Resource: awsLbSslNegotiationPolicy
Provides a load balancer SSL negotiation policy, which allows an ELB to control the ciphers and protocols that are supported during SSL negotiations between a client and a load balancer.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsElbLb = new aws.elb.Elb(this, "lb", {
availabilityZones: ["us-east-1a"],
listener: [
{
instancePort: 8000,
instanceProtocol: "https",
lbPort: 443,
lbProtocol: "https",
sslCertificateId: "arn:aws:iam::123456789012:server-certificate/certName",
},
],
name: "test-lb",
});
new aws.lbSslNegotiationPolicy.LbSslNegotiationPolicy(this, "foo", {
attribute: [
{
name: "Protocol-TLSv1",
value: "false",
},
{
name: "Protocol-TLSv1.1",
value: "false",
},
{
name: "Protocol-TLSv1.2",
value: "true",
},
{
name: "Server-Defined-Cipher-Order",
value: "true",
},
{
name: "ECDHE-RSA-AES128-GCM-SHA256",
value: "true",
},
{
name: "AES128-GCM-SHA256",
value: "true",
},
{
name: "EDH-RSA-DES-CBC3-SHA",
value: "false",
},
],
lbPort: 443,
loadBalancer: awsElbLb.id,
name: "foo-policy",
});
Argument Reference
The following arguments are supported:
name
- (Required) The name of the SSL negotiation policy.loadBalancer
- (Required) The load balancer to which the policy should be attached.lbPort
- (Required) The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.attribute
- (Optional) An SSL Negotiation policy attribute. Each has two properties:name
- The name of the attributevalue
- The value of the attributetriggers
- (Optional) Map of arbitrary keys and values that, when changed, will trigger a redeployment. To force a redeployment without changing these keys/values, use theterraformTaint
command.
To set your attributes, please see the AWS Elastic Load Balancing Developer Guide for a listing of the supported SSL protocols, SSL options, and SSL ciphers.
\~> NOTE: The AWS documentation references Server Order Preference, which the AWS Elastic Load Balancing API refers to as serverDefinedCipherOrder
. If you wish to set Server Order Preference, use this value instead.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID of the policy.name
- The name of the stickiness policy.loadBalancer
- The load balancer to which the policy is attached.lbPort
- The load balancer port to which the policy is applied.attribute
- The SSL Negotiation policy attributes.