github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/load_balancer_policy.html.markdown (about) 1 --- 2 layout: "aws" 3 page_title: "AWS: aws_load_balancer_policy" 4 sidebar_current: "docs-aws-resource-load-balancer-policy" 5 description: |- 6 Provides a load balancer policy, which can be attached to an ELB listener or backend server. 7 --- 8 9 # aws\_elb\_load\_balancer\_policy 10 11 Provides a load balancer policy, which can be attached to an ELB listener or backend server. 12 13 ## Example Usage 14 15 ```hcl 16 resource "aws_elb" "wu-tang" { 17 name = "wu-tang" 18 availability_zones = ["us-east-1a"] 19 20 listener { 21 instance_port = 443 22 instance_protocol = "http" 23 lb_port = 443 24 lb_protocol = "https" 25 ssl_certificate_id = "arn:aws:iam::000000000000:server-certificate/wu-tang.net" 26 } 27 28 tags { 29 Name = "wu-tang" 30 } 31 } 32 33 resource "aws_load_balancer_policy" "wu-tang-ca-pubkey-policy" { 34 load_balancer_name = "${aws_elb.wu-tang.name}" 35 policy_name = "wu-tang-ca-pubkey-policy" 36 policy_type_name = "PublicKeyPolicyType" 37 38 policy_attribute = { 39 name = "PublicKey" 40 value = "${file("wu-tang-pubkey")}" 41 } 42 } 43 44 resource "aws_load_balancer_policy" "wu-tang-root-ca-backend-auth-policy" { 45 load_balancer_name = "${aws_elb.wu-tang.name}" 46 policy_name = "wu-tang-root-ca-backend-auth-policy" 47 policy_type_name = "BackendServerAuthenticationPolicyType" 48 49 policy_attribute = { 50 name = "PublicKeyPolicyName" 51 value = "${aws_load_balancer_policy.wu-tang-root-ca-pubkey-policy.policy_name}" 52 } 53 } 54 55 resource "aws_load_balancer_policy" "wu-tang-ssl" { 56 load_balancer_name = "${aws_elb.wu-tang.name}" 57 policy_name = "wu-tang-ssl" 58 policy_type_name = "SSLNegotiationPolicyType" 59 60 policy_attribute = { 61 name = "ECDHE-ECDSA-AES128-GCM-SHA256" 62 value = "true" 63 } 64 65 policy_attribute = { 66 name = "Protocol-TLSv1.2" 67 value = "true" 68 } 69 } 70 71 resource "aws_load_balancer_backend_server_policy" "wu-tang-backend-auth-policies-443" { 72 load_balancer_name = "${aws_elb.wu-tang.name}" 73 instance_port = 443 74 75 policy_names = [ 76 "${aws_load_balancer_policy.wu-tang-root-ca-backend-auth-policy.policy_name}", 77 ] 78 } 79 80 resource "aws_load_balancer_listener_policy" "wu-tang-listener-policies-443" { 81 load_balancer_name = "${aws_elb.wu-tang.name}" 82 load_balancer_port = 443 83 84 policy_names = [ 85 "${aws_load_balancer_policy.wu-tang-ssl.policy_name}", 86 ] 87 } 88 ``` 89 90 Where the file `pubkey` in the current directory contains only the _public key_ of the certificate. 91 92 ```shell 93 cat wu-tang-ca.pem | openssl x509 -pubkey -noout | grep -v '\-\-\-\-' | tr -d '\n' > wu-tang-pubkey 94 ``` 95 96 This example shows how to enable backend authentication for an ELB as well as customize the TLS settings. 97 98 ## Argument Reference 99 100 The following arguments are supported: 101 102 * `load_balancer_name` - (Required) The load balancer on which the policy is defined. 103 * `policy_name` - (Required) The name of the load balancer policy. 104 * `policy_type_name` - (Required) The policy type. 105 * `policy_attribute` - (Optional) Policy attribute to apply to the policy. 106 107 ## Attributes Reference 108 109 The following attributes are exported: 110 111 * `id` - The ID of the policy. 112 * `policy_name` - The name of the stickiness policy. 113 * `policy_type_name` - The policy type of the policy. 114 * `load_balancer_name` - The load balancer on which the policy is defined.