AWS AWSCloudFormation documentation change
Summary
Added TLS listener configuration example with security policy and certificate
Security assessment
The example demonstrates secure TLS configuration practices but does not address a specific security vulnerability. It promotes security best practices by showing SSL policy usage.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.md b/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.md index 9a0969a4f..3e0c6d81b 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.md +++ b//AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.md @@ -3 +3 @@ -SyntaxProperties +SyntaxPropertiesExamples @@ -39,0 +40,52 @@ _Required_ : No +## Examples + +### + +The following example defines a TLS listener. When you create a secure listener, you must specify a security policy and a certificate. + +#### YAML + + + myTLSListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + LoadBalancerArn: !Ref myLoadBalancer + Protocol: TLS + Port: 443 + DefaultActions: + - Type: forward + TargetGroupArn: !Ref myTargetGroup + SslPolicy: ELBSecurityPolicy-TLS13-1-2-2021-06 + Certificates: + - CertificateArn: arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE + +#### JSON + + + { + "myTLSListener": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "LoadBalancerArn": { + "Ref": "myLoadBalancer" + }, + "Protocol": "TLS", + "Port": 443, + "DefaultActions": [ + { + "Type": "forward", + "TargetGroupArn": { + "Ref": "myTargetGroup" + } + } + ], + "SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06", + "Certificates": [ + { + "CertificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE" + } + ] + } + } + } +