Set custom security policy on AWS ELB

[nwalke]

Is there a way to set a custom security policy on an ELB? I didn't see any mention of it in the documentation.

https://www.terraform.io/docs/providers/aws/r/elb.html

If not, it would be nice to have.

[phinze]

Hi @tubaguy50035 - perhaps you were looking for the security_groups attribute?

Let me know if you meant something else.

[nwalke]

Yeah, I should have elaborated a bit more. We need to disable TLSv1 for some compliance things, so in order to do that I need to set a custom security policy for my HTTPS listener cipher.

[phinze]

Ah gotchya - like this:

https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_SetLoadBalancerPoliciesOfListener.html

We don't support that yet - tagging as a feature request and we'll get this looked at!

[nwalke]

Correct. Along with this:
https://docs.aws.amazon.com/ElasticLoadBalancing/latest/APIReference/API_CreateLoadBalancerPolicy.html

Thanks!

[robzienert]

+1 this would be a great feature.

[bruno]

Definitely interested in this particular feature too, it's a must with compliance like PCI-DSS when SSLv3 will soon be banned from the allowed protocols, etc.

[bruno]

I am by no means a golang expert, so please take this comment with a pinch of salt, it seems that from reading https://github.com/aws/aws-sdk-go/blob/master/service/elb/api.go it seems that adding policies is supported by the SDK ...

[nwalke]

The API is not the problem, just need to wait until someone implements it in Terraform.

[bruno]

I realise that. I was just being proactive and doing some research and making sure that it was just a terraform side implementation issue. 

Update: BTW sorry, I didn't intend to be disrespectful in my reply ⬆️ I am just trying to say that's why I looked at the AWS-SDK to make sure that it was not a limitation of the underlying libraries ... I wish I had the chops in golang (and the time) to implement this as I would love to be able to stop using CloudFormation for the ELBs and migrate that configuration to terraform 😄

[ryanking]

This is likely a duplicate of #1226.

[fpmosley]

A pull request has been created to add a new resource in the AWS provider that will set a custom security policy on the ELB. #5637

[catsby]

Closing as a duplicate of #1226, and as @ryanking mentioned it looks like this is implemented in #5637!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.