1. Packages
  2. AWS Native
  3. API Docs
  4. elasticloadbalancingv2
  5. getListener

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi

aws-native.elasticloadbalancingv2.getListener

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi

    Specifies a listener for an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer.

    Using getListener

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getListener(args: GetListenerArgs, opts?: InvokeOptions): Promise<GetListenerResult>
    function getListenerOutput(args: GetListenerOutputArgs, opts?: InvokeOptions): Output<GetListenerResult>
    def get_listener(listener_arn: Optional[str] = None,
                     opts: Optional[InvokeOptions] = None) -> GetListenerResult
    def get_listener_output(listener_arn: Optional[pulumi.Input[str]] = None,
                     opts: Optional[InvokeOptions] = None) -> Output[GetListenerResult]
    func LookupListener(ctx *Context, args *LookupListenerArgs, opts ...InvokeOption) (*LookupListenerResult, error)
    func LookupListenerOutput(ctx *Context, args *LookupListenerOutputArgs, opts ...InvokeOption) LookupListenerResultOutput

    > Note: This function is named LookupListener in the Go SDK.

    public static class GetListener 
    {
        public static Task<GetListenerResult> InvokeAsync(GetListenerArgs args, InvokeOptions? opts = null)
        public static Output<GetListenerResult> Invoke(GetListenerInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetListenerResult> getListener(GetListenerArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws-native:elasticloadbalancingv2:getListener
      arguments:
        # arguments dictionary

    The following arguments are supported:

    ListenerArn string
    The Amazon Resource Name (ARN) of the listener.
    ListenerArn string
    The Amazon Resource Name (ARN) of the listener.
    listenerArn String
    The Amazon Resource Name (ARN) of the listener.
    listenerArn string
    The Amazon Resource Name (ARN) of the listener.
    listener_arn str
    The Amazon Resource Name (ARN) of the listener.
    listenerArn String
    The Amazon Resource Name (ARN) of the listener.

    getListener Result

    The following output properties are available:

    AlpnPolicy List<string>
    [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
    Certificates List<Pulumi.AwsNative.ElasticLoadBalancingV2.Outputs.ListenerCertificate>
    The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
    DefaultActions List<Pulumi.AwsNative.ElasticLoadBalancingV2.Outputs.ListenerAction>
    The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
    ListenerArn string
    The Amazon Resource Name (ARN) of the listener.
    MutualAuthentication Pulumi.AwsNative.ElasticLoadBalancingV2.Outputs.ListenerMutualAuthentication
    The mutual authentication configuration information.
    Port int
    The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
    Protocol string
    The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
    SslPolicy string
    [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
    AlpnPolicy []string
    [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
    Certificates []ListenerCertificate
    The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
    DefaultActions []ListenerAction
    The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
    ListenerArn string
    The Amazon Resource Name (ARN) of the listener.
    MutualAuthentication ListenerMutualAuthentication
    The mutual authentication configuration information.
    Port int
    The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
    Protocol string
    The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
    SslPolicy string
    [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
    alpnPolicy List<String>
    [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
    certificates List<ListenerCertificate>
    The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
    defaultActions List<ListenerAction>
    The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
    listenerArn String
    The Amazon Resource Name (ARN) of the listener.
    mutualAuthentication ListenerMutualAuthentication
    The mutual authentication configuration information.
    port Integer
    The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
    protocol String
    The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
    sslPolicy String
    [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
    alpnPolicy string[]
    [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
    certificates ListenerCertificate[]
    The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
    defaultActions ListenerAction[]
    The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
    listenerArn string
    The Amazon Resource Name (ARN) of the listener.
    mutualAuthentication ListenerMutualAuthentication
    The mutual authentication configuration information.
    port number
    The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
    protocol string
    The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
    sslPolicy string
    [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
    alpn_policy Sequence[str]
    [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
    certificates Sequence[ListenerCertificate]
    The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
    default_actions Sequence[ListenerAction]
    The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
    listener_arn str
    The Amazon Resource Name (ARN) of the listener.
    mutual_authentication ListenerMutualAuthentication
    The mutual authentication configuration information.
    port int
    The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
    protocol str
    The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
    ssl_policy str
    [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
    alpnPolicy List<String>
    [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
    certificates List<Property Map>
    The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
    defaultActions List<Property Map>
    The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
    listenerArn String
    The Amazon Resource Name (ARN) of the listener.
    mutualAuthentication Property Map
    The mutual authentication configuration information.
    port Number
    The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
    protocol String
    The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
    sslPolicy String
    [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

    Supporting Types

    ListenerAction

    Type string
    The type of action.
    AuthenticateCognitoConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerAuthenticateCognitoConfig
    [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
    AuthenticateOidcConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerAuthenticateOidcConfig
    [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
    FixedResponseConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerFixedResponseConfig
    [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
    ForwardConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerForwardConfig
    Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
    Order int
    The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
    RedirectConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerRedirectConfig
    [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
    TargetGroupArn string
    The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.
    Type string
    The type of action.
    AuthenticateCognitoConfig ListenerAuthenticateCognitoConfig
    [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
    AuthenticateOidcConfig ListenerAuthenticateOidcConfig
    [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
    FixedResponseConfig ListenerFixedResponseConfig
    [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
    ForwardConfig ListenerForwardConfig
    Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
    Order int
    The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
    RedirectConfig ListenerRedirectConfig
    [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
    TargetGroupArn string
    The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.
    type String
    The type of action.
    authenticateCognitoConfig ListenerAuthenticateCognitoConfig
    [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
    authenticateOidcConfig ListenerAuthenticateOidcConfig
    [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
    fixedResponseConfig ListenerFixedResponseConfig
    [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
    forwardConfig ListenerForwardConfig
    Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
    order Integer
    The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
    redirectConfig ListenerRedirectConfig
    [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
    targetGroupArn String
    The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.
    type string
    The type of action.
    authenticateCognitoConfig ListenerAuthenticateCognitoConfig
    [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
    authenticateOidcConfig ListenerAuthenticateOidcConfig
    [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
    fixedResponseConfig ListenerFixedResponseConfig
    [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
    forwardConfig ListenerForwardConfig
    Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
    order number
    The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
    redirectConfig ListenerRedirectConfig
    [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
    targetGroupArn string
    The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.
    type str
    The type of action.
    authenticate_cognito_config ListenerAuthenticateCognitoConfig
    [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
    authenticate_oidc_config ListenerAuthenticateOidcConfig
    [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
    fixed_response_config ListenerFixedResponseConfig
    [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
    forward_config ListenerForwardConfig
    Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
    order int
    The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
    redirect_config ListenerRedirectConfig
    [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
    target_group_arn str
    The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.
    type String
    The type of action.
    authenticateCognitoConfig Property Map
    [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
    authenticateOidcConfig Property Map
    [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
    fixedResponseConfig Property Map
    [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
    forwardConfig Property Map
    Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
    order Number
    The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
    redirectConfig Property Map
    [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
    targetGroupArn String
    The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.

    ListenerAuthenticateCognitoConfig

    UserPoolArn string
    The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
    UserPoolClientId string
    The ID of the Amazon Cognito user pool client.
    UserPoolDomain string
    The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
    AuthenticationRequestExtraParams Dictionary<string, string>
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    OnUnauthenticatedRequest string
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    Scope string
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    SessionCookieName string
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    SessionTimeout string
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    UserPoolArn string
    The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
    UserPoolClientId string
    The ID of the Amazon Cognito user pool client.
    UserPoolDomain string
    The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
    AuthenticationRequestExtraParams map[string]string
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    OnUnauthenticatedRequest string
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    Scope string
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    SessionCookieName string
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    SessionTimeout string
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    userPoolArn String
    The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
    userPoolClientId String
    The ID of the Amazon Cognito user pool client.
    userPoolDomain String
    The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
    authenticationRequestExtraParams Map<String,String>
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    onUnauthenticatedRequest String
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    scope String
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    sessionCookieName String
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    sessionTimeout String
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    userPoolArn string
    The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
    userPoolClientId string
    The ID of the Amazon Cognito user pool client.
    userPoolDomain string
    The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
    authenticationRequestExtraParams {[key: string]: string}
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    onUnauthenticatedRequest string
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    scope string
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    sessionCookieName string
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    sessionTimeout string
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    user_pool_arn str
    The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
    user_pool_client_id str
    The ID of the Amazon Cognito user pool client.
    user_pool_domain str
    The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
    authentication_request_extra_params Mapping[str, str]
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    on_unauthenticated_request str
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    scope str
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    session_cookie_name str
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    session_timeout str
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    userPoolArn String
    The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
    userPoolClientId String
    The ID of the Amazon Cognito user pool client.
    userPoolDomain String
    The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
    authenticationRequestExtraParams Map<String>
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    onUnauthenticatedRequest String
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    scope String
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    sessionCookieName String
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    sessionTimeout String
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

    ListenerAuthenticateOidcConfig

    AuthorizationEndpoint string
    The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    ClientId string
    The OAuth 2.0 client identifier.
    Issuer string
    The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    TokenEndpoint string
    The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    UserInfoEndpoint string
    The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    AuthenticationRequestExtraParams Dictionary<string, string>
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    ClientSecret string
    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
    OnUnauthenticatedRequest string
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    Scope string
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    SessionCookieName string
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    SessionTimeout string
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    UseExistingClientSecret bool
    Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
    AuthorizationEndpoint string
    The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    ClientId string
    The OAuth 2.0 client identifier.
    Issuer string
    The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    TokenEndpoint string
    The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    UserInfoEndpoint string
    The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    AuthenticationRequestExtraParams map[string]string
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    ClientSecret string
    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
    OnUnauthenticatedRequest string
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    Scope string
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    SessionCookieName string
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    SessionTimeout string
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    UseExistingClientSecret bool
    Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
    authorizationEndpoint String
    The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    clientId String
    The OAuth 2.0 client identifier.
    issuer String
    The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    tokenEndpoint String
    The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    userInfoEndpoint String
    The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    authenticationRequestExtraParams Map<String,String>
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    clientSecret String
    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
    onUnauthenticatedRequest String
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    scope String
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    sessionCookieName String
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    sessionTimeout String
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    useExistingClientSecret Boolean
    Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
    authorizationEndpoint string
    The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    clientId string
    The OAuth 2.0 client identifier.
    issuer string
    The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    tokenEndpoint string
    The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    userInfoEndpoint string
    The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    authenticationRequestExtraParams {[key: string]: string}
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    clientSecret string
    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
    onUnauthenticatedRequest string
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    scope string
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    sessionCookieName string
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    sessionTimeout string
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    useExistingClientSecret boolean
    Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
    authorization_endpoint str
    The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    client_id str
    The OAuth 2.0 client identifier.
    issuer str
    The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    token_endpoint str
    The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    user_info_endpoint str
    The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    authentication_request_extra_params Mapping[str, str]
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    client_secret str
    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
    on_unauthenticated_request str
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    scope str
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    session_cookie_name str
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    session_timeout str
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    use_existing_client_secret bool
    Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
    authorizationEndpoint String
    The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    clientId String
    The OAuth 2.0 client identifier.
    issuer String
    The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    tokenEndpoint String
    The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    userInfoEndpoint String
    The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    authenticationRequestExtraParams Map<String>
    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
    clientSecret String
    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
    onUnauthenticatedRequest String
    The behavior if the user is not authenticated. The following are possible values:

    • deny```` - Return an HTTP 401 Unauthorized error.
    • allow```` - Allow the request to be forwarded to the target.
    • authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
    scope String
    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
    sessionCookieName String
    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
    sessionTimeout String
    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
    useExistingClientSecret Boolean
    Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

    ListenerCertificate

    CertificateArn string
    The Amazon Resource Name (ARN) of the certificate.
    CertificateArn string
    The Amazon Resource Name (ARN) of the certificate.
    certificateArn String
    The Amazon Resource Name (ARN) of the certificate.
    certificateArn string
    The Amazon Resource Name (ARN) of the certificate.
    certificate_arn str
    The Amazon Resource Name (ARN) of the certificate.
    certificateArn String
    The Amazon Resource Name (ARN) of the certificate.

    ListenerFixedResponseConfig

    StatusCode string
    The HTTP response code (2XX, 4XX, or 5XX).
    ContentType string
    The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
    MessageBody string
    The message.
    StatusCode string
    The HTTP response code (2XX, 4XX, or 5XX).
    ContentType string
    The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
    MessageBody string
    The message.
    statusCode String
    The HTTP response code (2XX, 4XX, or 5XX).
    contentType String
    The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
    messageBody String
    The message.
    statusCode string
    The HTTP response code (2XX, 4XX, or 5XX).
    contentType string
    The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
    messageBody string
    The message.
    status_code str
    The HTTP response code (2XX, 4XX, or 5XX).
    content_type str
    The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
    message_body str
    The message.
    statusCode String
    The HTTP response code (2XX, 4XX, or 5XX).
    contentType String
    The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
    messageBody String
    The message.

    ListenerForwardConfig

    TargetGroupStickinessConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerTargetGroupStickinessConfig
    Information about the target group stickiness for a rule.
    TargetGroups List<Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerTargetGroupTuple>
    Information about how traffic will be distributed between multiple target groups in a forward rule.
    TargetGroupStickinessConfig ListenerTargetGroupStickinessConfig
    Information about the target group stickiness for a rule.
    TargetGroups []ListenerTargetGroupTuple
    Information about how traffic will be distributed between multiple target groups in a forward rule.
    targetGroupStickinessConfig ListenerTargetGroupStickinessConfig
    Information about the target group stickiness for a rule.
    targetGroups List<ListenerTargetGroupTuple>
    Information about how traffic will be distributed between multiple target groups in a forward rule.
    targetGroupStickinessConfig ListenerTargetGroupStickinessConfig
    Information about the target group stickiness for a rule.
    targetGroups ListenerTargetGroupTuple[]
    Information about how traffic will be distributed between multiple target groups in a forward rule.
    target_group_stickiness_config ListenerTargetGroupStickinessConfig
    Information about the target group stickiness for a rule.
    target_groups Sequence[ListenerTargetGroupTuple]
    Information about how traffic will be distributed between multiple target groups in a forward rule.
    targetGroupStickinessConfig Property Map
    Information about the target group stickiness for a rule.
    targetGroups List<Property Map>
    Information about how traffic will be distributed between multiple target groups in a forward rule.

    ListenerMutualAuthentication

    IgnoreClientCertificateExpiry bool
    Indicates whether expired client certificates are ignored.
    Mode string
    The client certificate handling method. Options are off, passthrough or verify. The default value is off.
    TrustStoreArn string
    The Amazon Resource Name (ARN) of the trust store.
    IgnoreClientCertificateExpiry bool
    Indicates whether expired client certificates are ignored.
    Mode string
    The client certificate handling method. Options are off, passthrough or verify. The default value is off.
    TrustStoreArn string
    The Amazon Resource Name (ARN) of the trust store.
    ignoreClientCertificateExpiry Boolean
    Indicates whether expired client certificates are ignored.
    mode String
    The client certificate handling method. Options are off, passthrough or verify. The default value is off.
    trustStoreArn String
    The Amazon Resource Name (ARN) of the trust store.
    ignoreClientCertificateExpiry boolean
    Indicates whether expired client certificates are ignored.
    mode string
    The client certificate handling method. Options are off, passthrough or verify. The default value is off.
    trustStoreArn string
    The Amazon Resource Name (ARN) of the trust store.
    ignore_client_certificate_expiry bool
    Indicates whether expired client certificates are ignored.
    mode str
    The client certificate handling method. Options are off, passthrough or verify. The default value is off.
    trust_store_arn str
    The Amazon Resource Name (ARN) of the trust store.
    ignoreClientCertificateExpiry Boolean
    Indicates whether expired client certificates are ignored.
    mode String
    The client certificate handling method. Options are off, passthrough or verify. The default value is off.
    trustStoreArn String
    The Amazon Resource Name (ARN) of the trust store.

    ListenerRedirectConfig

    StatusCode string
    The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
    Host string
    The hostname. This component is not percent-encoded. The hostname can contain #{host}.
    Path string
    The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
    Port string
    The port. You can specify a value from 1 to 65535 or #{port}.
    Protocol string
    The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
    Query string
    The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
    StatusCode string
    The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
    Host string
    The hostname. This component is not percent-encoded. The hostname can contain #{host}.
    Path string
    The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
    Port string
    The port. You can specify a value from 1 to 65535 or #{port}.
    Protocol string
    The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
    Query string
    The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
    statusCode String
    The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
    host String
    The hostname. This component is not percent-encoded. The hostname can contain #{host}.
    path String
    The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
    port String
    The port. You can specify a value from 1 to 65535 or #{port}.
    protocol String
    The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
    query String
    The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
    statusCode string
    The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
    host string
    The hostname. This component is not percent-encoded. The hostname can contain #{host}.
    path string
    The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
    port string
    The port. You can specify a value from 1 to 65535 or #{port}.
    protocol string
    The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
    query string
    The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
    status_code str
    The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
    host str
    The hostname. This component is not percent-encoded. The hostname can contain #{host}.
    path str
    The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
    port str
    The port. You can specify a value from 1 to 65535 or #{port}.
    protocol str
    The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
    query str
    The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
    statusCode String
    The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
    host String
    The hostname. This component is not percent-encoded. The hostname can contain #{host}.
    path String
    The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
    port String
    The port. You can specify a value from 1 to 65535 or #{port}.
    protocol String
    The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
    query String
    The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.

    ListenerTargetGroupStickinessConfig

    DurationSeconds int
    The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
    Enabled bool
    Indicates whether target group stickiness is enabled.
    DurationSeconds int
    The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
    Enabled bool
    Indicates whether target group stickiness is enabled.
    durationSeconds Integer
    The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
    enabled Boolean
    Indicates whether target group stickiness is enabled.
    durationSeconds number
    The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
    enabled boolean
    Indicates whether target group stickiness is enabled.
    duration_seconds int
    The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
    enabled bool
    Indicates whether target group stickiness is enabled.
    durationSeconds Number
    The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
    enabled Boolean
    Indicates whether target group stickiness is enabled.

    ListenerTargetGroupTuple

    TargetGroupArn string
    The Amazon Resource Name (ARN) of the target group.
    Weight int
    The weight. The range is 0 to 999.
    TargetGroupArn string
    The Amazon Resource Name (ARN) of the target group.
    Weight int
    The weight. The range is 0 to 999.
    targetGroupArn String
    The Amazon Resource Name (ARN) of the target group.
    weight Integer
    The weight. The range is 0 to 999.
    targetGroupArn string
    The Amazon Resource Name (ARN) of the target group.
    weight number
    The weight. The range is 0 to 999.
    target_group_arn str
    The Amazon Resource Name (ARN) of the target group.
    weight int
    The weight. The range is 0 to 999.
    targetGroupArn String
    The Amazon Resource Name (ARN) of the target group.
    weight Number
    The weight. The range is 0 to 999.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.108.3 published on Wednesday, Jun 12, 2024 by Pulumi