https://github.com/sidick/terraform-aws-elb-ssl-negotiation

Terraform module which creates ELB SSL Negotiation Policy
https://github.com/sidick/terraform-aws-elb-ssl-negotiation

elb ssl terraform terraform-module terraform-modules

Last synced: 2 months ago
JSON representation

Terraform module which creates ELB SSL Negotiation Policy

• Host: GitHub
• URL: https://github.com/sidick/terraform-aws-elb-ssl-negotiation
• Owner: sidick
• License: bsd-3-clause
• Created: 2017-12-14T10:11:59.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2024-05-03T14:27:37.000Z (about 2 years ago)
• Last Synced: 2026-03-02T01:33:29.581Z (4 months ago)
• Topics: elb, ssl, terraform, terraform-module, terraform-modules
• Language: HCL
• Homepage:
• Size: 42 KB
• Stars: 1
• Watchers: 1
• Forks: 2
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# terraform-aws-elb-ssl-negotiation

## AWS ELB SSL Negotiation Policy Terraform module

Terraform module which creates [SSL Negotiation Configurations for Classic Load Balancers](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-ssl-security-policy.html) on AWS.

These types of resources are supported:

*   [AWS Classic ELB SSL Negotiation Policy](https://www.terraform.io/docs/providers/aws/r/lb_ssl_negotiation_policy.html)

### Features

This module aims to allow the implementation of **ALL** possible combinations of SSL ciphers and protocols which are supported by AWS and latest stable version of Terraform:

*   Generic module which allows the setting of any combination of ciphers and protocols.

*   Pre-written modules to implement all of the Amazon supplied default policies.

*   Allowing the customisation of default policies.

If there is a missing feature or a bug - [open an issue](https://github.com/sidick/terraform-aws-elb-ssl-negotiation/issues/new).

### Usage

There are two ways to create security groups using this module:

#### 1. SSL Negotiation Policy with custom rules

```hcl

module "elb_ssl_policy" {

  source = "sidick/elb-ssl-negotiation/aws"

  ssl_policy_name    = "default_policy"

  load_balancer_id   = "example_lb"

  load_balancer_port = "443"

  protocol_tlsv12             = "true"

  ecdhe_rsa_aes128_gcm_sha256 = "true"

  server_defined_cipher_order = "true"

}

```

#### 2. SSL Negotiation Policy with pre-defined rules but with use of TLSv1 overridden and disabled

```hcl

module "elb_ssl_policy" {

  source = "sidick/elb-ssl-negotiation/aws//modules/ELBSecurityPolicy-2016-08"

  ssl_policy_name    = "default_policy"

  load_balancer_id   = "example_lb"

  load_balancer_port = "443"

  protocol_tlsv1 = "false"

}

```

### How to update the ciphers and protocols

The lists of all the protocols and ciphers are created dynamically using a python script in the `examples/update_ciphers` directory. If you run this script it will recreate all modules from the Jinja2 templates in that directory based on the output of `aws describe-load-balancer-policies`

### Authors

Module managed by [Simon Dick](https://github.com/sidick).

### License

BSD 3-Clause License. See LICENSE for full details.