aws_elb_load_balancer_policy
Provides a load balancer policy, which can be attached to an ELB listener or backend server.
Example Usage
resource "aws_elb" "wu-tang" {
name = "wu-tang"
availability_zones = ["us-east-1a"]
listener {
instance_port = 443
instance_protocol = "http"
lb_port = 443
lb_protocol = "https"
ssl_certificate_id = "arn:aws:iam::000000000000:server-certificate/wu-tang.net"
}
tags {
Name = "wu-tang"
}
}
resource "aws_load_balancer_policy" "wu-tang-ca-pubkey-policy" {
load_balancer_name = "${aws_elb.wu-tang.name}"
policy_name = "wu-tang-ca-pubkey-policy"
policy_type_name = "PublicKeyPolicyType"
policy_attribute = {
name = "PublicKey"
value = "${file("wu-tang-pubkey")}"
}
}
resource "aws_load_balancer_policy" "wu-tang-root-ca-backend-auth-policy" {
load_balancer_name = "${aws_elb.wu-tang.name}"
policy_name = "wu-tang-root-ca-backend-auth-policy"
policy_type_name = "BackendServerAuthenticationPolicyType"
policy_attribute = {
name = "PublicKeyPolicyName"
value = "${aws_load_balancer_policy.wu-tang-root-ca-pubkey-policy.policy_name}"
}
}
resource "aws_load_balancer_policy" "wu-tang-ssl" {
load_balancer_name = "${aws_elb.wu-tang.name}"
policy_name = "wu-tang-ssl"
policy_type_name = "SSLNegotiationPolicyType"
policy_attribute = {
name = "ECDHE-ECDSA-AES128-GCM-SHA256"
value = "true"
}
policy_attribute = {
name = "Protocol-TLSv1.2"
value = "true"
}
}
resource "aws_load_balancer_backend_server_policy" "wu-tang-backend-auth-policies-443" {
load_balancer_name = "${aws_elb.wu-tang.name}"
instance_port = 443
policy_names = [
"${aws_load_balancer_policy.wu-tang-root-ca-backend-auth-policy.policy_name}"
]
}
resource "aws_load_balancer_listener_policy" "wu-tang-listener-policies-443" {
load_balancer_name = "${aws_elb.wu-tang.name}"
load_balancer_port = 443
policy_names = [
"${aws_load_balancer_policy.wu-tang-ssl.policy_name}"
]
}
Where the file pubkey
in the current directory contains only the public key of the certificate.
cat wu-tang-ca.pem | openssl x509 -pubkey -noout | grep -v '\-\-\-\-' | tr -d '\n' > wu-tang-pubkey
This example shows how to enable backend authentication for an ELB as well as customize the TLS settings.
Argument Reference
The following arguments are supported:
load_balancer_name
- (Required) The load balancer on which the policy is defined.policy_name
- (Required) The name of the load balancer policy.policy_type_name
- (Required) The policy type.policy_attribute
- (Optional) Policy attribute to apply to the policy.
Attributes Reference
The following attributes are exported:
id
- The ID of the policy.policy_name
- The name of the stickiness policy.policy_type_name
- The policy type of the policy.load_balancer_name
- The load balancer on which the policy is defined.
See the source of this document at Terraform.io