Policy: AWS > EC2 > Load Balancer Listener > SSL Policy > Default

Define the default AWS SSL policy the AWS EC2 load balancer listener should use if it's not currently using an allowed SSL policy.

The SSL policy selected in this policy should also be allowed in the AWS > EC2 > Load Balancer Listener > SSL Policy > Allowed policy, else the control will move into an invalid state while trying to enforce this policy.

Targets

This policy targets the following resource types:

AWS > EC2 > Load Balancer Listener

Primary Policy

This policy is used with the following primary policy:

AWS > EC2 > Load Balancer Listener > SSL Policy

Controls

Setting this policy configures this control:

AWS > EC2 > Load Balancer Listener > SSL Policy

Policy Specification

Schema Type	`string`
Default	`ELBSecurityPolicy-2016-08`
Valid Values [YAML]	`ELBSecurityPolicy-2015-05` `ELBSecurityPolicy-2016-08` `ELBSecurityPolicy-FS-1-1-2019-08` `ELBSecurityPolicy-FS-1-2-2019-08` `ELBSecurityPolicy-FS-1-2-Res-2019-08` `ELBSecurityPolicy-FS-1-2-Res-2020-10` `ELBSecurityPolicy-FS-2018-06` `ELBSecurityPolicy-TLS-1-0-2015-04` `ELBSecurityPolicy-TLS-1-1-2017-01` `ELBSecurityPolicy-TLS-1-2-2017-01` `ELBSecurityPolicy-TLS-1-2-Ext-2018-06` `ELBSecurityPolicy-TLS13-1-0-2021-06` `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-0-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-1-2021-06` `ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-2021-06` `ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06` `ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06` `ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Res-2021-06` `ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-3-2021-06` `ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-3-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-3-PQ-2025-09`
Examples [YAML]	`ELBSecurityPolicy-2016-08`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/turbot#/control/categories/security

Policy Type URI

tmod:@turbot/aws-ec2#/policy/types/loadBalancerListenerSslPolicyDefault

GraphQL

query policyType(id: "tmod:@turbot/aws-ec2#/policy/types/loadBalancerListenerSslPolicyDefault") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/aws-ec2#/policy/types/loadBalancerListenerSslPolicyDefault'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/aws-ec2#/policy/types/loadBalancerListenerSslPolicyDefault'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/aws-ec2#/policy/types/loadBalancerListenerSslPolicyDefault"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-ec2#/policy/types/loadBalancerListenerSslPolicyDefault"

Policy: AWS > EC2 > Load Balancer Listener > SSL Policy > Default

Policy Specification

Schema Type	`string`
Default	`ELBSecurityPolicy-2016-08`
Valid Values [YAML]	`ELBSecurityPolicy-2015-05` `ELBSecurityPolicy-2016-08` `ELBSecurityPolicy-FS-1-1-2019-08` `ELBSecurityPolicy-FS-1-2-2019-08` `ELBSecurityPolicy-FS-1-2-Res-2019-08` `ELBSecurityPolicy-FS-1-2-Res-2020-10` `ELBSecurityPolicy-FS-2018-06` `ELBSecurityPolicy-TLS-1-0-2015-04` `ELBSecurityPolicy-TLS-1-1-2017-01` `ELBSecurityPolicy-TLS-1-2-2017-01` `ELBSecurityPolicy-TLS-1-2-Ext-2018-06` `ELBSecurityPolicy-TLS13-1-0-2021-06` `ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-0-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-1-2021-06` `ELBSecurityPolicy-TLS13-1-1-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-2021-06` `ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Ext1-2021-06` `ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Ext2-2021-06` `ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Res-2021-06` `ELBSecurityPolicy-TLS13-1-2-Res-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-3-2021-06` `ELBSecurityPolicy-TLS13-1-3-FIPS-2023-04` `ELBSecurityPolicy-TLS13-1-3-FIPS-PQ-2025-09` `ELBSecurityPolicy-TLS13-1-3-PQ-2025-09`
Examples [YAML]	`ELBSecurityPolicy-2016-08`