英文:
Add security policy to ELB config in Elastic Beanstalk?
问题
我正在通过.ebextensions
配置Elastic Load Balancer:
Resources:
AWSEBV2LoadBalancerListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: '443'
Host: '#{host}'
Path: '/#{path}'
Query: '#{query}'
StatusCode: HTTP_301
LoadBalancerArn:
Ref: AWSEBV2LoadBalancer
Port: 80
Protocol: HTTP
AWSEBV2LoadBalancerListenerHTTPS:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
Certificates:
- CertificateArn: arn:aws:acm:us-east-1:xxx
DefaultActions:
- Type: forward
TargetGroupArn:
Ref: AWSEBV2LoadBalancerTargetGroup
LoadBalancerArn:
Ref: AWSEBV2LoadBalancer
Port: 443
Protocol: HTTPS
我已手动更改了负载均衡器的安全策略为:ELBSecurityPolicy-FS-1-2-Res-2020-10
我希望将该策略添加到.config
文件中,但不知道如何操作。
英文:
I'm configering an Elastic Loadbalancer through .ebextensions
:
Resources:
AWSEBV2LoadBalancerListener:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
DefaultActions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: '443'
Host: '#{host}'
Path: '/#{path}'
Query: '#{query}'
StatusCode: HTTP_301
LoadBalancerArn:
Ref: AWSEBV2LoadBalancer
Port: 80
Protocol: HTTP
AWSEBV2LoadBalancerListenerHTTPS:
Type: 'AWS::ElasticLoadBalancingV2::Listener'
Properties:
Certificates:
- CertificateArn: arn:aws:acm:us-east-1:xxx
DefaultActions:
- Type: forward
TargetGroupArn:
Ref: AWSEBV2LoadBalancerTargetGroup
LoadBalancerArn:
Ref: AWSEBV2LoadBalancer
Port: 443
Protocol: HTTPS
I've manually changed the security policy of the load balancer to: ELBSecurityPolicy-FS-1-2-Res-2020-10
I would love to add the policy to the .config
file but don't know how.
答案1
得分: 1
根据所有 Elastic Beanstalk 配置选项的文档,如果您使用标准的 .ebextensions
设置,您可以将 SSLPolicy
设置在 aws:elbv2:listener:default
命名空间或 aws:elbv2:listener:listener_port
命名空间中。
看起来您没有使用标准设置,而是提供了自定义的 CloudFormation 资源定义。在这种情况下,您需要在您定义的 SSL 监听器上设置 SslPolicy
属性,如此处所述。
英文:
Per the documentation of all the Elastic Beanstalk configuration options, if you were using the standard .ebextensions
settings, you would set the SSLPolicy
setting in either the aws:elbv2:listener:default
namespace or the aws:elbv2:listener:listener_port
namespace.
It looks like instead of using the standard settings, you are instead providing custom CloudFormation resource definitions. In that case you need to set the SslPolicy
property on the SSL listener you have defined, as documented here.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论