulumi.String("example"),
    			Description: pulumi.String("example"),
    			EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
    				&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
    					KeyId: pulumi.String("AWS_OWNED_KMS_KEY"),
    					Type:  pulumi.String("AWS_OWNED_KMS_KEY"),
    				},
    			},
    			TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
    				ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
    					ServerCertificates: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs{
    							ResourceArn: pulumi.Any(example1.Arn),
    						},
    					},
    					Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
    							Protocols: pulumi.IntArray{
    								pulumi.Int(6),
    							},
    							DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
    									FromPort: pulumi.Int(443),
    									ToPort:   pulumi.Int(443),
    								},
    							},
    							Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
    									AddressDefinition: pulumi.String("0.0.0.0/0"),
    								},
    							},
    							SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
    									FromPort: pulumi.Int(0),
    									ToPort:   pulumi.Int(65535),
    								},
    							},
    							Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
    									AddressDefinition: pulumi.String("0.0.0.0/0"),
    								},
    							},
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.NetworkFirewall.TlsInspectionConfiguration("example", new()
        {
            Name = "example",
            Description = "example",
            EncryptionConfigurations = new[]
            {
                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
                {
                    KeyId = "AWS_OWNED_KMS_KEY",
                    Type = "AWS_OWNED_KMS_KEY",
                },
            },
            TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
            {
                ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
                {
                    ServerCertificates = new[]
                    {
                        new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs
                        {
                            ResourceArn = example1.Arn,
                        },
                    },
                    Scopes = new[]
                    {
                        new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
                        {
                            Protocols = new[]
                            {
                                6,
                            },
                            DestinationPorts = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
                                {
                                    FromPort = 443,
                                    ToPort = 443,
                                },
                            },
                            Destinations = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
                                {
                                    AddressDefinition = "0.0.0.0/0",
                                },
                            },
                            SourcePorts = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
                                {
                                    FromPort = 0,
                                    ToPort = 65535,
                                },
                            },
                            Sources = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
                                {
                                    AddressDefinition = "0.0.0.0/0",
                                },
                            },
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfiguration;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationEncryptionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new TlsInspectionConfiguration("example", TlsInspectionConfigurationArgs.builder()
                .name("example")
                .description("example")
                .encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
                    .keyId("AWS_OWNED_KMS_KEY")
                    .type("AWS_OWNED_KMS_KEY")
                    .build())
                .tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
                    .serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
                        .serverCertificates(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs.builder()
                            .resourceArn(example1.arn())
                            .build())
                        .scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
                            .protocols(6)
                            .destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
                                .fromPort(443)
                                .toPort(443)
                                .build())
                            .destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
                                .addressDefinition("0.0.0.0/0")
                                .build())
                            .sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
                                .fromPort(0)
                                .toPort(65535)
                                .build())
                            .sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
                                .addressDefinition("0.0.0.0/0")
                                .build())
                            .build())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:networkfirewall:TlsInspectionConfiguration
        properties:
          name: example
          description: example
          encryptionConfigurations:
            - keyId: AWS_OWNED_KMS_KEY
              type: AWS_OWNED_KMS_KEY
          tlsInspectionConfiguration:
            serverCertificateConfiguration:
              serverCertificates:
                - resourceArn: ${example1.arn}
              scopes:
                - protocols:
                    - 6
                  destinationPorts:
                    - fromPort: 443
                      toPort: 443
                  destinations:
                    - addressDefinition: 0.0.0.0/0
                  sourcePorts:
                    - fromPort: 0
                      toPort: 65535
                  sources:
                    - addressDefinition: 0.0.0.0/0
    

    Basic outbound/engress inspection

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.networkfirewall.TlsInspectionConfiguration("example", {
        name: "example",
        description: "example",
        encryptionConfigurations: [{
            keyId: "AWS_OWNED_KMS_KEY",
            type: "AWS_OWNED_KMS_KEY",
        }],
        tlsInspectionConfiguration: {
            serverCertificateConfiguration: {
                certificateAuthorityArn: example1.arn,
                checkCertificateRevocationStatus: {
                    revokedStatusAction: "REJECT",
                    unknownStatusAction: "PASS",
                },
                scopes: [{
                    protocols: [6],
                    destinationPorts: [{
                        fromPort: 443,
                        toPort: 443,
                    }],
                    destinations: [{
                        addressDefinition: "0.0.0.0/0",
                    }],
                    sourcePorts: [{
                        fromPort: 0,
                        toPort: 65535,
                    }],
                    sources: [{
                        addressDefinition: "0.0.0.0/0",
                    }],
                }],
            },
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.networkfirewall.TlsInspectionConfiguration("example",
        name="example",
        description="example",
        encryption_configurations=[{
            "key_id": "AWS_OWNED_KMS_KEY",
            "type": "AWS_OWNED_KMS_KEY",
        }],
        tls_inspection_configuration={
            "server_certificate_configuration": {
                "certificate_authority_arn": example1["arn"],
                "check_certificate_revocation_status": {
                    "revoked_status_action": "REJECT",
                    "unknown_status_action": "PASS",
                },
                "scopes": [{
                    "protocols": [6],
                    "destination_ports": [{
                        "from_port": 443,
                        "to_port": 443,
                    }],
                    "destinations": [{
                        "address_definition": "0.0.0.0/0",
                    }],
                    "source_ports": [{
                        "from_port": 0,
                        "to_port": 65535,
                    }],
                    "sources": [{
                        "address_definition": "0.0.0.0/0",
                    }],
                }],
            },
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networkfirewall.NewTlsInspectionConfiguration(ctx, "example", &networkfirewall.TlsInspectionConfigurationArgs{
    			Name:        pulumi.String("example"),
    			Description: pulumi.String("example"),
    			EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
    				&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
    					KeyId: pulumi.String("AWS_OWNED_KMS_KEY"),
    					Type:  pulumi.String("AWS_OWNED_KMS_KEY"),
    				},
    			},
    			TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
    				ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
    					CertificateAuthorityArn: pulumi.Any(example1.Arn),
    					CheckCertificateRevocationStatus: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs{
    						RevokedStatusAction: pulumi.String("REJECT"),
    						UnknownStatusAction: pulumi.String("PASS"),
    					},
    					Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
    							Protocols: pulumi.IntArray{
    								pulumi.Int(6),
    							},
    							DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
    									FromPort: pulumi.Int(443),
    									ToPort:   pulumi.Int(443),
    								},
    							},
    							Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
    									AddressDefinition: pulumi.String("0.0.0.0/0"),
    								},
    							},
    							SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
    									FromPort: pulumi.Int(0),
    									ToPort:   pulumi.Int(65535),
    								},
    							},
    							Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
    									AddressDefinition: pulumi.String("0.0.0.0/0"),
    								},
    							},
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.NetworkFirewall.TlsInspectionConfiguration("example", new()
        {
            Name = "example",
            Description = "example",
            EncryptionConfigurations = new[]
            {
                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
                {
                    KeyId = "AWS_OWNED_KMS_KEY",
                    Type = "AWS_OWNED_KMS_KEY",
                },
            },
            TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
            {
                ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
                {
                    CertificateAuthorityArn = example1.Arn,
                    CheckCertificateRevocationStatus = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs
                    {
                        RevokedStatusAction = "REJECT",
                        UnknownStatusAction = "PASS",
                    },
                    Scopes = new[]
                    {
                        new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
                        {
                            Protocols = new[]
                            {
                                6,
                            },
                            DestinationPorts = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
                                {
                                    FromPort = 443,
                                    ToPort = 443,
                                },
                            },
                            Destinations = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
                                {
                                    AddressDefinition = "0.0.0.0/0",
                                },
                            },
                            SourcePorts = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
                                {
                                    FromPort = 0,
                                    ToPort = 65535,
                                },
                            },
                            Sources = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
                                {
                                    AddressDefinition = "0.0.0.0/0",
                                },
                            },
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfiguration;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationEncryptionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new TlsInspectionConfiguration("example", TlsInspectionConfigurationArgs.builder()
                .name("example")
                .description("example")
                .encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
                    .keyId("AWS_OWNED_KMS_KEY")
                    .type("AWS_OWNED_KMS_KEY")
                    .build())
                .tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
                    .serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
                        .certificateAuthorityArn(example1.arn())
                        .checkCertificateRevocationStatus(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs.builder()
                            .revokedStatusAction("REJECT")
                            .unknownStatusAction("PASS")
                            .build())
                        .scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
                            .protocols(6)
                            .destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
                                .fromPort(443)
                                .toPort(443)
                                .build())
                            .destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
                                .addressDefinition("0.0.0.0/0")
                                .build())
                            .sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
                                .fromPort(0)
                                .toPort(65535)
                                .build())
                            .sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
                                .addressDefinition("0.0.0.0/0")
                                .build())
                            .build())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:networkfirewall:TlsInspectionConfiguration
        properties:
          name: example
          description: example
          encryptionConfigurations:
            - keyId: AWS_OWNED_KMS_KEY
              type: AWS_OWNED_KMS_KEY
          tlsInspectionConfiguration:
            serverCertificateConfiguration:
              certificateAuthorityArn: ${example1.arn}
              checkCertificateRevocationStatus:
                revokedStatusAction: REJECT
                unknownStatusAction: PASS
              scopes:
                - protocols:
                    - 6
                  destinationPorts:
                    - fromPort: 443
                      toPort: 443
                  destinations:
                    - addressDefinition: 0.0.0.0/0
                  sourcePorts:
                    - fromPort: 0
                      toPort: 65535
                  sources:
                    - addressDefinition: 0.0.0.0/0
    

    Inbound with encryption configuration

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.kms.Key("example", {
        description: "example",
        deletionWindowInDays: 7,
    });
    const exampleTlsInspectionConfiguration = new aws.networkfirewall.TlsInspectionConfiguration("example", {
        name: "example",
        description: "example",
        encryptionConfigurations: [{
            keyId: example.arn,
            type: "CUSTOMER_KMS",
        }],
        tlsInspectionConfiguration: {
            serverCertificateConfiguration: {
                serverCertificates: [{
                    resourceArn: example1.arn,
                }],
                scopes: [{
                    protocols: [6],
                    destinationPorts: [{
                        fromPort: 443,
                        toPort: 443,
                    }],
                    destinations: [{
                        addressDefinition: "0.0.0.0/0",
                    }],
                    sourcePorts: [{
                        fromPort: 0,
                        toPort: 65535,
                    }],
                    sources: [{
                        addressDefinition: "0.0.0.0/0",
                    }],
                }],
            },
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.kms.Key("example",
        description="example",
        deletion_window_in_days=7)
    example_tls_inspection_configuration = aws.networkfirewall.TlsInspectionConfiguration("example",
        name="example",
        description="example",
        encryption_configurations=[{
            "key_id": example.arn,
            "type": "CUSTOMER_KMS",
        }],
        tls_inspection_configuration={
            "server_certificate_configuration": {
                "server_certificates": [{
                    "resource_arn": example1["arn"],
                }],
                "scopes": [{
                    "protocols": [6],
                    "destination_ports": [{
                        "from_port": 443,
                        "to_port": 443,
                    }],
                    "destinations": [{
                        "address_definition": "0.0.0.0/0",
                    }],
                    "source_ports": [{
                        "from_port": 0,
                        "to_port": 65535,
                    }],
                    "sources": [{
                        "address_definition": "0.0.0.0/0",
                    }],
                }],
            },
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := kms.NewKey(ctx, "example", &kms.KeyArgs{
    			Description:          pulumi.String("example"),
    			DeletionWindowInDays: pulumi.Int(7),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = networkfirewall.NewTlsInspectionConfiguration(ctx, "example", &networkfirewall.TlsInspectionConfigurationArgs{
    			Name:        pulumi.String("example"),
    			Description: pulumi.String("example"),
    			EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
    				&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
    					KeyId: example.Arn,
    					Type:  pulumi.String("CUSTOMER_KMS"),
    				},
    			},
    			TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
    				ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
    					ServerCertificates: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs{
    							ResourceArn: pulumi.Any(example1.Arn),
    						},
    					},
    					Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
    							Protocols: pulumi.IntArray{
    								pulumi.Int(6),
    							},
    							DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
    									FromPort: pulumi.Int(443),
    									ToPort:   pulumi.Int(443),
    								},
    							},
    							Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
    									AddressDefinition: pulumi.String("0.0.0.0/0"),
    								},
    							},
    							SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
    									FromPort: pulumi.Int(0),
    									ToPort:   pulumi.Int(65535),
    								},
    							},
    							Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
    									AddressDefinition: pulumi.String("0.0.0.0/0"),
    								},
    							},
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.Kms.Key("example", new()
        {
            Description = "example",
            DeletionWindowInDays = 7,
        });
    
        var exampleTlsInspectionConfiguration = new Aws.NetworkFirewall.TlsInspectionConfiguration("example", new()
        {
            Name = "example",
            Description = "example",
            EncryptionConfigurations = new[]
            {
                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
                {
                    KeyId = example.Arn,
                    Type = "CUSTOMER_KMS",
                },
            },
            TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
            {
                ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
                {
                    ServerCertificates = new[]
                    {
                        new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs
                        {
                            ResourceArn = example1.Arn,
                        },
                    },
                    Scopes = new[]
                    {
                        new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
                        {
                            Protocols = new[]
                            {
                                6,
                            },
                            DestinationPorts = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
                                {
                                    FromPort = 443,
                                    ToPort = 443,
                                },
                            },
                            Destinations = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
                                {
                                    AddressDefinition = "0.0.0.0/0",
                                },
                            },
                            SourcePorts = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
                                {
                                    FromPort = 0,
                                    ToPort = 65535,
                                },
                            },
                            Sources = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
                                {
                                    AddressDefinition = "0.0.0.0/0",
                                },
                            },
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.kms.Key;
    import com.pulumi.aws.kms.KeyArgs;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfiguration;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationEncryptionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Key("example", KeyArgs.builder()
                .description("example")
                .deletionWindowInDays(7)
                .build());
    
            var exampleTlsInspectionConfiguration = new TlsInspectionConfiguration("exampleTlsInspectionConfiguration", TlsInspectionConfigurationArgs.builder()
                .name("example")
                .description("example")
                .encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
                    .keyId(example.arn())
                    .type("CUSTOMER_KMS")
                    .build())
                .tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
                    .serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
                        .serverCertificates(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs.builder()
                            .resourceArn(example1.arn())
                            .build())
                        .scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
                            .protocols(6)
                            .destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
                                .fromPort(443)
                                .toPort(443)
                                .build())
                            .destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
                                .addressDefinition("0.0.0.0/0")
                                .build())
                            .sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
                                .fromPort(0)
                                .toPort(65535)
                                .build())
                            .sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
                                .addressDefinition("0.0.0.0/0")
                                .build())
                            .build())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:kms:Key
        properties:
          description: example
          deletionWindowInDays: 7
      exampleTlsInspectionConfiguration:
        type: aws:networkfirewall:TlsInspectionConfiguration
        name: example
        properties:
          name: example
          description: example
          encryptionConfigurations:
            - keyId: ${example.arn}
              type: CUSTOMER_KMS
          tlsInspectionConfiguration:
            serverCertificateConfiguration:
              serverCertificates:
                - resourceArn: ${example1.arn}
              scopes:
                - protocols:
                    - 6
                  destinationPorts:
                    - fromPort: 443
                      toPort: 443
                  destinations:
                    - addressDefinition: 0.0.0.0/0
                  sourcePorts:
                    - fromPort: 0
                      toPort: 65535
                  sources:
                    - addressDefinition: 0.0.0.0/0
    

    Outbound with encryption configuration

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.kms.Key;
    import com.pulumi.aws.kms.KeyArgs;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfiguration;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationEncryptionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Key("example", KeyArgs.builder()
                .description("example")
                .deletionWindowInDays(7)
                .build());
    
            var exampleTlsInspectionConfiguration = new TlsInspectionConfiguration("exampleTlsInspectionConfiguration", TlsInspectionConfigurationArgs.builder()
                .name("example")
                .description("example")
                .encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
                    .keyId(example.arn())
                    .type("CUSTOMER_KMS")
                    .build())
                .tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
                    .serverCertificateConfigurations(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:kms:Key
        properties:
          description: example
          deletionWindowInDays: 7
      exampleTlsInspectionConfiguration:
        type: aws:networkfirewall:TlsInspectionConfiguration
        name: example
        properties:
          name: example
          description: example
          encryptionConfigurations:
            - keyId: ${example.arn}
              type: CUSTOMER_KMS
          tlsInspectionConfiguration:
            serverCertificateConfigurations:
              - certificateAuthorityArn: ${example1.arn}
                checkCertificateRevocationStatus:
                  - revokedStatusAction: REJECT
                    unknownStatusAction: PASS
                scope:
                  - protocols:
                      - 6
                    destinationPorts:
                      - fromPort: 443
                        toPort: 443
                    destination:
                      - addressDefinition: 0.0.0.0/0
                    sourcePorts:
                      - fromPort: 0
                        toPort: 65535
                    source:
                      - addressDefinition: 0.0.0.0/0
    

    Combined inbound and outbound

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.networkfirewall.TlsInspectionConfiguration("example", {
        name: "example",
        description: "example",
        encryptionConfigurations: [{
            keyId: "AWS_OWNED_KMS_KEY",
            type: "AWS_OWNED_KMS_KEY",
        }],
        tlsInspectionConfiguration: {
            serverCertificateConfiguration: {
                certificateAuthorityArn: example1.arn,
                checkCertificateRevocationStatus: {
                    revokedStatusAction: "REJECT",
                    unknownStatusAction: "PASS",
                },
                serverCertificates: [{
                    resourceArn: example2.arn,
                }],
                scopes: [{
                    protocols: [6],
                    destinationPorts: [{
                        fromPort: 443,
                        toPort: 443,
                    }],
                    destinations: [{
                        addressDefinition: "0.0.0.0/0",
                    }],
                    sourcePorts: [{
                        fromPort: 0,
                        toPort: 65535,
                    }],
                    sources: [{
                        addressDefinition: "0.0.0.0/0",
                    }],
                }],
            },
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.networkfirewall.TlsInspectionConfiguration("example",
        name="example",
        description="example",
        encryption_configurations=[{
            "key_id": "AWS_OWNED_KMS_KEY",
            "type": "AWS_OWNED_KMS_KEY",
        }],
        tls_inspection_configuration={
            "server_certificate_configuration": {
                "certificate_authority_arn": example1["arn"],
                "check_certificate_revocation_status": {
                    "revoked_status_action": "REJECT",
                    "unknown_status_action": "PASS",
                },
                "server_certificates": [{
                    "resource_arn": example2["arn"],
                }],
                "scopes": [{
                    "protocols": [6],
                    "destination_ports": [{
                        "from_port": 443,
                        "to_port": 443,
                    }],
                    "destinations": [{
                        "address_definition": "0.0.0.0/0",
                    }],
                    "source_ports": [{
                        "from_port": 0,
                        "to_port": 65535,
                    }],
                    "sources": [{
                        "address_definition": "0.0.0.0/0",
                    }],
                }],
            },
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networkfirewall.NewTlsInspectionConfiguration(ctx, "example", &networkfirewall.TlsInspectionConfigurationArgs{
    			Name:        pulumi.String("example"),
    			Description: pulumi.String("example"),
    			EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
    				&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
    					KeyId: pulumi.String("AWS_OWNED_KMS_KEY"),
    					Type:  pulumi.String("AWS_OWNED_KMS_KEY"),
    				},
    			},
    			TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
    				ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
    					CertificateAuthorityArn: pulumi.Any(example1.Arn),
    					CheckCertificateRevocationStatus: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs{
    						RevokedStatusAction: pulumi.String("REJECT"),
    						UnknownStatusAction: pulumi.String("PASS"),
    					},
    					ServerCertificates: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs{
    							ResourceArn: pulumi.Any(example2.Arn),
    						},
    					},
    					Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
    							Protocols: pulumi.IntArray{
    								pulumi.Int(6),
    							},
    							DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
    									FromPort: pulumi.Int(443),
    									ToPort:   pulumi.Int(443),
    								},
    							},
    							Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
    									AddressDefinition: pulumi.String("0.0.0.0/0"),
    								},
    							},
    							SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
    									FromPort: pulumi.Int(0),
    									ToPort:   pulumi.Int(65535),
    								},
    							},
    							Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
    								&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
    									AddressDefinition: pulumi.String("0.0.0.0/0"),
    								},
    							},
    						},
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.NetworkFirewall.TlsInspectionConfiguration("example", new()
        {
            Name = "example",
            Description = "example",
            EncryptionConfigurations = new[]
            {
                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
                {
                    KeyId = "AWS_OWNED_KMS_KEY",
                    Type = "AWS_OWNED_KMS_KEY",
                },
            },
            TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
            {
                ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
                {
                    CertificateAuthorityArn = example1.Arn,
                    CheckCertificateRevocationStatus = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs
                    {
                        RevokedStatusAction = "REJECT",
                        UnknownStatusAction = "PASS",
                    },
                    ServerCertificates = new[]
                    {
                        new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs
                        {
                            ResourceArn = example2.Arn,
                        },
                    },
                    Scopes = new[]
                    {
                        new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
                        {
                            Protocols = new[]
                            {
                                6,
                            },
                            DestinationPorts = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
                                {
                                    FromPort = 443,
                                    ToPort = 443,
                                },
                            },
                            Destinations = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
                                {
                                    AddressDefinition = "0.0.0.0/0",
                                },
                            },
                            SourcePorts = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
                                {
                                    FromPort = 0,
                                    ToPort = 65535,
                                },
                            },
                            Sources = new[]
                            {
                                new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
                                {
                                    AddressDefinition = "0.0.0.0/0",
                                },
                            },
                        },
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfiguration;
    import com.pulumi.aws.networkfirewall.TlsInspectionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationEncryptionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs;
    import com.pulumi.aws.networkfirewall.inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new TlsInspectionConfiguration("example", TlsInspectionConfigurationArgs.builder()
                .name("example")
                .description("example")
                .encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
                    .keyId("AWS_OWNED_KMS_KEY")
                    .type("AWS_OWNED_KMS_KEY")
                    .build())
                .tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
                    .serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
                        .certificateAuthorityArn(example1.arn())
                        .checkCertificateRevocationStatus(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs.builder()
                            .revokedStatusAction("REJECT")
                            .unknownStatusAction("PASS")
                            .build())
                        .serverCertificates(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs.builder()
                            .resourceArn(example2.arn())
                            .build())
                        .scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
                            .protocols(6)
                            .destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
                                .fromPort(443)
                                .toPort(443)
                                .build())
                            .destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
                                .addressDefinition("0.0.0.0/0")
                                .build())
                            .sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
                                .fromPort(0)
                                .toPort(65535)
                                .build())
                            .sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
                                .addressDefinition("0.0.0.0/0")
                                .build())
                            .build())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:networkfirewall:TlsInspectionConfiguration
        properties:
          name: example
          description: example
          encryptionConfigurations:
            - keyId: AWS_OWNED_KMS_KEY
              type: AWS_OWNED_KMS_KEY
          tlsInspectionConfiguration:
            serverCertificateConfiguration:
              certificateAuthorityArn: ${example1.arn}
              checkCertificateRevocationStatus:
                revokedStatusAction: REJECT
                unknownStatusAction: PASS
              serverCertificates:
                - resourceArn: ${example2.arn}
              scopes:
                - protocols:
                    - 6
                  destinationPorts:
                    - fromPort: 443
                      toPort: 443
                  destinations:
                    - addressDefinition: 0.0.0.0/0
                  sourcePorts:
                    - fromPort: 0
                      toPort: 65535
                  sources:
                    - addressDefinition: 0.0.0.0/0
    

    Create TlsInspectionConfiguration Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new TlsInspectionConfiguration(name: string, args?: TlsInspectionConfigurationArgs, opts?: CustomResourceOptions);
    @overload
    def TlsInspectionConfiguration(resource_name: str,
                                   args: Optional[TlsInspectionConfigurationArgs] = None,
                                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def TlsInspectionConfiguration(resource_name: str,
                                   opts: Optional[ResourceOptions] = None,
                                   description: Optional[str] = None,
                                   encryption_configurations: Optional[Sequence[TlsInspectionConfigurationEncryptionConfigurationArgs]] = None,
                                   name: Optional[str] = None,
                                   tags: Optional[Mapping[str, str]] = None,
                                   timeouts: Optional[TlsInspectionConfigurationTimeoutsArgs] = None,
                                   tls_inspection_configuration: Optional[TlsInspectionConfigurationTlsInspectionConfigurationArgs] = None)
    func NewTlsInspectionConfiguration(ctx *Context, name string, args *TlsInspectionConfigurationArgs, opts ...ResourceOption) (*TlsInspectionConfiguration, error)
    public TlsInspectionConfiguration(string name, TlsInspectionConfigurationArgs? args = null, CustomResourceOptions? opts = null)
    public TlsInspectionConfiguration(String name, TlsInspectionConfigurationArgs args)
    public TlsInspectionConfiguration(String name, TlsInspectionConfigurationArgs args, CustomResourceOptions options)
    
    type: aws:networkfirewall:TlsInspectionConfiguration
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args TlsInspectionConfigurationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var tlsInspectionConfigurationResource = new Aws.NetworkFirewall.TlsInspectionConfiguration("tlsInspectionConfigurationResource", new()
    {
        Description = "string",
        EncryptionConfigurations = new[]
        {
            new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationEncryptionConfigurationArgs
            {
                KeyId = "string",
                Type = "string",
            },
        },
        Name = "string",
        Tags = 
        {
            { "string", "string" },
        },
        Timeouts = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTimeoutsArgs
        {
            Create = "string",
            Delete = "string",
            Update = "string",
        },
        TlsInspectionConfig = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationArgs
        {
            ServerCertificateConfiguration = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs
            {
                CertificateAuthorityArn = "string",
                CheckCertificateRevocationStatus = new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs
                {
                    RevokedStatusAction = "string",
                    UnknownStatusAction = "string",
                },
                Scopes = new[]
                {
                    new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs
                    {
                        Protocols = new[]
                        {
                            0,
                        },
                        DestinationPorts = new[]
                        {
                            new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs
                            {
                                FromPort = 0,
                                ToPort = 0,
                            },
                        },
                        Destinations = new[]
                        {
                            new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs
                            {
                                AddressDefinition = "string",
                            },
                        },
                        SourcePorts = new[]
                        {
                            new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs
                            {
                                FromPort = 0,
                                ToPort = 0,
                            },
                        },
                        Sources = new[]
                        {
                            new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs
                            {
                                AddressDefinition = "string",
                            },
                        },
                    },
                },
                ServerCertificates = new[]
                {
                    new Aws.NetworkFirewall.Inputs.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs
                    {
                        ResourceArn = "string",
                    },
                },
            },
        },
    });
    
    example, err := networkfirewall.NewTlsInspectionConfiguration(ctx, "tlsInspectionConfigurationResource", &networkfirewall.TlsInspectionConfigurationArgs{
    	Description: pulumi.String("string"),
    	EncryptionConfigurations: networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArray{
    		&networkfirewall.TlsInspectionConfigurationEncryptionConfigurationArgs{
    			KeyId: pulumi.String("string"),
    			Type:  pulumi.String("string"),
    		},
    	},
    	Name: pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Timeouts: &networkfirewall.TlsInspectionConfigurationTimeoutsArgs{
    		Create: pulumi.String("string"),
    		Delete: pulumi.String("string"),
    		Update: pulumi.String("string"),
    	},
    	TlsInspectionConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationArgs{
    		ServerCertificateConfiguration: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs{
    			CertificateAuthorityArn: pulumi.String("string"),
    			CheckCertificateRevocationStatus: &networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs{
    				RevokedStatusAction: pulumi.String("string"),
    				UnknownStatusAction: pulumi.String("string"),
    			},
    			Scopes: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArray{
    				&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs{
    					Protocols: pulumi.IntArray{
    						pulumi.Int(0),
    					},
    					DestinationPorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs{
    							FromPort: pulumi.Int(0),
    							ToPort:   pulumi.Int(0),
    						},
    					},
    					Destinations: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs{
    							AddressDefinition: pulumi.String("string"),
    						},
    					},
    					SourcePorts: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs{
    							FromPort: pulumi.Int(0),
    							ToPort:   pulumi.Int(0),
    						},
    					},
    					Sources: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArray{
    						&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs{
    							AddressDefinition: pulumi.String("string"),
    						},
    					},
    				},
    			},
    			ServerCertificates: networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArray{
    				&networkfirewall.TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs{
    					ResourceArn: pulumi.String("string"),
    				},
    			},
    		},
    	},
    })
    
    var tlsInspectionConfigurationResource = new TlsInspectionConfiguration("tlsInspectionConfigurationResource", TlsInspectionConfigurationArgs.builder()
        .description("string")
        .encryptionConfigurations(TlsInspectionConfigurationEncryptionConfigurationArgs.builder()
            .keyId("string")
            .type("string")
            .build())
        .name("string")
        .tags(Map.of("string", "string"))
        .timeouts(TlsInspectionConfigurationTimeoutsArgs.builder()
            .create("string")
            .delete("string")
            .update("string")
            .build())
        .tlsInspectionConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationArgs.builder()
            .serverCertificateConfiguration(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs.builder()
                .certificateAuthorityArn("string")
                .checkCertificateRevocationStatus(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs.builder()
                    .revokedStatusAction("string")
                    .unknownStatusAction("string")
                    .build())
                .scopes(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs.builder()
                    .protocols(0)
                    .destinationPorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs.builder()
                        .fromPort(0)
                        .toPort(0)
                        .build())
                    .destinations(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs.builder()
                        .addressDefinition("string")
                        .build())
                    .sourcePorts(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs.builder()
                        .fromPort(0)
                        .toPort(0)
                        .build())
                    .sources(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs.builder()
                        .addressDefinition("string")
                        .build())
                    .build())
                .serverCertificates(TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs.builder()
                    .resourceArn("string")
                    .build())
                .build())
            .build())
        .build());
    
    tls_inspection_configuration_resource = aws.networkfirewall.TlsInspectionConfiguration("tlsInspectionConfigurationResource",
        description="string",
        encryption_configurations=[{
            "key_id": "string",
            "type": "string",
        }],
        name="string",
        tags={
            "string": "string",
        },
        timeouts={
            "create": "string",
            "delete": "string",
            "update": "string",
        },
        tls_inspection_configuration={
            "server_certificate_configuration": {
                "certificate_authority_arn": "string",
                "check_certificate_revocation_status": {
                    "revoked_status_action": "string",
                    "unknown_status_action": "string",
                },
                "scopes": [{
                    "protocols": [0],
                    "destination_ports": [{
                        "from_port": 0,
                        "to_port": 0,
                    }],
                    "destinations": [{
                        "address_definition": "string",
                    }],
                    "source_ports": [{
                        "from_port": 0,
                        "to_port": 0,
                    }],
                    "sources": [{
                        "address_definition": "string",
                    }],
                }],
                "server_certificates": [{
                    "resource_arn": "string",
                }],
            },
        })
    
    const tlsInspectionConfigurationResource = new aws.networkfirewall.TlsInspectionConfiguration("tlsInspectionConfigurationResource", {
        description: "string",
        encryptionConfigurations: [{
            keyId: "string",
            type: "string",
        }],
        name: "string",
        tags: {
            string: "string",
        },
        timeouts: {
            create: "string",
            "delete": "string",
            update: "string",
        },
        tlsInspectionConfiguration: {
            serverCertificateConfiguration: {
                certificateAuthorityArn: "string",
                checkCertificateRevocationStatus: {
                    revokedStatusAction: "string",
                    unknownStatusAction: "string",
                },
                scopes: [{
                    protocols: [0],
                    destinationPorts: [{
                        fromPort: 0,
                        toPort: 0,
                    }],
                    destinations: [{
                        addressDefinition: "string",
                    }],
                    sourcePorts: [{
                        fromPort: 0,
                        toPort: 0,
                    }],
                    sources: [{
                        addressDefinition: "string",
                    }],
                }],
                serverCertificates: [{
                    resourceArn: "string",
                }],
            },
        },
    });
    
    type: aws:networkfirewall:TlsInspectionConfiguration
    properties:
        description: string
        encryptionConfigurations:
            - keyId: string
              type: string
        name: string
        tags:
            string: string
        timeouts:
            create: string
            delete: string
            update: string
        tlsInspectionConfiguration:
            serverCertificateConfiguration:
                certificateAuthorityArn: string
                checkCertificateRevocationStatus:
                    revokedStatusAction: string
                    unknownStatusAction: string
                scopes:
                    - destinationPorts:
                        - fromPort: 0
                          toPort: 0
                      destinations:
                        - addressDefinition: string
                      protocols:
                        - 0
                      sourcePorts:
                        - fromPort: 0
                          toPort: 0
                      sources:
                        - addressDefinition: string
                serverCertificates:
                    - resourceArn: string
    

    TlsInspectionConfiguration Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The TlsInspectionConfiguration resource accepts the following input properties:

    Description string
    Description of the TLS inspection configuration.
    EncryptionConfigurations List<TlsInspectionConfigurationEncryptionConfiguration>
    Encryption configuration block. Detailed below.
    Name string
    Descriptive name of the TLS inspection configuration.
    Tags Dictionary<string, string>
    Timeouts TlsInspectionConfigurationTimeouts
    TlsInspectionConfig TlsInspectionConfigurationTlsInspectionConfiguration

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    Description string
    Description of the TLS inspection configuration.
    EncryptionConfigurations []TlsInspectionConfigurationEncryptionConfigurationArgs
    Encryption configuration block. Detailed below.
    Name string
    Descriptive name of the TLS inspection configuration.
    Tags map[string]string
    Timeouts TlsInspectionConfigurationTimeoutsArgs
    TlsInspectionConfiguration TlsInspectionConfigurationTlsInspectionConfigurationArgs

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    description String
    Description of the TLS inspection configuration.
    encryptionConfigurations List<TlsInspectionConfigurationEncryptionConfiguration>
    Encryption configuration block. Detailed below.
    name String
    Descriptive name of the TLS inspection configuration.
    tags Map<String,String>
    timeouts TlsInspectionConfigurationTimeouts
    tlsInspectionConfiguration TlsInspectionConfigurationTlsInspectionConfiguration

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    description string
    Description of the TLS inspection configuration.
    encryptionConfigurations TlsInspectionConfigurationEncryptionConfiguration[]
    Encryption configuration block. Detailed below.
    name string
    Descriptive name of the TLS inspection configuration.
    tags {[key: string]: string}
    timeouts TlsInspectionConfigurationTimeouts
    tlsInspectionConfiguration TlsInspectionConfigurationTlsInspectionConfiguration

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    description str
    Description of the TLS inspection configuration.
    encryption_configurations Sequence[TlsInspectionConfigurationEncryptionConfigurationArgs]
    Encryption configuration block. Detailed below.
    name str
    Descriptive name of the TLS inspection configuration.
    tags Mapping[str, str]
    timeouts TlsInspectionConfigurationTimeoutsArgs
    tls_inspection_configuration TlsInspectionConfigurationTlsInspectionConfigurationArgs

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    description String
    Description of the TLS inspection configuration.
    encryptionConfigurations List<Property Map>
    Encryption configuration block. Detailed below.
    name String
    Descriptive name of the TLS inspection configuration.
    tags Map<String>
    timeouts Property Map
    tlsInspectionConfiguration Property Map

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    Outputs

    All input properties are implicitly available as output properties. Additionally, the TlsInspectionConfiguration resource produces the following output properties:

    Arn string
    ARN of the TLS Inspection Configuration.
    CertificateAuthorities List<TlsInspectionConfigurationCertificateAuthority>
    Certificate Manager certificate block. See Certificate Authority below for details.
    Certificates List<TlsInspectionConfigurationCertificate>
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    Id string
    The provider-assigned unique ID for this managed resource.
    NumberOfAssociations int
    Number of firewall policies that use this TLS inspection configuration.
    TagsAll Dictionary<string, string>

    Deprecated: Please use tags instead.

    TlsInspectionConfigurationId string
    A unique identifier for the TLS inspection configuration.
    UpdateToken string
    String token used when updating the rule group.
    Arn string
    ARN of the TLS Inspection Configuration.
    CertificateAuthorities []TlsInspectionConfigurationCertificateAuthority
    Certificate Manager certificate block. See Certificate Authority below for details.
    Certificates []TlsInspectionConfigurationCertificate
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    Id string
    The provider-assigned unique ID for this managed resource.
    NumberOfAssociations int
    Number of firewall policies that use this TLS inspection configuration.
    TagsAll map[string]string

    Deprecated: Please use tags instead.

    TlsInspectionConfigurationId string
    A unique identifier for the TLS inspection configuration.
    UpdateToken string
    String token used when updating the rule group.
    arn String
    ARN of the TLS Inspection Configuration.
    certificateAuthorities List<TlsInspectionConfigurationCertificateAuthority>
    Certificate Manager certificate block. See Certificate Authority below for details.
    certificates List<TlsInspectionConfigurationCertificate>
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    id String
    The provider-assigned unique ID for this managed resource.
    numberOfAssociations Integer
    Number of firewall policies that use this TLS inspection configuration.
    tagsAll Map<String,String>

    Deprecated: Please use tags instead.

    tlsInspectionConfigurationId String
    A unique identifier for the TLS inspection configuration.
    updateToken String
    String token used when updating the rule group.
    arn string
    ARN of the TLS Inspection Configuration.
    certificateAuthorities TlsInspectionConfigurationCertificateAuthority[]
    Certificate Manager certificate block. See Certificate Authority below for details.
    certificates TlsInspectionConfigurationCertificate[]
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    id string
    The provider-assigned unique ID for this managed resource.
    numberOfAssociations number
    Number of firewall policies that use this TLS inspection configuration.
    tagsAll {[key: string]: string}

    Deprecated: Please use tags instead.

    tlsInspectionConfigurationId string
    A unique identifier for the TLS inspection configuration.
    updateToken string
    String token used when updating the rule group.
    arn str
    ARN of the TLS Inspection Configuration.
    certificate_authorities Sequence[TlsInspectionConfigurationCertificateAuthority]
    Certificate Manager certificate block. See Certificate Authority below for details.
    certificates Sequence[TlsInspectionConfigurationCertificate]
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    id str
    The provider-assigned unique ID for this managed resource.
    number_of_associations int
    Number of firewall policies that use this TLS inspection configuration.
    tags_all Mapping[str, str]

    Deprecated: Please use tags instead.

    tls_inspection_configuration_id str
    A unique identifier for the TLS inspection configuration.
    update_token str
    String token used when updating the rule group.
    arn String
    ARN of the TLS Inspection Configuration.
    certificateAuthorities List<Property Map>
    Certificate Manager certificate block. See Certificate Authority below for details.
    certificates List<Property Map>
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    id String
    The provider-assigned unique ID for this managed resource.
    numberOfAssociations Number
    Number of firewall policies that use this TLS inspection configuration.
    tagsAll Map<String>

    Deprecated: Please use tags instead.

    tlsInspectionConfigurationId String
    A unique identifier for the TLS inspection configuration.
    updateToken String
    String token used when updating the rule group.

    Look up Existing TlsInspectionConfiguration Resource

    Get an existing TlsInspectionConfiguration resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: TlsInspectionConfigurationState, opts?: CustomResourceOptions): TlsInspectionConfiguration
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            certificate_authorities: Optional[Sequence[TlsInspectionConfigurationCertificateAuthorityArgs]] = None,
            certificates: Optional[Sequence[TlsInspectionConfigurationCertificateArgs]] = None,
            description: Optional[str] = None,
            encryption_configurations: Optional[Sequence[TlsInspectionConfigurationEncryptionConfigurationArgs]] = None,
            name: Optional[str] = None,
            number_of_associations: Optional[int] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            timeouts: Optional[TlsInspectionConfigurationTimeoutsArgs] = None,
            tls_inspection_configuration: Optional[TlsInspectionConfigurationTlsInspectionConfigurationArgs] = None,
            tls_inspection_configuration_id: Optional[str] = None,
            update_token: Optional[str] = None) -> TlsInspectionConfiguration
    func GetTlsInspectionConfiguration(ctx *Context, name string, id IDInput, state *TlsInspectionConfigurationState, opts ...ResourceOption) (*TlsInspectionConfiguration, error)
    public static TlsInspectionConfiguration Get(string name, Input<string> id, TlsInspectionConfigurationState? state, CustomResourceOptions? opts = null)
    public static TlsInspectionConfiguration get(String name, Output<String> id, TlsInspectionConfigurationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    ARN of the TLS Inspection Configuration.
    CertificateAuthorities List<TlsInspectionConfigurationCertificateAuthority>
    Certificate Manager certificate block. See Certificate Authority below for details.
    Certificates List<TlsInspectionConfigurationCertificate>
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    Description string
    Description of the TLS inspection configuration.
    EncryptionConfigurations List<TlsInspectionConfigurationEncryptionConfiguration>
    Encryption configuration block. Detailed below.
    Name string
    Descriptive name of the TLS inspection configuration.
    NumberOfAssociations int
    Number of firewall policies that use this TLS inspection configuration.
    Tags Dictionary<string, string>
    TagsAll Dictionary<string, string>

    Deprecated: Please use tags instead.

    Timeouts TlsInspectionConfigurationTimeouts
    TlsInspectionConfig TlsInspectionConfigurationTlsInspectionConfiguration

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    TlsInspectionConfigurationId string
    A unique identifier for the TLS inspection configuration.
    UpdateToken string
    String token used when updating the rule group.
    Arn string
    ARN of the TLS Inspection Configuration.
    CertificateAuthorities []TlsInspectionConfigurationCertificateAuthorityArgs
    Certificate Manager certificate block. See Certificate Authority below for details.
    Certificates []TlsInspectionConfigurationCertificateArgs
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    Description string
    Description of the TLS inspection configuration.
    EncryptionConfigurations []TlsInspectionConfigurationEncryptionConfigurationArgs
    Encryption configuration block. Detailed below.
    Name string
    Descriptive name of the TLS inspection configuration.
    NumberOfAssociations int
    Number of firewall policies that use this TLS inspection configuration.
    Tags map[string]string
    TagsAll map[string]string

    Deprecated: Please use tags instead.

    Timeouts TlsInspectionConfigurationTimeoutsArgs
    TlsInspectionConfiguration TlsInspectionConfigurationTlsInspectionConfigurationArgs

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    TlsInspectionConfigurationId string
    A unique identifier for the TLS inspection configuration.
    UpdateToken string
    String token used when updating the rule group.
    arn String
    ARN of the TLS Inspection Configuration.
    certificateAuthorities List<TlsInspectionConfigurationCertificateAuthority>
    Certificate Manager certificate block. See Certificate Authority below for details.
    certificates List<TlsInspectionConfigurationCertificate>
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    description String
    Description of the TLS inspection configuration.
    encryptionConfigurations List<TlsInspectionConfigurationEncryptionConfiguration>
    Encryption configuration block. Detailed below.
    name String
    Descriptive name of the TLS inspection configuration.
    numberOfAssociations Integer
    Number of firewall policies that use this TLS inspection configuration.
    tags Map<String,String>
    tagsAll Map<String,String>

    Deprecated: Please use tags instead.

    timeouts TlsInspectionConfigurationTimeouts
    tlsInspectionConfiguration TlsInspectionConfigurationTlsInspectionConfiguration

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    tlsInspectionConfigurationId String
    A unique identifier for the TLS inspection configuration.
    updateToken String
    String token used when updating the rule group.
    arn string
    ARN of the TLS Inspection Configuration.
    certificateAuthorities TlsInspectionConfigurationCertificateAuthority[]
    Certificate Manager certificate block. See Certificate Authority below for details.
    certificates TlsInspectionConfigurationCertificate[]
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    description string
    Description of the TLS inspection configuration.
    encryptionConfigurations TlsInspectionConfigurationEncryptionConfiguration[]
    Encryption configuration block. Detailed below.
    name string
    Descriptive name of the TLS inspection configuration.
    numberOfAssociations number
    Number of firewall policies that use this TLS inspection configuration.
    tags {[key: string]: string}
    tagsAll {[key: string]: string}

    Deprecated: Please use tags instead.

    timeouts TlsInspectionConfigurationTimeouts
    tlsInspectionConfiguration TlsInspectionConfigurationTlsInspectionConfiguration

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    tlsInspectionConfigurationId string
    A unique identifier for the TLS inspection configuration.
    updateToken string
    String token used when updating the rule group.
    arn str
    ARN of the TLS Inspection Configuration.
    certificate_authorities Sequence[TlsInspectionConfigurationCertificateAuthorityArgs]
    Certificate Manager certificate block. See Certificate Authority below for details.
    certificates Sequence[TlsInspectionConfigurationCertificateArgs]
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    description str
    Description of the TLS inspection configuration.
    encryption_configurations Sequence[TlsInspectionConfigurationEncryptionConfigurationArgs]
    Encryption configuration block. Detailed below.
    name str
    Descriptive name of the TLS inspection configuration.
    number_of_associations int
    Number of firewall policies that use this TLS inspection configuration.
    tags Mapping[str, str]
    tags_all Mapping[str, str]

    Deprecated: Please use tags instead.

    timeouts TlsInspectionConfigurationTimeoutsArgs
    tls_inspection_configuration TlsInspectionConfigurationTlsInspectionConfigurationArgs

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    tls_inspection_configuration_id str
    A unique identifier for the TLS inspection configuration.
    update_token str
    String token used when updating the rule group.
    arn String
    ARN of the TLS Inspection Configuration.
    certificateAuthorities List<Property Map>
    Certificate Manager certificate block. See Certificate Authority below for details.
    certificates List<Property Map>
    List of certificate blocks describing certificates associated with the TLS inspection configuration. See Certificates below for details.
    description String
    Description of the TLS inspection configuration.
    encryptionConfigurations List<Property Map>
    Encryption configuration block. Detailed below.
    name String
    Descriptive name of the TLS inspection configuration.
    numberOfAssociations Number
    Number of firewall policies that use this TLS inspection configuration.
    tags Map<String>
    tagsAll Map<String>

    Deprecated: Please use tags instead.

    timeouts Property Map
    tlsInspectionConfiguration Property Map

    TLS inspection configuration block. Detailed below.

    The following arguments are optional:

    tlsInspectionConfigurationId String
    A unique identifier for the TLS inspection configuration.
    updateToken String
    String token used when updating the rule group.

    Supporting Types

    TlsInspectionConfigurationCertificate, TlsInspectionConfigurationCertificateArgs

    CertificateArn string
    ARN of the certificate.
    CertificateSerial string
    Serial number of the certificate.
    Status string
    Status of the certificate.
    StatusMessage string
    Details about the certificate status, including information about certificate errors.
    CertificateArn string
    ARN of the certificate.
    CertificateSerial string
    Serial number of the certificate.
    Status string
    Status of the certificate.
    StatusMessage string
    Details about the certificate status, including information about certificate errors.
    certificateArn String
    ARN of the certificate.
    certificateSerial String
    Serial number of the certificate.
    status String
    Status of the certificate.
    statusMessage String
    Details about the certificate status, including information about certificate errors.
    certificateArn string
    ARN of the certificate.
    certificateSerial string
    Serial number of the certificate.
    status string
    Status of the certificate.
    statusMessage string
    Details about the certificate status, including information about certificate errors.
    certificate_arn str
    ARN of the certificate.
    certificate_serial str
    Serial number of the certificate.
    status str
    Status of the certificate.
    status_message str
    Details about the certificate status, including information about certificate errors.
    certificateArn String
    ARN of the certificate.
    certificateSerial String
    Serial number of the certificate.
    status String
    Status of the certificate.
    statusMessage String
    Details about the certificate status, including information about certificate errors.

    TlsInspectionConfigurationCertificateAuthority, TlsInspectionConfigurationCertificateAuthorityArgs

    CertificateArn string
    ARN of the certificate.
    CertificateSerial string
    Serial number of the certificate.
    Status string
    Status of the certificate.
    StatusMessage string
    Details about the certificate status, including information about certificate errors.
    CertificateArn string
    ARN of the certificate.
    CertificateSerial string
    Serial number of the certificate.
    Status string
    Status of the certificate.
    StatusMessage string
    Details about the certificate status, including information about certificate errors.
    certificateArn String
    ARN of the certificate.
    certificateSerial String
    Serial number of the certificate.
    status String
    Status of the certificate.
    statusMessage String
    Details about the certificate status, including information about certificate errors.
    certificateArn string
    ARN of the certificate.
    certificateSerial string
    Serial number of the certificate.
    status string
    Status of the certificate.
    statusMessage string
    Details about the certificate status, including information about certificate errors.
    certificate_arn str
    ARN of the certificate.
    certificate_serial str
    Serial number of the certificate.
    status str
    Status of the certificate.
    status_message str
    Details about the certificate status, including information about certificate errors.
    certificateArn String
    ARN of the certificate.
    certificateSerial String
    Serial number of the certificate.
    status String
    Status of the certificate.
    statusMessage String
    Details about the certificate status, including information about certificate errors.

    TlsInspectionConfigurationEncryptionConfiguration, TlsInspectionConfigurationEncryptionConfigurationArgs

    KeyId string
    ARN of the Amazon Web Services Key Management Service (KMS) customer managed key.
    Type string
    Type of KMS key to use for encryption of your Network Firewall resources. Valid values: AWS_OWNED_KMS_KEY, CUSTOMER_KMS.
    KeyId string
    ARN of the Amazon Web Services Key Management Service (KMS) customer managed key.
    Type string
    Type of KMS key to use for encryption of your Network Firewall resources. Valid values: AWS_OWNED_KMS_KEY, CUSTOMER_KMS.
    keyId String
    ARN of the Amazon Web Services Key Management Service (KMS) customer managed key.
    type String
    Type of KMS key to use for encryption of your Network Firewall resources. Valid values: AWS_OWNED_KMS_KEY, CUSTOMER_KMS.
    keyId string
    ARN of the Amazon Web Services Key Management Service (KMS) customer managed key.
    type string
    Type of KMS key to use for encryption of your Network Firewall resources. Valid values: AWS_OWNED_KMS_KEY, CUSTOMER_KMS.
    key_id str
    ARN of the Amazon Web Services Key Management Service (KMS) customer managed key.
    type str
    Type of KMS key to use for encryption of your Network Firewall resources. Valid values: AWS_OWNED_KMS_KEY, CUSTOMER_KMS.
    keyId String
    ARN of the Amazon Web Services Key Management Service (KMS) customer managed key.
    type String
    Type of KMS key to use for encryption of your Network Firewall resources. Valid values: AWS_OWNED_KMS_KEY, CUSTOMER_KMS.

    TlsInspectionConfigurationTimeouts, TlsInspectionConfigurationTimeoutsArgs

    Create string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    Delete string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    Update string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    Create string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    Delete string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    Update string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    create String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    update String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    create string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    update string
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    create str
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete str
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    update str
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    create String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
    delete String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
    update String
    A string that can be parsed as a duration consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).

    TlsInspectionConfigurationTlsInspectionConfiguration, TlsInspectionConfigurationTlsInspectionConfigurationArgs

    ServerCertificateConfiguration TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfiguration
    Server certificate configurations that are associated with the TLS configuration. Detailed below.
    ServerCertificateConfiguration TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfiguration
    Server certificate configurations that are associated with the TLS configuration. Detailed below.
    serverCertificateConfiguration TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfiguration
    Server certificate configurations that are associated with the TLS configuration. Detailed below.
    serverCertificateConfiguration TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfiguration
    Server certificate configurations that are associated with the TLS configuration. Detailed below.
    server_certificate_configuration TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfiguration
    Server certificate configurations that are associated with the TLS configuration. Detailed below.
    serverCertificateConfiguration Property Map
    Server certificate configurations that are associated with the TLS configuration. Detailed below.

    TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfiguration, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationArgs

    CertificateAuthorityArn string
    ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
    CheckCertificateRevocationStatus TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatus
    Check Certificate Revocation Status block. Detailed below.
    Scopes List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScope>
    Scope block. Detailed below.
    ServerCertificates List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificate>
    Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
    CertificateAuthorityArn string
    ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
    CheckCertificateRevocationStatus TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatus
    Check Certificate Revocation Status block. Detailed below.
    Scopes []TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScope
    Scope block. Detailed below.
    ServerCertificates []TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificate
    Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
    certificateAuthorityArn String
    ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
    checkCertificateRevocationStatus TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatus
    Check Certificate Revocation Status block. Detailed below.
    scopes List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScope>
    Scope block. Detailed below.
    serverCertificates List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificate>
    Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
    certificateAuthorityArn string
    ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
    checkCertificateRevocationStatus TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatus
    Check Certificate Revocation Status block. Detailed below.
    scopes TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScope[]
    Scope block. Detailed below.
    serverCertificates TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificate[]
    Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
    certificate_authority_arn str
    ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
    check_certificate_revocation_status TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatus
    Check Certificate Revocation Status block. Detailed below.
    scopes Sequence[TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScope]
    Scope block. Detailed below.
    server_certificates Sequence[TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificate]
    Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.
    certificateAuthorityArn String
    ARN of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations for limitations on CA certificates.
    checkCertificateRevocationStatus Property Map
    Check Certificate Revocation Status block. Detailed below.
    scopes List<Property Map>
    Scope block. Detailed below.
    serverCertificates List<Property Map>
    Server certificates to use for inbound SSL/TLS inspection. See Using SSL/TLS certificates with TLS inspection configurations.

    TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatus, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationCheckCertificateRevocationStatusArgs

    TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScope, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeArgs

    Protocols List<int>
    Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values: 6
    DestinationPorts List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPort>
    Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
    Destinations List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestination>
    Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
    SourcePorts List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePort>
    Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
    Sources List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSource>
    Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
    Protocols []int
    Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values: 6
    DestinationPorts []TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPort
    Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
    Destinations []TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestination
    Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
    SourcePorts []TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePort
    Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
    Sources []TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSource
    Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
    protocols List<Integer>
    Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values: 6
    destinationPorts List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPort>
    Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
    destinations List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestination>
    Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
    sourcePorts List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePort>
    Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
    sources List<TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSource>
    Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
    protocols number[]
    Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values: 6
    destinationPorts TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPort[]
    Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
    destinations TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestination[]
    Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
    sourcePorts TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePort[]
    Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
    sources TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSource[]
    Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
    protocols Sequence[int]
    Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values: 6
    destination_ports Sequence[TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPort]
    Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
    destinations Sequence[TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestination]
    Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
    source_ports Sequence[TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePort]
    Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
    sources Sequence[TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSource]
    Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.
    protocols List<Number>
    Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). Network Firewall currently supports TCP only. Valid values: 6
    destinationPorts List<Property Map>
    Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Ports below for details.
    destinations List<Property Map>
    Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.
    sourcePorts List<Property Map>
    Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Ports below for details.
    sources List<Property Map>
    Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.

    TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestination, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationArgs

    AddressDefinition string
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    AddressDefinition string
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    addressDefinition String
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    addressDefinition string
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    address_definition str
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    addressDefinition String
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.

    TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPort, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeDestinationPortArgs

    FromPort int
    The lower limit of the port range. This must be less than or equal to the to_port.
    ToPort int
    The upper limit of the port range. This must be greater than or equal to the from_port.
    FromPort int
    The lower limit of the port range. This must be less than or equal to the to_port.
    ToPort int
    The upper limit of the port range. This must be greater than or equal to the from_port.
    fromPort Integer
    The lower limit of the port range. This must be less than or equal to the to_port.
    toPort Integer
    The upper limit of the port range. This must be greater than or equal to the from_port.
    fromPort number
    The lower limit of the port range. This must be less than or equal to the to_port.
    toPort number
    The upper limit of the port range. This must be greater than or equal to the from_port.
    from_port int
    The lower limit of the port range. This must be less than or equal to the to_port.
    to_port int
    The upper limit of the port range. This must be greater than or equal to the from_port.
    fromPort Number
    The lower limit of the port range. This must be less than or equal to the to_port.
    toPort Number
    The upper limit of the port range. This must be greater than or equal to the from_port.

    TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSource, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourceArgs

    AddressDefinition string
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    AddressDefinition string
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    addressDefinition String
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    addressDefinition string
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    address_definition str
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.
    addressDefinition String
    An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.

    TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePort, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationScopeSourcePortArgs

    FromPort int
    The lower limit of the port range. This must be less than or equal to the to_port.
    ToPort int
    The upper limit of the port range. This must be greater than or equal to the from_port.
    FromPort int
    The lower limit of the port range. This must be less than or equal to the to_port.
    ToPort int
    The upper limit of the port range. This must be greater than or equal to the from_port.
    fromPort Integer
    The lower limit of the port range. This must be less than or equal to the to_port.
    toPort Integer
    The upper limit of the port range. This must be greater than or equal to the from_port.
    fromPort number
    The lower limit of the port range. This must be less than or equal to the to_port.
    toPort number
    The upper limit of the port range. This must be greater than or equal to the from_port.
    from_port int
    The lower limit of the port range. This must be less than or equal to the to_port.
    to_port int
    The upper limit of the port range. This must be greater than or equal to the from_port.
    fromPort Number
    The lower limit of the port range. This must be less than or equal to the to_port.
    toPort Number
    The upper limit of the port range. This must be greater than or equal to the from_port.

    TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificate, TlsInspectionConfigurationTlsInspectionConfigurationServerCertificateConfigurationServerCertificateArgs

    ResourceArn string
    ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    ResourceArn string
    ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    resourceArn String
    ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    resourceArn string
    ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    resource_arn str
    ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
    resourceArn String
    ARN of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.

    Import

    Using pulumi import, import Network Firewall TLS Inspection Configuration using the arn. For example:

    $ pulumi import aws:networkfirewall/tlsInspectionConfiguration:TlsInspectionConfiguration example arn:aws:network-firewall::<region>:<account_id>:tls-configuration/example
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi