New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Security Policy for Listener in Application load balancer #4099
Conversation
Codecov Report
@@ Coverage Diff @@
## mainline #4099 +/- ##
=========================================
Coverage 69.13% 69.14%
=========================================
Files 249 249
Lines 35656 35662 +6
Branches 264 264
=========================================
+ Hits 24652 24658 +6
Misses 9808 9808
Partials 1196 1196
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks great, just few nits.
...oy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml
Outdated
Show resolved
Hide resolved
internal/pkg/deploy/cloudformation/stack/env_integration_test.go
Outdated
Show resolved
Hide resolved
internal/pkg/deploy/cloudformation/stack/env_integration_test.go
Outdated
Show resolved
Hide resolved
internal/pkg/deploy/cloudformation/stack/env_integration_test.go
Outdated
Show resolved
Hide resolved
...oy/cloudformation/stack/testdata/environments/template-with-imported-certs-observability.yml
Outdated
Show resolved
Hide resolved
internal/pkg/deploy/cloudformation/stack/testdata/environments/template-with-basic-manifest.yml
Outdated
Show resolved
Hide resolved
This PR fix multiple problems - 1. This PR fix the env manifest fields that were organized in incorrect manner. 2. Also resolves aws#4032 3. `copilot env init` with private subnets create env manifest with following field ``` http: private: ``` This should only be created when there is at least one parameter inside private is enabled. This PR fix this nit as well. By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.
Fixes second issue in aws#3553. Here strings (`<<<`) don't work with `sh`. This change makes the pipeline buildspec a bit more universal. By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! 😻 Just a few changes, please, then feel free to remove the do-not-merge label! Thank you!
This PR resolves #1342
AWS Load Balancer listeners can restrict the tls protocol versions clients use to connect through an sslpolicy. The default policy allows for insecure protocol versions for compatibility.
For those with stricter security goals it would be great to expose the ability to only accept current tls protocol versions.
This security policy for a HTTPS listener helps to negotiate SSL connections between a client and the load balancer.
For Example if Environment manifest contains,
In case of Public Application load balancer
In case of Internal load balancer
By Default
ELBSecurityPolicy-2016-08
will be set for a https listener in a public application load balancer and internal load balancer. You can access the available security policies at https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policiesBy submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.