SslNegotiationPolicy
Provides a load balancer SSL negotiation policy, which allows an ELB to control the ciphers and protocols that are supported during SSL negotiations between a client and a load balancer.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var lb = new Aws.Elb.LoadBalancer("lb", new Aws.Elb.LoadBalancerArgs
{
AvailabilityZones =
{
"us-east-1a",
},
Listeners =
{
new Aws.Elb.Inputs.LoadBalancerListenerArgs
{
InstancePort = 8000,
InstanceProtocol = "https",
LbPort = 443,
LbProtocol = "https",
SslCertificateId = "arn:aws:iam::123456789012:server-certificate/certName",
},
},
});
var foo = new Aws.Elb.SslNegotiationPolicy("foo", new Aws.Elb.SslNegotiationPolicyArgs
{
Attributes =
{
new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs
{
Name = "Protocol-TLSv1",
Value = "false",
},
new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs
{
Name = "Protocol-TLSv1.1",
Value = "false",
},
new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs
{
Name = "Protocol-TLSv1.2",
Value = "true",
},
new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs
{
Name = "Server-Defined-Cipher-Order",
Value = "true",
},
new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs
{
Name = "ECDHE-RSA-AES128-GCM-SHA256",
Value = "true",
},
new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs
{
Name = "AES128-GCM-SHA256",
Value = "true",
},
new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs
{
Name = "EDH-RSA-DES-CBC3-SHA",
Value = "false",
},
},
LbPort = 443,
LoadBalancer = lb.Id,
});
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v2/go/aws/elb"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
lb, err := elb.NewLoadBalancer(ctx, "lb", &elb.LoadBalancerArgs{
AvailabilityZones: pulumi.StringArray{
pulumi.String("us-east-1a"),
},
Listeners: elb.LoadBalancerListenerArray{
&elb.LoadBalancerListenerArgs{
InstancePort: pulumi.Int(8000),
InstanceProtocol: pulumi.String("https"),
LbPort: pulumi.Int(443),
LbProtocol: pulumi.String("https"),
SslCertificateId: pulumi.String("arn:aws:iam::123456789012:server-certificate/certName"),
},
},
})
if err != nil {
return err
}
_, err = elb.NewSslNegotiationPolicy(ctx, "foo", &elb.SslNegotiationPolicyArgs{
Attributes: elb.SslNegotiationPolicyAttributeArray{
&elb.SslNegotiationPolicyAttributeArgs{
Name: pulumi.String("Protocol-TLSv1"),
Value: pulumi.String("false"),
},
&elb.SslNegotiationPolicyAttributeArgs{
Name: pulumi.String("Protocol-TLSv1.1"),
Value: pulumi.String("false"),
},
&elb.SslNegotiationPolicyAttributeArgs{
Name: pulumi.String("Protocol-TLSv1.2"),
Value: pulumi.String("true"),
},
&elb.SslNegotiationPolicyAttributeArgs{
Name: pulumi.String("Server-Defined-Cipher-Order"),
Value: pulumi.String("true"),
},
&elb.SslNegotiationPolicyAttributeArgs{
Name: pulumi.String("ECDHE-RSA-AES128-GCM-SHA256"),
Value: pulumi.String("true"),
},
&elb.SslNegotiationPolicyAttributeArgs{
Name: pulumi.String("AES128-GCM-SHA256"),
Value: pulumi.String("true"),
},
&elb.SslNegotiationPolicyAttributeArgs{
Name: pulumi.String("EDH-RSA-DES-CBC3-SHA"),
Value: pulumi.String("false"),
},
},
LbPort: pulumi.Int(443),
LoadBalancer: lb.ID(),
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
lb = aws.elb.LoadBalancer("lb",
availability_zones=["us-east-1a"],
listeners=[{
"instance_port": 8000,
"instanceProtocol": "https",
"lb_port": 443,
"lbProtocol": "https",
"sslCertificateId": "arn:aws:iam::123456789012:server-certificate/certName",
}])
foo = aws.elb.SslNegotiationPolicy("foo",
attributes=[
{
"name": "Protocol-TLSv1",
"value": "false",
},
{
"name": "Protocol-TLSv1.1",
"value": "false",
},
{
"name": "Protocol-TLSv1.2",
"value": "true",
},
{
"name": "Server-Defined-Cipher-Order",
"value": "true",
},
{
"name": "ECDHE-RSA-AES128-GCM-SHA256",
"value": "true",
},
{
"name": "AES128-GCM-SHA256",
"value": "true",
},
{
"name": "EDH-RSA-DES-CBC3-SHA",
"value": "false",
},
],
lb_port=443,
load_balancer=lb.id)import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const lb = new aws.elb.LoadBalancer("lb", {
availabilityZones: ["us-east-1a"],
listeners: [{
instancePort: 8000,
instanceProtocol: "https",
lbPort: 443,
lbProtocol: "https",
sslCertificateId: "arn:aws:iam::123456789012:server-certificate/certName",
}],
});
const foo = new aws.elb.SslNegotiationPolicy("foo", {
attributes: [
{
name: "Protocol-TLSv1",
value: "false",
},
{
name: "Protocol-TLSv1.1",
value: "false",
},
{
name: "Protocol-TLSv1.2",
value: "true",
},
{
name: "Server-Defined-Cipher-Order",
value: "true",
},
{
name: "ECDHE-RSA-AES128-GCM-SHA256",
value: "true",
},
{
name: "AES128-GCM-SHA256",
value: "true",
},
{
name: "EDH-RSA-DES-CBC3-SHA",
value: "false",
},
],
lbPort: 443,
loadBalancer: lb.id,
});Deprecated: aws.elasticloadbalancing.SslNegotiationPolicy has been deprecated in favor of aws.elb.SslNegotiationPolicy
Create a SslNegotiationPolicy Resource
new SslNegotiationPolicy(name: string, args: SslNegotiationPolicyArgs, opts?: CustomResourceOptions);def SslNegotiationPolicy(resource_name, opts=None, attributes=None, lb_port=None, load_balancer=None, name=None, __props__=None);func NewSslNegotiationPolicy(ctx *Context, name string, args SslNegotiationPolicyArgs, opts ...ResourceOption) (*SslNegotiationPolicy, error)public SslNegotiationPolicy(string name, SslNegotiationPolicyArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args SslNegotiationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args SslNegotiationPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args SslNegotiationPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
SslNegotiationPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The SslNegotiationPolicy resource accepts the following input properties:
- Lb
Port int The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.
- Load
Balancer string The load balancer to which the policy should be attached.
- Attributes
List<Ssl
Negotiation Policy Attribute Args> An SSL Negotiation policy attribute. Each has two properties:
- Name string
The name of the attribute
- Lb
Port int The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.
- Load
Balancer string The load balancer to which the policy should be attached.
- Attributes
[]Ssl
Negotiation Policy Attribute An SSL Negotiation policy attribute. Each has two properties:
- Name string
The name of the attribute
- lb
Port number The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.
- load
Balancer string The load balancer to which the policy should be attached.
- attributes
Ssl
Negotiation Policy Attribute[] An SSL Negotiation policy attribute. Each has two properties:
- name string
The name of the attribute
- lb_
port float The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.
- load_
balancer str The load balancer to which the policy should be attached.
- attributes
List[Ssl
Negotiation Policy Attribute] An SSL Negotiation policy attribute. Each has two properties:
- name str
The name of the attribute
Outputs
All input properties are implicitly available as output properties. Additionally, the SslNegotiationPolicy resource produces the following output properties:
Look up an Existing SslNegotiationPolicy Resource
Get an existing SslNegotiationPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: SslNegotiationPolicyState, opts?: CustomResourceOptions): SslNegotiationPolicystatic get(resource_name, id, opts=None, attributes=None, lb_port=None, load_balancer=None, name=None, __props__=None);func GetSslNegotiationPolicy(ctx *Context, name string, id IDInput, state *SslNegotiationPolicyState, opts ...ResourceOption) (*SslNegotiationPolicy, error)public static SslNegotiationPolicy Get(string name, Input<string> id, SslNegotiationPolicyState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Attributes
List<Ssl
Negotiation Policy Attribute Args> An SSL Negotiation policy attribute. Each has two properties:
- Lb
Port int The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.
- Load
Balancer string The load balancer to which the policy should be attached.
- Name string
The name of the attribute
- Attributes
[]Ssl
Negotiation Policy Attribute An SSL Negotiation policy attribute. Each has two properties:
- Lb
Port int The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.
- Load
Balancer string The load balancer to which the policy should be attached.
- Name string
The name of the attribute
- attributes
Ssl
Negotiation Policy Attribute[] An SSL Negotiation policy attribute. Each has two properties:
- lb
Port number The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.
- load
Balancer string The load balancer to which the policy should be attached.
- name string
The name of the attribute
- attributes
List[Ssl
Negotiation Policy Attribute] An SSL Negotiation policy attribute. Each has two properties:
- lb_
port float The load balancer port to which the policy should be applied. This must be an active listener on the load balancer.
- load_
balancer str The load balancer to which the policy should be attached.
- name str
The name of the attribute
Supporting Types
SslNegotiationPolicyAttribute
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.