Add support for ALB SSLPolicy (#60)

johncblandii · aknysh · commit 24767ec9c8cc · 2018-11-05T22:03:23.000-05:00
* Allow aws:elasticbeanstalk:managedactions toggling

* Remove duplicate DeploymentPolicy setting

* Add support for CloudWatch health log streaming

* Updated documentation

* Rebuild README

* Add all beanstalk outputs

* Documentation updates

* Add description variable and fix for boolean values

* Remove description output

It is listed in the documentation but fails every time. It isn’t a critical output anyway.

Error: Error running plan: 1 error(s) occurred:

* module.elastic_beanstalk_environment.output.description: Resource 'aws_elastic_beanstalk_environment.default' does not have attribute 'description' for variable 'aws_elastic_beanstalk_environment.default.description'

* Documentation update

* Updated enable_managed_actions documentation

* tf fmt

* Add ALB SSLPolicy support
diff --git a/README.md b/README.md
@@ -87,6 +87,7 @@ Available targets:
 | loadbalancer_certificate_arn | Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager | string | `` | no |
 | loadbalancer_managed_security_group | Load balancer managed security group | string | `` | no |
 | loadbalancer_security_groups | Load balancer security groups | list | `<list>` | no |
+| loadbalancer_ssl_policy | Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer. | string | `` | no |
 | loadbalancer_type | Load Balancer type, e.g. 'application' or 'classic' | string | `classic` | no |
 | logs_delete_on_terminate | Whether to delete the log groups when the environment is terminated. If false, the logs are kept RetentionInDays days. | string | `false` | no |
 | logs_retention_in_days | The number of days to keep log events before they expire. | string | `7` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -39,6 +39,7 @@
 | loadbalancer_certificate_arn | Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager | string | `` | no |
 | loadbalancer_managed_security_group | Load balancer managed security group | string | `` | no |
 | loadbalancer_security_groups | Load balancer security groups | list | `<list>` | no |
+| loadbalancer_ssl_policy | Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer. | string | `` | no |
 | loadbalancer_type | Load Balancer type, e.g. 'application' or 'classic' | string | `classic` | no |
 | logs_delete_on_terminate | Whether to delete the log groups when the environment is terminated. If false, the logs are kept RetentionInDays days. | string | `false` | no |
 | logs_retention_in_days | The number of days to keep log events before they expire. | string | `7` | no |
diff --git a/main.tf b/main.tf
@@ -642,6 +642,11 @@ resource "aws_elastic_beanstalk_environment" "default" {
     name      = "SSLCertificateArns"
     value     = "${var.loadbalancer_certificate_arn}"
   }
+  setting {
+    namespace = "aws:elbv2:listener:443"
+    name      = "SSLPolicy"
+    value     = "${var.loadbalancer_type == "application" ? var.loadbalancer_ssl_policy : ""}"
+  }
   setting {
     namespace = "aws:elasticbeanstalk:healthreporting:system"
     name      = "ConfigDocument"
diff --git a/variables.tf b/variables.tf
@@ -105,6 +105,11 @@ variable "loadbalancer_certificate_arn" {
   description = "Load Balancer SSL certificate ARN. The certificate must be present in AWS Certificate Manager"
 }
 
+variable "loadbalancer_ssl_policy" {
+  default     = ""
+  description = "Specify a security policy to apply to the listener. This option is only applicable to environments with an application load balancer."
+}
+
 variable "loadbalancer_security_groups" {
   type        = "list"
   default     = []
