AWS Elastic Load Balancing Policy

This page shows how to write Terraform and CloudFormation for Elastic Load Balancing Policy and write them securely.

aws_load_balancer_policy (Terraform)

The Policy in Elastic Load Balancing can be configured in Terraform with the resource name aws_load_balancer_policy. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

loadbalancerpolicy.tf#L1
resource "aws_load_balancer_policy" "elbWeakCipher" {
  load_balancer_name = "some-name"
  policy_name        = "wu-tang-ssl"
  policy_type_name   = "SSLNegotiationPolicyType"

  policy_attribute {
positive.tf#L19
resource "aws_load_balancer_policy" "positive2" {
  load_balancer_name = aws_elb.wu-tang.name
  policy_name        = "wu-tang-ca-pubkey-policy"
  policy_type_name   = "PublicKeyPolicyType"

  policy_attribute {
positive.tf#L19
resource "aws_load_balancer_policy" "positive2" {
  load_balancer_name = aws_elb.wu-tang.name
  policy_name        = "wu-tang-ca-pubkey-policy"
  policy_type_name   = "PublicKeyPolicyType"

  policy_attribute {
negative.tf#L19
resource "aws_load_balancer_policy" "negative2" {
  load_balancer_name = aws_elb.wu-tang.name
  policy_name        = "wu-tang-ca-pubkey-policy"
  policy_type_name   = "PublicKeyPolicyType"

  policy_attribute {
negative.tf#L19
resource "aws_load_balancer_policy" "negative2" {
  load_balancer_name = aws_elb.wu-tang.name
  policy_name        = "wu-tang-ca-pubkey-policy"
  policy_type_name   = "PublicKeyPolicyType"

  policy_attribute {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides a load balancer policy, which can be attached to an ELB listener or backend server.

Tips: Best Practices for The Other AWS Elastic Load Balancing Resources

In addition to the aws_elb, AWS Elastic Load Balancing has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_elb

Ensure to drop invalid headers at Elastic Load Balancing

It's better to drop them at Elastic Load Balancing. Passing invalid headers to the applications might cause issues like HTTP Request Smuggling.

Review your AWS Elastic Load Balancing settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::ElasticLoadBalancing::LoadBalancer Policies (CloudFormation)

The LoadBalancer Policies in ElasticLoadBalancing can be configured in CloudFormation with the resource name AWS::ElasticLoadBalancing::LoadBalancer Policies. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

Attributes The policy attributes.
Required: Yes
Type: List of Json
Update requires: No interruption

InstancePorts The instance ports for the policy. Required only for some policy types.
Required: No
Type: List of String
Update requires: No interruption

LoadBalancerPorts The load balancer ports for the policy. Required only for some policy types.
Required: No
Type: List of String
Update requires: No interruption

PolicyName The name of the policy.
Required: Yes
Type: String
Update requires: No interruption

PolicyType The name of the policy type.
Required: Yes
Type: String
Update requires: No interruption

Explanation in CloudFormation Registry

Specifies policies for your Classic Load Balancer.

To associate policies with a listener, use the PolicyNames property for the listener.

Frequently asked questions

What is AWS Elastic Load Balancing Policy?

AWS Elastic Load Balancing Policy is a resource for Elastic Load Balancing of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Elastic Load Balancing Policy?

For Terraform, the storebot/pr_demo_flat, Checkmarx/kics and leonidweinbergcx/mykics source code examples are useful. See the Terraform Example section for further details.