Skip to content

Resource: awsLoadBalancerListenerPolicy

Attaches a load balancer policy to an ELB Listener.

Example Usage

Custom Policy

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsElbWuTang = new aws.elb.Elb(this, "wu-tang", {
  availabilityZones: ["us-east-1a"],
  listener: [
    {
      instancePort: 443,
      instanceProtocol: "http",
      lbPort: 443,
      lbProtocol: "https",
      sslCertificateId:
        "arn:aws:iam::000000000000:server-certificate/wu-tang.net",
    },
  ],
  name: "wu-tang",
  tags: {
    Name: "wu-tang",
  },
});
const awsLoadBalancerPolicyWuTangSsl =
  new aws.loadBalancerPolicy.LoadBalancerPolicy(this, "wu-tang-ssl", {
    loadBalancerName: awsElbWuTang.name,
    policyAttribute: [
      {
        name: "ECDHE-ECDSA-AES128-GCM-SHA256",
        value: "true",
      },
      {
        name: "Protocol-TLSv1.2",
        value: "true",
      },
    ],
    policyName: "wu-tang-ssl",
    policyTypeName: "SSLNegotiationPolicyType",
  });
new aws.loadBalancerListenerPolicy.LoadBalancerListenerPolicy(
  this,
  "wu-tang-listener-policies-443",
  {
    loadBalancerName: awsElbWuTang.name,
    loadBalancerPort: 443,
    policyNames: [awsLoadBalancerPolicyWuTangSsl.policyName],
  }
);

This example shows how to customize the TLS settings of an HTTPS listener.

AWS Predefined Security Policy

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsElbWuTang = new aws.elb.Elb(this, "wu-tang", {
  availabilityZones: ["us-east-1a"],
  listener: [
    {
      instancePort: 443,
      instanceProtocol: "http",
      lbPort: 443,
      lbProtocol: "https",
      sslCertificateId:
        "arn:aws:iam::000000000000:server-certificate/wu-tang.net",
    },
  ],
  name: "wu-tang",
  tags: {
    Name: "wu-tang",
  },
});
const awsLoadBalancerPolicyWuTangSslTls11 =
  new aws.loadBalancerPolicy.LoadBalancerPolicy(this, "wu-tang-ssl-tls-1-1", {
    loadBalancerName: awsElbWuTang.name,
    policyAttribute: [
      {
        name: "Reference-Security-Policy",
        value: "ELBSecurityPolicy-TLS-1-1-2017-01",
      },
    ],
    policyName: "wu-tang-ssl",
    policyTypeName: "SSLNegotiationPolicyType",
  });
new aws.loadBalancerListenerPolicy.LoadBalancerListenerPolicy(
  this,
  "wu-tang-listener-policies-443",
  {
    loadBalancerName: awsElbWuTang.name,
    loadBalancerPort: 443,
    policyNames: [awsLoadBalancerPolicyWuTangSslTls11.policyName],
  }
);

This example shows how to add a Predefined Security Policy for ELBs

Argument Reference

The following arguments are supported:

  • loadBalancerName - (Required) The load balancer to attach the policy to.
  • loadBalancerPort - (Required) The load balancer listener port to apply the policy to.
  • policyNames - (Required) List of Policy Names to apply to the backend server.
  • triggers - (Optional) Map of arbitrary keys and values that, when changed, will trigger an update. To force an update without changing these keys/values, use the terraformTaint command.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the policy.
  • loadBalancerName - The load balancer on which the policy is defined.
  • loadBalancerPort - The load balancer listener port the policies are applied to