github.com/ves/terraform@v0.8.0-beta2/website/source/docs/providers/aws/r/lb_ssl_negotiation_policy.html.markdown

github.com/ves/terraform@v0.8.0-beta2/website/source/docs/providers/aws/r/lb_ssl_negotiation_policy.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_lb_ssl_negotiation_policy"
     4  sidebar_current: "docs-aws-resource-lb-ssl-negotiation-policy"
     5  description: |-
     6    Provides a load balancer SSL negotiation policy, which allows an ELB to control which ciphers and protocols are supported during SSL negotiations between a client and a load balancer.
     7  ---
     8  
     9  # aws\_lb\_ssl\_negotiation\_policy
    10  
    11  Provides a load balancer SSL negotiation policy, which allows an ELB to control the ciphers and protocols that are supported during SSL negotiations between a client and a load balancer.
    12  
    13  ## Example Usage
    14  
    15  ```
    16  resource "aws_elb" "lb" {
    17  	name = "test-lb"
    18      availability_zones = ["us-east-1a"]
    19      listener {
    20          instance_port = 8000
    21          instance_protocol = "https"
    22          lb_port = 443
    23          lb_protocol = "https"
    24          ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
    25      }
    26  }
    27  
    28  resource "aws_lb_ssl_negotiation_policy" "foo" {
    29  	name = "foo-policy"
    30  	load_balancer = "${aws_elb.lb.id}"
    31  	lb_port = 443
    32  	attribute {
    33      	name = "Protocol-TLSv1"
    34          value = "false"
    35      }
    36      attribute {
    37          name = "Protocol-TLSv1.1"
    38          value = "false" 
    39      }       
    40      attribute {
    41          name = "Protocol-TLSv1.2"
    42          value = "true"
    43      }
    44      attribute {
    45          name = "Server-Defined-Cipher-Order"
    46          value = "true"
    47      }       
    48      attribute {
    49          name = "ECDHE-RSA-AES128-GCM-SHA256"
    50          value = "true"
    51      }
    52      attribute {
    53          name = "AES128-GCM-SHA256"
    54          value = "true"
    55      }
    56      attribute {
    57          name = "EDH-RSA-DES-CBC3-SHA"
    58          value = "false"
    59      }
    60  }
    61  ```
    62  
    63  ## Argument Reference
    64  
    65  The following arguments are supported:
    66  
    67  * `name` - (Required) The name of the SSL negotiation policy.
    68  * `load_balancer` - (Required) The load balancer to which the policy
    69    should be attached.
    70  * `lb_port` - (Required) The load balancer port to which the policy
    71    should be applied. This must be an active listener on the load
    72  balancer.
    73  * `attribute` - (Optional) An SSL Negotiation policy attribute. Each has two properties:
    74  	* `name` - The name of the attribute
    75  	* `value` - The value of the attribute
    76  
    77  To set your attributes, please see the [AWS Elastic Load Balancing Developer Guide](http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-security-policy-table.html) for a listing of the supported SSL protocols, SSL options, and SSL ciphers.
    78  
    79  ~> **NOTE:** The AWS documentation references Server Order Preference, which the AWS Elastic Load Balancing API refers to as `Server-Defined-Cipher-Order`. If you wish to set Server Order Preference, use this value instead.
    80  
    81  ## Attributes Reference
    82  
    83  The following attributes are exported:
    84  
    85  * `id` - The ID of the policy.
    86  * `name` - The name of the stickiness policy.
    87  * `load_balancer` - The load balancer to which the policy is attached.
    88  * `lb_port` - The load balancer port to which the policy is applied.
    89  * `attribute` - The SSL Negotiation policy attributes.