AWS ELB 2014.2.19

From wiki
Jump to: navigation, search

Below is an SSL configuration for the AWS ELB web server version 2014.2.19. This configuration was made with the Mozilla SSL Configuration Generator.

AWSTemplateFormatVersion: 2010-09-09
Description: Mozilla ELB configuration generated 2019-09-12, https://ssl-config.mozilla.org/#server=awselb&server-version=2014.2.19&config=intermediate
Parameters:
  SSLCertificateId:
    Description: The ARN of the ACM SSL certificate to use
    Type: String
    AllowedPattern: ^arn:aws:acm:[^:]*:[^:]*:certificate/.*$
    ConstraintDescription: >
      SSL Certificate ID must be a valid ACM ARN.
      https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
Resources:
  ExampleELB:
    Type: AWS::ElasticLoadBalancing::LoadBalancer
    Properties:
      Listeners:
        - LoadBalancerPort: '443'
          InstancePort: '80'
          PolicyNames:
            - Mozilla-intermediate-v5-0
          SSLCertificateId: !Ref SSLCertificateId
          Protocol: HTTPS
      AvailabilityZones:
        Fn::GetAZs: !Ref 'AWS::Region'
      Policies:
        - PolicyName: Mozilla-intermediate-v5-0
          PolicyType: SSLNegotiationPolicyType
          Attributes:
            - Name: Protocol-TLSv1.2
              Value: true
            - Name: Server-Defined-Cipher-Order
              Value: false
            - Name: ECDHE-ECDSA-AES128-GCM-SHA256
              Value: true
            - Name: ECDHE-RSA-AES128-GCM-SHA256
              Value: true
            - Name: ECDHE-ECDSA-AES256-GCM-SHA384
              Value: true
            - Name: ECDHE-RSA-AES256-GCM-SHA384
              Value: true
            - Name: DHE-RSA-AES128-GCM-SHA256
              Value: true
            - Name: DHE-RSA-AES256-GCM-SHA384
              Value: true
Outputs:
  ELBURL:
    Description: URL of the ELB load balancer
    Value: !Join [ '', [ 'https://', !GetAtt 'ExampleELB.DNSName', '/' ] ]