Skip to content

Resource: awsLbSslNegotiationPolicy

Provides a load balancer SSL negotiation policy, which allows an ELB to control the ciphers and protocols that are supported during SSL negotiations between a client and a load balancer.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsElbLb = new aws.elb.Elb(this, "lb", {
  availabilityZones: ["us-east-1a"],
  listener: [
    {
      instancePort: 8000,
      instanceProtocol: "https",
      lbPort: 443,
      lbProtocol: "https",
      sslCertificateId: "arn:aws:iam::123456789012:server-certificate/certName",
    },
  ],
  name: "test-lb",
});
new aws.lbSslNegotiationPolicy.LbSslNegotiationPolicy(this, "foo", {
  attribute: [
    {
      name: "Protocol-TLSv1",
      value: "false",
    },
    {
      name: "Protocol-TLSv1.1",
      value: "false",
    },
    {
      name: "Protocol-TLSv1.2",
      value: "true",
    },
    {
      name: "Server-Defined-Cipher-Order",
      value: "true",
    },
    {
      name: "ECDHE-RSA-AES128-GCM-SHA256",
      value: "true",
    },
    {
      name: "AES128-GCM-SHA256",
      value: "true",
    },
    {
      name: "EDH-RSA-DES-CBC3-SHA",
      value: "false",
    },
  ],
  lbPort: 443,
  loadBalancer: awsElbLb.id,
  name: "foo-policy",
});

Argument Reference

The following arguments are supported:

  • name - (Required) The name of the SSL negotiation policy.
  • loadBalancer - (Required) The load balancer to which the policy should be attached.
  • lbPort - (Required) The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.
  • attribute - (Optional) An SSL Negotiation policy attribute. Each has two properties:
  • name - The name of the attribute
  • value - The value of the attribute
  • triggers - (Optional) Map of arbitrary keys and values that, when changed, will trigger a redeployment. To force a redeployment without changing these keys/values, use the terraformTaint command.

To set your attributes, please see the AWS Elastic Load Balancing Developer Guide for a listing of the supported SSL protocols, SSL options, and SSL ciphers.

\~> NOTE: The AWS documentation references Server Order Preference, which the AWS Elastic Load Balancing API refers to as serverDefinedCipherOrder. If you wish to set Server Order Preference, use this value instead.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the policy.
  • name - The name of the stickiness policy.
  • loadBalancer - The load balancer to which the policy is attached.
  • lbPort - The load balancer port to which the policy is applied.
  • attribute - The SSL Negotiation policy attributes.