在 Elastic Beanstalk 中向 ELB 配置添加安全策略?

huangapple go评论59阅读模式
英文:

Add security policy to ELB config in Elastic Beanstalk?

问题

我正在通过.ebextensions配置Elastic Load Balancer:

Resources:
  AWSEBV2LoadBalancerListener:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      DefaultActions:
        - Type: redirect
          RedirectConfig:
            Protocol: HTTPS
            Port: '443'
            Host: '#{host}'
            Path: '/#{path}'
            Query: '#{query}'
            StatusCode: HTTP_301
      LoadBalancerArn:
        Ref: AWSEBV2LoadBalancer
      Port: 80
      Protocol: HTTP
  AWSEBV2LoadBalancerListenerHTTPS:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      Certificates:
        - CertificateArn: arn:aws:acm:us-east-1:xxx
      DefaultActions:
        - Type: forward
          TargetGroupArn:
            Ref: AWSEBV2LoadBalancerTargetGroup
      LoadBalancerArn:
        Ref: AWSEBV2LoadBalancer
      Port: 443
      Protocol: HTTPS

我已手动更改了负载均衡器的安全策略为:ELBSecurityPolicy-FS-1-2-Res-2020-10

我希望将该策略添加到.config文件中,但不知道如何操作。

英文:

I'm configering an Elastic Loadbalancer through .ebextensions:

Resources:
  AWSEBV2LoadBalancerListener:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      DefaultActions:
        - Type: redirect
          RedirectConfig:
            Protocol: HTTPS
            Port: '443'
            Host: '#{host}'
            Path: '/#{path}'
            Query: '#{query}'
            StatusCode: HTTP_301
      LoadBalancerArn:
        Ref: AWSEBV2LoadBalancer
      Port: 80
      Protocol: HTTP
  AWSEBV2LoadBalancerListenerHTTPS:
    Type: 'AWS::ElasticLoadBalancingV2::Listener'
    Properties:
      Certificates:
        - CertificateArn: arn:aws:acm:us-east-1:xxx
      DefaultActions:
        - Type: forward
          TargetGroupArn:
            Ref: AWSEBV2LoadBalancerTargetGroup
      LoadBalancerArn:
        Ref: AWSEBV2LoadBalancer
      Port: 443
      Protocol: HTTPS

I've manually changed the security policy of the load balancer to: ELBSecurityPolicy-FS-1-2-Res-2020-10

I would love to add the policy to the .config file but don't know how.

答案1

得分: 1

根据所有 Elastic Beanstalk 配置选项的文档,如果您使用标准的 .ebextensions 设置,您可以将 SSLPolicy 设置在 aws:elbv2:listener:default 命名空间或 aws:elbv2:listener:listener_port 命名空间中。

看起来您没有使用标准设置,而是提供了自定义的 CloudFormation 资源定义。在这种情况下,您需要在您定义的 SSL 监听器上设置 SslPolicy 属性,如此处所述

英文:

Per the documentation of all the Elastic Beanstalk configuration options, if you were using the standard .ebextensions settings, you would set the SSLPolicy setting in either the aws:elbv2:listener:default namespace or the aws:elbv2:listener:listener_port namespace.

It looks like instead of using the standard settings, you are instead providing custom CloudFormation resource definitions. In that case you need to set the SslPolicy property on the SSL listener you have defined, as documented here.

huangapple
  • 本文由 发表于 2023年3月7日 20:47:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/75662168.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定