aws-network-insecure-tls¶
Ensure that load balancer is using TLS 1.2
Examples¶
Insecure Example
resource "aws_lb_listener" "front_end" {
load_balancer_arn = aws_lb.front_end.arn
port = "443"
protocol = "TLS"
certificate_arn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
alpn_policy = "HTTP2Preferred"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.front_end.arn
}
}
{
"Type" : "AWS::ElasticLoadBalancingV2::Listener",
"Properties" : {
"AlpnPolicy" : [ "HTTP2Preferred" ],
"Certificates" : [
{
"CertificateArn": "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
}
],
"DefaultActions" : [
{
"Type": "forward"
}
],
"LoadBalancerArn" : { "Ref": "myLoadBalancer" },
"Port" : 443,
"Protocol" : "TLS"
}
}
Secure Example
resource "aws_lb_listener" "front_end" {
load_balancer_arn = aws_lb.front_end.arn
port = "443"
protocol = "TLS"
ssl_policy = "ELBSecurityPolicy-FS-1-2-2019-08"
certificate_arn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
alpn_policy = "HTTP2Preferred"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.front_end.arn
}
}
{
"Type" : "AWS::ElasticLoadBalancingV2::Listener",
"Properties" : {
"AlpnPolicy" : [ "HTTP2Preferred" ],
"Certificates" : [
{
"CertificateArn": "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"
}
],
"DefaultActions" : [
{
"Type": "forward"
}
],
"LoadBalancerArn" : { "Ref": "myLoadBalancer" },
"Port" : 443,
"Protocol" : "TLS",
"SslPolicy" : "ELBSecurityPolicy-FS-1-2-2019-08"
}
}