Skip to content

aws-network-insecure-tls

Ensure that load balancer is using TLS 1.2

Examples

Insecure Example

resource "aws_lb_listener" "front_end" {
  load_balancer_arn = aws_lb.front_end.arn
  port              = "443"
  protocol          = "TLS"
  certificate_arn   = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
  alpn_policy       = "HTTP2Preferred"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.front_end.arn
  }
}

{
  "Type" : "AWS::ElasticLoadBalancingV2::Listener",
  "Properties" : {
      "AlpnPolicy" : [ "HTTP2Preferred" ],
      "Certificates" : [
          {
              "CertificateArn": "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
          }
      ],
      "DefaultActions" : [
         {
             "Type": "forward"
         }
      ],
      "LoadBalancerArn" : { "Ref": "myLoadBalancer" },
      "Port" : 443,
      "Protocol" : "TLS"
    }
}

Secure Example

resource "aws_lb_listener" "front_end" {
  load_balancer_arn = aws_lb.front_end.arn
  port              = "443"
  protocol          = "TLS"
  ssl_policy        = "ELBSecurityPolicy-FS-1-2-2019-08"
  certificate_arn   = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
  alpn_policy       = "HTTP2Preferred"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.front_end.arn
  }
}

{
  "Type" : "AWS::ElasticLoadBalancingV2::Listener",
  "Properties" : {
      "AlpnPolicy" : [ "HTTP2Preferred" ],
      "Certificates" : [
          {
              "CertificateArn": "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
          }
      ],
      "DefaultActions" : [
         {
             "Type": "forward"
         }
      ],
      "LoadBalancerArn" : { "Ref": "myLoadBalancer" },
      "Port" : 443,
      "Protocol" : "TLS",
      "SslPolicy" : "ELBSecurityPolicy-FS-1-2-2019-08"
    }
}

More information