AWS Security ChangesHomeSearch

AWS elasticloadbalancing documentation change

Service: elasticloadbalancing · 2025-05-10 · Documentation low

File: elasticloadbalancing/latest/network/create-listener.md

Summary

Updated TLS listener configuration steps with clearer certificate selection options, added explicit instructions for importing certificates via ACM/IAM, and expanded certificate management details

Security assessment

The changes enhance documentation about SSL/TLS certificate management (a security feature) by clarifying certificate sources and adding import instructions. While certificate management is security-relevant, there's no evidence this addresses a specific vulnerability. The updates help prevent misconfigurations but don't reference any security incident.

Diff

diff --git a/elasticloadbalancing/latest/network/create-listener.md b/elasticloadbalancing/latest/network/create-listener.md
index c6dd3c869..092c728da 100644
--- a//elasticloadbalancing/latest/network/create-listener.md
+++ b//elasticloadbalancing/latest/network/create-listener.md
@@ -42 +42 @@ You configure a listener with a protocol and a port for connections from clients
-  8. [TLS listeners] For **Default SSL certificate** , do one of the following:
+  8. [TLS listeners] For **Default SSL/TLS server certificate** , choose the default certificate. You can select the certificate from one of the following sources:
@@ -44 +44 @@ You configure a listener with a protocol and a port for connections from clients
-     * If you created or imported a certificate using AWS Certificate Manager, choose **From ACM** and choose the certificate.
+     * If you created or imported a certificate using AWS Certificate Manager, choose **From ACM** , then choose the certificate from **Certificate (from ACM)**.
@@ -46 +46,3 @@ You configure a listener with a protocol and a port for connections from clients
-     * If you uploaded a certificate using IAM, choose **From IAM** and choose the certificate.
+     * If you imported a certificate using IAM, choose **From IAM** , and then choose the certificate from **Certificate (from IAM)**.
+
+     * If you have a certificate, choose **Import certificate**. Choose either **Import to ACM** or **Import to IAM**. For **Certificate private key** , copy and paste the contents of the private key file (PEM-encoded). For **Certificate body** , copy and paste the contents of the public key certificate file (PEM-encoded). For **Certificate Chain** , copy and paste the contents of the certificate chain file (PEM-encoded), unless you are using a self-signed certificate and it's not important that browsers implicitly accept the certificate.
@@ -52 +54 @@ You configure a listener with a protocol and a port for connections from clients
-  11. [TLS listeners] To add an optional certificate list for use with the SNI protocol, see [Add certificates to the certificate list](./listener-update-certificates.html#add-certificates).
+  11. [TLS listeners] To add certificates to the optional certificate list, see [Add certificates to the certificate list](./listener-update-certificates.html#add-certificates).