AWS elasticloadbalancing documentation change
Summary
Updated TLS listener configuration steps with clearer certificate selection options, added explicit instructions for importing certificates via ACM/IAM, and expanded certificate management details
Security assessment
The changes enhance documentation about SSL/TLS certificate management (a security feature) by clarifying certificate sources and adding import instructions. While certificate management is security-relevant, there's no evidence this addresses a specific vulnerability. The updates help prevent misconfigurations but don't reference any security incident.
Diff
diff --git a/elasticloadbalancing/latest/network/create-listener.md b/elasticloadbalancing/latest/network/create-listener.md index c6dd3c869..092c728da 100644 --- a//elasticloadbalancing/latest/network/create-listener.md +++ b//elasticloadbalancing/latest/network/create-listener.md @@ -42 +42 @@ You configure a listener with a protocol and a port for connections from clients - 8. [TLS listeners] For **Default SSL certificate** , do one of the following: + 8. [TLS listeners] For **Default SSL/TLS server certificate** , choose the default certificate. You can select the certificate from one of the following sources: @@ -44 +44 @@ You configure a listener with a protocol and a port for connections from clients - * If you created or imported a certificate using AWS Certificate Manager, choose **From ACM** and choose the certificate. + * If you created or imported a certificate using AWS Certificate Manager, choose **From ACM** , then choose the certificate from **Certificate (from ACM)**. @@ -46 +46,3 @@ You configure a listener with a protocol and a port for connections from clients - * If you uploaded a certificate using IAM, choose **From IAM** and choose the certificate. + * If you imported a certificate using IAM, choose **From IAM** , and then choose the certificate from **Certificate (from IAM)**. + + * If you have a certificate, choose **Import certificate**. Choose either **Import to ACM** or **Import to IAM**. For **Certificate private key** , copy and paste the contents of the private key file (PEM-encoded). For **Certificate body** , copy and paste the contents of the public key certificate file (PEM-encoded). For **Certificate Chain** , copy and paste the contents of the certificate chain file (PEM-encoded), unless you are using a self-signed certificate and it's not important that browsers implicitly accept the certificate. @@ -52 +54 @@ You configure a listener with a protocol and a port for connections from clients - 11. [TLS listeners] To add an optional certificate list for use with the SNI protocol, see [Add certificates to the certificate list](./listener-update-certificates.html#add-certificates). + 11. [TLS listeners] To add certificates to the optional certificate list, see [Add certificates to the certificate list](./listener-update-certificates.html#add-certificates).