aws.lb.Listener
Explore with Pulumi AI
Provides a Load Balancer Listener resource.
Note:
aws.alb.Listener
is known asaws.lb.Listener
. The functionality is identical.
Example Usage
Forward Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 443,
protocol: "HTTPS",
sslPolicy: "ELBSecurityPolicy-2016-08",
certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
defaultActions: [{
type: "forward",
targetGroupArn: frontEndTargetGroup.arn,
}],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_target_group = aws.lb.TargetGroup("front_end")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=443,
protocol="HTTPS",
ssl_policy="ELBSecurityPolicy-2016-08",
certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
default_actions=[{
"type": "forward",
"target_group_arn": front_end_target_group.arn,
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(443),
Protocol: pulumi.String("HTTPS"),
SslPolicy: pulumi.String("ELBSecurityPolicy-2016-08"),
CertificateArn: pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: frontEndTargetGroup.Arn,
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 443,
Protocol = "HTTPS",
SslPolicy = "ELBSecurityPolicy-2016-08",
CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndTargetGroup.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("443")
.protocol("HTTPS")
.sslPolicy("ELBSecurityPolicy-2016-08")
.certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("forward")
.targetGroupArn(frontEndTargetGroup.arn())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndTargetGroup:
type: aws:lb:TargetGroup
name: front_end
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '443'
protocol: HTTPS
sslPolicy: ELBSecurityPolicy-2016-08
certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
defaultActions:
- type: forward
targetGroupArn: ${frontEndTargetGroup.arn}
To a NLB:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEndAwsLb.arn,
port: 443,
protocol: "TLS",
sslPolicy: "ELBSecurityPolicy-2016-08",
certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
alpnPolicy: "HTTP2Preferred",
defaultActions: [{
type: "forward",
targetGroupArn: frontEndAwsLbTargetGroup.arn,
}],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.Listener("front_end",
load_balancer_arn=front_end_aws_lb["arn"],
port=443,
protocol="TLS",
ssl_policy="ELBSecurityPolicy-2016-08",
certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
alpn_policy="HTTP2Preferred",
default_actions=[{
"type": "forward",
"target_group_arn": front_end_aws_lb_target_group["arn"],
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: pulumi.Any(frontEndAwsLb.Arn),
Port: pulumi.Int(443),
Protocol: pulumi.String("TLS"),
SslPolicy: pulumi.String("ELBSecurityPolicy-2016-08"),
CertificateArn: pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
AlpnPolicy: pulumi.String("HTTP2Preferred"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: pulumi.Any(frontEndAwsLbTargetGroup.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEndAwsLb.Arn,
Port = 443,
Protocol = "TLS",
SslPolicy = "ELBSecurityPolicy-2016-08",
CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
AlpnPolicy = "HTTP2Preferred",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndAwsLbTargetGroup.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new Listener("frontEnd", ListenerArgs.builder()
.loadBalancerArn(frontEndAwsLb.arn())
.port("443")
.protocol("TLS")
.sslPolicy("ELBSecurityPolicy-2016-08")
.certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
.alpnPolicy("HTTP2Preferred")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("forward")
.targetGroupArn(frontEndAwsLbTargetGroup.arn())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEndAwsLb.arn}
port: '443'
protocol: TLS
sslPolicy: ELBSecurityPolicy-2016-08
certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
alpnPolicy: HTTP2Preferred
defaultActions:
- type: forward
targetGroupArn: ${frontEndAwsLbTargetGroup.arn}
Redirect Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 80,
protocol: "HTTP",
defaultActions: [{
type: "redirect",
redirect: {
port: "443",
protocol: "HTTPS",
statusCode: "HTTP_301",
},
}],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=80,
protocol="HTTP",
default_actions=[{
"type": "redirect",
"redirect": {
"port": "443",
"protocol": "HTTPS",
"status_code": "HTTP_301",
},
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("redirect"),
Redirect: &lb.ListenerDefaultActionRedirectArgs{
Port: pulumi.String("443"),
Protocol: pulumi.String("HTTPS"),
StatusCode: pulumi.String("HTTP_301"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "redirect",
Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
{
Port = "443",
Protocol = "HTTPS",
StatusCode = "HTTP_301",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionRedirectArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("80")
.protocol("HTTP")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("redirect")
.redirect(ListenerDefaultActionRedirectArgs.builder()
.port("443")
.protocol("HTTPS")
.statusCode("HTTP_301")
.build())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '80'
protocol: HTTP
defaultActions:
- type: redirect
redirect:
port: '443'
protocol: HTTPS
statusCode: HTTP_301
Fixed-response Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 80,
protocol: "HTTP",
defaultActions: [{
type: "fixed-response",
fixedResponse: {
contentType: "text/plain",
messageBody: "Fixed response content",
statusCode: "200",
},
}],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=80,
protocol="HTTP",
default_actions=[{
"type": "fixed-response",
"fixed_response": {
"content_type": "text/plain",
"message_body": "Fixed response content",
"status_code": "200",
},
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("fixed-response"),
FixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{
ContentType: pulumi.String("text/plain"),
MessageBody: pulumi.String("Fixed response content"),
StatusCode: pulumi.String("200"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "fixed-response",
FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
{
ContentType = "text/plain",
MessageBody = "Fixed response content",
StatusCode = "200",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionFixedResponseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("80")
.protocol("HTTP")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("fixed-response")
.fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
.contentType("text/plain")
.messageBody("Fixed response content")
.statusCode("200")
.build())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '80'
protocol: HTTP
defaultActions:
- type: fixed-response
fixedResponse:
contentType: text/plain
messageBody: Fixed response content
statusCode: '200'
Authenticate-cognito Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
const pool = new aws.cognito.UserPool("pool", {});
const client = new aws.cognito.UserPoolClient("client", {});
const domain = new aws.cognito.UserPoolDomain("domain", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 80,
protocol: "HTTP",
defaultActions: [
{
type: "authenticate-cognito",
authenticateCognito: {
userPoolArn: pool.arn,
userPoolClientId: client.id,
userPoolDomain: domain.domain,
},
},
{
type: "forward",
targetGroupArn: frontEndTargetGroup.arn,
},
],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_target_group = aws.lb.TargetGroup("front_end")
pool = aws.cognito.UserPool("pool")
client = aws.cognito.UserPoolClient("client")
domain = aws.cognito.UserPoolDomain("domain")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=80,
protocol="HTTP",
default_actions=[
{
"type": "authenticate-cognito",
"authenticate_cognito": {
"user_pool_arn": pool.arn,
"user_pool_client_id": client.id,
"user_pool_domain": domain.domain,
},
},
{
"type": "forward",
"target_group_arn": front_end_target_group.arn,
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
if err != nil {
return err
}
pool, err := cognito.NewUserPool(ctx, "pool", nil)
if err != nil {
return err
}
client, err := cognito.NewUserPoolClient(ctx, "client", nil)
if err != nil {
return err
}
domain, err := cognito.NewUserPoolDomain(ctx, "domain", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("authenticate-cognito"),
AuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{
UserPoolArn: pool.Arn,
UserPoolClientId: client.ID(),
UserPoolDomain: domain.Domain,
},
},
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: frontEndTargetGroup.Arn,
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");
var pool = new Aws.Cognito.UserPool("pool");
var client = new Aws.Cognito.UserPoolClient("client");
var domain = new Aws.Cognito.UserPoolDomain("domain");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "authenticate-cognito",
AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
{
UserPoolArn = pool.Arn,
UserPoolClientId = client.Id,
UserPoolDomain = domain.Domain,
},
},
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndTargetGroup.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolDomain;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateCognitoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
var pool = new UserPool("pool");
var client = new UserPoolClient("client");
var domain = new UserPoolDomain("domain");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("80")
.protocol("HTTP")
.defaultActions(
ListenerDefaultActionArgs.builder()
.type("authenticate-cognito")
.authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
.userPoolArn(pool.arn())
.userPoolClientId(client.id())
.userPoolDomain(domain.domain())
.build())
.build(),
ListenerDefaultActionArgs.builder()
.type("forward")
.targetGroupArn(frontEndTargetGroup.arn())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndTargetGroup:
type: aws:lb:TargetGroup
name: front_end
pool:
type: aws:cognito:UserPool
client:
type: aws:cognito:UserPoolClient
domain:
type: aws:cognito:UserPoolDomain
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '80'
protocol: HTTP
defaultActions:
- type: authenticate-cognito
authenticateCognito:
userPoolArn: ${pool.arn}
userPoolClientId: ${client.id}
userPoolDomain: ${domain.domain}
- type: forward
targetGroupArn: ${frontEndTargetGroup.arn}
Authenticate-OIDC Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 80,
protocol: "HTTP",
defaultActions: [
{
type: "authenticate-oidc",
authenticateOidc: {
authorizationEndpoint: "https://example.com/authorization_endpoint",
clientId: "client_id",
clientSecret: "client_secret",
issuer: "https://example.com",
tokenEndpoint: "https://example.com/token_endpoint",
userInfoEndpoint: "https://example.com/user_info_endpoint",
},
},
{
type: "forward",
targetGroupArn: frontEndTargetGroup.arn,
},
],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_target_group = aws.lb.TargetGroup("front_end")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=80,
protocol="HTTP",
default_actions=[
{
"type": "authenticate-oidc",
"authenticate_oidc": {
"authorization_endpoint": "https://example.com/authorization_endpoint",
"client_id": "client_id",
"client_secret": "client_secret",
"issuer": "https://example.com",
"token_endpoint": "https://example.com/token_endpoint",
"user_info_endpoint": "https://example.com/user_info_endpoint",
},
},
{
"type": "forward",
"target_group_arn": front_end_target_group.arn,
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("authenticate-oidc"),
AuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{
AuthorizationEndpoint: pulumi.String("https://example.com/authorization_endpoint"),
ClientId: pulumi.String("client_id"),
ClientSecret: pulumi.String("client_secret"),
Issuer: pulumi.String("https://example.com"),
TokenEndpoint: pulumi.String("https://example.com/token_endpoint"),
UserInfoEndpoint: pulumi.String("https://example.com/user_info_endpoint"),
},
},
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: frontEndTargetGroup.Arn,
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "authenticate-oidc",
AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
{
AuthorizationEndpoint = "https://example.com/authorization_endpoint",
ClientId = "client_id",
ClientSecret = "client_secret",
Issuer = "https://example.com",
TokenEndpoint = "https://example.com/token_endpoint",
UserInfoEndpoint = "https://example.com/user_info_endpoint",
},
},
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndTargetGroup.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateOidcArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("80")
.protocol("HTTP")
.defaultActions(
ListenerDefaultActionArgs.builder()
.type("authenticate-oidc")
.authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
.authorizationEndpoint("https://example.com/authorization_endpoint")
.clientId("client_id")
.clientSecret("client_secret")
.issuer("https://example.com")
.tokenEndpoint("https://example.com/token_endpoint")
.userInfoEndpoint("https://example.com/user_info_endpoint")
.build())
.build(),
ListenerDefaultActionArgs.builder()
.type("forward")
.targetGroupArn(frontEndTargetGroup.arn())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndTargetGroup:
type: aws:lb:TargetGroup
name: front_end
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '80'
protocol: HTTP
defaultActions:
- type: authenticate-oidc
authenticateOidc:
authorizationEndpoint: https://example.com/authorization_endpoint
clientId: client_id
clientSecret: client_secret
issuer: https://example.com
tokenEndpoint: https://example.com/token_endpoint
userInfoEndpoint: https://example.com/user_info_endpoint
- type: forward
targetGroupArn: ${frontEndTargetGroup.arn}
Gateway Load Balancer Listener
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lb.LoadBalancer("example", {
loadBalancerType: "gateway",
name: "example",
subnetMappings: [{
subnetId: exampleAwsSubnet.id,
}],
});
const exampleTargetGroup = new aws.lb.TargetGroup("example", {
name: "example",
port: 6081,
protocol: "GENEVE",
vpcId: exampleAwsVpc.id,
healthCheck: {
port: "80",
protocol: "HTTP",
},
});
const exampleListener = new aws.lb.Listener("example", {
loadBalancerArn: example.id,
defaultActions: [{
targetGroupArn: exampleTargetGroup.id,
type: "forward",
}],
});
import pulumi
import pulumi_aws as aws
example = aws.lb.LoadBalancer("example",
load_balancer_type="gateway",
name="example",
subnet_mappings=[{
"subnet_id": example_aws_subnet["id"],
}])
example_target_group = aws.lb.TargetGroup("example",
name="example",
port=6081,
protocol="GENEVE",
vpc_id=example_aws_vpc["id"],
health_check={
"port": "80",
"protocol": "HTTP",
})
example_listener = aws.lb.Listener("example",
load_balancer_arn=example.id,
default_actions=[{
"target_group_arn": example_target_group.id,
"type": "forward",
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
LoadBalancerType: pulumi.String("gateway"),
Name: pulumi.String("example"),
SubnetMappings: lb.LoadBalancerSubnetMappingArray{
&lb.LoadBalancerSubnetMappingArgs{
SubnetId: pulumi.Any(exampleAwsSubnet.Id),
},
},
})
if err != nil {
return err
}
exampleTargetGroup, err := lb.NewTargetGroup(ctx, "example", &lb.TargetGroupArgs{
Name: pulumi.String("example"),
Port: pulumi.Int(6081),
Protocol: pulumi.String("GENEVE"),
VpcId: pulumi.Any(exampleAwsVpc.Id),
HealthCheck: &lb.TargetGroupHealthCheckArgs{
Port: pulumi.String("80"),
Protocol: pulumi.String("HTTP"),
},
})
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "example", &lb.ListenerArgs{
LoadBalancerArn: example.ID(),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
TargetGroupArn: exampleTargetGroup.ID(),
Type: pulumi.String("forward"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LB.LoadBalancer("example", new()
{
LoadBalancerType = "gateway",
Name = "example",
SubnetMappings = new[]
{
new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
{
SubnetId = exampleAwsSubnet.Id,
},
},
});
var exampleTargetGroup = new Aws.LB.TargetGroup("example", new()
{
Name = "example",
Port = 6081,
Protocol = "GENEVE",
VpcId = exampleAwsVpc.Id,
HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs
{
Port = "80",
Protocol = "HTTP",
},
});
var exampleListener = new Aws.LB.Listener("example", new()
{
LoadBalancerArn = example.Id,
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
TargetGroupArn = exampleTargetGroup.Id,
Type = "forward",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.LoadBalancerArgs;
import com.pulumi.aws.lb.inputs.LoadBalancerSubnetMappingArgs;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.TargetGroupArgs;
import com.pulumi.aws.lb.inputs.TargetGroupHealthCheckArgs;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new LoadBalancer("example", LoadBalancerArgs.builder()
.loadBalancerType("gateway")
.name("example")
.subnetMappings(LoadBalancerSubnetMappingArgs.builder()
.subnetId(exampleAwsSubnet.id())
.build())
.build());
var exampleTargetGroup = new TargetGroup("exampleTargetGroup", TargetGroupArgs.builder()
.name("example")
.port(6081)
.protocol("GENEVE")
.vpcId(exampleAwsVpc.id())
.healthCheck(TargetGroupHealthCheckArgs.builder()
.port(80)
.protocol("HTTP")
.build())
.build());
var exampleListener = new Listener("exampleListener", ListenerArgs.builder()
.loadBalancerArn(example.id())
.defaultActions(ListenerDefaultActionArgs.builder()
.targetGroupArn(exampleTargetGroup.id())
.type("forward")
.build())
.build());
}
}
resources:
example:
type: aws:lb:LoadBalancer
properties:
loadBalancerType: gateway
name: example
subnetMappings:
- subnetId: ${exampleAwsSubnet.id}
exampleTargetGroup:
type: aws:lb:TargetGroup
name: example
properties:
name: example
port: 6081
protocol: GENEVE
vpcId: ${exampleAwsVpc.id}
healthCheck:
port: 80
protocol: HTTP
exampleListener:
type: aws:lb:Listener
name: example
properties:
loadBalancerArn: ${example.id}
defaultActions:
- targetGroupArn: ${exampleTargetGroup.id}
type: forward
Mutual TLS Authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lb.LoadBalancer("example", {loadBalancerType: "application"});
const exampleTargetGroup = new aws.lb.TargetGroup("example", {});
const exampleListener = new aws.lb.Listener("example", {
loadBalancerArn: example.id,
defaultActions: [{
targetGroupArn: exampleTargetGroup.id,
type: "forward",
}],
mutualAuthentication: {
mode: "verify",
trustStoreArn: "...",
},
});
import pulumi
import pulumi_aws as aws
example = aws.lb.LoadBalancer("example", load_balancer_type="application")
example_target_group = aws.lb.TargetGroup("example")
example_listener = aws.lb.Listener("example",
load_balancer_arn=example.id,
default_actions=[{
"target_group_arn": example_target_group.id,
"type": "forward",
}],
mutual_authentication={
"mode": "verify",
"trust_store_arn": "...",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
LoadBalancerType: pulumi.String("application"),
})
if err != nil {
return err
}
exampleTargetGroup, err := lb.NewTargetGroup(ctx, "example", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "example", &lb.ListenerArgs{
LoadBalancerArn: example.ID(),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
TargetGroupArn: exampleTargetGroup.ID(),
Type: pulumi.String("forward"),
},
},
MutualAuthentication: &lb.ListenerMutualAuthenticationArgs{
Mode: pulumi.String("verify"),
TrustStoreArn: pulumi.String("..."),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LB.LoadBalancer("example", new()
{
LoadBalancerType = "application",
});
var exampleTargetGroup = new Aws.LB.TargetGroup("example");
var exampleListener = new Aws.LB.Listener("example", new()
{
LoadBalancerArn = example.Id,
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
TargetGroupArn = exampleTargetGroup.Id,
Type = "forward",
},
},
MutualAuthentication = new Aws.LB.Inputs.ListenerMutualAuthenticationArgs
{
Mode = "verify",
TrustStoreArn = "...",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.LoadBalancerArgs;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerMutualAuthenticationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new LoadBalancer("example", LoadBalancerArgs.builder()
.loadBalancerType("application")
.build());
var exampleTargetGroup = new TargetGroup("exampleTargetGroup");
var exampleListener = new Listener("exampleListener", ListenerArgs.builder()
.loadBalancerArn(example.id())
.defaultActions(ListenerDefaultActionArgs.builder()
.targetGroupArn(exampleTargetGroup.id())
.type("forward")
.build())
.mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
.mode("verify")
.trustStoreArn("...")
.build())
.build());
}
}
resources:
example:
type: aws:lb:LoadBalancer
properties:
loadBalancerType: application
exampleTargetGroup:
type: aws:lb:TargetGroup
name: example
exampleListener:
type: aws:lb:Listener
name: example
properties:
loadBalancerArn: ${example.id}
defaultActions:
- targetGroupArn: ${exampleTargetGroup.id}
type: forward
mutualAuthentication:
mode: verify
trustStoreArn: '...'
Create Listener Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Listener(name: string, args: ListenerArgs, opts?: CustomResourceOptions);
@overload
def Listener(resource_name: str,
args: ListenerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Listener(resource_name: str,
opts: Optional[ResourceOptions] = None,
default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
load_balancer_arn: Optional[str] = None,
routing_http_request_x_amzn_tls_version_header_name: Optional[str] = None,
tcp_idle_timeout_seconds: Optional[int] = None,
alpn_policy: Optional[str] = None,
port: Optional[int] = None,
protocol: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_issuer_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_leaf_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_subject_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_validity_header_name: Optional[str] = None,
routing_http_request_x_amzn_tls_cipher_suite_header_name: Optional[str] = None,
mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
certificate_arn: Optional[str] = None,
routing_http_response_strict_transport_security_header_value: Optional[str] = None,
routing_http_response_access_control_allow_methods_header_value: Optional[str] = None,
routing_http_response_access_control_allow_origin_header_value: Optional[str] = None,
routing_http_response_access_control_expose_headers_header_value: Optional[str] = None,
routing_http_response_access_control_max_age_header_value: Optional[str] = None,
routing_http_response_content_security_policy_header_value: Optional[str] = None,
routing_http_response_server_enabled: Optional[bool] = None,
routing_http_response_access_control_allow_headers_header_value: Optional[str] = None,
routing_http_response_x_content_type_options_header_value: Optional[str] = None,
routing_http_response_x_frame_options_header_value: Optional[str] = None,
ssl_policy: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
routing_http_response_access_control_allow_credentials_header_value: Optional[str] = None)
func NewListener(ctx *Context, name string, args ListenerArgs, opts ...ResourceOption) (*Listener, error)
public Listener(string name, ListenerArgs args, CustomResourceOptions? opts = null)
public Listener(String name, ListenerArgs args)
public Listener(String name, ListenerArgs args, CustomResourceOptions options)
type: aws:lb:Listener
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplelistenerResourceResourceFromLblistener = new Aws.LB.Listener("examplelistenerResourceResourceFromLblistener", new()
{
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "string",
AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
{
UserPoolArn = "string",
UserPoolClientId = "string",
UserPoolDomain = "string",
AuthenticationRequestExtraParams =
{
{ "string", "string" },
},
OnUnauthenticatedRequest = "string",
Scope = "string",
SessionCookieName = "string",
SessionTimeout = 0,
},
AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
{
AuthorizationEndpoint = "string",
ClientId = "string",
ClientSecret = "string",
Issuer = "string",
TokenEndpoint = "string",
UserInfoEndpoint = "string",
AuthenticationRequestExtraParams =
{
{ "string", "string" },
},
OnUnauthenticatedRequest = "string",
Scope = "string",
SessionCookieName = "string",
SessionTimeout = 0,
},
FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
{
ContentType = "string",
MessageBody = "string",
StatusCode = "string",
},
Forward = new Aws.LB.Inputs.ListenerDefaultActionForwardArgs
{
TargetGroups = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionForwardTargetGroupArgs
{
Arn = "string",
Weight = 0,
},
},
Stickiness = new Aws.LB.Inputs.ListenerDefaultActionForwardStickinessArgs
{
Duration = 0,
Enabled = false,
},
},
Order = 0,
Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
{
StatusCode = "string",
Host = "string",
Path = "string",
Port = "string",
Protocol = "string",
Query = "string",
},
TargetGroupArn = "string",
},
},
LoadBalancerArn = "string",
RoutingHttpRequestXAmznTlsVersionHeaderName = "string",
TcpIdleTimeoutSeconds = 0,
AlpnPolicy = "string",
Port = 0,
Protocol = "string",
RoutingHttpRequestXAmznMtlsClientcertHeaderName = "string",
RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName = "string",
RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName = "string",
RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName = "string",
RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName = "string",
RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName = "string",
RoutingHttpRequestXAmznTlsCipherSuiteHeaderName = "string",
MutualAuthentication = new Aws.LB.Inputs.ListenerMutualAuthenticationArgs
{
Mode = "string",
AdvertiseTrustStoreCaNames = "string",
IgnoreClientCertificateExpiry = false,
TrustStoreArn = "string",
},
CertificateArn = "string",
RoutingHttpResponseStrictTransportSecurityHeaderValue = "string",
RoutingHttpResponseAccessControlAllowMethodsHeaderValue = "string",
RoutingHttpResponseAccessControlAllowOriginHeaderValue = "string",
RoutingHttpResponseAccessControlExposeHeadersHeaderValue = "string",
RoutingHttpResponseAccessControlMaxAgeHeaderValue = "string",
RoutingHttpResponseContentSecurityPolicyHeaderValue = "string",
RoutingHttpResponseServerEnabled = false,
RoutingHttpResponseAccessControlAllowHeadersHeaderValue = "string",
RoutingHttpResponseXContentTypeOptionsHeaderValue = "string",
RoutingHttpResponseXFrameOptionsHeaderValue = "string",
SslPolicy = "string",
Tags =
{
{ "string", "string" },
},
RoutingHttpResponseAccessControlAllowCredentialsHeaderValue = "string",
});
example, err := lb.NewListener(ctx, "examplelistenerResourceResourceFromLblistener", &lb.ListenerArgs{
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("string"),
AuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{
UserPoolArn: pulumi.String("string"),
UserPoolClientId: pulumi.String("string"),
UserPoolDomain: pulumi.String("string"),
AuthenticationRequestExtraParams: pulumi.StringMap{
"string": pulumi.String("string"),
},
OnUnauthenticatedRequest: pulumi.String("string"),
Scope: pulumi.String("string"),
SessionCookieName: pulumi.String("string"),
SessionTimeout: pulumi.Int(0),
},
AuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{
AuthorizationEndpoint: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
Issuer: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
UserInfoEndpoint: pulumi.String("string"),
AuthenticationRequestExtraParams: pulumi.StringMap{
"string": pulumi.String("string"),
},
OnUnauthenticatedRequest: pulumi.String("string"),
Scope: pulumi.String("string"),
SessionCookieName: pulumi.String("string"),
SessionTimeout: pulumi.Int(0),
},
FixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{
ContentType: pulumi.String("string"),
MessageBody: pulumi.String("string"),
StatusCode: pulumi.String("string"),
},
Forward: &lb.ListenerDefaultActionForwardArgs{
TargetGroups: lb.ListenerDefaultActionForwardTargetGroupArray{
&lb.ListenerDefaultActionForwardTargetGroupArgs{
Arn: pulumi.String("string"),
Weight: pulumi.Int(0),
},
},
Stickiness: &lb.ListenerDefaultActionForwardStickinessArgs{
Duration: pulumi.Int(0),
Enabled: pulumi.Bool(false),
},
},
Order: pulumi.Int(0),
Redirect: &lb.ListenerDefaultActionRedirectArgs{
StatusCode: pulumi.String("string"),
Host: pulumi.String("string"),
Path: pulumi.String("string"),
Port: pulumi.String("string"),
Protocol: pulumi.String("string"),
Query: pulumi.String("string"),
},
TargetGroupArn: pulumi.String("string"),
},
},
LoadBalancerArn: pulumi.String("string"),
RoutingHttpRequestXAmznTlsVersionHeaderName: pulumi.String("string"),
TcpIdleTimeoutSeconds: pulumi.Int(0),
AlpnPolicy: pulumi.String("string"),
Port: pulumi.Int(0),
Protocol: pulumi.String("string"),
RoutingHttpRequestXAmznMtlsClientcertHeaderName: pulumi.String("string"),
RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName: pulumi.String("string"),
RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName: pulumi.String("string"),
RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName: pulumi.String("string"),
RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName: pulumi.String("string"),
RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName: pulumi.String("string"),
RoutingHttpRequestXAmznTlsCipherSuiteHeaderName: pulumi.String("string"),
MutualAuthentication: &lb.ListenerMutualAuthenticationArgs{
Mode: pulumi.String("string"),
AdvertiseTrustStoreCaNames: pulumi.String("string"),
IgnoreClientCertificateExpiry: pulumi.Bool(false),
TrustStoreArn: pulumi.String("string"),
},
CertificateArn: pulumi.String("string"),
RoutingHttpResponseStrictTransportSecurityHeaderValue: pulumi.String("string"),
RoutingHttpResponseAccessControlAllowMethodsHeaderValue: pulumi.String("string"),
RoutingHttpResponseAccessControlAllowOriginHeaderValue: pulumi.String("string"),
RoutingHttpResponseAccessControlExposeHeadersHeaderValue: pulumi.String("string"),
RoutingHttpResponseAccessControlMaxAgeHeaderValue: pulumi.String("string"),
RoutingHttpResponseContentSecurityPolicyHeaderValue: pulumi.String("string"),
RoutingHttpResponseServerEnabled: pulumi.Bool(false),
RoutingHttpResponseAccessControlAllowHeadersHeaderValue: pulumi.String("string"),
RoutingHttpResponseXContentTypeOptionsHeaderValue: pulumi.String("string"),
RoutingHttpResponseXFrameOptionsHeaderValue: pulumi.String("string"),
SslPolicy: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
RoutingHttpResponseAccessControlAllowCredentialsHeaderValue: pulumi.String("string"),
})
var examplelistenerResourceResourceFromLblistener = new Listener("examplelistenerResourceResourceFromLblistener", ListenerArgs.builder()
.defaultActions(ListenerDefaultActionArgs.builder()
.type("string")
.authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
.userPoolArn("string")
.userPoolClientId("string")
.userPoolDomain("string")
.authenticationRequestExtraParams(Map.of("string", "string"))
.onUnauthenticatedRequest("string")
.scope("string")
.sessionCookieName("string")
.sessionTimeout(0)
.build())
.authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
.authorizationEndpoint("string")
.clientId("string")
.clientSecret("string")
.issuer("string")
.tokenEndpoint("string")
.userInfoEndpoint("string")
.authenticationRequestExtraParams(Map.of("string", "string"))
.onUnauthenticatedRequest("string")
.scope("string")
.sessionCookieName("string")
.sessionTimeout(0)
.build())
.fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
.contentType("string")
.messageBody("string")
.statusCode("string")
.build())
.forward(ListenerDefaultActionForwardArgs.builder()
.targetGroups(ListenerDefaultActionForwardTargetGroupArgs.builder()
.arn("string")
.weight(0)
.build())
.stickiness(ListenerDefaultActionForwardStickinessArgs.builder()
.duration(0)
.enabled(false)
.build())
.build())
.order(0)
.redirect(ListenerDefaultActionRedirectArgs.builder()
.statusCode("string")
.host("string")
.path("string")
.port("string")
.protocol("string")
.query("string")
.build())
.targetGroupArn("string")
.build())
.loadBalancerArn("string")
.routingHttpRequestXAmznTlsVersionHeaderName("string")
.tcpIdleTimeoutSeconds(0)
.alpnPolicy("string")
.port(0)
.protocol("string")
.routingHttpRequestXAmznMtlsClientcertHeaderName("string")
.routingHttpRequestXAmznMtlsClientcertIssuerHeaderName("string")
.routingHttpRequestXAmznMtlsClientcertLeafHeaderName("string")
.routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName("string")
.routingHttpRequestXAmznMtlsClientcertSubjectHeaderName("string")
.routingHttpRequestXAmznMtlsClientcertValidityHeaderName("string")
.routingHttpRequestXAmznTlsCipherSuiteHeaderName("string")
.mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
.mode("string")
.advertiseTrustStoreCaNames("string")
.ignoreClientCertificateExpiry(false)
.trustStoreArn("string")
.build())
.certificateArn("string")
.routingHttpResponseStrictTransportSecurityHeaderValue("string")
.routingHttpResponseAccessControlAllowMethodsHeaderValue("string")
.routingHttpResponseAccessControlAllowOriginHeaderValue("string")
.routingHttpResponseAccessControlExposeHeadersHeaderValue("string")
.routingHttpResponseAccessControlMaxAgeHeaderValue("string")
.routingHttpResponseContentSecurityPolicyHeaderValue("string")
.routingHttpResponseServerEnabled(false)
.routingHttpResponseAccessControlAllowHeadersHeaderValue("string")
.routingHttpResponseXContentTypeOptionsHeaderValue("string")
.routingHttpResponseXFrameOptionsHeaderValue("string")
.sslPolicy("string")
.tags(Map.of("string", "string"))
.routingHttpResponseAccessControlAllowCredentialsHeaderValue("string")
.build());
examplelistener_resource_resource_from_lblistener = aws.lb.Listener("examplelistenerResourceResourceFromLblistener",
default_actions=[{
"type": "string",
"authenticate_cognito": {
"user_pool_arn": "string",
"user_pool_client_id": "string",
"user_pool_domain": "string",
"authentication_request_extra_params": {
"string": "string",
},
"on_unauthenticated_request": "string",
"scope": "string",
"session_cookie_name": "string",
"session_timeout": 0,
},
"authenticate_oidc": {
"authorization_endpoint": "string",
"client_id": "string",
"client_secret": "string",
"issuer": "string",
"token_endpoint": "string",
"user_info_endpoint": "string",
"authentication_request_extra_params": {
"string": "string",
},
"on_unauthenticated_request": "string",
"scope": "string",
"session_cookie_name": "string",
"session_timeout": 0,
},
"fixed_response": {
"content_type": "string",
"message_body": "string",
"status_code": "string",
},
"forward": {
"target_groups": [{
"arn": "string",
"weight": 0,
}],
"stickiness": {
"duration": 0,
"enabled": False,
},
},
"order": 0,
"redirect": {
"status_code": "string",
"host": "string",
"path": "string",
"port": "string",
"protocol": "string",
"query": "string",
},
"target_group_arn": "string",
}],
load_balancer_arn="string",
routing_http_request_x_amzn_tls_version_header_name="string",
tcp_idle_timeout_seconds=0,
alpn_policy="string",
port=0,
protocol="string",
routing_http_request_x_amzn_mtls_clientcert_header_name="string",
routing_http_request_x_amzn_mtls_clientcert_issuer_header_name="string",
routing_http_request_x_amzn_mtls_clientcert_leaf_header_name="string",
routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name="string",
routing_http_request_x_amzn_mtls_clientcert_subject_header_name="string",
routing_http_request_x_amzn_mtls_clientcert_validity_header_name="string",
routing_http_request_x_amzn_tls_cipher_suite_header_name="string",
mutual_authentication={
"mode": "string",
"advertise_trust_store_ca_names": "string",
"ignore_client_certificate_expiry": False,
"trust_store_arn": "string",
},
certificate_arn="string",
routing_http_response_strict_transport_security_header_value="string",
routing_http_response_access_control_allow_methods_header_value="string",
routing_http_response_access_control_allow_origin_header_value="string",
routing_http_response_access_control_expose_headers_header_value="string",
routing_http_response_access_control_max_age_header_value="string",
routing_http_response_content_security_policy_header_value="string",
routing_http_response_server_enabled=False,
routing_http_response_access_control_allow_headers_header_value="string",
routing_http_response_x_content_type_options_header_value="string",
routing_http_response_x_frame_options_header_value="string",
ssl_policy="string",
tags={
"string": "string",
},
routing_http_response_access_control_allow_credentials_header_value="string")
const examplelistenerResourceResourceFromLblistener = new aws.lb.Listener("examplelistenerResourceResourceFromLblistener", {
defaultActions: [{
type: "string",
authenticateCognito: {
userPoolArn: "string",
userPoolClientId: "string",
userPoolDomain: "string",
authenticationRequestExtraParams: {
string: "string",
},
onUnauthenticatedRequest: "string",
scope: "string",
sessionCookieName: "string",
sessionTimeout: 0,
},
authenticateOidc: {
authorizationEndpoint: "string",
clientId: "string",
clientSecret: "string",
issuer: "string",
tokenEndpoint: "string",
userInfoEndpoint: "string",
authenticationRequestExtraParams: {
string: "string",
},
onUnauthenticatedRequest: "string",
scope: "string",
sessionCookieName: "string",
sessionTimeout: 0,
},
fixedResponse: {
contentType: "string",
messageBody: "string",
statusCode: "string",
},
forward: {
targetGroups: [{
arn: "string",
weight: 0,
}],
stickiness: {
duration: 0,
enabled: false,
},
},
order: 0,
redirect: {
statusCode: "string",
host: "string",
path: "string",
port: "string",
protocol: "string",
query: "string",
},
targetGroupArn: "string",
}],
loadBalancerArn: "string",
routingHttpRequestXAmznTlsVersionHeaderName: "string",
tcpIdleTimeoutSeconds: 0,
alpnPolicy: "string",
port: 0,
protocol: "string",
routingHttpRequestXAmznMtlsClientcertHeaderName: "string",
routingHttpRequestXAmznMtlsClientcertIssuerHeaderName: "string",
routingHttpRequestXAmznMtlsClientcertLeafHeaderName: "string",
routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName: "string",
routingHttpRequestXAmznMtlsClientcertSubjectHeaderName: "string",
routingHttpRequestXAmznMtlsClientcertValidityHeaderName: "string",
routingHttpRequestXAmznTlsCipherSuiteHeaderName: "string",
mutualAuthentication: {
mode: "string",
advertiseTrustStoreCaNames: "string",
ignoreClientCertificateExpiry: false,
trustStoreArn: "string",
},
certificateArn: "string",
routingHttpResponseStrictTransportSecurityHeaderValue: "string",
routingHttpResponseAccessControlAllowMethodsHeaderValue: "string",
routingHttpResponseAccessControlAllowOriginHeaderValue: "string",
routingHttpResponseAccessControlExposeHeadersHeaderValue: "string",
routingHttpResponseAccessControlMaxAgeHeaderValue: "string",
routingHttpResponseContentSecurityPolicyHeaderValue: "string",
routingHttpResponseServerEnabled: false,
routingHttpResponseAccessControlAllowHeadersHeaderValue: "string",
routingHttpResponseXContentTypeOptionsHeaderValue: "string",
routingHttpResponseXFrameOptionsHeaderValue: "string",
sslPolicy: "string",
tags: {
string: "string",
},
routingHttpResponseAccessControlAllowCredentialsHeaderValue: "string",
});
type: aws:lb:Listener
properties:
alpnPolicy: string
certificateArn: string
defaultActions:
- authenticateCognito:
authenticationRequestExtraParams:
string: string
onUnauthenticatedRequest: string
scope: string
sessionCookieName: string
sessionTimeout: 0
userPoolArn: string
userPoolClientId: string
userPoolDomain: string
authenticateOidc:
authenticationRequestExtraParams:
string: string
authorizationEndpoint: string
clientId: string
clientSecret: string
issuer: string
onUnauthenticatedRequest: string
scope: string
sessionCookieName: string
sessionTimeout: 0
tokenEndpoint: string
userInfoEndpoint: string
fixedResponse:
contentType: string
messageBody: string
statusCode: string
forward:
stickiness:
duration: 0
enabled: false
targetGroups:
- arn: string
weight: 0
order: 0
redirect:
host: string
path: string
port: string
protocol: string
query: string
statusCode: string
targetGroupArn: string
type: string
loadBalancerArn: string
mutualAuthentication:
advertiseTrustStoreCaNames: string
ignoreClientCertificateExpiry: false
mode: string
trustStoreArn: string
port: 0
protocol: string
routingHttpRequestXAmznMtlsClientcertHeaderName: string
routingHttpRequestXAmznMtlsClientcertIssuerHeaderName: string
routingHttpRequestXAmznMtlsClientcertLeafHeaderName: string
routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName: string
routingHttpRequestXAmznMtlsClientcertSubjectHeaderName: string
routingHttpRequestXAmznMtlsClientcertValidityHeaderName: string
routingHttpRequestXAmznTlsCipherSuiteHeaderName: string
routingHttpRequestXAmznTlsVersionHeaderName: string
routingHttpResponseAccessControlAllowCredentialsHeaderValue: string
routingHttpResponseAccessControlAllowHeadersHeaderValue: string
routingHttpResponseAccessControlAllowMethodsHeaderValue: string
routingHttpResponseAccessControlAllowOriginHeaderValue: string
routingHttpResponseAccessControlExposeHeadersHeaderValue: string
routingHttpResponseAccessControlMaxAgeHeaderValue: string
routingHttpResponseContentSecurityPolicyHeaderValue: string
routingHttpResponseServerEnabled: false
routingHttpResponseStrictTransportSecurityHeaderValue: string
routingHttpResponseXContentTypeOptionsHeaderValue: string
routingHttpResponseXFrameOptionsHeaderValue: string
sslPolicy: string
tags:
string: string
tcpIdleTimeoutSeconds: 0
Listener Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Listener resource accepts the following input properties:
- Default
Actions List<ListenerDefault Action> - Configuration block for default actions. See below.
- Load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - Mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. See below.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - Routing
Http stringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - Routing
Http stringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - Routing
Http stringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - Routing
Http stringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - Routing
Http stringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - Routing
Http stringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - Routing
Http boolResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - Routing
Http stringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - Routing
Http stringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - Routing
Http stringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - Dictionary<string, string>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- Tcp
Idle intTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- Default
Actions []ListenerDefault Action Args - Configuration block for default actions. See below.
- Load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - Mutual
Authentication ListenerMutual Authentication Args - The mutual authentication configuration information. See below.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - Routing
Http stringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - Routing
Http stringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - Routing
Http stringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - Routing
Http stringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - Routing
Http stringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - Routing
Http stringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - Routing
Http boolResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - Routing
Http stringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - Routing
Http stringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - Routing
Http stringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - map[string]string
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- Tcp
Idle intTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- default
Actions List<ListenerDefault Action> - Configuration block for default actions. See below.
- load
Balancer StringArn ARN of the load balancer.
The following arguments are optional:
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. See below.
- port Integer
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - routing
Http StringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - routing
Http StringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - routing
Http StringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - routing
Http StringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - routing
Http StringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - routing
Http StringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - routing
Http BooleanResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - routing
Http StringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - routing
Http StringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - routing
Http StringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - Map<String,String>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- tcp
Idle IntegerTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- default
Actions ListenerDefault Action[] - Configuration block for default actions. See below.
- load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. See below.
- port number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - routing
Http stringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - routing
Http stringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - routing
Http stringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - routing
Http stringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - routing
Http stringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - routing
Http stringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - routing
Http booleanResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - routing
Http stringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - routing
Http stringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - routing
Http stringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - {[key: string]: string}
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- tcp
Idle numberTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- default_
actions Sequence[ListenerDefault Action Args] - Configuration block for default actions. See below.
- load_
balancer_ strarn ARN of the load balancer.
The following arguments are optional:
- alpn_
policy str - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - certificate_
arn str - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - mutual_
authentication ListenerMutual Authentication Args - The mutual authentication configuration information. See below.
- port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol str
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ issuer_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ leaf_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ serial_ number_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ subject_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ validity_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ tls_ cipher_ suite_ header_ name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ tls_ version_ header_ name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strresponse_ access_ control_ allow_ credentials_ header_ value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - routing_
http_ strresponse_ access_ control_ allow_ headers_ header_ value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - routing_
http_ strresponse_ access_ control_ allow_ methods_ header_ value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - routing_
http_ strresponse_ access_ control_ allow_ origin_ header_ value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - routing_
http_ strresponse_ access_ control_ expose_ headers_ header_ value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - routing_
http_ strresponse_ access_ control_ max_ age_ header_ value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - routing_
http_ strresponse_ content_ security_ policy_ header_ value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - routing_
http_ boolresponse_ server_ enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - routing_
http_ strresponse_ strict_ transport_ security_ header_ value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - routing_
http_ strresponse_ x_ content_ type_ options_ header_ value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - routing_
http_ strresponse_ x_ frame_ options_ header_ value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - ssl_
policy str - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - Mapping[str, str]
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- tcp_
idle_ inttimeout_ seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- default
Actions List<Property Map> - Configuration block for default actions. See below.
- load
Balancer StringArn ARN of the load balancer.
The following arguments are optional:
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - mutual
Authentication Property Map - The mutual authentication configuration information. See below.
- port Number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - routing
Http StringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - routing
Http StringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - routing
Http StringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - routing
Http StringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - routing
Http StringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - routing
Http StringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - routing
Http BooleanResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - routing
Http StringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - routing
Http StringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - routing
Http StringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - Map<String>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- tcp
Idle NumberTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
Outputs
All input properties are implicitly available as output properties. Additionally, the Listener resource produces the following output properties:
Look up Existing Listener Resource
Get an existing Listener resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ListenerState, opts?: CustomResourceOptions): Listener
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alpn_policy: Optional[str] = None,
arn: Optional[str] = None,
certificate_arn: Optional[str] = None,
default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
load_balancer_arn: Optional[str] = None,
mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
port: Optional[int] = None,
protocol: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_issuer_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_leaf_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_subject_header_name: Optional[str] = None,
routing_http_request_x_amzn_mtls_clientcert_validity_header_name: Optional[str] = None,
routing_http_request_x_amzn_tls_cipher_suite_header_name: Optional[str] = None,
routing_http_request_x_amzn_tls_version_header_name: Optional[str] = None,
routing_http_response_access_control_allow_credentials_header_value: Optional[str] = None,
routing_http_response_access_control_allow_headers_header_value: Optional[str] = None,
routing_http_response_access_control_allow_methods_header_value: Optional[str] = None,
routing_http_response_access_control_allow_origin_header_value: Optional[str] = None,
routing_http_response_access_control_expose_headers_header_value: Optional[str] = None,
routing_http_response_access_control_max_age_header_value: Optional[str] = None,
routing_http_response_content_security_policy_header_value: Optional[str] = None,
routing_http_response_server_enabled: Optional[bool] = None,
routing_http_response_strict_transport_security_header_value: Optional[str] = None,
routing_http_response_x_content_type_options_header_value: Optional[str] = None,
routing_http_response_x_frame_options_header_value: Optional[str] = None,
ssl_policy: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
tcp_idle_timeout_seconds: Optional[int] = None) -> Listener
func GetListener(ctx *Context, name string, id IDInput, state *ListenerState, opts ...ResourceOption) (*Listener, error)
public static Listener Get(string name, Input<string> id, ListenerState? state, CustomResourceOptions? opts = null)
public static Listener get(String name, Output<String> id, ListenerState state, CustomResourceOptions options)
resources: _: type: aws:lb:Listener get: id: ${id}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - Arn string
- ARN of the listener (matches
id
). - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - Default
Actions List<ListenerDefault Action> - Configuration block for default actions. See below.
- Load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- Mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. See below.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - Routing
Http stringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - Routing
Http stringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - Routing
Http stringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - Routing
Http stringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - Routing
Http stringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - Routing
Http stringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - Routing
Http boolResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - Routing
Http stringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - Routing
Http stringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - Routing
Http stringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - Dictionary<string, string>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Tcp
Idle intTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - Arn string
- ARN of the listener (matches
id
). - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - Default
Actions []ListenerDefault Action Args - Configuration block for default actions. See below.
- Load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- Mutual
Authentication ListenerMutual Authentication Args - The mutual authentication configuration information. See below.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - Routing
Http stringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - Routing
Http stringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - Routing
Http stringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - Routing
Http stringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - Routing
Http stringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - Routing
Http stringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - Routing
Http stringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - Routing
Http boolResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - Routing
Http stringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - Routing
Http stringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - Routing
Http stringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - map[string]string
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Tcp
Idle intTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - arn String
- ARN of the listener (matches
id
). - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - default
Actions List<ListenerDefault Action> - Configuration block for default actions. See below.
- load
Balancer StringArn ARN of the load balancer.
The following arguments are optional:
- mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. See below.
- port Integer
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - routing
Http StringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - routing
Http StringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - routing
Http StringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - routing
Http StringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - routing
Http StringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - routing
Http StringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - routing
Http BooleanResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - routing
Http StringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - routing
Http StringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - routing
Http StringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - Map<String,String>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - tcp
Idle IntegerTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - arn string
- ARN of the listener (matches
id
). - certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - default
Actions ListenerDefault Action[] - Configuration block for default actions. See below.
- load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. See below.
- port number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http stringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - routing
Http stringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - routing
Http stringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - routing
Http stringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - routing
Http stringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - routing
Http stringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - routing
Http stringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - routing
Http booleanResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - routing
Http stringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - routing
Http stringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - routing
Http stringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - {[key: string]: string}
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - tcp
Idle numberTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- alpn_
policy str - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - arn str
- ARN of the listener (matches
id
). - certificate_
arn str - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - default_
actions Sequence[ListenerDefault Action Args] - Configuration block for default actions. See below.
- load_
balancer_ strarn ARN of the load balancer.
The following arguments are optional:
- mutual_
authentication ListenerMutual Authentication Args - The mutual authentication configuration information. See below.
- port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol str
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ issuer_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ leaf_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ serial_ number_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ subject_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ mtls_ clientcert_ validity_ header_ name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ tls_ cipher_ suite_ header_ name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strrequest_ x_ amzn_ tls_ version_ header_ name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing_
http_ strresponse_ access_ control_ allow_ credentials_ header_ value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - routing_
http_ strresponse_ access_ control_ allow_ headers_ header_ value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - routing_
http_ strresponse_ access_ control_ allow_ methods_ header_ value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - routing_
http_ strresponse_ access_ control_ allow_ origin_ header_ value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - routing_
http_ strresponse_ access_ control_ expose_ headers_ header_ value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - routing_
http_ strresponse_ access_ control_ max_ age_ header_ value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - routing_
http_ strresponse_ content_ security_ policy_ header_ value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - routing_
http_ boolresponse_ server_ enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - routing_
http_ strresponse_ strict_ transport_ security_ header_ value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - routing_
http_ strresponse_ x_ content_ type_ options_ header_ value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - routing_
http_ strresponse_ x_ frame_ options_ header_ value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - ssl_
policy str - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - Mapping[str, str]
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - tcp_
idle_ inttimeout_ seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - arn String
- ARN of the listener (matches
id
). - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - default
Actions List<Property Map> - Configuration block for default actions. See below.
- load
Balancer StringArn ARN of the load balancer.
The following arguments are optional:
- mutual
Authentication Property Map - The mutual authentication configuration information. See below.
- port Number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Issuer Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Issuer
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Leaf Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Leaf
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Serial Number Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Serial-Number
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Subject Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Subject
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Mtls Clientcert Validity Header Name - Enables you to modify the header name of the
X-Amzn-Mtls-Clientcert-Validity
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Tls Cipher Suite Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Cipher-Suite
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringRequest XAmzn Tls Version Header Name - Enables you to modify the header name of the
X-Amzn-Tls-Version
HTTP request header. Can only be set if protocol isHTTPS
for Application Load Balancers. - routing
Http StringResponse Access Control Allow Credentials Header Value - Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value istrue
. - routing
Http StringResponse Access Control Allow Headers Header Value - Specifies which headers can be used during the request. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Accept
,Accept-Language
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
,Pragma
. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. - routing
Http StringResponse Access Control Allow Methods Header Value - Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values areGET
,HEAD
,POST
,DELETE
,CONNECT
,OPTIONS
,TRACE
orPATCH
. - routing
Http StringResponse Access Control Allow Origin Header Value - Specifies which origins are allowed to access the server. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg:https://example.com
. - routing
Http StringResponse Access Control Expose Headers Header Value - Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are*
,Cache-Control
,Content-Language
,Content-Length
,Content-Type
,Expires
,Last-Modified
, orPragma
. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. - routing
Http StringResponse Access Control Max Age Header Value - Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between0
and86400
. This value is browser specific, consult the Access-Control-Max-Age documentation. - routing
Http StringResponse Content Security Policy Header Value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. - routing
Http BooleanResponse Server Enabled - Enables you to allow or remove the HTTP response server header. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values aretrue
orfalse
. - routing
Http StringResponse Strict Transport Security Header Value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are
max-age=31536000; includeSubDomains; preload
consult the Strict-Transport-Security documentation for further details. - routing
Http StringResponse XContent Type Options Header Value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value isnosniff
. - routing
Http StringResponse XFrame Options Header Value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is
HTTP
orHTTPS
for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values areDENY
,SAMEORIGIN
, orALLOW-FROM https://example.com
. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. Default isELBSecurityPolicy-2016-08
. - Map<String>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Name
key is specified in the map, the AWS Console maps the value to theName Tag
column value inside theListener Rules
table within a specific load balancer listener page. Otherwise, the value resolves toDefault
.- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - tcp
Idle NumberTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCP
on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60
and6000
inclusive. Default:350
.
Supporting Types
ListenerDefaultAction, ListenerDefaultActionArgs
- Type string
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- Authenticate
Cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. See below. - Authenticate
Oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. See below. - Fixed
Response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - Forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups. Specify only if
type
isforward
. See below. - Order int
- Order for the action. The action with the lowest value for order is performed first. Valid values are between
1
and50000
. Defaults to the position in the list of actions. - Redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. See below. - Target
Group stringArn - ARN of the Target Group to which to route traffic. Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Can be specified withforward
but ARNs must match.
- Type string
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- Authenticate
Cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. See below. - Authenticate
Oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. See below. - Fixed
Response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - Forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups. Specify only if
type
isforward
. See below. - Order int
- Order for the action. The action with the lowest value for order is performed first. Valid values are between
1
and50000
. Defaults to the position in the list of actions. - Redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. See below. - Target
Group stringArn - ARN of the Target Group to which to route traffic. Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Can be specified withforward
but ARNs must match.
- type String
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- authenticate
Cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. See below. - authenticate
Oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. See below. - fixed
Response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups. Specify only if
type
isforward
. See below. - order Integer
- Order for the action. The action with the lowest value for order is performed first. Valid values are between
1
and50000
. Defaults to the position in the list of actions. - redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. See below. - target
Group StringArn - ARN of the Target Group to which to route traffic. Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Can be specified withforward
but ARNs must match.
- type string
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- authenticate
Cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. See below. - authenticate
Oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. See below. - fixed
Response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups. Specify only if
type
isforward
. See below. - order number
- Order for the action. The action with the lowest value for order is performed first. Valid values are between
1
and50000
. Defaults to the position in the list of actions. - redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. See below. - target
Group stringArn - ARN of the Target Group to which to route traffic. Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Can be specified withforward
but ARNs must match.
- type str
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- authenticate_
cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. See below. - authenticate_
oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. See below. - fixed_
response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups. Specify only if
type
isforward
. See below. - order int
- Order for the action. The action with the lowest value for order is performed first. Valid values are between
1
and50000
. Defaults to the position in the list of actions. - redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. See below. - target_
group_ strarn - ARN of the Target Group to which to route traffic. Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Can be specified withforward
but ARNs must match.
- type String
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- authenticate
Cognito Property Map - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. See below. - authenticate
Oidc Property Map - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. See below. - fixed
Response Property Map - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - forward Property Map
- Configuration block for creating an action that distributes requests among one or more target groups. Specify only if
type
isforward
. See below. - order Number
- Order for the action. The action with the lowest value for order is performed first. Valid values are between
1
and50000
. Defaults to the position in the list of actions. - redirect Property Map
- Configuration block for creating a redirect action. Required if
type
isredirect
. See below. - target
Group StringArn - ARN of the Target Group to which to route traffic. Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Can be specified withforward
but ARNs must match.
ListenerDefaultActionAuthenticateCognito, ListenerDefaultActionAuthenticateCognitoArgs
- User
Pool stringArn - ARN of the Cognito user pool.
- User
Pool stringClient Id - ID of the Cognito user pool client.
- User
Pool stringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- Authentication
Request Dictionary<string, string>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.
- On
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - Scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- Session
Timeout int - Maximum duration of the authentication session, in seconds.
- User
Pool stringArn - ARN of the Cognito user pool.
- User
Pool stringClient Id - ID of the Cognito user pool client.
- User
Pool stringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- Authentication
Request map[string]stringExtra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.
- On
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - Scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- Session
Timeout int - Maximum duration of the authentication session, in seconds.
- user
Pool StringArn - ARN of the Cognito user pool.
- user
Pool StringClient Id - ID of the Cognito user pool client.
- user
Pool StringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- authentication
Request Map<String,String>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.
- on
Unauthenticated StringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - scope String
- Set of user claims to be requested from the IdP.
- String
- Name of the cookie used to maintain session information.
- session
Timeout Integer - Maximum duration of the authentication session, in seconds.
- user
Pool stringArn - ARN of the Cognito user pool.
- user
Pool stringClient Id - ID of the Cognito user pool client.
- user
Pool stringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- authentication
Request {[key: string]: string}Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.
- on
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- session
Timeout number - Maximum duration of the authentication session, in seconds.
- user_
pool_ strarn - ARN of the Cognito user pool.
- user_
pool_ strclient_ id - ID of the Cognito user pool client.
- user_
pool_ strdomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- authentication_
request_ Mapping[str, str]extra_ params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.
- on_
unauthenticated_ strrequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - scope str
- Set of user claims to be requested from the IdP.
- str
- Name of the cookie used to maintain session information.
- session_
timeout int - Maximum duration of the authentication session, in seconds.
- user
Pool StringArn - ARN of the Cognito user pool.
- user
Pool StringClient Id - ID of the Cognito user pool client.
- user
Pool StringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- authentication
Request Map<String>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.
- on
Unauthenticated StringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - scope String
- Set of user claims to be requested from the IdP.
- String
- Name of the cookie used to maintain session information.
- session
Timeout Number - Maximum duration of the authentication session, in seconds.
ListenerDefaultActionAuthenticateOidc, ListenerDefaultActionAuthenticateOidcArgs
- string
- Authorization endpoint of the IdP.
- Client
Id string - OAuth 2.0 client identifier.
- Client
Secret string - OAuth 2.0 client secret.
- Issuer string
- OIDC issuer identifier of the IdP.
- Token
Endpoint string - Token endpoint of the IdP.
- User
Info stringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- Authentication
Request Dictionary<string, string>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- On
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- Scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- Session
Timeout int - Maximum duration of the authentication session, in seconds.
- string
- Authorization endpoint of the IdP.
- Client
Id string - OAuth 2.0 client identifier.
- Client
Secret string - OAuth 2.0 client secret.
- Issuer string
- OIDC issuer identifier of the IdP.
- Token
Endpoint string - Token endpoint of the IdP.
- User
Info stringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- Authentication
Request map[string]stringExtra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- On
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- Scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- Session
Timeout int - Maximum duration of the authentication session, in seconds.
- String
- Authorization endpoint of the IdP.
- client
Id String - OAuth 2.0 client identifier.
- client
Secret String - OAuth 2.0 client secret.
- issuer String
- OIDC issuer identifier of the IdP.
- token
Endpoint String - Token endpoint of the IdP.
- user
Info StringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- authentication
Request Map<String,String>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated StringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- scope String
- Set of user claims to be requested from the IdP.
- String
- Name of the cookie used to maintain session information.
- session
Timeout Integer - Maximum duration of the authentication session, in seconds.
- string
- Authorization endpoint of the IdP.
- client
Id string - OAuth 2.0 client identifier.
- client
Secret string - OAuth 2.0 client secret.
- issuer string
- OIDC issuer identifier of the IdP.
- token
Endpoint string - Token endpoint of the IdP.
- user
Info stringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- authentication
Request {[key: string]: string}Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- session
Timeout number - Maximum duration of the authentication session, in seconds.
- str
- Authorization endpoint of the IdP.
- client_
id str - OAuth 2.0 client identifier.
- client_
secret str - OAuth 2.0 client secret.
- issuer str
- OIDC issuer identifier of the IdP.
- token_
endpoint str - Token endpoint of the IdP.
- user_
info_ strendpoint User info endpoint of the IdP.
The following arguments are optional:
- authentication_
request_ Mapping[str, str]extra_ params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on_
unauthenticated_ strrequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- scope str
- Set of user claims to be requested from the IdP.
- str
- Name of the cookie used to maintain session information.
- session_
timeout int - Maximum duration of the authentication session, in seconds.
- String
- Authorization endpoint of the IdP.
- client
Id String - OAuth 2.0 client identifier.
- client
Secret String - OAuth 2.0 client secret.
- issuer String
- OIDC issuer identifier of the IdP.
- token
Endpoint String - Token endpoint of the IdP.
- user
Info StringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- authentication
Request Map<String>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated StringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- scope String
- Set of user claims to be requested from the IdP.
- String
- Name of the cookie used to maintain session information.
- session
Timeout Number - Maximum duration of the authentication session, in seconds.
ListenerDefaultActionFixedResponse, ListenerDefaultActionFixedResponseArgs
- Content
Type string Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- Message
Body string - Message body.
- Status
Code string - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- Content
Type string Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- Message
Body string - Message body.
- Status
Code string - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- content
Type String Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- message
Body String - Message body.
- status
Code String - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- content
Type string Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- message
Body string - Message body.
- status
Code string - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- content_
type str Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- message_
body str - Message body.
- status_
code str - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- content
Type String Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- message
Body String - Message body.
- status
Code String - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
ListenerDefaultActionForward, ListenerDefaultActionForwardArgs
- Target
Groups List<ListenerDefault Action Forward Target Group> Set of 1-5 target group blocks. See below.
The following arguments are optional:
- Stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. See below.
- Target
Groups []ListenerDefault Action Forward Target Group Set of 1-5 target group blocks. See below.
The following arguments are optional:
- Stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. See below.
- target
Groups List<ListenerDefault Action Forward Target Group> Set of 1-5 target group blocks. See below.
The following arguments are optional:
- stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. See below.
- target
Groups ListenerDefault Action Forward Target Group[] Set of 1-5 target group blocks. See below.
The following arguments are optional:
- stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. See below.
- target_
groups Sequence[ListenerDefault Action Forward Target Group] Set of 1-5 target group blocks. See below.
The following arguments are optional:
- stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. See below.
- target
Groups List<Property Map> Set of 1-5 target group blocks. See below.
The following arguments are optional:
- stickiness Property Map
- Configuration block for target group stickiness for the rule. See below.
ListenerDefaultActionForwardStickiness, ListenerDefaultActionForwardStickinessArgs
ListenerDefaultActionForwardTargetGroup, ListenerDefaultActionForwardTargetGroupArgs
ListenerDefaultActionRedirect, ListenerDefaultActionRedirectArgs
- Status
Code string HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- Host string
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - Path string
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - Port string
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - Protocol string
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - Query string
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- Status
Code string HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- Host string
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - Path string
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - Port string
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - Protocol string
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - Query string
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- status
Code String HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- host String
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - path String
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - port String
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - protocol String
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - query String
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- status
Code string HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- host string
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - path string
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - port string
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - protocol string
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - query string
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- status_
code str HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- host str
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - path str
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - port str
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - protocol str
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - query str
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- status
Code String HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- host String
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - path String
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - port String
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - protocol String
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - query String
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
ListenerMutualAuthentication, ListenerMutualAuthenticationArgs
- Mode string
- Valid values are
off
,verify
andpassthrough
. - Advertise
Trust stringStore Ca Names - Valid values are
off
andon
. - Ignore
Client boolCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - Trust
Store stringArn - ARN of the elbv2 Trust Store.
- Mode string
- Valid values are
off
,verify
andpassthrough
. - Advertise
Trust stringStore Ca Names - Valid values are
off
andon
. - Ignore
Client boolCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - Trust
Store stringArn - ARN of the elbv2 Trust Store.
- mode String
- Valid values are
off
,verify
andpassthrough
. - advertise
Trust StringStore Ca Names - Valid values are
off
andon
. - ignore
Client BooleanCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - trust
Store StringArn - ARN of the elbv2 Trust Store.
- mode string
- Valid values are
off
,verify
andpassthrough
. - advertise
Trust stringStore Ca Names - Valid values are
off
andon
. - ignore
Client booleanCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - trust
Store stringArn - ARN of the elbv2 Trust Store.
- mode str
- Valid values are
off
,verify
andpassthrough
. - advertise_
trust_ strstore_ ca_ names - Valid values are
off
andon
. - ignore_
client_ boolcertificate_ expiry - Whether client certificate expiry is ignored. Default is
false
. - trust_
store_ strarn - ARN of the elbv2 Trust Store.
- mode String
- Valid values are
off
,verify
andpassthrough
. - advertise
Trust StringStore Ca Names - Valid values are
off
andon
. - ignore
Client BooleanCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - trust
Store StringArn - ARN of the elbv2 Trust Store.
Import
Using pulumi import
, import listeners using their ARN. For example:
$ pulumi import aws:lb/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.