AWSElastic Load Balancing (Classic)aws_lb_ssl_negotiation_policyPro

How to Import an AWS LB SSL Negotiation Policy into Terraform

To import an existing AWS LB SSL Negotiation Policy into Terraform, scan it with Terraback and run terraback aws import --method bulk. Terraback writes the matching aws_lb_ssl_negotiation_policy resource block and the Terraform 1.5+ import block for you, so you do not have to run terraform import by hand. The import ID is not importable: aws_lb_ssl_negotiation_policy does not support terraform import (the provider documentation has no Import section). Recreate it from HCL with terraform apply rather than importing..

Import AWS LB SSL Negotiation Policy with Terraback (recommended)

Terraback reverse-engineers your live infrastructure: it reads the Elastic Load Balancing (Classic) resource with read-only credentials, generates the HCL, and produces the exact import block. Two commands take you from a live AWS LB SSL Negotiation Policy to managed Terraform.

1

Scan your AWS account

terraback scan all aws --region us-east-1
2

Generate import blocks and import into state

terraback aws import --method bulk

The Terraform import block

Terraback emits a Terraform 1.5+ import block like the one below. Because the block lives in your configuration, the import is reviewable in a pull request and repeatable across environments.

# aws_lb_ssl_negotiation_policy does NOT support terraform import.
# There is no import block for this resource; define it in HCL and run
# terraform apply against the existing Classic load balancer instead.

Example aws_lb_ssl_negotiation_policy configuration

Here is a realistic AWS LB SSL Negotiation Policy block. Terraback generates a fuller version from your actual resource attributes; this is a minimal, valid starting point.

resource "aws_lb_ssl_negotiation_policy" "example" {
  name          = "example-ssl-policy"
  load_balancer = aws_elb.example.id
  lb_port       = 443

  attribute {
    name  = "Protocol-TLSv1.2"
    value = "true"
  }
  attribute {
    name  = "Server-Defined-Cipher-Order"
    value = "true"
  }
}

Gotchas when importing a AWS LB SSL Negotiation Policy

  • This resource genuinely cannot be imported: the Terraform AWS provider docs have no Import section for aws_lb_ssl_negotiation_policy, so terraform import will fail. Define it in HCL and apply to adopt it.
  • It applies only to the Classic Load Balancer (aws_elb) on a specific lb_port; modern Application and Network Load Balancers use aws_lb_listener security policies instead.
  • Because there is no import path, reconcile drift by writing the attribute blocks to match the live policy and running terraform apply, which replaces the policy on that listener port.
  • The attribute names (protocols and ciphers) must exactly match an AWS-supported predefined set; an unknown attribute makes the apply fail, so copy them from the live ELB configuration.

Doing it manually with terraform import

The native approach is to write the aws_lb_ssl_negotiation_policy block by hand, then run terraform import aws_lb_ssl_negotiation_policy.example <import-id> for every resource, one at a time. That works for a handful of resources, but it does not scale: you author all the HCL yourself and repeat the command for each item. Terraback generates the HCL and the import blocks for your whole account in one pass.

Import your whole AWS account in minutes

Terraback scans 80+ AWS resource types and emits clean Terraform plus import blocks, running locally with read-only credentials. $499 once, no SaaS.