Policies that I specified under Cloudformation ELB Policies attribute is not enabled after deployment. I had to enable it manually util then the old default Policy was in effect. How to automatically enable the ELB Cipher policy specified in the Cloudformation ?
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb-policy.html
Policies:
- PolicyName: My-SSLNegotiation-Policy
PolicyType: SSLNegotiationPolicyType
Attributes:
- Name: Reference-Security-Policy
Value: ELBSecurityPolicy-TLS-1-2-2017-01
On the AWS Console it was still showing the predefined policy as ELBSecurityPolicy-2016-08
which is the default policy
Then I had to manually enable it using the cli below then it showed predefined policy as ELBSecurityPolicy-TLS-1-2-2017-01
aws elb set-load-balancer-policies-of-listener --load-balancer-name auhuman-ELB-qwertyuiop --load-balancer-port 443 --policy-names Auhuman-ELBSecurityPolicy-TLS-1-2-2017-01 --region us-east-1
This style of policy definition is associated with the classic EC2 load balancer. If at all possible, you should use a V2 application load balancer instead. Really the only use case for a classic ELB is if you have classic EC2 instances not in a VPC...and you should be thinking about migration strategy for those.
Assuming you can use a V2 ALB, you can use the
SslPolicy
property on the listener to declare your policy, for example:Of course you'll need to substitute appropriate references for your situation.
If you absolutely have to use a classic ELB, then you need to associate the policy name with the listener by adding the
PolicyNames
property to the listener config, as in: