aws logo
AWS Classic v5.33.0, Mar 24 23

aws.lb.Listener

Provides a Load Balancer Listener resource.

Note: aws.alb.Listener is known as aws.lb.Listener. The functionality is identical.

Example Usage

Forward Action

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer");

    // ...
    var frontEndTargetGroup = new Aws.LB.TargetGroup("frontEndTargetGroup");

    // ...
    var frontEndListener = new Aws.LB.Listener("frontEndListener", new()
    {
        LoadBalancerArn = frontEndLoadBalancer.Arn,
        Port = 443,
        Protocol = "HTTPS",
        SslPolicy = "ELBSecurityPolicy-2016-08",
        CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "forward",
                TargetGroupArn = frontEndTargetGroup.Arn,
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
		if err != nil {
			return err
		}
		frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "frontEndTargetGroup", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
			LoadBalancerArn: frontEndLoadBalancer.Arn,
			Port:            pulumi.Int(443),
			Protocol:        pulumi.String("HTTPS"),
			SslPolicy:       pulumi.String("ELBSecurityPolicy-2016-08"),
			CertificateArn:  pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type:           pulumi.String("forward"),
					TargetGroupArn: frontEndTargetGroup.Arn,
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");

        var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()        
            .loadBalancerArn(frontEndLoadBalancer.arn())
            .port("443")
            .protocol("HTTPS")
            .sslPolicy("ELBSecurityPolicy-2016-08")
            .certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
            .defaultActions(ListenerDefaultActionArgs.builder()
                .type("forward")
                .targetGroupArn(frontEndTargetGroup.arn())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_target_group = aws.lb.TargetGroup("frontEndTargetGroup")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
    load_balancer_arn=front_end_load_balancer.arn,
    port=443,
    protocol="HTTPS",
    ssl_policy="ELBSecurityPolicy-2016-08",
    certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
    default_actions=[aws.lb.ListenerDefaultActionArgs(
        type="forward",
        target_group_arn=front_end_target_group.arn,
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndTargetGroup = new aws.lb.TargetGroup("frontEndTargetGroup", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
    loadBalancerArn: frontEndLoadBalancer.arn,
    port: 443,
    protocol: "HTTPS",
    sslPolicy: "ELBSecurityPolicy-2016-08",
    certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
    defaultActions: [{
        type: "forward",
        targetGroupArn: frontEndTargetGroup.arn,
    }],
});
resources:
  frontEndLoadBalancer:
    type: aws:lb:LoadBalancer
  frontEndTargetGroup:
    type: aws:lb:TargetGroup
  frontEndListener:
    type: aws:lb:Listener
    properties:
      loadBalancerArn: ${frontEndLoadBalancer.arn}
      port: '443'
      protocol: HTTPS
      sslPolicy: ELBSecurityPolicy-2016-08
      certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
      defaultActions:
        - type: forward
          targetGroupArn: ${frontEndTargetGroup.arn}

To a NLB

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEnd = new Aws.LB.Listener("frontEnd", new()
    {
        LoadBalancerArn = aws_lb.Front_end.Arn,
        Port = 443,
        Protocol = "TLS",
        CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
        AlpnPolicy = "HTTP2Preferred",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "forward",
                TargetGroupArn = aws_lb_target_group.Front_end.Arn,
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lb.NewListener(ctx, "frontEnd", &lb.ListenerArgs{
			LoadBalancerArn: pulumi.Any(aws_lb.Front_end.Arn),
			Port:            pulumi.Int(443),
			Protocol:        pulumi.String("TLS"),
			CertificateArn:  pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
			AlpnPolicy:      pulumi.String("HTTP2Preferred"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type:           pulumi.String("forward"),
					TargetGroupArn: pulumi.Any(aws_lb_target_group.Front_end.Arn),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEnd = new Listener("frontEnd", ListenerArgs.builder()        
            .loadBalancerArn(aws_lb.front_end().arn())
            .port("443")
            .protocol("TLS")
            .certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
            .alpnPolicy("HTTP2Preferred")
            .defaultActions(ListenerDefaultActionArgs.builder()
                .type("forward")
                .targetGroupArn(aws_lb_target_group.front_end().arn())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

front_end = aws.lb.Listener("frontEnd",
    load_balancer_arn=aws_lb["front_end"]["arn"],
    port=443,
    protocol="TLS",
    certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
    alpn_policy="HTTP2Preferred",
    default_actions=[aws.lb.ListenerDefaultActionArgs(
        type="forward",
        target_group_arn=aws_lb_target_group["front_end"]["arn"],
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEnd = new aws.lb.Listener("frontEnd", {
    loadBalancerArn: aws_lb.front_end.arn,
    port: 443,
    protocol: "TLS",
    certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
    alpnPolicy: "HTTP2Preferred",
    defaultActions: [{
        type: "forward",
        targetGroupArn: aws_lb_target_group.front_end.arn,
    }],
});
resources:
  frontEnd:
    type: aws:lb:Listener
    properties:
      loadBalancerArn: ${aws_lb.front_end.arn}
      port: '443'
      protocol: TLS
      certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
      alpnPolicy: HTTP2Preferred
      defaultActions:
        - type: forward
          targetGroupArn: ${aws_lb_target_group.front_end.arn}

Redirect Action

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer");

    // ...
    var frontEndListener = new Aws.LB.Listener("frontEndListener", new()
    {
        LoadBalancerArn = frontEndLoadBalancer.Arn,
        Port = 80,
        Protocol = "HTTP",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "redirect",
                Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
                {
                    Port = "443",
                    Protocol = "HTTPS",
                    StatusCode = "HTTP_301",
                },
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
			LoadBalancerArn: frontEndLoadBalancer.Arn,
			Port:            pulumi.Int(80),
			Protocol:        pulumi.String("HTTP"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type: pulumi.String("redirect"),
					Redirect: &lb.ListenerDefaultActionRedirectArgs{
						Port:       pulumi.String("443"),
						Protocol:   pulumi.String("HTTPS"),
						StatusCode: pulumi.String("HTTP_301"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionRedirectArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()        
            .loadBalancerArn(frontEndLoadBalancer.arn())
            .port("80")
            .protocol("HTTP")
            .defaultActions(ListenerDefaultActionArgs.builder()
                .type("redirect")
                .redirect(ListenerDefaultActionRedirectArgs.builder()
                    .port("443")
                    .protocol("HTTPS")
                    .statusCode("HTTP_301")
                    .build())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
    load_balancer_arn=front_end_load_balancer.arn,
    port=80,
    protocol="HTTP",
    default_actions=[aws.lb.ListenerDefaultActionArgs(
        type="redirect",
        redirect=aws.lb.ListenerDefaultActionRedirectArgs(
            port="443",
            protocol="HTTPS",
            status_code="HTTP_301",
        ),
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
    loadBalancerArn: frontEndLoadBalancer.arn,
    port: 80,
    protocol: "HTTP",
    defaultActions: [{
        type: "redirect",
        redirect: {
            port: "443",
            protocol: "HTTPS",
            statusCode: "HTTP_301",
        },
    }],
});
resources:
  frontEndLoadBalancer:
    type: aws:lb:LoadBalancer
  frontEndListener:
    type: aws:lb:Listener
    properties:
      loadBalancerArn: ${frontEndLoadBalancer.arn}
      port: '80'
      protocol: HTTP
      defaultActions:
        - type: redirect
          redirect:
            port: '443'
            protocol: HTTPS
            statusCode: HTTP_301

Fixed-response Action

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer");

    // ...
    var frontEndListener = new Aws.LB.Listener("frontEndListener", new()
    {
        LoadBalancerArn = frontEndLoadBalancer.Arn,
        Port = 80,
        Protocol = "HTTP",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "fixed-response",
                FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
                {
                    ContentType = "text/plain",
                    MessageBody = "Fixed response content",
                    StatusCode = "200",
                },
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
			LoadBalancerArn: frontEndLoadBalancer.Arn,
			Port:            pulumi.Int(80),
			Protocol:        pulumi.String("HTTP"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type: pulumi.String("fixed-response"),
					FixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{
						ContentType: pulumi.String("text/plain"),
						MessageBody: pulumi.String("Fixed response content"),
						StatusCode:  pulumi.String("200"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionFixedResponseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()        
            .loadBalancerArn(frontEndLoadBalancer.arn())
            .port("80")
            .protocol("HTTP")
            .defaultActions(ListenerDefaultActionArgs.builder()
                .type("fixed-response")
                .fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
                    .contentType("text/plain")
                    .messageBody("Fixed response content")
                    .statusCode("200")
                    .build())
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
    load_balancer_arn=front_end_load_balancer.arn,
    port=80,
    protocol="HTTP",
    default_actions=[aws.lb.ListenerDefaultActionArgs(
        type="fixed-response",
        fixed_response=aws.lb.ListenerDefaultActionFixedResponseArgs(
            content_type="text/plain",
            message_body="Fixed response content",
            status_code="200",
        ),
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
    loadBalancerArn: frontEndLoadBalancer.arn,
    port: 80,
    protocol: "HTTP",
    defaultActions: [{
        type: "fixed-response",
        fixedResponse: {
            contentType: "text/plain",
            messageBody: "Fixed response content",
            statusCode: "200",
        },
    }],
});
resources:
  frontEndLoadBalancer:
    type: aws:lb:LoadBalancer
  frontEndListener:
    type: aws:lb:Listener
    properties:
      loadBalancerArn: ${frontEndLoadBalancer.arn}
      port: '80'
      protocol: HTTP
      defaultActions:
        - type: fixed-response
          fixedResponse:
            contentType: text/plain
            messageBody: Fixed response content
            statusCode: '200'

Authenticate-cognito Action

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer");

    // ...
    var frontEndTargetGroup = new Aws.LB.TargetGroup("frontEndTargetGroup");

    // ...
    var pool = new Aws.Cognito.UserPool("pool");

    // ...
    var client = new Aws.Cognito.UserPoolClient("client");

    // ...
    var domain = new Aws.Cognito.UserPoolDomain("domain");

    // ...
    var frontEndListener = new Aws.LB.Listener("frontEndListener", new()
    {
        LoadBalancerArn = frontEndLoadBalancer.Arn,
        Port = 80,
        Protocol = "HTTP",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "authenticate-cognito",
                AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
                {
                    UserPoolArn = pool.Arn,
                    UserPoolClientId = client.Id,
                    UserPoolDomain = domain.Domain,
                },
            },
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "forward",
                TargetGroupArn = frontEndTargetGroup.Arn,
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cognito"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
		if err != nil {
			return err
		}
		frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "frontEndTargetGroup", nil)
		if err != nil {
			return err
		}
		pool, err := cognito.NewUserPool(ctx, "pool", nil)
		if err != nil {
			return err
		}
		client, err := cognito.NewUserPoolClient(ctx, "client", nil)
		if err != nil {
			return err
		}
		domain, err := cognito.NewUserPoolDomain(ctx, "domain", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
			LoadBalancerArn: frontEndLoadBalancer.Arn,
			Port:            pulumi.Int(80),
			Protocol:        pulumi.String("HTTP"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type: pulumi.String("authenticate-cognito"),
					AuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{
						UserPoolArn:      pool.Arn,
						UserPoolClientId: client.ID(),
						UserPoolDomain:   domain.Domain,
					},
				},
				&lb.ListenerDefaultActionArgs{
					Type:           pulumi.String("forward"),
					TargetGroupArn: frontEndTargetGroup.Arn,
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolDomain;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateCognitoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");

        var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");

        var pool = new UserPool("pool");

        var client = new UserPoolClient("client");

        var domain = new UserPoolDomain("domain");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()        
            .loadBalancerArn(frontEndLoadBalancer.arn())
            .port("80")
            .protocol("HTTP")
            .defaultActions(            
                ListenerDefaultActionArgs.builder()
                    .type("authenticate-cognito")
                    .authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
                        .userPoolArn(pool.arn())
                        .userPoolClientId(client.id())
                        .userPoolDomain(domain.domain())
                        .build())
                    .build(),
                ListenerDefaultActionArgs.builder()
                    .type("forward")
                    .targetGroupArn(frontEndTargetGroup.arn())
                    .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_target_group = aws.lb.TargetGroup("frontEndTargetGroup")
# ...
pool = aws.cognito.UserPool("pool")
# ...
client = aws.cognito.UserPoolClient("client")
# ...
domain = aws.cognito.UserPoolDomain("domain")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
    load_balancer_arn=front_end_load_balancer.arn,
    port=80,
    protocol="HTTP",
    default_actions=[
        aws.lb.ListenerDefaultActionArgs(
            type="authenticate-cognito",
            authenticate_cognito=aws.lb.ListenerDefaultActionAuthenticateCognitoArgs(
                user_pool_arn=pool.arn,
                user_pool_client_id=client.id,
                user_pool_domain=domain.domain,
            ),
        ),
        aws.lb.ListenerDefaultActionArgs(
            type="forward",
            target_group_arn=front_end_target_group.arn,
        ),
    ])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndTargetGroup = new aws.lb.TargetGroup("frontEndTargetGroup", {});
// ...
const pool = new aws.cognito.UserPool("pool", {});
// ...
const client = new aws.cognito.UserPoolClient("client", {});
// ...
const domain = new aws.cognito.UserPoolDomain("domain", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
    loadBalancerArn: frontEndLoadBalancer.arn,
    port: 80,
    protocol: "HTTP",
    defaultActions: [
        {
            type: "authenticate-cognito",
            authenticateCognito: {
                userPoolArn: pool.arn,
                userPoolClientId: client.id,
                userPoolDomain: domain.domain,
            },
        },
        {
            type: "forward",
            targetGroupArn: frontEndTargetGroup.arn,
        },
    ],
});
resources:
  frontEndLoadBalancer:
    type: aws:lb:LoadBalancer
  frontEndTargetGroup:
    type: aws:lb:TargetGroup
  pool:
    type: aws:cognito:UserPool
  client:
    type: aws:cognito:UserPoolClient
  domain:
    type: aws:cognito:UserPoolDomain
  frontEndListener:
    type: aws:lb:Listener
    properties:
      loadBalancerArn: ${frontEndLoadBalancer.arn}
      port: '80'
      protocol: HTTP
      defaultActions:
        - type: authenticate-cognito
          authenticateCognito:
            userPoolArn: ${pool.arn}
            userPoolClientId: ${client.id}
            userPoolDomain: ${domain.domain}
        - type: forward
          targetGroupArn: ${frontEndTargetGroup.arn}

Authenticate-OIDC Action

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer");

    // ...
    var frontEndTargetGroup = new Aws.LB.TargetGroup("frontEndTargetGroup");

    // ...
    var frontEndListener = new Aws.LB.Listener("frontEndListener", new()
    {
        LoadBalancerArn = frontEndLoadBalancer.Arn,
        Port = 80,
        Protocol = "HTTP",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "authenticate-oidc",
                AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
                {
                    AuthorizationEndpoint = "https://example.com/authorization_endpoint",
                    ClientId = "client_id",
                    ClientSecret = "client_secret",
                    Issuer = "https://example.com",
                    TokenEndpoint = "https://example.com/token_endpoint",
                    UserInfoEndpoint = "https://example.com/user_info_endpoint",
                },
            },
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "forward",
                TargetGroupArn = frontEndTargetGroup.Arn,
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
		if err != nil {
			return err
		}
		frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "frontEndTargetGroup", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "frontEndListener", &lb.ListenerArgs{
			LoadBalancerArn: frontEndLoadBalancer.Arn,
			Port:            pulumi.Int(80),
			Protocol:        pulumi.String("HTTP"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type: pulumi.String("authenticate-oidc"),
					AuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{
						AuthorizationEndpoint: pulumi.String("https://example.com/authorization_endpoint"),
						ClientId:              pulumi.String("client_id"),
						ClientSecret:          pulumi.String("client_secret"),
						Issuer:                pulumi.String("https://example.com"),
						TokenEndpoint:         pulumi.String("https://example.com/token_endpoint"),
						UserInfoEndpoint:      pulumi.String("https://example.com/user_info_endpoint"),
					},
				},
				&lb.ListenerDefaultActionArgs{
					Type:           pulumi.String("forward"),
					TargetGroupArn: frontEndTargetGroup.Arn,
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateOidcArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");

        var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()        
            .loadBalancerArn(frontEndLoadBalancer.arn())
            .port("80")
            .protocol("HTTP")
            .defaultActions(            
                ListenerDefaultActionArgs.builder()
                    .type("authenticate-oidc")
                    .authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
                        .authorizationEndpoint("https://example.com/authorization_endpoint")
                        .clientId("client_id")
                        .clientSecret("client_secret")
                        .issuer("https://example.com")
                        .tokenEndpoint("https://example.com/token_endpoint")
                        .userInfoEndpoint("https://example.com/user_info_endpoint")
                        .build())
                    .build(),
                ListenerDefaultActionArgs.builder()
                    .type("forward")
                    .targetGroupArn(frontEndTargetGroup.arn())
                    .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_target_group = aws.lb.TargetGroup("frontEndTargetGroup")
# ...
front_end_listener = aws.lb.Listener("frontEndListener",
    load_balancer_arn=front_end_load_balancer.arn,
    port=80,
    protocol="HTTP",
    default_actions=[
        aws.lb.ListenerDefaultActionArgs(
            type="authenticate-oidc",
            authenticate_oidc=aws.lb.ListenerDefaultActionAuthenticateOidcArgs(
                authorization_endpoint="https://example.com/authorization_endpoint",
                client_id="client_id",
                client_secret="client_secret",
                issuer="https://example.com",
                token_endpoint="https://example.com/token_endpoint",
                user_info_endpoint="https://example.com/user_info_endpoint",
            ),
        ),
        aws.lb.ListenerDefaultActionArgs(
            type="forward",
            target_group_arn=front_end_target_group.arn,
        ),
    ])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndTargetGroup = new aws.lb.TargetGroup("frontEndTargetGroup", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {
    loadBalancerArn: frontEndLoadBalancer.arn,
    port: 80,
    protocol: "HTTP",
    defaultActions: [
        {
            type: "authenticate-oidc",
            authenticateOidc: {
                authorizationEndpoint: "https://example.com/authorization_endpoint",
                clientId: "client_id",
                clientSecret: "client_secret",
                issuer: "https://example.com",
                tokenEndpoint: "https://example.com/token_endpoint",
                userInfoEndpoint: "https://example.com/user_info_endpoint",
            },
        },
        {
            type: "forward",
            targetGroupArn: frontEndTargetGroup.arn,
        },
    ],
});
resources:
  frontEndLoadBalancer:
    type: aws:lb:LoadBalancer
  frontEndTargetGroup:
    type: aws:lb:TargetGroup
  frontEndListener:
    type: aws:lb:Listener
    properties:
      loadBalancerArn: ${frontEndLoadBalancer.arn}
      port: '80'
      protocol: HTTP
      defaultActions:
        - type: authenticate-oidc
          authenticateOidc:
            authorizationEndpoint: https://example.com/authorization_endpoint
            clientId: client_id
            clientSecret: client_secret
            issuer: https://example.com
            tokenEndpoint: https://example.com/token_endpoint
            userInfoEndpoint: https://example.com/user_info_endpoint
        - type: forward
          targetGroupArn: ${frontEndTargetGroup.arn}

Gateway Load Balancer Listener

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var exampleLoadBalancer = new Aws.LB.LoadBalancer("exampleLoadBalancer", new()
    {
        LoadBalancerType = "gateway",
        SubnetMappings = new[]
        {
            new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
            {
                SubnetId = aws_subnet.Example.Id,
            },
        },
    });

    var exampleTargetGroup = new Aws.LB.TargetGroup("exampleTargetGroup", new()
    {
        Port = 6081,
        Protocol = "GENEVE",
        VpcId = aws_vpc.Example.Id,
        HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs
        {
            Port = "80",
            Protocol = "HTTP",
        },
    });

    var exampleListener = new Aws.LB.Listener("exampleListener", new()
    {
        LoadBalancerArn = exampleLoadBalancer.Id,
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                TargetGroupArn = exampleTargetGroup.Id,
                Type = "forward",
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleLoadBalancer, err := lb.NewLoadBalancer(ctx, "exampleLoadBalancer", &lb.LoadBalancerArgs{
			LoadBalancerType: pulumi.String("gateway"),
			SubnetMappings: lb.LoadBalancerSubnetMappingArray{
				&lb.LoadBalancerSubnetMappingArgs{
					SubnetId: pulumi.Any(aws_subnet.Example.Id),
				},
			},
		})
		if err != nil {
			return err
		}
		exampleTargetGroup, err := lb.NewTargetGroup(ctx, "exampleTargetGroup", &lb.TargetGroupArgs{
			Port:     pulumi.Int(6081),
			Protocol: pulumi.String("GENEVE"),
			VpcId:    pulumi.Any(aws_vpc.Example.Id),
			HealthCheck: &lb.TargetGroupHealthCheckArgs{
				Port:     pulumi.String("80"),
				Protocol: pulumi.String("HTTP"),
			},
		})
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "exampleListener", &lb.ListenerArgs{
			LoadBalancerArn: exampleLoadBalancer.ID(),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					TargetGroupArn: exampleTargetGroup.ID(),
					Type:           pulumi.String("forward"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.LoadBalancerArgs;
import com.pulumi.aws.lb.inputs.LoadBalancerSubnetMappingArgs;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.TargetGroupArgs;
import com.pulumi.aws.lb.inputs.TargetGroupHealthCheckArgs;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleLoadBalancer = new LoadBalancer("exampleLoadBalancer", LoadBalancerArgs.builder()        
            .loadBalancerType("gateway")
            .subnetMappings(LoadBalancerSubnetMappingArgs.builder()
                .subnetId(aws_subnet.example().id())
                .build())
            .build());

        var exampleTargetGroup = new TargetGroup("exampleTargetGroup", TargetGroupArgs.builder()        
            .port(6081)
            .protocol("GENEVE")
            .vpcId(aws_vpc.example().id())
            .healthCheck(TargetGroupHealthCheckArgs.builder()
                .port(80)
                .protocol("HTTP")
                .build())
            .build());

        var exampleListener = new Listener("exampleListener", ListenerArgs.builder()        
            .loadBalancerArn(exampleLoadBalancer.id())
            .defaultActions(ListenerDefaultActionArgs.builder()
                .targetGroupArn(exampleTargetGroup.id())
                .type("forward")
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example_load_balancer = aws.lb.LoadBalancer("exampleLoadBalancer",
    load_balancer_type="gateway",
    subnet_mappings=[aws.lb.LoadBalancerSubnetMappingArgs(
        subnet_id=aws_subnet["example"]["id"],
    )])
example_target_group = aws.lb.TargetGroup("exampleTargetGroup",
    port=6081,
    protocol="GENEVE",
    vpc_id=aws_vpc["example"]["id"],
    health_check=aws.lb.TargetGroupHealthCheckArgs(
        port="80",
        protocol="HTTP",
    ))
example_listener = aws.lb.Listener("exampleListener",
    load_balancer_arn=example_load_balancer.id,
    default_actions=[aws.lb.ListenerDefaultActionArgs(
        target_group_arn=example_target_group.id,
        type="forward",
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleLoadBalancer = new aws.lb.LoadBalancer("exampleLoadBalancer", {
    loadBalancerType: "gateway",
    subnetMappings: [{
        subnetId: aws_subnet.example.id,
    }],
});
const exampleTargetGroup = new aws.lb.TargetGroup("exampleTargetGroup", {
    port: 6081,
    protocol: "GENEVE",
    vpcId: aws_vpc.example.id,
    healthCheck: {
        port: "80",
        protocol: "HTTP",
    },
});
const exampleListener = new aws.lb.Listener("exampleListener", {
    loadBalancerArn: exampleLoadBalancer.id,
    defaultActions: [{
        targetGroupArn: exampleTargetGroup.id,
        type: "forward",
    }],
});
resources:
  exampleLoadBalancer:
    type: aws:lb:LoadBalancer
    properties:
      loadBalancerType: gateway
      subnetMappings:
        - subnetId: ${aws_subnet.example.id}
  exampleTargetGroup:
    type: aws:lb:TargetGroup
    properties:
      port: 6081
      protocol: GENEVE
      vpcId: ${aws_vpc.example.id}
      healthCheck:
        port: 80
        protocol: HTTP
  exampleListener:
    type: aws:lb:Listener
    properties:
      loadBalancerArn: ${exampleLoadBalancer.id}
      defaultActions:
        - targetGroupArn: ${exampleTargetGroup.id}
          type: forward

Create Listener Resource

new Listener(name: string, args: ListenerArgs, opts?: CustomResourceOptions);
@overload
def Listener(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             alpn_policy: Optional[str] = None,
             certificate_arn: Optional[str] = None,
             default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
             load_balancer_arn: Optional[str] = None,
             port: Optional[int] = None,
             protocol: Optional[str] = None,
             ssl_policy: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None)
@overload
def Listener(resource_name: str,
             args: ListenerArgs,
             opts: Optional[ResourceOptions] = None)
func NewListener(ctx *Context, name string, args ListenerArgs, opts ...ResourceOption) (*Listener, error)
public Listener(string name, ListenerArgs args, CustomResourceOptions? opts = null)
public Listener(String name, ListenerArgs args)
public Listener(String name, ListenerArgs args, CustomResourceOptions options)
type: aws:lb:Listener
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ListenerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ListenerArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ListenerArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ListenerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ListenerArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Listener Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Listener resource accepts the following input properties:

DefaultActions List<ListenerDefaultActionArgs>

Configuration block for default actions. Detailed below.

LoadBalancerArn string

ARN of the load balancer.

AlpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

CertificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

Port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

Protocol string

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

SslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

Tags Dictionary<string, string>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

DefaultActions []ListenerDefaultActionArgs

Configuration block for default actions. Detailed below.

LoadBalancerArn string

ARN of the load balancer.

AlpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

CertificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

Port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

Protocol string

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

SslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

Tags map[string]string

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

defaultActions List<ListenerDefaultActionArgs>

Configuration block for default actions. Detailed below.

loadBalancerArn String

ARN of the load balancer.

alpnPolicy String

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

certificateArn String

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

port Integer

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol String

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

sslPolicy String

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

tags Map<String,String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

defaultActions ListenerDefaultActionArgs[]

Configuration block for default actions. Detailed below.

loadBalancerArn string

ARN of the load balancer.

alpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

certificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

port number

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol string

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

sslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

tags {[key: string]: string}

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

default_actions Sequence[ListenerDefaultActionArgs]

Configuration block for default actions. Detailed below.

load_balancer_arn str

ARN of the load balancer.

alpn_policy str

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

certificate_arn str

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol str

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

ssl_policy str

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

tags Mapping[str, str]

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

defaultActions List<Property Map>

Configuration block for default actions. Detailed below.

loadBalancerArn String

ARN of the load balancer.

alpnPolicy String

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

certificateArn String

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

port Number

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol String

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

sslPolicy String

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

tags Map<String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Listener resource produces the following output properties:

Arn string

ARN of the target group.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

ARN of the target group.

Id string

The provider-assigned unique ID for this managed resource.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the target group.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

ARN of the target group.

id string

The provider-assigned unique ID for this managed resource.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

ARN of the target group.

id str

The provider-assigned unique ID for this managed resource.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the target group.

id String

The provider-assigned unique ID for this managed resource.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Look up Existing Listener Resource

Get an existing Listener resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ListenerState, opts?: CustomResourceOptions): Listener
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alpn_policy: Optional[str] = None,
        arn: Optional[str] = None,
        certificate_arn: Optional[str] = None,
        default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
        load_balancer_arn: Optional[str] = None,
        port: Optional[int] = None,
        protocol: Optional[str] = None,
        ssl_policy: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> Listener
func GetListener(ctx *Context, name string, id IDInput, state *ListenerState, opts ...ResourceOption) (*Listener, error)
public static Listener Get(string name, Input<string> id, ListenerState? state, CustomResourceOptions? opts = null)
public static Listener get(String name, Output<String> id, ListenerState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AlpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

Arn string

ARN of the target group.

CertificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

DefaultActions List<ListenerDefaultActionArgs>

Configuration block for default actions. Detailed below.

LoadBalancerArn string

ARN of the load balancer.

Port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

Protocol string

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

SslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

Tags Dictionary<string, string>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

AlpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

Arn string

ARN of the target group.

CertificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

DefaultActions []ListenerDefaultActionArgs

Configuration block for default actions. Detailed below.

LoadBalancerArn string

ARN of the load balancer.

Port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

Protocol string

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

SslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

Tags map[string]string

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

alpnPolicy String

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

arn String

ARN of the target group.

certificateArn String

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

defaultActions List<ListenerDefaultActionArgs>

Configuration block for default actions. Detailed below.

loadBalancerArn String

ARN of the load balancer.

port Integer

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol String

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

sslPolicy String

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

tags Map<String,String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

alpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

arn string

ARN of the target group.

certificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

defaultActions ListenerDefaultActionArgs[]

Configuration block for default actions. Detailed below.

loadBalancerArn string

ARN of the load balancer.

port number

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol string

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

sslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

tags {[key: string]: string}

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

alpn_policy str

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

arn str

ARN of the target group.

certificate_arn str

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

default_actions Sequence[ListenerDefaultActionArgs]

Configuration block for default actions. Detailed below.

load_balancer_arn str

ARN of the load balancer.

port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol str

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

ssl_policy str

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

tags Mapping[str, str]

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

alpnPolicy String

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

arn String

ARN of the target group.

certificateArn String

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

defaultActions List<Property Map>

Configuration block for default actions. Detailed below.

loadBalancerArn String

ARN of the load balancer.

port Number

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol String

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

sslPolicy String

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.

tags Map<String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Supporting Types

ListenerDefaultAction

Type string

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

AuthenticateCognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.

AuthenticateOidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.

FixedResponse ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

Forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.

Order int

Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.

Redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. Detailed below.

TargetGroupArn string

ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.

Type string

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

AuthenticateCognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.

AuthenticateOidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.

FixedResponse ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

Forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.

Order int

Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.

Redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. Detailed below.

TargetGroupArn string

ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.

type String

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

authenticateCognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.

authenticateOidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.

fixedResponse ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.

order Integer

Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.

redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. Detailed below.

targetGroupArn String

ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.

type string

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

authenticateCognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.

authenticateOidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.

fixedResponse ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.

order number

Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.

redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. Detailed below.

targetGroupArn string

ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.

type str

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

authenticate_cognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.

authenticate_oidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.

fixed_response ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.

order int

Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.

redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. Detailed below.

target_group_arn str

ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.

type String

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

authenticateCognito Property Map

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.

authenticateOidc Property Map

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.

fixedResponse Property Map

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

forward Property Map

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.

order Number

Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.

redirect Property Map

Configuration block for creating a redirect action. Required if type is redirect. Detailed below.

targetGroupArn String

ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.

ListenerDefaultActionAuthenticateCognito

UserPoolArn string

ARN of the Cognito user pool.

UserPoolClientId string

ID of the Cognito user pool client.

UserPoolDomain string

Domain prefix or fully-qualified domain name of the Cognito user pool.

AuthenticationRequestExtraParams Dictionary<string, string>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.

OnUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

Scope string

Set of user claims to be requested from the IdP.

SessionCookieName string

Name of the cookie used to maintain session information.

SessionTimeout int

Maximum duration of the authentication session, in seconds.

UserPoolArn string

ARN of the Cognito user pool.

UserPoolClientId string

ID of the Cognito user pool client.

UserPoolDomain string

Domain prefix or fully-qualified domain name of the Cognito user pool.

AuthenticationRequestExtraParams map[string]string

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.

OnUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

Scope string

Set of user claims to be requested from the IdP.

SessionCookieName string

Name of the cookie used to maintain session information.

SessionTimeout int

Maximum duration of the authentication session, in seconds.

userPoolArn String

ARN of the Cognito user pool.

userPoolClientId String

ID of the Cognito user pool client.

userPoolDomain String

Domain prefix or fully-qualified domain name of the Cognito user pool.

authenticationRequestExtraParams Map<String,String>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.

onUnauthenticatedRequest String

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

scope String

Set of user claims to be requested from the IdP.

sessionCookieName String

Name of the cookie used to maintain session information.

sessionTimeout Integer

Maximum duration of the authentication session, in seconds.

userPoolArn string

ARN of the Cognito user pool.

userPoolClientId string

ID of the Cognito user pool client.

userPoolDomain string

Domain prefix or fully-qualified domain name of the Cognito user pool.

authenticationRequestExtraParams {[key: string]: string}

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.

onUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

scope string

Set of user claims to be requested from the IdP.

sessionCookieName string

Name of the cookie used to maintain session information.

sessionTimeout number

Maximum duration of the authentication session, in seconds.

user_pool_arn str

ARN of the Cognito user pool.

user_pool_client_id str

ID of the Cognito user pool client.

user_pool_domain str

Domain prefix or fully-qualified domain name of the Cognito user pool.

authentication_request_extra_params Mapping[str, str]

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.

on_unauthenticated_request str

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

scope str

Set of user claims to be requested from the IdP.

session_cookie_name str

Name of the cookie used to maintain session information.

session_timeout int

Maximum duration of the authentication session, in seconds.

userPoolArn String

ARN of the Cognito user pool.

userPoolClientId String

ID of the Cognito user pool client.

userPoolDomain String

Domain prefix or fully-qualified domain name of the Cognito user pool.

authenticationRequestExtraParams Map<String>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.

onUnauthenticatedRequest String

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

scope String

Set of user claims to be requested from the IdP.

sessionCookieName String

Name of the cookie used to maintain session information.

sessionTimeout Number

Maximum duration of the authentication session, in seconds.

ListenerDefaultActionAuthenticateOidc

AuthorizationEndpoint string

Authorization endpoint of the IdP.

ClientId string

OAuth 2.0 client identifier.

ClientSecret string

OAuth 2.0 client secret.

Issuer string

OIDC issuer identifier of the IdP.

TokenEndpoint string

Token endpoint of the IdP.

UserInfoEndpoint string

User info endpoint of the IdP.

AuthenticationRequestExtraParams Dictionary<string, string>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

OnUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

Scope string

Set of user claims to be requested from the IdP.

SessionCookieName string

Name of the cookie used to maintain session information.

SessionTimeout int

Maximum duration of the authentication session, in seconds.

AuthorizationEndpoint string

Authorization endpoint of the IdP.

ClientId string

OAuth 2.0 client identifier.

ClientSecret string

OAuth 2.0 client secret.

Issuer string

OIDC issuer identifier of the IdP.

TokenEndpoint string

Token endpoint of the IdP.

UserInfoEndpoint string

User info endpoint of the IdP.

AuthenticationRequestExtraParams map[string]string

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

OnUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

Scope string

Set of user claims to be requested from the IdP.

SessionCookieName string

Name of the cookie used to maintain session information.

SessionTimeout int

Maximum duration of the authentication session, in seconds.

authorizationEndpoint String

Authorization endpoint of the IdP.

clientId String

OAuth 2.0 client identifier.

clientSecret String

OAuth 2.0 client secret.

issuer String

OIDC issuer identifier of the IdP.

tokenEndpoint String

Token endpoint of the IdP.

userInfoEndpoint String

User info endpoint of the IdP.

authenticationRequestExtraParams Map<String,String>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

onUnauthenticatedRequest String

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

scope String

Set of user claims to be requested from the IdP.

sessionCookieName String

Name of the cookie used to maintain session information.

sessionTimeout Integer

Maximum duration of the authentication session, in seconds.

authorizationEndpoint string

Authorization endpoint of the IdP.

clientId string

OAuth 2.0 client identifier.

clientSecret string

OAuth 2.0 client secret.

issuer string

OIDC issuer identifier of the IdP.

tokenEndpoint string

Token endpoint of the IdP.

userInfoEndpoint string

User info endpoint of the IdP.

authenticationRequestExtraParams {[key: string]: string}

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

onUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

scope string

Set of user claims to be requested from the IdP.

sessionCookieName string

Name of the cookie used to maintain session information.

sessionTimeout number

Maximum duration of the authentication session, in seconds.

authorization_endpoint str

Authorization endpoint of the IdP.

client_id str

OAuth 2.0 client identifier.

client_secret str

OAuth 2.0 client secret.

issuer str

OIDC issuer identifier of the IdP.

token_endpoint str

Token endpoint of the IdP.

user_info_endpoint str

User info endpoint of the IdP.

authentication_request_extra_params Mapping[str, str]

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

on_unauthenticated_request str

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

scope str

Set of user claims to be requested from the IdP.

session_cookie_name str

Name of the cookie used to maintain session information.

session_timeout int

Maximum duration of the authentication session, in seconds.

authorizationEndpoint String

Authorization endpoint of the IdP.

clientId String

OAuth 2.0 client identifier.

clientSecret String

OAuth 2.0 client secret.

issuer String

OIDC issuer identifier of the IdP.

tokenEndpoint String

Token endpoint of the IdP.

userInfoEndpoint String

User info endpoint of the IdP.

authenticationRequestExtraParams Map<String>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

onUnauthenticatedRequest String

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

scope String

Set of user claims to be requested from the IdP.

sessionCookieName String

Name of the cookie used to maintain session information.

sessionTimeout Number

Maximum duration of the authentication session, in seconds.

ListenerDefaultActionFixedResponse

ContentType string

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

MessageBody string

Message body.

StatusCode string

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

ContentType string

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

MessageBody string

Message body.

StatusCode string

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

contentType String

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

messageBody String

Message body.

statusCode String

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

contentType string

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

messageBody string

Message body.

statusCode string

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

content_type str

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

message_body str

Message body.

status_code str

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

contentType String

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

messageBody String

Message body.

statusCode String

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

ListenerDefaultActionForward

TargetGroups List<ListenerDefaultActionForwardTargetGroup>

Set of 1-5 target group blocks. Detailed below.

Stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. Detailed below.

TargetGroups []ListenerDefaultActionForwardTargetGroup

Set of 1-5 target group blocks. Detailed below.

Stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. Detailed below.

targetGroups List<ListenerDefaultActionForwardTargetGroup>

Set of 1-5 target group blocks. Detailed below.

stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. Detailed below.

targetGroups ListenerDefaultActionForwardTargetGroup[]

Set of 1-5 target group blocks. Detailed below.

stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. Detailed below.

target_groups Sequence[ListenerDefaultActionForwardTargetGroup]

Set of 1-5 target group blocks. Detailed below.

stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. Detailed below.

targetGroups List<Property Map>

Set of 1-5 target group blocks. Detailed below.

stickiness Property Map

Configuration block for target group stickiness for the rule. Detailed below.

ListenerDefaultActionForwardStickiness

Duration int

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

Enabled bool

Whether target group stickiness is enabled. Default is false.

Duration int

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

Enabled bool

Whether target group stickiness is enabled. Default is false.

duration Integer

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

enabled Boolean

Whether target group stickiness is enabled. Default is false.

duration number

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

enabled boolean

Whether target group stickiness is enabled. Default is false.

duration int

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

enabled bool

Whether target group stickiness is enabled. Default is false.

duration Number

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

enabled Boolean

Whether target group stickiness is enabled. Default is false.

ListenerDefaultActionForwardTargetGroup

Arn string

ARN of the target group.

Weight int

Weight. The range is 0 to 999.

Arn string

ARN of the target group.

Weight int

Weight. The range is 0 to 999.

arn String

ARN of the target group.

weight Integer

Weight. The range is 0 to 999.

arn string

ARN of the target group.

weight number

Weight. The range is 0 to 999.

arn str

ARN of the target group.

weight int

Weight. The range is 0 to 999.

arn String

ARN of the target group.

weight Number

Weight. The range is 0 to 999.

ListenerDefaultActionRedirect

StatusCode string

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

Host string

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

Path string

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

Port string

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

Protocol string

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

Query string

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

StatusCode string

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

Host string

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

Path string

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

Port string

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

Protocol string

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

Query string

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

statusCode String

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

host String

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

path String

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

port String

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

protocol String

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

query String

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

statusCode string

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

host string

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

path string

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

port string

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

protocol string

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

query string

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

status_code str

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

host str

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

path str

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

port str

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

protocol str

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

query str

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

statusCode String

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

host String

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

path String

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

port String

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

protocol String

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

query String

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

Import

Listeners can be imported using their ARN, e.g.,

 $ pulumi import aws:lb/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.