SSL_policy in front end configuration using terraform

antfrasparkle · July 8, 2024, 7:18pm

Hello all

i’m using

github.com/GoogleCloudPlatform/cloud-foundation-fabric.git//modules/net-address?ref=v27.0.0 module to create an ILB in front of APIGEEX. By default module attach a GCP_default SSL policy to front end but this is a vulnerability issue as it permit TLS 1.1. I would create a SSL policy with TLS 1.2 minumum and relate it to frontend configuration with terraform
I’m not able to fin a way to do it

antfrasparkle · August 6, 2024, 7:04am

solved: in last module

github.com/GoogleCloudPlatform/cloud-foundation-fabric//modules/net-lb-app-int
it is possible to set

#--------------------------------------------------------------

DEFINIZIONE SSL _POLICY

#--------------------------------------------------------------
resource “google_compute_region_ssl_policy” “apigee-priv-ilb-policy” {
name = “apigee-priv-ilb-policy”
project = var.project_id
region = var.region
profile = “MODERN”
min_tls_version = “TLS_1_2”
}

and then in ILB definiton

https_proxy_config = {
ssl_policy = google_compute_region_ssl_policy.apigee-north-priv-ilb-policy.id
}

Topic		Replies	Views
How to configure TLS1.2 in Apigee Edge Apigee api-runtime	0	7	March 19, 2016
Can I disable TLS 1.3 on HTTPS Load Balancer? Compute Infrastructure server-configuration	2	27	December 14, 2022
What is the right way to set TLSv1.2 protocol while configuring virtual host ? Apigee api-runtime	3	3	August 19, 2015

SSL_policy in front end configuration using terraform

DEFINIZIONE SSL _POLICY

AI Suggested topics