问题
Using terraform, does anyone know how to set a predefined SSL Security Policy for an ELB, from within the aws_elastic_beanstalk_environment resource?
I've tried various permutations of parameters, branching out from something like the below, but have had no luck. ```
setting {
name = "PolicyNames"
namespace = "aws:elb:listener"
value = "ELBSecurityPolicy-TLS-1-2-2017-01"
}
```
Can this be done using the setting syntax?
regards Michael
回答1:
Following works for classic ELB, LoadBalancerPorts is also required to set to 443 for the predefined policy to take effect.
setting {
namespace = "aws:elb:policies:sslpolicy"
name = "SSLReferencePolicy"
value = "ELBSecurityPolicy-TLS-1-2-2017-01"
}
setting {
namespace = "aws:elb:policies:sslpolicy"
name = "LoadBalancerPorts"
value = "443"
}
回答2:
Try this:
setting {
name = "SSLReferencePolicy"
namespace = "aws:elb:policies:policy_name"
value = "ELBSecurityPolicy-TLS-1-2-2017-01"
}
SSLReferencePolicy
The name of a predefined security policy that adheres to AWS security best practices and that you want to enable for a SSLNegotiationPolicyType policy that defines the ciphers and protocols that will be accepted by the load balancer. This policy can be associated only with HTTPS/SSL listeners.
Refer:
aws:elb:policies:policy_name
回答3:
This works:
setting {
name = "SSLReferencePolicy"
namespace = "aws:elb:policies:SSLReferencePolicy"
value = "ELBSecurityPolicy-TLS-1-2-2017-01"
}
来源:https://stackoverflow.com/questions/45427690/terraform-aws-elastic-beanstalk-environment-ssl-policynames