From 591f3c813747b6de196ef8a3601b4eb0ffc3a525 Mon Sep 17 00:00:00 2001
From: Pat Heard <patrick.heard@cds-snc.ca>
Date: Tue, 15 Oct 2024 10:08:20 -0400
Subject: [PATCH] chore: upgrade ALB to latest recommend SSL policy (#868)

Update to the latest recommend ALB SSL policy which is FIPS 140-3 compliant.
---
 aws/idp/lb.tf           | 2 +-
 aws/load_balancer/lb.tf | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/aws/idp/lb.tf b/aws/idp/lb.tf
index f0cdafe7a..bd969febc 100644
--- a/aws/idp/lb.tf
+++ b/aws/idp/lb.tf
@@ -65,7 +65,7 @@ resource "aws_lb_listener" "idp" {
   load_balancer_arn = aws_lb.idp.arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-2021-06"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04"
   certificate_arn   = aws_acm_certificate.idp.arn
 
   default_action {
diff --git a/aws/load_balancer/lb.tf b/aws/load_balancer/lb.tf
index 683eff8b1..9eab59824 100644
--- a/aws/load_balancer/lb.tf
+++ b/aws/load_balancer/lb.tf
@@ -103,7 +103,7 @@ resource "aws_lb_listener" "form_viewer_https" {
   load_balancer_arn = aws_lb.form_viewer.arn
   port              = "443"
   protocol          = "HTTPS"
-  ssl_policy        = "ELBSecurityPolicy-FS-1-2-Res-2019-08"
+  ssl_policy        = "ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04"
   certificate_arn   = aws_acm_certificate.form_viewer.arn
 
   default_action {