如何使用前端安全策略創建AWS ELB偵聽器？我該如何更換保單？

Question

一般情況下，這是命令我會使用：

my_elb = elb.create("test", { :availability_zones => ["us-east-1d"], 
           :listeners => [ { :port => 80, :protocol => "http", 
               :instance_port => 8082, 
               :instance_protocol => "http" } 
              ] }) 
my_elb.listeners.create({ :port => 443, 
          :protocol => :https, 
          :instance_protocol => :http, 
          :instance_port => 80, 
          :server_certificate => cert.arn }) 

但我找不到語法添加安全策略（如「ELBSecurityPolicy-2014-10」）

Answer 1

您應該listener保存到一個變量，然後調用policy=方法：

my_elb = elb.create("test", { :availability_zones => ["us-east-1d"], 
           :listeners => [ { :port => 80, :protocol => "http", 
               :instance_port => 8082, 
               :instance_protocol => "http" } 
              ] }) 
listener = my_elb.listeners.create({ :port => 443, 
          :protocol => :https, 
          :instance_protocol => :http, 
          :instance_port => 80, 
          :server_certificate => cert.arn }) 

listener.policy = 'ELBSecurityPolicy-2014-10' 

puts listener.policy.inspect # <AWS::ELB::LoadBalancerPolicy load_balancer_name:test name:ELBSecurityPolicy-2014-10> 

希望這有助於

Answer 2

我現在在同一件事情上工作，你可以象我在做的那樣將安全策略添加到elb.create對象中。下面的示例針對基於VPC的ELB，正如您可以在偵聽器外部看到的那樣，您可以將安全組添加爲數組。

webservice = elb.load_balancers.create("webservice001", :listeners => [{ :port => 80, :protocol => :http, :instance_port => 8080, :instance_protocol => :http }, { :port => 443, :protocol => :https, :instance_port => 8443, :instance_protocol => :https, :ssl_certificate_id => "arn:aws:iam::xxxxxxxxx:server-certificate/server-certificate" }], :subnets =>[ "subnet-id1", "subnet-id2", "subnet-id3" ], :security_groups => [ "webservice001-elb-sg-id#" ], :scheme => 'internet-facing' )