- Newest
- Most votes
- Most comments
In the documentation you linked, the first link has the answer:
Elastic Load Balancing provides the following security policies for Application Load Balancers:
Classic load balancers are not Application Load Balancers. While the policies might share some names, that doesn't mean they are identical. For ELBSecurityPolicy-2015-05 and ELBSecurityPolicy-2016-08 they are identical for ALBs.
Some other things to note:
In the AWS CLI there is the elb and the elbv2 options. They are distinct. The elb option is for classic load balancers, while elbv2 is for network and application load balancers.
When querying using the CLI you can spot some differences in the results. The key clue is returned from aws elbv2 describe-ssl-policies. In the output there is a field named: SupportedLoadBalancerTypes which lists the types of load balancers the policy is valid for. In the 2015-05 one, it lists application and network.
Good question. Did you try this API https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-ssl-policies.html to check for each and compare?
Thanks for your response. The output for
aws elbv2 describe-ssl-policiesis not identical for the two policies mentioned in the question.
Relevant content
- asked 4 years ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thanks for your response.
I checked the output of
aws elbv2 describe-ssl-policiesforELBSecurityPolicy-2015-05andELBSecurityPolicy-2016-08. It is not identical, despite what is stated here: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies.ELBSecurityPolicy-2015-05has an additional cipher,DHE-RSA-AES128-SHA, that is not present in the output foraws elbv2 describe-ssl-policies ELBSecurityPolicy-2016-08.Are you able to clarify this discrepancy?