From 56332ce4749b7a2d237eac82c9d171c959fe5d9f Mon Sep 17 00:00:00 2001
From: Dan Vaida <me@danvaida.com>
Date: Mon, 18 Oct 2021 10:48:23 +0300
Subject: [PATCH] Allows the choice between security policies

---
 README.md    | 1 +
 main.tf      | 2 +-
 variables.tf | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 771aeb1..ad6de56 100644
--- a/README.md
+++ b/README.md
@@ -160,6 +160,7 @@ The following resources _CAN_ be created:
 | redirect\_rules | A list with maps populated with redirect rules | list(map(string)) | `[]` | no |
 | response\_code | The default status code to return when no rules have been met | string | `"500"` | no |
 | response\_message\_body | The default response message body in case no rules have been met | string | `"No match"` | no |
+| ssl\_policy | Security policy used for front-end connections. | string | `"ELBSecurityPolicy-FS-1-2-Res-2020-10"` | no |
 | tags | Extra tags to be applied to the resources | map(string) | `{}` | no |
 
 ## Outputs
diff --git a/main.tf b/main.tf
index 7a564e6..1cc79cb 100644
--- a/main.tf
+++ b/main.tf
@@ -144,7 +144,7 @@ resource "aws_lb_listener" "https" {
   port              = 443
   protocol          = "HTTPS"
   certificate_arn   = var.certificate_arn
-  ssl_policy        = "ELBSecurityPolicy-2016-08"
+  ssl_policy        = var.ssl_policy
 
   default_action {
     type = "fixed-response"
diff --git a/variables.tf b/variables.tf
index 1efa93e..b78d418 100644
--- a/variables.tf
+++ b/variables.tf
@@ -61,3 +61,9 @@ variable "response_code" {
   default     = "500"
   description = "The default status code to return when no rules have been met"
 }
+
+variable "ssl_policy" {
+  description = "Security policy used for front-end connections."
+  type        = string
+  default     = "ELBSecurityPolicy-FS-1-2-Res-2020-10"
+}