maraca/elb.json

## elb.json
    "PublicELB" : {
      "Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
      "Properties" : {
        "SecurityGroups" : [ { "Ref" : "PublicELBSecurityGroup" } ],
        "Subnets" : { "Ref" : "PublicSubnetIds" },
        "Listeners" :
        [
          { "LoadBalancerPort" : "443",
            "InstancePort" : "80",
            "Protocol" : "HTTPS",
            "SSLCertificateId" : { "Ref" : "SSLCertificateArn" },
            "PolicyNames": [ "SSLNegotiationPolicy" ]
          }
        ],
        "Policies": [
          { "PolicyName" : "SSLNegotiationPolicy",
            "PolicyType" : "SSLNegotiationPolicyType",
            "Attributes" : [
              { "Name" : "Server-Defined-Cipher-Order", "Value" : "true" },
              { "Name" : "ECDHE-ECDSA-AES128-GCM-SHA256", "Value" : "true" },
              { "Name" : "ECDHE-ECDSA-AES128-SHA", "Value" : "true" },
              { "Name" : "ECDHE-ECDSA-AES128-SHA256", "Value" : "true" },
              { "Name" : "ECDHE-ECDSA-AES256-GCM-SHA384", "Value" : "true" },
              { "Name" : "ECDHE-ECDSA-AES256-SHA", "Value" : "true" },
              { "Name" : "ECDHE-ECDSA-AES256-SHA384", "Value" : "true" },
              { "Name" : "ECDHE-ECDSA-RC4-SHA", "Value" : "false" },
              { "Name" : "ECDHE-RSA-AES128-GCM-SHA256", "Value" : "true" },
              { "Name" : "ECDHE-RSA-AES128-SHA", "Value" : "true" },
              { "Name" : "ECDHE-RSA-AES128-SHA256", "Value" : "true" },
              { "Name" : "ECDHE-RSA-AES256-GCM-SHA384", "Value" : "true" },
              { "Name" : "ECDHE-RSA-AES256-SHA", "Value" : "true" },
              { "Name" : "ECDHE-RSA-AES256-SHA384", "Value" : "true" },
              { "Name" : "ECDHE-RSA-RC4-SHA", "Value" : "false" },
              { "Name" : "Protocol-SSLv3", "Value" : "false" },
              { "Name" : "Protocol-TLSv1", "Value" : "true" },
              { "Name" : "Protocol-TLSv1.1", "Value" : "true" },
              { "Name" : "Protocol-TLSv1.2", "Value" : "true" },
              { "Name" : "RC4-SHA", "Value" : "false" }
            ]
          }
        ]
      }
    }
	"PublicELB" : {
	"Type" : "AWS::ElasticLoadBalancing::LoadBalancer",
	"Properties" : {
	"SecurityGroups" : [ { "Ref" : "PublicELBSecurityGroup" } ],
	"Subnets" : { "Ref" : "PublicSubnetIds" },
	"Listeners" :
	[
	{ "LoadBalancerPort" : "443",
	"InstancePort" : "80",
	"Protocol" : "HTTPS",
	"SSLCertificateId" : { "Ref" : "SSLCertificateArn" },
	"PolicyNames": [ "SSLNegotiationPolicy" ]
	}
	],
	"Policies": [
	{ "PolicyName" : "SSLNegotiationPolicy",
	"PolicyType" : "SSLNegotiationPolicyType",
	"Attributes" : [
	{ "Name" : "Server-Defined-Cipher-Order", "Value" : "true" },
	{ "Name" : "ECDHE-ECDSA-AES128-GCM-SHA256", "Value" : "true" },
	{ "Name" : "ECDHE-ECDSA-AES128-SHA", "Value" : "true" },
	{ "Name" : "ECDHE-ECDSA-AES128-SHA256", "Value" : "true" },
	{ "Name" : "ECDHE-ECDSA-AES256-GCM-SHA384", "Value" : "true" },
	{ "Name" : "ECDHE-ECDSA-AES256-SHA", "Value" : "true" },
	{ "Name" : "ECDHE-ECDSA-AES256-SHA384", "Value" : "true" },
	{ "Name" : "ECDHE-ECDSA-RC4-SHA", "Value" : "false" },
	{ "Name" : "ECDHE-RSA-AES128-GCM-SHA256", "Value" : "true" },
	{ "Name" : "ECDHE-RSA-AES128-SHA", "Value" : "true" },
	{ "Name" : "ECDHE-RSA-AES128-SHA256", "Value" : "true" },
	{ "Name" : "ECDHE-RSA-AES256-GCM-SHA384", "Value" : "true" },
	{ "Name" : "ECDHE-RSA-AES256-SHA", "Value" : "true" },
	{ "Name" : "ECDHE-RSA-AES256-SHA384", "Value" : "true" },
	{ "Name" : "ECDHE-RSA-RC4-SHA", "Value" : "false" },
	{ "Name" : "Protocol-SSLv3", "Value" : "false" },
	{ "Name" : "Protocol-TLSv1", "Value" : "true" },
	{ "Name" : "Protocol-TLSv1.1", "Value" : "true" },
	{ "Name" : "Protocol-TLSv1.2", "Value" : "true" },
	{ "Name" : "RC4-SHA", "Value" : "false" }
	]
	}
	]
	}
	}