FEATURES PRICING ABOUT DOCS LOGIN

aws_lb_ssl_negotiation_policy

Provides a load balancer SSL negotiation policy, which allows an ELB to control the ciphers and protocols that are supported during SSL negotiations between a client and a load balancer.

Example Usage

resource "aws_elb" "lb" {
	name = "test-lb"
    availability_zones = ["us-east-1a"]
    listener {
        instance_port = 8000
        instance_protocol = "https"
        lb_port = 443
        lb_protocol = "https"
        ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
    }
}

resource "aws_lb_ssl_negotiation_policy" "foo" {
	name = "foo-policy"
	load_balancer = "${aws_elb.lb.id}"
	lb_port = 443
	attribute {
    	name = "Protocol-TLSv1"
        value = "false"
    }
    attribute {
        name = "Protocol-TLSv1.1"
        value = "false" 
    }       
    attribute {
        name = "Protocol-TLSv1.2"
        value = "true"
    }
    attribute {
        name = "Server-Defined-Cipher-Order"
        value = "true"
    }       
    attribute {
        name = "ECDHE-RSA-AES128-GCM-SHA256"
        value = "true"
    }
    attribute {
        name = "AES128-GCM-SHA256"
        value = "true"
    }
    attribute {
        name = "EDH-RSA-DES-CBC3-SHA"
        value = "false"
    }
}

Argument Reference

The following arguments are supported:

To set your attributes, please see the AWS Elastic Load Balancing Developer Guide for a listing of the supported SSL protocols, SSL options, and SSL ciphers.

~> NOTE: The AWS documentation references Server Order Preference, which the AWS Elastic Load Balancing API refers to as Server-Defined-Cipher-Order. If you wish to set Server Order Preference, use this value instead.

Attributes Reference

The following attributes are exported:


See the source of this document at Terraform.io

REQUEST A DEMO