This config is really confusing to me. I’m sure its the AWS APIs themselves that make it this way but its really unclear to me how this works.
I have a classic ELB and would expect to be able to just do this to set a pre-defined policy:
resource "aws_load_balancer_listener_policy" "mylb" {
load_balancer_name = aws_elb.mylb.name
load_balancer_port = 443
policy_names = [
"ELBSecurityPolicy-TLS-1-2-2017-01"
]
}
But I get Error: Error setting LoadBalancerPoliciesOfListener: PolicyNotFound: There is no policy with name ELBSecurityPolicy-TLS-1-2-2017-01 for load balancer
I have to do this:
resource "aws_load_balancer_policy" "mylb" {
load_balancer_name = aws_elb.mylb.name
policy_name = "mylb"
policy_type_name = "SSLNegotiationPolicyType"
policy_attribute {
name = "Reference-Security-Policy"
value = "ELBSecurityPolicy-TLS-1-2-2017-01"
}
}
resource "aws_load_balancer_listener_policy" "mylb" {
load_balancer_name = aws_elb.mylb.name
load_balancer_port = 443
policy_names = [
aws_load_balancer_policy.mylb.policy_name
]
}
I don’t get it. What is aws_load_balancer_policy even doing? I can’t find anything in the UI where a policy is “attached” to an LB- just listeners.
Also this is a predefined policy that already exists.
I could see if aws_load_balancer_policy was a generic resource I could apply to any LB but its not. I need TWO resources to do this one simple config.
Seems like a lot of cruft. I’d like to understand why it is the way it is.