Allows the choice between security policies

Flaconi · Oct 18, 2021 · 56332ce · 56332ce
1 parent be6755c
commit 56332ce
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -160,6 +160,7 @@ The following resources _CAN_ be created:
 | redirect\_rules | A list with maps populated with redirect rules | list(map(string)) | `[]` | no |
 | response\_code | The default status code to return when no rules have been met | string | `"500"` | no |
 | response\_message\_body | The default response message body in case no rules have been met | string | `"No match"` | no |
+| ssl\_policy | Security policy used for front-end connections. | string | `"ELBSecurityPolicy-FS-1-2-Res-2020-10"` | no |
 | tags | Extra tags to be applied to the resources | map(string) | `{}` | no |
 
 ## Outputs

diff --git a/main.tf b/main.tf
@@ -144,7 +144,7 @@ resource "aws_lb_listener" "https" {
   port              = 443
   protocol          = "HTTPS"
   certificate_arn   = var.certificate_arn
-  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  ssl_policy        = var.ssl_policy
 
   default_action {
     type = "fixed-response"

diff --git a/variables.tf b/variables.tf
@@ -61,3 +61,9 @@ variable "response_code" {
   default     = "500"
   description = "The default status code to return when no rules have been met"
 }
+
+variable "ssl_policy" {
+  description = "Security policy used for front-end connections."
+  type        = string
+  default     = "ELBSecurityPolicy-FS-1-2-Res-2020-10"
+}