From 01a24abb47b1b96a352217f133fe2c014ca9639b Mon Sep 17 00:00:00 2001 From: Jim Stallings Date: Sun, 1 Dec 2024 02:04:41 -0500 Subject: [PATCH] feat: default https_ssl_policy to ELBSecurityPolicy-TLS13-1-2-2021-06 (#179) Co-authored-by: nitrocode <7775707+nitrocode@users.noreply.github.com> --- README.md | 4 ++-- variables.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 18ae1aa..f17f648 100644 --- a/README.md +++ b/README.md @@ -243,8 +243,8 @@ Available targets: | [https\_ingress\_cidr\_blocks](#input\_https\_ingress\_cidr\_blocks) | List of CIDR blocks to allow in HTTPS security group | `list(string)` |
[
"0.0.0.0/0",
"::/0"
]
| no | | [https\_ingress\_prefix\_list\_ids](#input\_https\_ingress\_prefix\_list\_ids) | List of prefix list IDs for allowing access to HTTPS ingress security group | `list(string)` | `[]` | no | | [https\_port](#input\_https\_port) | The port for the HTTPS listener | `number` | `443` | no | -| [https\_ssl\_policy](#input\_https\_ssl\_policy) | The name of the SSL Policy for the listener | `string` | `"ELBSecurityPolicy-2015-05"` | no | -| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | +| [https\_ssl\_policy](#input\_https\_ssl\_policy) | The name of the SSL Policy for the listener | `string` | `"ELBSecurityPolicy-TLS13-1-2-2021-06"` | no | +| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no | | [idle\_timeout](#input\_idle\_timeout) | The time in seconds that the connection is allowed to be idle | `number` | `60` | no | | [internal](#input\_internal) | A boolean flag to determine whether the ALB should be internal | `bool` | `false` | no | | [ip\_address\_type](#input\_ip\_address\_type) | The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`. | `string` | `"ipv4"` | no | diff --git a/variables.tf b/variables.tf index 29c7321..d6171fd 100644 --- a/variables.tf +++ b/variables.tf @@ -93,7 +93,7 @@ variable "https_ingress_prefix_list_ids" { variable "https_ssl_policy" { type = string description = "The name of the SSL Policy for the listener" - default = "ELBSecurityPolicy-2015-05" + default = "ELBSecurityPolicy-TLS13-1-2-2021-06" } variable "access_logs_prefix" {