AWS elasticloadbalancing documentation change
Summary
Updated terminology from 'change' to 'replace' in headings, clarified certificate list management procedures, added warnings about traffic disruptions during security policy updates, and expanded FIPS policy documentation.
Security assessment
The changes emphasize proper certificate replacement procedures and warn about potential disruptions during security policy updates, which are security best practices. The FIPS policy documentation addition highlights compliance with cryptographic standards. However, there is no evidence of addressing a specific security vulnerability.
Diff
diff --git a/elasticloadbalancing/latest/application/listener-update-certificates.md b/elasticloadbalancing/latest/application/listener-update-certificates.md index 37d269902..5f4454d45 100644 --- a//elasticloadbalancing/latest/application/listener-update-certificates.md +++ b//elasticloadbalancing/latest/application/listener-update-certificates.md @@ -30 +30 @@ You can replace the default certificate for your listener using the following pr -###### To change the default certificate using the console +###### To replace the default certificate using the console @@ -49 +49 @@ You can replace the default certificate for your listener using the following pr -###### To change the default certificate using the AWS CLI +###### To replace the default certificate using the AWS CLI @@ -55 +55 @@ Use the [modify-listener](https://docs.aws.amazon.com/cli/latest/reference/elbv2 -You can add certificates to the certificate list for your listener using the following procedure. When you first create an HTTPS listener, the certificate list is empty. If you created the listener via AWS Management Console, the default certificate will be added to the certificate list. You can add one or more certificates. You can optionally add the default certificate to ensure that this certificate is used with the SNI protocol even if it is replaced as the default certificate. For more information, see [SSL certificates for your Application Load Balancer](./https-listener-certificates.html). +You can add certificates to the certificate list for your listener using the following procedure. If you created the listener using the AWS Management Console, we added the default certificate to the certificate list for you. Otherwise, the certificate list is empty. Adding the default certificate to the certificate list ensures that this certificate is used with the SNI protocol even if it is replaced as the default the default ertificate. For more information, see [SSL certificates for your Application Load Balancer](./https-listener-certificates.html). @@ -57 +57 @@ You can add certificates to the certificate list for your listener using the fol -###### To change the default certificate using the console +###### To add certificates to the certificate list using the console @@ -69 +69 @@ You can add certificates to the certificate list for your listener using the fol - 6. Within the **ACM and IAM certificates** table, select the certificates to add and choose **Include as pending below**. + 6. To add certificates that are already managed by ACM or IAM, select the check boxes for the certificates and then choose **Include as pending below**. @@ -84 +84,3 @@ Use the [add-listener-certificates](https://docs.aws.amazon.com/cli/latest/refer -You can remove certificates from the certificate list for an HTTPS listener using the following procedure. To remove the default certificate for an HTTPS listener, see Replace the default certificate. +You can remove certificates from the certificate list for an HTTPS listener using the following procedure. After you remove a certificate, the listener can no longer create connections using that certificate. To ensure that clients are not impacted, add a new certificate to the list and confirm that connections are working before you remove a certificate from the list. + +To remove the default certificate for a TLS listener, see Replace the default certificate. @@ -111 +113,3 @@ When you create an HTTPS listener, you can select the security policy that meets -###### Using FIPS policies on your Application Load Balancer: +Updating the security policy can result in disruptions if the load balancer is handling a high volume of traffic. To decrease the possibility of disruptions when your load balancer is handling a high volume of traffic, create an additional load balancer to help handle the traffic or request an LCU reservation. + +###### Using FIPS policies on your Application Load Balancer