[Feature Request]: Configure SSL policy of the CDN (cdn.ssl_policy)

[alquerci]

Hello there,

Big thanks for this tool.

version 1.34.0

Describe your feature

In order to configure SSL policy of the CDN.

I wish Copilot would avoid us to patch the environment template.

This will save us time in setting up.
And having SSL polices in one file.

Proposal

Like #1342 for ALB.

# copilot/environments/<name>/manifest.yml
cdn:
  ssl_policy: TLSv1.2_2019

Actual workaround

Now we need to have knowledge or search on documentation to do it. And the result will be this override:

# copilot/environments/overrides/cfn.patches.yml
- op: add
  path: /Resources/CloudFrontDistribution/Properties/DistributionConfig/ViewerCertificate/MinimumProtocolVersion
  value: TLSv1.2_2019

[KollaAdithya]

Hello @alquerci !

you can use overrides feature with the workaround mentioned above to configure your ssl policy

[alquerci]

Hello @KollaAdithya,

That's exactly what I did and it work very well.

The point is not about, "now we cannot do it".
It is more about "now we need to have knowledge or search on documentation to do it".

For a security concern configuration, it could be more easy to configure. And have more guidance for developers to help us having secure application.

Moreover the current default policy is low in terms of security.