Resource: awsLoadBalancerListenerPolicy
Attaches a load balancer policy to an ELB Listener.
Example Usage
Custom Policy
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsElbWuTang = new aws.elb.Elb(this, "wu-tang", {
availabilityZones: ["us-east-1a"],
listener: [
{
instancePort: 443,
instanceProtocol: "http",
lbPort: 443,
lbProtocol: "https",
sslCertificateId:
"arn:aws:iam::000000000000:server-certificate/wu-tang.net",
},
],
name: "wu-tang",
tags: {
Name: "wu-tang",
},
});
const awsLoadBalancerPolicyWuTangSsl =
new aws.loadBalancerPolicy.LoadBalancerPolicy(this, "wu-tang-ssl", {
loadBalancerName: awsElbWuTang.name,
policyAttribute: [
{
name: "ECDHE-ECDSA-AES128-GCM-SHA256",
value: "true",
},
{
name: "Protocol-TLSv1.2",
value: "true",
},
],
policyName: "wu-tang-ssl",
policyTypeName: "SSLNegotiationPolicyType",
});
new aws.loadBalancerListenerPolicy.LoadBalancerListenerPolicy(
this,
"wu-tang-listener-policies-443",
{
loadBalancerName: awsElbWuTang.name,
loadBalancerPort: 443,
policyNames: [awsLoadBalancerPolicyWuTangSsl.policyName],
}
);
This example shows how to customize the TLS settings of an HTTPS listener.
AWS Predefined Security Policy
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsElbWuTang = new aws.elb.Elb(this, "wu-tang", {
availabilityZones: ["us-east-1a"],
listener: [
{
instancePort: 443,
instanceProtocol: "http",
lbPort: 443,
lbProtocol: "https",
sslCertificateId:
"arn:aws:iam::000000000000:server-certificate/wu-tang.net",
},
],
name: "wu-tang",
tags: {
Name: "wu-tang",
},
});
const awsLoadBalancerPolicyWuTangSslTls11 =
new aws.loadBalancerPolicy.LoadBalancerPolicy(this, "wu-tang-ssl-tls-1-1", {
loadBalancerName: awsElbWuTang.name,
policyAttribute: [
{
name: "Reference-Security-Policy",
value: "ELBSecurityPolicy-TLS-1-1-2017-01",
},
],
policyName: "wu-tang-ssl",
policyTypeName: "SSLNegotiationPolicyType",
});
new aws.loadBalancerListenerPolicy.LoadBalancerListenerPolicy(
this,
"wu-tang-listener-policies-443",
{
loadBalancerName: awsElbWuTang.name,
loadBalancerPort: 443,
policyNames: [awsLoadBalancerPolicyWuTangSslTls11.policyName],
}
);
This example shows how to add a Predefined Security Policy for ELBs
Argument Reference
The following arguments are supported:
loadBalancerName
- (Required) The load balancer to attach the policy to.loadBalancerPort
- (Required) The load balancer listener port to apply the policy to.policyNames
- (Required) List of Policy Names to apply to the backend server.triggers
- (Optional) Map of arbitrary keys and values that, when changed, will trigger an update. To force an update without changing these keys/values, use theterraformTaint
command.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID of the policy.loadBalancerName
- The load balancer on which the policy is defined.loadBalancerPort
- The load balancer listener port the policies are applied to