ALB Security Policies ELBSecurityPolicy-2015-05 and ELBSecurityPolicy-2016-08 are not identical depending on region

Question

[This page](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) for Application Load Balancers states that Security Policies `ELBSecurityPolicy-2015-05` and `ELBSecurityPolicy-2016-08` are identical.

When using region `us-east-1`, the two policies appear to be identical.

When using region `us-east-2` or `ca-central-1`, the two policies are not identical. 
`ELBSecurityPolicy-2015-05` has an additional cipher, `DHE-RSA-AES128-SHA`, that is not present in the output for `aws elbv2 describe-ssl-policies ELBSecurityPolicy-2016-08`.

I have not checked all regions.

Either the documentation or the security policies per region should be updated.

Answer

Hello Rachel!

Thank you for contacting AWS re:Post!

I appreciate you for taking the time to bring this issue to our attention. I understand that the security policies claimed to be identical is not the same across all regions.
Your examples of `us-east-1` vs. `us-east-2` helped identify this gap.

I have raised this issue with the service team. I am happy to let you know that they are working on the fix.

Please keep an eye out on https://aws.amazon.com/blogs/aws/ and https://aws.amazon.com/new/ for further updates on releases.

ALB Security Policies ELBSecurityPolicy-2015-05 and ELBSecurityPolicy-2016-08 are not identical depending on region

Relevant content