AWS AWSCloudFormation documentation change
Summary
Added HTTPS listener creation example with TLS 1.3 security policy, clarified security policy update impacts apply to HTTPS listeners, and restructured examples with proper resource references.
Security assessment
While the change promotes security best practices by demonstrating TLS 1.3 usage (ELBSecurityPolicy-TLS13-1-2-2021-06) and certificate management, there is no evidence of addressing a specific vulnerability. This is routine documentation improvement for secure configuration guidance.
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.md b/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.md index 406e545be..3a9dbfa17 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.md +++ b//AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.md @@ -158 +158 @@ _Required_ : No -Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. To decrease the possibility of an interruption if your load balancer is handling a high volume of traffic, create an additional load balancer or request an LCU reservation. +[HTTPS listeners] Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. To decrease the possibility of an interruption if your load balancer is handling a high volume of traffic, create an additional load balancer or request an LCU reservation. @@ -189 +189 @@ The Amazon Resource Name (ARN) of the listener. -The following example creates a listener with a default action that redirects HTTP requests on port 80 to HTTPS requests on port 443, retaining the original host name, path, and query string. +After you create your load balancer using [AWS::ElasticLoadBalancingV2::LoadBalancer](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html), you can add a listener. @@ -191 +191,12 @@ The following example creates a listener with a default action that redirects HT -### +###### + + * Create an HTTP listener + + * Create an HTTPS listener + + + + +### Create an HTTP listener + +The following example creates an HTTP listener with a default action that redirects HTTP requests on port 80 to HTTPS requests on port 443, retaining the original host name, path, and query string. @@ -196 +207 @@ The following example creates a listener with a default action that redirects HT - HTTPlistener: + myHTTPlistener: @@ -198,0 +210,3 @@ The following example creates a listener with a default action that redirects HT + LoadBalancerArn: !Ref myLoadBalancer + Protocol: "HTTP" + Port: 80 @@ -208,3 +221,0 @@ The following example creates a listener with a default action that redirects HT - LoadBalancerArn: !Ref myLoadBalancer - Port: 80 - Protocol: "HTTP" @@ -215 +226,2 @@ The following example creates a listener with a default action that redirects HT - "HTTPlistener": { + { + "myHTTPlistener": { @@ -237,0 +250,51 @@ The following example creates a listener with a default action that redirects HT + } + +### Create an HTTPS listener + +The following example creates an HTTPS listener with a default action that forwards traffic to the specified target group. When you create a secure listener, you must specify a security policy and a certificate. You can create the target group using [AWS::ElasticLoadBalancingV2::TargetGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html). + +#### YAML + + + myHTTPSListener: + Type: AWS::ElasticLoadBalancingV2::Listener + Properties: + LoadBalancerArn: !Ref myLoadBalancer + Protocol: "HTTPS" + Port: 443 + DefaultActions: + - Type: "forward" + TargetGroupArn: !Ref myTargetGroup + SslPolicy: ELBSecurityPolicy-TLS13-1-2-2021-06 + Certificates: + - CertificateArn: arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE + +#### JSON + + + { + "myHTTPSListener": { + "Type": "AWS::ElasticLoadBalancingV2::Listener", + "Properties": { + "LoadBalancerArn": { + "Ref": "myLoadBalancer" + }, + "Protocol": "HTTPS", + "Port": 443, + "DefaultActions": [ + { + "Type": "forward", + "TargetGroupArn": { + "Ref": "myTargetGroup" + } + } + ], + "SslPolicy": "ELBSecurityPolicy-TLS13-1-2-2021-06", + "Certificates": [ + { + "CertificateArn": "arn:aws:acm:us-west-2:123456789012:certificate/88ca7932-756c-46f1-a70d-03fa7EXAMPLE" + } + ] + } + } + }