802
edits
Changes
no edit summary
Below is an SSL configuration for the AWS ELB web server version 2014.2.19. This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator].
Below is an SSL configuration for the AWS ELB web server version 2014.2.19. This configuration was made with the [https://ssl-config.mozilla.org/ Mozilla SSL Configuration Generator].
<pre>
AWSTemplateFormatVersion: 2010-09-09
Description: Mozilla ELB configuration generated 2019-09-12, https://ssl-config.mozilla.org/#server=awselb&server-version=2014.2.19&config=intermediate
Parameters:
SSLCertificateId:
Description: The ARN of the ACM SSL certificate to use
Type: String
AllowedPattern: ^arn:aws:acm:[^:]*:[^:]*:certificate/.*$
ConstraintDescription: >
SSL Certificate ID must be a valid ACM ARN.
https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-arns
Resources:
ExampleELB:
Type: AWS::ElasticLoadBalancing::LoadBalancer
Properties:
Listeners:
- LoadBalancerPort: '443'
InstancePort: '80'
PolicyNames:
- Mozilla-intermediate-v5-0
SSLCertificateId: !Ref SSLCertificateId
Protocol: HTTPS
AvailabilityZones:
Fn::GetAZs: !Ref 'AWS::Region'
Policies:
- PolicyName: Mozilla-intermediate-v5-0
PolicyType: SSLNegotiationPolicyType
Attributes:
- Name: Protocol-TLSv1.2
Value: true
- Name: Server-Defined-Cipher-Order
Value: false
- Name: ECDHE-ECDSA-AES128-GCM-SHA256
Value: true
- Name: ECDHE-RSA-AES128-GCM-SHA256
Value: true
- Name: ECDHE-ECDSA-AES256-GCM-SHA384
Value: true
- Name: ECDHE-RSA-AES256-GCM-SHA384
Value: true
- Name: DHE-RSA-AES128-GCM-SHA256
Value: true
- Name: DHE-RSA-AES256-GCM-SHA384
Value: true
Outputs:
ELBURL:
Description: URL of the ELB load balancer
Value: !Join [ '', [ 'https://', !GetAtt 'ExampleELB.DNSName', '/' ] ]
</pre>