Important: The GCConnex decommission will not affect GCCollab or GCWiki. Thank you and happy collaborating!
Difference between revisions of "AWS ELB 2014.2.19"
Jump to navigation
Jump to search
(Created page with "Below is an SSL configuration for the AWS ELB web server version 2014.2.19. This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Gen...") |
|||
| Line 1: | Line 1: | ||
Below is an SSL configuration for the AWS ELB web server version 2014.2.19. This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator]. | Below is an SSL configuration for the AWS ELB web server version 2014.2.19. This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator]. | ||
| + | <pre> | ||
| + | AWSTemplateFormatVersion: 2010-09-09 | ||
| + | Description: Mozilla ELB configuration generated 2019-09-12, https://ssl-config.mozilla.org/#server=awselb&server-version=2014.2.19&config=intermediate | ||
| + | Parameters: | ||
| + | SSLCertificateId: | ||
| + | Description: The ARN of the ACM SSL certificate to use | ||
| + | Type: String | ||
| + | AllowedPattern: ^arn:aws:acm:[^:]*:[^:]*:certificate/.*$ | ||
| + | ConstraintDescription: > | ||
| + | SSL Certificate ID must be a valid ACM ARN. | ||
| + | https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns | ||
| + | Resources: | ||
| + | ExampleELB: | ||
| + | Type: AWS::ElasticLoadBalancing::LoadBalancer | ||
| + | Properties: | ||
| + | Listeners: | ||
| + | - LoadBalancerPort: '443' | ||
| + | InstancePort: '80' | ||
| + | PolicyNames: | ||
| + | - Mozilla-intermediate-v5-0 | ||
| + | SSLCertificateId: !Ref SSLCertificateId | ||
| + | Protocol: HTTPS | ||
| + | AvailabilityZones: | ||
| + | Fn::GetAZs: !Ref 'AWS::Region' | ||
| + | Policies: | ||
| + | - PolicyName: Mozilla-intermediate-v5-0 | ||
| + | PolicyType: SSLNegotiationPolicyType | ||
| + | Attributes: | ||
| + | - Name: Protocol-TLSv1.2 | ||
| + | Value: true | ||
| + | - Name: Server-Defined-Cipher-Order | ||
| + | Value: false | ||
| + | - Name: ECDHE-ECDSA-AES128-GCM-SHA256 | ||
| + | Value: true | ||
| + | - Name: ECDHE-RSA-AES128-GCM-SHA256 | ||
| + | Value: true | ||
| + | - Name: ECDHE-ECDSA-AES256-GCM-SHA384 | ||
| + | Value: true | ||
| + | - Name: ECDHE-RSA-AES256-GCM-SHA384 | ||
| + | Value: true | ||
| + | - Name: DHE-RSA-AES128-GCM-SHA256 | ||
| + | Value: true | ||
| + | - Name: DHE-RSA-AES256-GCM-SHA384 | ||
| + | Value: true | ||
| + | Outputs: | ||
| + | ELBURL: | ||
| + | Description: URL of the ELB load balancer | ||
| + | Value: !Join [ '', [ 'https://', !GetAtt 'ExampleELB.DNSName', '/' ] ] | ||
| + | </pre> | ||
Latest revision as of 10:02, 24 September 2019
Below is an SSL configuration for the AWS ELB web server version 2014.2.19. This configuration was made with the Mozilla SSL Configuration Generator.
AWSTemplateFormatVersion: 2010-09-09
Description: Mozilla ELB configuration generated 2019-09-12, https://ssl-config.mozilla.org/#server=awselb&server-version=2014.2.19&config=intermediate
Parameters:
SSLCertificateId:
Description: The ARN of the ACM SSL certificate to use
Type: String
AllowedPattern: ^arn:aws:acm:[^:]*:[^:]*:certificate/.*$
ConstraintDescription: >
SSL Certificate ID must be a valid ACM ARN.
https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
Resources:
ExampleELB:
Type: AWS::ElasticLoadBalancing::LoadBalancer
Properties:
Listeners:
- LoadBalancerPort: '443'
InstancePort: '80'
PolicyNames:
- Mozilla-intermediate-v5-0
SSLCertificateId: !Ref SSLCertificateId
Protocol: HTTPS
AvailabilityZones:
Fn::GetAZs: !Ref 'AWS::Region'
Policies:
- PolicyName: Mozilla-intermediate-v5-0
PolicyType: SSLNegotiationPolicyType
Attributes:
- Name: Protocol-TLSv1.2
Value: true
- Name: Server-Defined-Cipher-Order
Value: false
- Name: ECDHE-ECDSA-AES128-GCM-SHA256
Value: true
- Name: ECDHE-RSA-AES128-GCM-SHA256
Value: true
- Name: ECDHE-ECDSA-AES256-GCM-SHA384
Value: true
- Name: ECDHE-RSA-AES256-GCM-SHA384
Value: true
- Name: DHE-RSA-AES128-GCM-SHA256
Value: true
- Name: DHE-RSA-AES256-GCM-SHA384
Value: true
Outputs:
ELBURL:
Description: URL of the ELB load balancer
Value: !Join [ '', [ 'https://', !GetAtt 'ExampleELB.DNSName', '/' ] ]
