added-ssl-option

[cj-belchez]

1Password SCIM example - ECS|Fargate deployment

Adding an option to add SSL policy to fix insecure TLS issue

The previous version uses old SSL Policy (ELBSecurityPolicy-2016-08)

[scottisloud]

Hi @cj-belchez and @scott-doyland-burrows Thanks for the PR, we will review it as time permits. Appreciate your proposed contribution! :)

[renz-canlas]

Hi @scottisloud, I would like to follow-up on this PR as our security team has flagged it as an issue. Thanks.

[scottisloud]

Hi @renz-canlas thanks for the nudge. I'll bump this up the todo list to hopefully get this reviewed sooner.

In the meantime, since the manifests in this repo are examples that we expect most people will want or need to modify to suit their specific needs, you're free to modify this terraform plan as desired, without necessarily being beholden to our timeline.

We recognize that this change may be one that should be part of the canonical example and look forward to reviewing it and incorporating it soon. (I realize this PR is only a few lines worth of changes, but we do need to be careful about changes, even ones that are trivial on their face, since they potentially impact existing deployments, common variants of a given deployment, or other aspects of the deployment, that we need to thoroughly understand and document if necessary. We appreciate your patience here).

[plttn]

Hi there @renz-canlas, thanks for your patience on this. Given the state of TLS today, we decided to make this a change to the current recommended policy, rather than a configurable option. As Scott mentioned, these are examples, and it's very possible to modify it to fit your needs. In any case, thanks for flagging!