Skip to content
/ terraform-aws-ssl-ciphers Public

Common SSL Negotiation Policies to be used with AWS ELBs using Terraform

License

MIT license
5 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

razorpay/terraform-aws-ssl-ciphers

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
.github
.github
 
 
ELBSample-ELBDefaultCipherPolicy
ELBSample-ELBDefaultCipherPolicy
 
 
ELBSample-OpenSSLDefaultCipherPolicy
ELBSample-OpenSSLDefaultCipherPolicy
 
 
ELBSecurityPolicy-2016-08
ELBSecurityPolicy-2016-08
 
 
ELBSecurityPolicy-TLS-1-1-2017-01
ELBSecurityPolicy-TLS-1-1-2017-01
 
 
ELBSecurityPolicy-TLS-1-2-2017-01
ELBSecurityPolicy-TLS-1-2-2017-01
 
 
ELBSecurityPolicy-TLS-1-2-Ext-2018-06
ELBSecurityPolicy-TLS-1-2-Ext-2018-06
 
 
mozilla-intermediate
mozilla-intermediate
 
 
mozilla-modern
mozilla-modern
 
 
mozilla-old
mozilla-old
 
 
tls-1-1-no-rsa
tls-1-1-no-rsa
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

terraform-aws-ssl-ciphers

SSL Ciphers to be used on AWS ELBs for Terraform.

Usage:

resource "aws_elb" "lb" {
  name               = "test-lb"
  availability_zones = ["us-east-1a"]

  listener {
    instance_port      = 8000
    instance_protocol  = "https"
    lb_port            = 443
    lb_protocol        = "https"
    ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName"
  }
}

module "ssl-policy" {
    source = "github.com/razorpay/terraform-aws-ssl-ciphers//mozilla-old"
    name   = "${aws_elb.lb.name}-ssl-policy"
    load-balancer-id = "${aws_elb.lb.id}"
    lb-port = "443"
}

Or if you want to dynamically decide the policy:

module "ssl-policy" {
    source = "github.com/razorpay/terraform-aws-ssl-ciphers"
    name = "${aws_elb.lb.name}-ssl-policy"
    load-balancer-id = "${aws_elb.lb.id}"
    policy = "mozilla-modern"
    lb-port = "443"
}

Note that since this uses nested modules, the state diagram is not identical if you use the dynamic or static import method.

The following SSL Ciphers are available:

  • mozilla-old
  • mozilla-intermediate
  • mozilla-modern
  • ELBSample-ELBDefaultCipherPolicy
  • ELBSample-OpenSSLDefaultCipherPolicy
  • ELBSecurityPolicy-2016-08
  • ELBSecurityPolicy-TLS-1-1-2017-01
  • ELBSecurityPolicy-TLS-1-2-2017-01

License

Licensed under MIT License. See LICENSE file for details

About

Common SSL Negotiation Policies to be used with AWS ELBs using Terraform

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

5 stars

Watchers

179 watching

Forks

7 forks
Report repository

Releases 3

v1.2.0 Latest
Sep 18, 2019
+ 2 releases

Packages

No packages published

Contributors 7

Languages