AWS elasticloadbalancing medium security documentation change
Summary
Added CLI usage examples for describe-ssl-policies command and removed deprecated ELBSecurityPolicy-2015-05 policy documentation
Security assessment
The removal of ELBSecurityPolicy-2015-05 suggests deprecation of older security standards, likely due to cryptographic weaknesses. The added examples help users identify modern TLS 1.3 policies and FIPS-compliant configurations, promoting stronger security practices. This change impacts security by guiding users away from potentially vulnerable configurations.
Diff
diff --git a/elasticloadbalancing/latest/application/describe-ssl-policies.md b/elasticloadbalancing/latest/application/describe-ssl-policies.md index 2a2f64506..84f0009be 100644 --- a//elasticloadbalancing/latest/application/describe-ssl-policies.md +++ b//elasticloadbalancing/latest/application/describe-ssl-policies.md @@ -5 +5 @@ -TLS security policiesFIPS security policiesFS supported policies +Example describe-ssl-policies commandsTLS security policiesFIPS security policiesFS supported policies @@ -44,2 +43,0 @@ Elastic Load Balancing uses a Secure Socket Layer (SSL) negotiation configuratio -You can describe the protocols and ciphers using the [describe-ssl-policies](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-ssl-policies.html) AWS CLI command, or refer to the tables below. - @@ -47,0 +46,2 @@ You can describe the protocols and ciphers using the [describe-ssl-policies](htt + * [Example describe-ssl-policies commands](./describe-ssl-policies.html#describe-ssl-policies-examples) + @@ -74,0 +75,34 @@ You can describe the protocols and ciphers using the [describe-ssl-policies](htt +## Example describe-ssl-policies commands + +You can describe the protocols and ciphers for a security policy, or find a policy that meets your needs, using the [describe-ssl-policies](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-ssl-policies.html) AWS CLI command. + +The following example describes the specified policy. + + + aws elbv2 describe-ssl-policies \ + --names "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" + +The following example lists policies with the specified string in the policy name. + + + aws elbv2 describe-ssl-policies \ + --query "SslPolicies[?contains(Name,'FIPS')].Name" + +The following example lists policies that support the specified protocol. + + + aws elbv2 describe-ssl-policies \ + --query "SslPolicies[?contains(SslProtocols,'TLSv1.3')].Name" + +The following example lists policies that support the specified cipher. + + + aws elbv2 describe-ssl-policies \ + --query "SslPolicies[?Ciphers[?contains(Name,'TLS_AES_128_GCM_SHA256')]].Name" + +The following example lists policies that do not support the specified cipher. + + + aws elbv2 describe-ssl-policies \ + --query 'SslPolicies[?length(Ciphers[?starts_with(Name,`AES128-GCM-SHA256`)]) == `0`].Name' + @@ -109 +142,0 @@ ELBSecurityPolicy-2016-08 | No | Yes | Yes | Yes -ELBSecurityPolicy-2015-05 | No | Yes | Yes | Yes @@ -326,22 +358,0 @@ ELBSecurityPolicy-2016-08 | -ELBSecurityPolicy-2015-05 | - - * ECDHE-ECDSA-AES128-GCM-SHA256 - * ECDHE-RSA-AES128-GCM-SHA256 - * ECDHE-ECDSA-AES128-SHA256 - * ECDHE-RSA-AES128-SHA256 - * ECDHE-ECDSA-AES128-SHA - * ECDHE-RSA-AES128-SHA - * ECDHE-ECDSA-AES256-GCM-SHA384 - * ECDHE-RSA-AES256-GCM-SHA384 - * ECDHE-ECDSA-AES256-SHA384 - * ECDHE-RSA-AES256-SHA384 - * ECDHE-ECDSA-AES256-SHA - * ECDHE-RSA-AES256-SHA - * AES128-GCM-SHA256 - * AES128-SHA256 - * AES128-SHA - * AES256-GCM-SHA384 - * AES256-SHA256 - * AES256-SHA - -