Skip to content

Commit

Permalink
Updated SSL policy used in listeners to user secure TLS protocols
Browse files Browse the repository at this point in the history
  • Loading branch information
@dms1981
dms1981 committed May 20, 2024
1 parent a4e12d4 commit c44bf7e
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions terraform/environments/cooker/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -447,7 +447,7 @@ resource "aws_lb_listener" "external" {
load_balancer_arn = aws_lb.external.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
certificate_arn = aws_acm_certificate.external.arn

default_action {
Expand Down Expand Up @@ -587,7 +587,7 @@ resource "aws_lb_listener" "inner" {
load_balancer_arn = aws_lb.inner.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-2016-08"
ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
certificate_arn = aws_acm_certificate.inner.arn

default_action {
Expand Down
2 changes: 1 addition & 1 deletion terraform/environments/example/loadbalancer.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ resource "aws_lb_listener" "external" {
port = local.application_data.accounts[local.environment].server_port
protocol = local.application_data.accounts[local.environment].lb_listener_protocol
#checkov:skip=CKV_AWS_2: "protocol for lb set in application_variables"
ssl_policy = local.application_data.accounts[local.environment].lb_listener_protocol == "HTTP" ? "" : "ELBSecurityPolicy-2016-08"
ssl_policy = local.application_data.accounts[local.environment].lb_listener_protocol == "HTTP" ? "" : "ELBSecurityPolicy-TLS13-1-2-2021-06"
#checkov:skip=CKV_AWS_103: "ssl_policy for lb set in application_variables"

default_action {
Expand Down
4 changes: 2 additions & 2 deletions terraform/environments/sprinkler/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -476,7 +476,7 @@ resource "aws_lb_listener" "external" {
load_balancer_arn = aws_lb.external.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
certificate_arn = aws_acm_certificate.external.arn

default_action {
Expand Down Expand Up @@ -633,7 +633,7 @@ resource "aws_lb_listener" "inner" {
load_balancer_arn = aws_lb.inner.arn
port = "443"
protocol = "HTTPS"
ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01"
ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06"
certificate_arn = aws_acm_certificate.inner.arn

default_action {
Expand Down

0 comments on commit c44bf7e

Please sign in to comment.