From 5c28eb98285638128729658d4f9afd6ea6882a67 Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Fri, 9 Aug 2024 15:20:21 +0100 Subject: [PATCH 1/2] CC-2605: ssl_policy ELBSecurityPolicy-2016-08 -> ELBSecurityPolicy-TLS13-1-2-2021-06 --- .../environments/ccms-ebs/ccms-ec2-oracle_ebs_apps-alb.tf | 2 +- .../environments/ccms-ebs/ccms-ec2-oracle_webgate-alb.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/environments/ccms-ebs/ccms-ec2-oracle_ebs_apps-alb.tf b/terraform/environments/ccms-ebs/ccms-ec2-oracle_ebs_apps-alb.tf index 4b1035b6097..6c4f582592c 100644 --- a/terraform/environments/ccms-ebs/ccms-ec2-oracle_ebs_apps-alb.tf +++ b/terraform/environments/ccms-ebs/ccms-ec2-oracle_ebs_apps-alb.tf @@ -27,7 +27,7 @@ resource "aws_lb_listener" "ebsapps_listener" { load_balancer_arn = aws_lb.ebsapps_lb.arn port = "443" protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-2016-08" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = data.aws_acm_certificate.gandi_cert.arn default_action { diff --git a/terraform/environments/ccms-ebs/ccms-ec2-oracle_webgate-alb.tf b/terraform/environments/ccms-ebs/ccms-ec2-oracle_webgate-alb.tf index 73e6e8dd29d..3c48841a1e8 100644 --- a/terraform/environments/ccms-ebs/ccms-ec2-oracle_webgate-alb.tf +++ b/terraform/environments/ccms-ebs/ccms-ec2-oracle_webgate-alb.tf @@ -28,7 +28,7 @@ resource "aws_lb_listener" "webgate_listener" { load_balancer_arn = aws_lb.webgate_lb[count.index].arn port = "443" protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-2016-08" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = local.cert_arn default_action { @@ -88,7 +88,7 @@ resource "aws_lb_listener" "webgate_public_listener" { load_balancer_arn = aws_lb.webgate_public_lb.arn port = "443" protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-2016-08" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = data.aws_acm_certificate.gandi_cert.arn default_action { From c53d2b5d0a9b4dff9072f19b6cb13f7eed804dda Mon Sep 17 00:00:00 2001 From: Maciej Matysiak <103054339+mmgovuk@users.noreply.github.com> Date: Fri, 9 Aug 2024 15:37:44 +0100 Subject: [PATCH 2/2] CC-2605: ssl_policy ELBSecurityPolicy-TLS-1-2-2017-01 -> ELBSecurityPolicy-TLS13-1-2-2021-06 --- .../ccms-ebs-upgrade/ec2-oracle_ebs_apps-alb.tf | 2 +- .../ccms-ebs-upgrade/ec2-oracle_webgate-alb.tf | 2 +- terraform/environments/laa-oem/oem_ec2_app_lb.tf | 10 +++++----- .../environments/laa-oem/oem_ec2_app_lb_internal.tf | 10 +++++----- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps-alb.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps-alb.tf index 129e87d5ff6..b5eae5d59b8 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps-alb.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_ebs_apps-alb.tf @@ -26,7 +26,7 @@ resource "aws_lb_listener" "ebsapps_listener" { load_balancer_arn = aws_lb.ebsapps_lb.arn port = "443" protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-2016-08" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.external.arn default_action { diff --git a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_webgate-alb.tf b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_webgate-alb.tf index 0b6c06cb866..b8deb805725 100644 --- a/terraform/environments/ccms-ebs-upgrade/ec2-oracle_webgate-alb.tf +++ b/terraform/environments/ccms-ebs-upgrade/ec2-oracle_webgate-alb.tf @@ -26,7 +26,7 @@ resource "aws_lb_listener" "webgate_listener" { load_balancer_arn = aws_lb.webgate_lb.arn port = "443" protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-2016-08" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.external.arn default_action { diff --git a/terraform/environments/laa-oem/oem_ec2_app_lb.tf b/terraform/environments/laa-oem/oem_ec2_app_lb.tf index 1a7c77c000a..b7c0f4d360c 100644 --- a/terraform/environments/laa-oem/oem_ec2_app_lb.tf +++ b/terraform/environments/laa-oem/oem_ec2_app_lb.tf @@ -13,7 +13,7 @@ resource "aws_lb_listener" "oem_app" { port = 443 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action { @@ -27,7 +27,7 @@ resource "aws_lb_listener" "oem_app_3872" { port = 3872 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action { @@ -41,7 +41,7 @@ resource "aws_lb_listener" "oem_app_4903" { port = 4903 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action { @@ -55,7 +55,7 @@ resource "aws_lb_listener" "oem_app_7102" { port = 7102 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action { @@ -69,7 +69,7 @@ resource "aws_lb_listener" "oem_app_7803" { port = 7803 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action { diff --git a/terraform/environments/laa-oem/oem_ec2_app_lb_internal.tf b/terraform/environments/laa-oem/oem_ec2_app_lb_internal.tf index 8f0a5c6156b..9dbf59f8ba1 100644 --- a/terraform/environments/laa-oem/oem_ec2_app_lb_internal.tf +++ b/terraform/environments/laa-oem/oem_ec2_app_lb_internal.tf @@ -13,7 +13,7 @@ resource "aws_lb_listener" "oem_app_internal" { port = 443 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action { @@ -27,7 +27,7 @@ resource "aws_lb_listener" "oem_app_3872_internal" { port = 3872 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action { @@ -41,7 +41,7 @@ resource "aws_lb_listener" "oem_app_4903_internal" { port = 4903 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action { @@ -55,7 +55,7 @@ resource "aws_lb_listener" "oem_app_7102_internal" { port = 7102 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action { @@ -69,7 +69,7 @@ resource "aws_lb_listener" "oem_app_7803_internal" { port = 7803 protocol = "HTTPS" - ssl_policy = "ELBSecurityPolicy-TLS-1-2-2017-01" + ssl_policy = "ELBSecurityPolicy-TLS13-1-2-2021-06" certificate_arn = aws_acm_certificate.laa_cert.arn default_action {