AWS elasticloadbalancing documentation change
Summary
Updated terminology and instructions for configuring HTTPS listener routing actions, SSL/TLS certificates, and mutual authentication. Added clarification about default certificate being added to SNI list and improved certificate import instructions.
Security assessment
Changes focus on terminology updates (e.g., 'Default actions' to 'Routing actions'), certificate management clarity, and UI workflow improvements. While SSL/TLS and mutual authentication are security-related topics, there's no evidence of addressing a specific vulnerability. The SNI list mention improves configuration accuracy but doesn't indicate a security fix.
Diff
diff --git a/elasticloadbalancing/latest/application/create-https-listener.md b/elasticloadbalancing/latest/application/create-https-listener.md index 62451b7df..b302c2a8a 100644 --- a//elasticloadbalancing/latest/application/create-https-listener.md +++ b//elasticloadbalancing/latest/application/create-https-listener.md @@ -48 +48 @@ You configure a listener with a protocol and a port for connections from clients - 7. For **Default actions** , do one of the following: + 7. For **Routing actions** , do one of the following: @@ -50 +50 @@ You configure a listener with a protocol and a port for connections from clients - * **Forward to target groups** – Choose one or more target groups to forward traffic to. To add target groups choose **Add target group**. If using more than one target group, select a weight for each target group and review the associated percentage. You must enable group-level stickiness on a rule, if you’ve enabled stickiness on one or more of the target groups. + * **Forward to target groups** – Choose the target groups to forward traffic to. To add target groups choose **Add target group**. If using more than one target group, select a weight for each target group and review the associated percentage. You must enable group-level stickiness on a rule, if you’ve enabled stickiness on one or more of the target groups. @@ -52 +52 @@ You configure a listener with a protocol and a port for connections from clients - * **Redirect to URL** – Specify the URL that client requests will be redirected to. This can be done by entering each part separately on the **URI parts** tab, or by entering the full address on the **Full URL** tab. For **Status code** you can configure redirects as either temporary (HTTP 302) or permanent (HTTP 301) based on your needs. + * **Redirect to URL** – Enter the URL that client requests will be redirected to. This can be done by entering each part separately on the **URI parts** tab, or by entering the full address on the **Full URL** tab. For **Status code** you can configure redirects as either temporary (HTTP 302) or permanent (HTTP 301) based on your needs. @@ -54 +54 @@ You configure a listener with a protocol and a port for connections from clients - * **Return fixed response** – Specify the **Response code** that will be returned to dropped client requests. Additionally, you can specify the **Content type** and **Response body** , but they're not required. + * **Return fixed response** – Enter the **Response code** to return to dropped client requests. Optionally, you can specify the **Content type** and **Response body**. @@ -58 +58 @@ You configure a listener with a protocol and a port for connections from clients - 9. For **Default SSL/TLS certificate** , the following options are available: + 9. For **Default SSL/TLS certificate** , choose the default certificate. We also add the default certificate to the SNI list. You can select the certificate from one of the following sources: @@ -60 +60 @@ You configure a listener with a protocol and a port for connections from clients - * If you created or imported a certificate using AWS Certificate Manager, select **From ACM** , then select the certificate from **Select a certificate**. + * If you created or imported a certificate using AWS Certificate Manager, choose **From ACM** , then choose the certificate from **Certificate (from ACM)**. @@ -62 +62 @@ You configure a listener with a protocol and a port for connections from clients - * If you imported a certificate using IAM, select **From IAM** , and then select your certificate from **Select a certificate**. + * If you imported a certificate using IAM, choose **From IAM** , and then choose the certificate from **Certificate (from IAM)**. @@ -64 +64 @@ You configure a listener with a protocol and a port for connections from clients - * If you have a certificate to import but ACM is not available in your Region, select **Import** , then select **To IAM**. Type the name of the certificate in the **Certificate name** field. In **Certificate private key** , copy and paste the contents of the private key file (PEM-encoded). In **Certificate body** , copy and paste the contents of the public key certificate file (PEM-encoded). In **Certificate Chain** , copy and paste the contents of the certificate chain file (PEM-encoded), unless you are using a self-signed certificate and it's not important that browsers implicitly accept the certificate. + * If you have a certificate, choose **Import certificate**. Choose either **Import to ACM** or **Import to IAM**. For **Certificate private key** , copy and paste the contents of the private key file (PEM-encoded). For **Certificate body** , copy and paste the contents of the public key certificate file (PEM-encoded). For **Certificate Chain** , copy and paste the contents of the certificate chain file (PEM-encoded), unless you are using a self-signed certificate and it's not important that browsers implicitly accept the certificate. @@ -66 +66 @@ You configure a listener with a protocol and a port for connections from clients - 10. (Optional) To enable mutual authentication, under **Client certificate handling** enable **Mutual authentication (mTLS)**. + 10. (Optional) To enable mutual authentication, under **Client certificate handling** , enable **Mutual authentication (mTLS)**. @@ -80 +80,3 @@ If you select **Verify with Trust Store** : - 11. Choose **Save**. + 11. Choose **Add**. + + 12. To add certificates to the optional certificate list, see [Add certificates to the certificate list](./listener-update-certificates.html#add-certificates).