HTTPS aws_alb_listener: SSLPolicyNotFound

Hi, I have a terraform script that create an AWS ELB and some related resources such as http and https listeners.

My https listener is defined below:

variable "ssl_policy" {
  description = "The aws predefined policy for alb."
  default     = "ELBSecurityPolicy-TLS13-1-2-2021-06"
}

resource "aws_alb_listener" "https" {
  load_balancer_arn = aws_alb.vsms_alb.arn
  port              = 443
  protocol          = "HTTPS"
  ssl_policy        = var.ssl_policy
  certificate_arn   = module.acm[element(local.alb_hosts, 0)].acm_certificate_arn 
  default_action {
    target_group_arn = aws_alb_target_group.blackhole.arn
    type             = "forward"
  }
}

Upon terraform apply, I get the following error:

Error: modifying ELBv2 Listener (arn:aws:elasticloadbalancing:eu-west-1:000000000000:listener/app/vsms-alb/ecbc4cad/443281471661725184): SSLPolicyNotFound: Policy ELBSecurityPolicy-TLS13-1-2-2021-06 not found
        status code: 400, request id: 8b935633-f394-4118-972a-a2067a5a4b1e

Here is my current terraform aws provider setting:

provider "aws" {
  access_key                  = "test"
  secret_key                  = "test"
  region                      = "eu-west-1"
  s3_force_path_style         = true # Required for localstack S3 compatibility
  skip_credentials_validation = true # Skip credentials validation for localstack
  skip_metadata_api_check     = true # Skip metadata API check for localstack
  skip_requesting_account_id  = true # Skip requesting account ID for localstack

  endpoints {
    acm     = "http://localstack:4566"
    apigateway     = "http://localstack:4566"
    apigatewayv2   = "http://localstack:4566"
    cloudformation = "http://localstack:4566"
    cloudwatch     = "http://localstack:4566"
    cloudwatchlogs     = "http://localstack:4566"
    cloudwatchevents     = "http://localstack:4566"
    cloudfront     = "http://localstack:4566"
    dynamodb       = "http://localstack:4566"
    ec2            = "http://localstack:4566"
    elb            = "http://localstack:4566"
    elbv2            = "http://localstack:4566"
    es             = "http://localstack:4566"
    elasticache    = "http://localstack:4566"
    firehose       = "http://localstack:4566"
    iam            = "http://localstack:4566"
    kinesis        = "http://localstack:4566"
    lambda         = "http://localstack:4566"
    rds            = "http://localstack:4566"
    redshift       = "http://localstack:4566"
    route53        = "http://localstack:4566"
    s3             = "http://localstack:4566"
    secretsmanager = "http://localstack:4566"
    ses            = "http://localstack:4566"
    sns            = "http://localstack:4566"
    sqs            = "http://localstack:4566"
    ssm            = "http://localstack:4566"
    stepfunctions  = "http://localstack:4566"
    sts            = "http://localstack:4566"
    wafv2            = "http://localstack:4566"
    waf            = "http://localstack:4566"
  }
}

Hi @jnax09,

You are correct, this policy does not exist under LocalStack, please consider using one of the following policies as a workaround. Could you please create a ticket in our GitHub to update the list of policies?

"ELBSecurityPolicy-2016-08",
"ELBSecurityPolicy-TLS-1-2-2017-01",
"ELBSecurityPolicy-TLS-1-1-2017-01",
"ELBSecurityPolicy-2015-05",
"ELBSecurityPolicy-TLS-1-0-2015-04",
"ELBSecurityPolicy-FS-1-2-Res-2020-10"

Hey @Marcel. Thanks for your response. Using one of the suggested policies works. I have created a ticket on Github to update the list of policies.