copilot-cli icon indicating copy to clipboard operation
copilot-cli copied to clipboard
verified publisher icon aws

[Feature Request]: Configure SSL policy of the CDN (cdn.ssl_policy)

Open alquerci opened this issue 1 year ago • 2 comments

Hello there,

Big thanks for this tool.

version 1.34.0

Describe your feature

In order to configure SSL policy of the CDN.

I wish Copilot would avoid us to patch the environment template.

This will save us time in setting up. And having SSL polices in one file.

Proposal

Like #1342 for ALB.

# copilot/environments/<name>/manifest.yml
cdn:
  ssl_policy: TLSv1.2_2019

Actual workaround

Now we need to have knowledge or search on documentation to do it. And the result will be this override:

# copilot/environments/overrides/cfn.patches.yml
- op: add
  path: /Resources/CloudFrontDistribution/Properties/DistributionConfig/ViewerCertificate/MinimumProtocolVersion
  value: TLSv1.2_2019

alquerci avatar Sep 05 '24 10:09 alquerci

Hello @alquerci !

you can use overrides feature with the workaround mentioned above to configure your ssl policy

KollaAdithya avatar Sep 13 '24 18:09 KollaAdithya

Hello @KollaAdithya,

That's exactly what I did and it work very well.

The point is not about, "now we cannot do it". It is more about "now we need to have knowledge or search on documentation to do it".

For a security concern configuration, it could be more easy to configure. And have more guidance for developers to help us having secure application.

Moreover the current default policy is low in terms of security.

alquerci avatar Sep 14 '24 11:09 alquerci