Adding reference in ELB docs for supported ECDSA curves.

This commit is contained in:
Jeremy Young 2016-09-02 16:25:01 -05:00
parent 3cfce54910
commit b295192ed3
1 changed files with 12 additions and 4 deletions

View File

@ -72,7 +72,7 @@ The following arguments are supported:
* `name` - (Optional) The name of the ELB. By default generated by terraform. * `name` - (Optional) The name of the ELB. By default generated by terraform.
* `access_logs` - (Optional) An Access Logs block. Access Logs documented below. * `access_logs` - (Optional) An Access Logs block. Access Logs documented below.
* `availability_zones` - (Required for an EC2-classic ELB) The AZ's to serve traffic in. * `availability_zones` - (Required for an EC2-classic ELB) The AZ's to serve traffic in.
* `security_groups` - (Optional) A list of security group IDs to assign to the ELB. * `security_groups` - (Optional) A list of security group IDs to assign to the ELB.
Only valid if creating an ELB within a VPC Only valid if creating an ELB within a VPC
* `subnets` - (Required for a VPC ELB) A list of subnet IDs to attach to the ELB. * `subnets` - (Required for a VPC ELB) A list of subnet IDs to attach to the ELB.
* `instances` - (Optional) A list of instance ids to place in the ELB pool. * `instances` - (Optional) A list of instance ids to place in the ELB pool.
@ -82,7 +82,7 @@ The following arguments are supported:
* `cross_zone_load_balancing` - (Optional) Enable cross-zone load balancing. Default: `true` * `cross_zone_load_balancing` - (Optional) Enable cross-zone load balancing. Default: `true`
* `idle_timeout` - (Optional) The time in seconds that the connection is allowed to be idle. Default: 60. * `idle_timeout` - (Optional) The time in seconds that the connection is allowed to be idle. Default: 60.
* `connection_draining` - (Optional) Boolean to enable connection draining. * `connection_draining` - (Optional) Boolean to enable connection draining.
* `connection_draining_timeout` - (Optional) The time in seconds to allow for connections to drain. * `connection_draining_timeout` - (Optional) The time in seconds to allow for connections to drain.
* `tags` - (Optional) A mapping of tags to assign to the resource. * `tags` - (Optional) A mapping of tags to assign to the resource.
Exactly one of `availability_zones` or `subnets` must be specified: this Exactly one of `availability_zones` or `subnets` must be specified: this
@ -103,7 +103,7 @@ Listeners (`listener`) support the following:
* `lb_protocol` - (Required) The protocol to listen on. Valid values are `HTTP`, * `lb_protocol` - (Required) The protocol to listen on. Valid values are `HTTP`,
`HTTPS`, `TCP`, or `SSL` `HTTPS`, `TCP`, or `SSL`
* `ssl_certificate_id` - (Optional) The ARN of an SSL certificate you have * `ssl_certificate_id` - (Optional) The ARN of an SSL certificate you have
uploaded to AWS IAM. **Only valid when `lb_protocol` is either HTTPS or SSL** uploaded to AWS IAM. **Note ECDSA-specific restrictions below. Only valid when `lb_protocol` is either HTTPS or SSL**
Health Check (`health_check`) supports the following: Health Check (`health_check`) supports the following:
@ -116,6 +116,14 @@ Health Check (`health_check`) supports the following:
* `interval` - (Required) The interval between checks. * `interval` - (Required) The interval between checks.
* `timeout` - (Required) The length of time before the check times out. * `timeout` - (Required) The length of time before the check times out.
## Note on ECDSA Key Algorithm
If the ARN of the `ssl_certificate_id` that is pointed to references a
certificate that was signed by an ECDSA key, note that ELB only supports the
P256 and P384 curves. Using a certificate signed by a key using a different
curve could produce the error `ERR_SSL_VERSION_OR_CIPHER_MISMATCH` in your
browser.
## Attributes Reference ## Attributes Reference
The following attributes are exported: The following attributes are exported:
@ -134,7 +142,7 @@ The following attributes are exported:
## Import ## Import
ELBs can be imported using the `name`, e.g. ELBs can be imported using the `name`, e.g.
``` ```
$ terraform import aws_elb.bar elb-production-12345 $ terraform import aws_elb.bar elb-production-12345