Add security policy to ELB config in Elastic Beanstalk?

Question

I'm configering an Elastic Loadbalancer through .ebextensions:

Resources:
  AWSEBV2LoadBalancerListener:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      DefaultActions:
        - Type: redirect
          RedirectConfig:
            Protocol: HTTPS
            Port: '443'
            Host: '#{host}'
            Path: '/#{path}'
            Query: '#{query}'
            StatusCode: HTTP_301
      LoadBalancerArn:
        Ref: AWSEBV2LoadBalancer
      Port: 80
      Protocol: HTTP
  AWSEBV2LoadBalancerListenerHTTPS:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      Certificates:
        - CertificateArn: arn:aws:acm:us-east-1:xxx
      DefaultActions:
        - Type: forward
          TargetGroupArn:
            Ref: AWSEBV2LoadBalancerTargetGroup
      LoadBalancerArn:
        Ref: AWSEBV2LoadBalancer
      Port: 443
      Protocol: HTTPS

I've manually changed the security policy of the load balancer to: ELBSecurityPolicy-FS-1-2-Res-2020-10

I would love to add the policy to the .config file but don't know how.

score 1 · Accepted Answer · answered Mar 07 '23 at 13:34

Per the documentation of all the Elastic Beanstalk configuration options, if you were using the standard .ebextensions settings, you would set the SSLPolicy setting in either the aws:elbv2:listener:default namespace or the aws:elbv2:listener:listener_port namespace.

It looks like instead of using the standard settings, you are instead providing custom CloudFormation resource definitions. In that case you need to set the SslPolicy property on the SSL listener you have defined, as documented here.

Add security policy to ELB config in Elastic Beanstalk?

1 Answers1