From ccb16d3c2b64c74316aaa824114cbf829f2abff8 Mon Sep 17 00:00:00 2001
From: Pat Heard <patrick.heard@cds-snc.ca>
Date: Tue, 15 Oct 2024 09:03:56 -0400
Subject: [PATCH] chore: upgrade ALB to recommend SSL policy (#683)

Update to the latest recommend ALB SSL policy which is FIPS 140-3 compliant.
---
 terraform/alb.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/alb.tf b/terraform/alb.tf
index da49d9ab..56ec6813 100644
--- a/terraform/alb.tf
+++ b/terraform/alb.tf
@@ -30,7 +30,7 @@ resource "aws_lb_listener" "sre_bot_listener" {
   load_balancer_arn = aws_lb.sre_bot.arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-FS-1-2-Res-2020-10"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04"
   certificate_arn   = aws_acm_certificate.sre_bot.arn
 
   default_action {