chore(elbv2): add post-quantum cryptography SSL policies

packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/enums.ts

@@ -146,6 +146,43 @@ export enum SslPolicy {
    */
   TLS13_13 = 'ELBSecurityPolicy-TLS13-1-3-2021-06',
 
+  /**
+   * TLS 1.3 only with post-quantum hybrid key exchange using ML-KEM
+   */
+  TLS13_13_PQ = 'ELBSecurityPolicy-TLS13-1-3-PQ-2025-09',
+
+  /**
+   * TLS 1.2 and 1.3 with post-quantum hybrid key exchange using ML-KEM
+   */
+  TLS13_12_PQ = 'ELBSecurityPolicy-TLS13-1-2-PQ-2025-09',
+
+  /**
+   * TLS 1.2 and 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * Restricted cipher suite for enhanced security with quantum resistance.
+   * AWS recommended policy for post-quantum cryptography.
+   */
+  TLS13_12_RES_PQ = 'ELBSecurityPolicy-TLS13-1-2-Res-PQ-2025-09',
+
+  /**
+   * TLS 1.2 and 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * Extended cipher suite 1 with quantum resistance.
+   */
+  TLS13_12_EXT1_PQ = 'ELBSecurityPolicy-TLS13-1-2-Ext1-PQ-2025-09',
+
+  /**
+   * TLS 1.2 and 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * Extended cipher suite 2 with quantum resistance.
+   */
+  TLS13_12_EXT2_PQ = 'ELBSecurityPolicy-TLS13-1-2-Ext2-PQ-2025-09',
+
+  /**
+   * TLS 1.0 through 1.3 with post-quantum hybrid key exchange using ML-KEM
+   */
+  TLS13_10_PQ = 'ELBSecurityPolicy-TLS13-1-0-PQ-2025-09',
+
   /**
    * TLS 1.3 only with AES 128 and 256 GCM SHA ciphers
    */
@@ -186,6 +223,63 @@ export enum SslPolicy {
    */
   FIPS_TLS13_10 = 'ELBSecurityPolicy-TLS13-1-0-FIPS-2023-04',
 
+  /**
+   * TLS 1.3 only with post-quantum hybrid key exchange using ML-KEM
+   *
+   * FIPS-compliant with quantum resistance.
+   */
+  FIPS_TLS13_13_PQ = 'ELBSecurityPolicy-TLS13-1-3-FIPS-PQ-2025-09',
+
+  /**
+   * TLS 1.2 and 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * FIPS-compliant with quantum resistance.
+   */
+  FIPS_TLS13_12_PQ = 'ELBSecurityPolicy-TLS13-1-2-FIPS-PQ-2025-09',
+
+  /**
+   * TLS 1.2 and 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * Restricted cipher suite for enhanced security with quantum resistance.
+   * FIPS-compliant. AWS recommended policy for post-quantum cryptography with FIPS.
+   */
+  FIPS_TLS13_12_RES_PQ = 'ELBSecurityPolicy-TLS13-1-2-Res-FIPS-PQ-2025-09',
+
+  /**
+   * TLS 1.2 and 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * Extended cipher suite 0 with quantum resistance. FIPS-compliant.
+   */
+  FIPS_TLS13_12_EXT0_PQ = 'ELBSecurityPolicy-TLS13-1-2-Ext0-FIPS-PQ-2025-09',
+
+  /**
+   * TLS 1.2 and 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * Extended cipher suite 1 with quantum resistance. FIPS-compliant.
+   */
+  FIPS_TLS13_12_EXT1_PQ = 'ELBSecurityPolicy-TLS13-1-2-Ext1-FIPS-PQ-2025-09',
+
+  /**
+   * TLS 1.2 and 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * Extended cipher suite 2 with quantum resistance. FIPS-compliant.
+   */
+  FIPS_TLS13_12_EXT2_PQ = 'ELBSecurityPolicy-TLS13-1-2-Ext2-FIPS-PQ-2025-09',
+
+  /**
+   * TLS 1.1 through 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * FIPS-compliant with quantum resistance.
+   */
+  FIPS_TLS13_11_PQ = 'ELBSecurityPolicy-TLS13-1-1-FIPS-PQ-2025-09',
+
+  /**
+   * TLS 1.0 through 1.3 with post-quantum hybrid key exchange using ML-KEM
+   *
+   * FIPS-compliant with quantum resistance.
+   */
+  FIPS_TLS13_10_PQ = 'ELBSecurityPolicy-TLS13-1-0-FIPS-PQ-2025-09',
+
   /**
    * Strong foward secrecy ciphers and TLV1.2 only (2020 edition).
    * Same as FORWARD_SECRECY_TLS12_RES, but only supports GCM versions of the TLS ciphers