Skip to content

Commit

Permalink
update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@simar7
simar7 committed Apr 13, 2024
1 parent a91d36f commit 6e96dfd
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion avd_docs/aws/cloudfront/AVD-AWS-0013/Terraform.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ Use the most modern TLS/SSL policies available
```hcl
resource "aws_cloudfront_distribution" "good_example" {
viewer_certificate {
cloudfront_default_certificate = false
cloudfront_default_certificate = false
minimum_protocol_version = "TLSv1.2_2021"
}
}
Expand Down
2 changes: 1 addition & 1 deletion avd_docs/aws/cloudfront/AVD-AWS-0013/docs.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

You should not use outdated/insecure TLS versions for encryption. You should be using TLS v1.2+.

Note: that setting *minimum_protocol_version = "TLSv1.2_2021"* is only possible when *cloudfront_default_certificate* is false (eg. you are not using the cloudfront.net domain name) and *ssl_support_method* is *sni-only*.
Note: that setting *minimum_protocol_version = "TLSv1.2_2021"* is only possible when *cloudfront_default_certificate* is false (eg. you are not using the cloudfront.net domain name).
If *cloudfront_default_certificate* is true then the Cloudfront API will only allow setting *minimum_protocol_version = "TLSv1"*, and setting it to any other value will result in a perpetual diff in your *terraform plan*'s.
The only option when using the cloudfront.net domain name is to ignore this rule.

Expand Down

0 comments on commit 6e96dfd

Please sign in to comment.