search

aws / copilot-cli

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on AWS App Runner or Amazon ECS on AWS Fargate.
https://aws.github.io/copilot-cli/
Apache License 2.0
3.53k stars 417 forks source link

[Feature Request]: Configure SSL policy of the CDN (cdn.ssl_policy) #5932

Open alquerci opened 2 months ago

alquerci commented 2 months ago

Hello there,

Big thanks for this tool.

version 1.34.0

Describe your feature

In order to configure SSL policy of the CDN.

I wish Copilot would avoid us to patch the environment template.

This will save us time in setting up. And having SSL polices in one file.

Proposal

Like #1342 for ALB.

# copilot/environments/<name>/manifest.yml
cdn:
  ssl_policy: TLSv1.2_2019

Actual workaround

Now we need to have knowledge or search on documentation to do it. And the result will be this override:

# copilot/environments/overrides/cfn.patches.yml
- op: add
  path: /Resources/CloudFrontDistribution/Properties/DistributionConfig/ViewerCertificate/MinimumProtocolVersion
  value: TLSv1.2_2019
KollaAdithya commented 2 months ago

Hello @alquerci !

you can use overrides feature with the workaround mentioned above to configure your ssl policy

alquerci commented 2 months ago

Hello @KollaAdithya,

That's exactly what I did and it work very well.

The point is not about, "now we cannot do it". It is more about "now we need to have knowledge or search on documentation to do it".

For a security concern configuration, it could be more easy to configure. And have more guidance for developers to help us having secure application.

Moreover the current default policy is low in terms of security.