1. Packages
  2. AWS Classic
  3. API Docs
  4. lb
  5. Listener

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi

aws.lb.Listener

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi

    Provides a Load Balancer Listener resource.

    Note: aws.alb.Listener is known as aws.lb.Listener. The functionality is identical.

    Example Usage

    Forward Action

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const frontEnd = new aws.lb.LoadBalancer("front_end", {});
    const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
    const frontEndListener = new aws.lb.Listener("front_end", {
        loadBalancerArn: frontEnd.arn,
        port: 443,
        protocol: "HTTPS",
        sslPolicy: "ELBSecurityPolicy-2016-08",
        certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
        defaultActions: [{
            type: "forward",
            targetGroupArn: frontEndTargetGroup.arn,
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    front_end = aws.lb.LoadBalancer("front_end")
    front_end_target_group = aws.lb.TargetGroup("front_end")
    front_end_listener = aws.lb.Listener("front_end",
        load_balancer_arn=front_end.arn,
        port=443,
        protocol="HTTPS",
        ssl_policy="ELBSecurityPolicy-2016-08",
        certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
        default_actions=[aws.lb.ListenerDefaultActionArgs(
            type="forward",
            target_group_arn=front_end_target_group.arn,
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
    		if err != nil {
    			return err
    		}
    		frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
    		if err != nil {
    			return err
    		}
    		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
    			LoadBalancerArn: frontEnd.Arn,
    			Port:            pulumi.Int(443),
    			Protocol:        pulumi.String("HTTPS"),
    			SslPolicy:       pulumi.String("ELBSecurityPolicy-2016-08"),
    			CertificateArn:  pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
    			DefaultActions: lb.ListenerDefaultActionArray{
    				&lb.ListenerDefaultActionArgs{
    					Type:           pulumi.String("forward"),
    					TargetGroupArn: frontEndTargetGroup.Arn,
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var frontEnd = new Aws.LB.LoadBalancer("front_end");
    
        var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");
    
        var frontEndListener = new Aws.LB.Listener("front_end", new()
        {
            LoadBalancerArn = frontEnd.Arn,
            Port = 443,
            Protocol = "HTTPS",
            SslPolicy = "ELBSecurityPolicy-2016-08",
            CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
            DefaultActions = new[]
            {
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    Type = "forward",
                    TargetGroupArn = frontEndTargetGroup.Arn,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lb.LoadBalancer;
    import com.pulumi.aws.lb.TargetGroup;
    import com.pulumi.aws.lb.Listener;
    import com.pulumi.aws.lb.ListenerArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var frontEnd = new LoadBalancer("frontEnd");
    
            var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
    
            var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
                .loadBalancerArn(frontEnd.arn())
                .port("443")
                .protocol("HTTPS")
                .sslPolicy("ELBSecurityPolicy-2016-08")
                .certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
                .defaultActions(ListenerDefaultActionArgs.builder()
                    .type("forward")
                    .targetGroupArn(frontEndTargetGroup.arn())
                    .build())
                .build());
    
        }
    }
    
    resources:
      frontEnd:
        type: aws:lb:LoadBalancer
        name: front_end
      frontEndTargetGroup:
        type: aws:lb:TargetGroup
        name: front_end
      frontEndListener:
        type: aws:lb:Listener
        name: front_end
        properties:
          loadBalancerArn: ${frontEnd.arn}
          port: '443'
          protocol: HTTPS
          sslPolicy: ELBSecurityPolicy-2016-08
          certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
          defaultActions:
            - type: forward
              targetGroupArn: ${frontEndTargetGroup.arn}
    

    To a NLB:

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const frontEnd = new aws.lb.Listener("front_end", {
        loadBalancerArn: frontEndAwsLb.arn,
        port: 443,
        protocol: "TLS",
        certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
        alpnPolicy: "HTTP2Preferred",
        defaultActions: [{
            type: "forward",
            targetGroupArn: frontEndAwsLbTargetGroup.arn,
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    front_end = aws.lb.Listener("front_end",
        load_balancer_arn=front_end_aws_lb["arn"],
        port=443,
        protocol="TLS",
        certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
        alpn_policy="HTTP2Preferred",
        default_actions=[aws.lb.ListenerDefaultActionArgs(
            type="forward",
            target_group_arn=front_end_aws_lb_target_group["arn"],
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
    			LoadBalancerArn: pulumi.Any(frontEndAwsLb.Arn),
    			Port:            pulumi.Int(443),
    			Protocol:        pulumi.String("TLS"),
    			CertificateArn:  pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
    			AlpnPolicy:      pulumi.String("HTTP2Preferred"),
    			DefaultActions: lb.ListenerDefaultActionArray{
    				&lb.ListenerDefaultActionArgs{
    					Type:           pulumi.String("forward"),
    					TargetGroupArn: pulumi.Any(frontEndAwsLbTargetGroup.Arn),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var frontEnd = new Aws.LB.Listener("front_end", new()
        {
            LoadBalancerArn = frontEndAwsLb.Arn,
            Port = 443,
            Protocol = "TLS",
            CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
            AlpnPolicy = "HTTP2Preferred",
            DefaultActions = new[]
            {
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    Type = "forward",
                    TargetGroupArn = frontEndAwsLbTargetGroup.Arn,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lb.Listener;
    import com.pulumi.aws.lb.ListenerArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var frontEnd = new Listener("frontEnd", ListenerArgs.builder()
                .loadBalancerArn(frontEndAwsLb.arn())
                .port("443")
                .protocol("TLS")
                .certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
                .alpnPolicy("HTTP2Preferred")
                .defaultActions(ListenerDefaultActionArgs.builder()
                    .type("forward")
                    .targetGroupArn(frontEndAwsLbTargetGroup.arn())
                    .build())
                .build());
    
        }
    }
    
    resources:
      frontEnd:
        type: aws:lb:Listener
        name: front_end
        properties:
          loadBalancerArn: ${frontEndAwsLb.arn}
          port: '443'
          protocol: TLS
          certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
          alpnPolicy: HTTP2Preferred
          defaultActions:
            - type: forward
              targetGroupArn: ${frontEndAwsLbTargetGroup.arn}
    

    Redirect Action

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const frontEnd = new aws.lb.LoadBalancer("front_end", {});
    const frontEndListener = new aws.lb.Listener("front_end", {
        loadBalancerArn: frontEnd.arn,
        port: 80,
        protocol: "HTTP",
        defaultActions: [{
            type: "redirect",
            redirect: {
                port: "443",
                protocol: "HTTPS",
                statusCode: "HTTP_301",
            },
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    front_end = aws.lb.LoadBalancer("front_end")
    front_end_listener = aws.lb.Listener("front_end",
        load_balancer_arn=front_end.arn,
        port=80,
        protocol="HTTP",
        default_actions=[aws.lb.ListenerDefaultActionArgs(
            type="redirect",
            redirect=aws.lb.ListenerDefaultActionRedirectArgs(
                port="443",
                protocol="HTTPS",
                status_code="HTTP_301",
            ),
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
    		if err != nil {
    			return err
    		}
    		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
    			LoadBalancerArn: frontEnd.Arn,
    			Port:            pulumi.Int(80),
    			Protocol:        pulumi.String("HTTP"),
    			DefaultActions: lb.ListenerDefaultActionArray{
    				&lb.ListenerDefaultActionArgs{
    					Type: pulumi.String("redirect"),
    					Redirect: &lb.ListenerDefaultActionRedirectArgs{
    						Port:       pulumi.String("443"),
    						Protocol:   pulumi.String("HTTPS"),
    						StatusCode: pulumi.String("HTTP_301"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var frontEnd = new Aws.LB.LoadBalancer("front_end");
    
        var frontEndListener = new Aws.LB.Listener("front_end", new()
        {
            LoadBalancerArn = frontEnd.Arn,
            Port = 80,
            Protocol = "HTTP",
            DefaultActions = new[]
            {
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    Type = "redirect",
                    Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
                    {
                        Port = "443",
                        Protocol = "HTTPS",
                        StatusCode = "HTTP_301",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lb.LoadBalancer;
    import com.pulumi.aws.lb.Listener;
    import com.pulumi.aws.lb.ListenerArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionRedirectArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var frontEnd = new LoadBalancer("frontEnd");
    
            var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
                .loadBalancerArn(frontEnd.arn())
                .port("80")
                .protocol("HTTP")
                .defaultActions(ListenerDefaultActionArgs.builder()
                    .type("redirect")
                    .redirect(ListenerDefaultActionRedirectArgs.builder()
                        .port("443")
                        .protocol("HTTPS")
                        .statusCode("HTTP_301")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      frontEnd:
        type: aws:lb:LoadBalancer
        name: front_end
      frontEndListener:
        type: aws:lb:Listener
        name: front_end
        properties:
          loadBalancerArn: ${frontEnd.arn}
          port: '80'
          protocol: HTTP
          defaultActions:
            - type: redirect
              redirect:
                port: '443'
                protocol: HTTPS
                statusCode: HTTP_301
    

    Fixed-response Action

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const frontEnd = new aws.lb.LoadBalancer("front_end", {});
    const frontEndListener = new aws.lb.Listener("front_end", {
        loadBalancerArn: frontEnd.arn,
        port: 80,
        protocol: "HTTP",
        defaultActions: [{
            type: "fixed-response",
            fixedResponse: {
                contentType: "text/plain",
                messageBody: "Fixed response content",
                statusCode: "200",
            },
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    front_end = aws.lb.LoadBalancer("front_end")
    front_end_listener = aws.lb.Listener("front_end",
        load_balancer_arn=front_end.arn,
        port=80,
        protocol="HTTP",
        default_actions=[aws.lb.ListenerDefaultActionArgs(
            type="fixed-response",
            fixed_response=aws.lb.ListenerDefaultActionFixedResponseArgs(
                content_type="text/plain",
                message_body="Fixed response content",
                status_code="200",
            ),
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
    		if err != nil {
    			return err
    		}
    		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
    			LoadBalancerArn: frontEnd.Arn,
    			Port:            pulumi.Int(80),
    			Protocol:        pulumi.String("HTTP"),
    			DefaultActions: lb.ListenerDefaultActionArray{
    				&lb.ListenerDefaultActionArgs{
    					Type: pulumi.String("fixed-response"),
    					FixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{
    						ContentType: pulumi.String("text/plain"),
    						MessageBody: pulumi.String("Fixed response content"),
    						StatusCode:  pulumi.String("200"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var frontEnd = new Aws.LB.LoadBalancer("front_end");
    
        var frontEndListener = new Aws.LB.Listener("front_end", new()
        {
            LoadBalancerArn = frontEnd.Arn,
            Port = 80,
            Protocol = "HTTP",
            DefaultActions = new[]
            {
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    Type = "fixed-response",
                    FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
                    {
                        ContentType = "text/plain",
                        MessageBody = "Fixed response content",
                        StatusCode = "200",
                    },
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lb.LoadBalancer;
    import com.pulumi.aws.lb.Listener;
    import com.pulumi.aws.lb.ListenerArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionFixedResponseArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var frontEnd = new LoadBalancer("frontEnd");
    
            var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
                .loadBalancerArn(frontEnd.arn())
                .port("80")
                .protocol("HTTP")
                .defaultActions(ListenerDefaultActionArgs.builder()
                    .type("fixed-response")
                    .fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
                        .contentType("text/plain")
                        .messageBody("Fixed response content")
                        .statusCode("200")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      frontEnd:
        type: aws:lb:LoadBalancer
        name: front_end
      frontEndListener:
        type: aws:lb:Listener
        name: front_end
        properties:
          loadBalancerArn: ${frontEnd.arn}
          port: '80'
          protocol: HTTP
          defaultActions:
            - type: fixed-response
              fixedResponse:
                contentType: text/plain
                messageBody: Fixed response content
                statusCode: '200'
    

    Authenticate-cognito Action

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const frontEnd = new aws.lb.LoadBalancer("front_end", {});
    const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
    const pool = new aws.cognito.UserPool("pool", {});
    const client = new aws.cognito.UserPoolClient("client", {});
    const domain = new aws.cognito.UserPoolDomain("domain", {});
    const frontEndListener = new aws.lb.Listener("front_end", {
        loadBalancerArn: frontEnd.arn,
        port: 80,
        protocol: "HTTP",
        defaultActions: [
            {
                type: "authenticate-cognito",
                authenticateCognito: {
                    userPoolArn: pool.arn,
                    userPoolClientId: client.id,
                    userPoolDomain: domain.domain,
                },
            },
            {
                type: "forward",
                targetGroupArn: frontEndTargetGroup.arn,
            },
        ],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    front_end = aws.lb.LoadBalancer("front_end")
    front_end_target_group = aws.lb.TargetGroup("front_end")
    pool = aws.cognito.UserPool("pool")
    client = aws.cognito.UserPoolClient("client")
    domain = aws.cognito.UserPoolDomain("domain")
    front_end_listener = aws.lb.Listener("front_end",
        load_balancer_arn=front_end.arn,
        port=80,
        protocol="HTTP",
        default_actions=[
            aws.lb.ListenerDefaultActionArgs(
                type="authenticate-cognito",
                authenticate_cognito=aws.lb.ListenerDefaultActionAuthenticateCognitoArgs(
                    user_pool_arn=pool.arn,
                    user_pool_client_id=client.id,
                    user_pool_domain=domain.domain,
                ),
            ),
            aws.lb.ListenerDefaultActionArgs(
                type="forward",
                target_group_arn=front_end_target_group.arn,
            ),
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
    		if err != nil {
    			return err
    		}
    		frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
    		if err != nil {
    			return err
    		}
    		pool, err := cognito.NewUserPool(ctx, "pool", nil)
    		if err != nil {
    			return err
    		}
    		client, err := cognito.NewUserPoolClient(ctx, "client", nil)
    		if err != nil {
    			return err
    		}
    		domain, err := cognito.NewUserPoolDomain(ctx, "domain", nil)
    		if err != nil {
    			return err
    		}
    		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
    			LoadBalancerArn: frontEnd.Arn,
    			Port:            pulumi.Int(80),
    			Protocol:        pulumi.String("HTTP"),
    			DefaultActions: lb.ListenerDefaultActionArray{
    				&lb.ListenerDefaultActionArgs{
    					Type: pulumi.String("authenticate-cognito"),
    					AuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{
    						UserPoolArn:      pool.Arn,
    						UserPoolClientId: client.ID(),
    						UserPoolDomain:   domain.Domain,
    					},
    				},
    				&lb.ListenerDefaultActionArgs{
    					Type:           pulumi.String("forward"),
    					TargetGroupArn: frontEndTargetGroup.Arn,
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var frontEnd = new Aws.LB.LoadBalancer("front_end");
    
        var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");
    
        var pool = new Aws.Cognito.UserPool("pool");
    
        var client = new Aws.Cognito.UserPoolClient("client");
    
        var domain = new Aws.Cognito.UserPoolDomain("domain");
    
        var frontEndListener = new Aws.LB.Listener("front_end", new()
        {
            LoadBalancerArn = frontEnd.Arn,
            Port = 80,
            Protocol = "HTTP",
            DefaultActions = new[]
            {
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    Type = "authenticate-cognito",
                    AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
                    {
                        UserPoolArn = pool.Arn,
                        UserPoolClientId = client.Id,
                        UserPoolDomain = domain.Domain,
                    },
                },
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    Type = "forward",
                    TargetGroupArn = frontEndTargetGroup.Arn,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lb.LoadBalancer;
    import com.pulumi.aws.lb.TargetGroup;
    import com.pulumi.aws.cognito.UserPool;
    import com.pulumi.aws.cognito.UserPoolClient;
    import com.pulumi.aws.cognito.UserPoolDomain;
    import com.pulumi.aws.lb.Listener;
    import com.pulumi.aws.lb.ListenerArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateCognitoArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var frontEnd = new LoadBalancer("frontEnd");
    
            var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
    
            var pool = new UserPool("pool");
    
            var client = new UserPoolClient("client");
    
            var domain = new UserPoolDomain("domain");
    
            var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
                .loadBalancerArn(frontEnd.arn())
                .port("80")
                .protocol("HTTP")
                .defaultActions(            
                    ListenerDefaultActionArgs.builder()
                        .type("authenticate-cognito")
                        .authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
                            .userPoolArn(pool.arn())
                            .userPoolClientId(client.id())
                            .userPoolDomain(domain.domain())
                            .build())
                        .build(),
                    ListenerDefaultActionArgs.builder()
                        .type("forward")
                        .targetGroupArn(frontEndTargetGroup.arn())
                        .build())
                .build());
    
        }
    }
    
    resources:
      frontEnd:
        type: aws:lb:LoadBalancer
        name: front_end
      frontEndTargetGroup:
        type: aws:lb:TargetGroup
        name: front_end
      pool:
        type: aws:cognito:UserPool
      client:
        type: aws:cognito:UserPoolClient
      domain:
        type: aws:cognito:UserPoolDomain
      frontEndListener:
        type: aws:lb:Listener
        name: front_end
        properties:
          loadBalancerArn: ${frontEnd.arn}
          port: '80'
          protocol: HTTP
          defaultActions:
            - type: authenticate-cognito
              authenticateCognito:
                userPoolArn: ${pool.arn}
                userPoolClientId: ${client.id}
                userPoolDomain: ${domain.domain}
            - type: forward
              targetGroupArn: ${frontEndTargetGroup.arn}
    

    Authenticate-OIDC Action

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const frontEnd = new aws.lb.LoadBalancer("front_end", {});
    const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
    const frontEndListener = new aws.lb.Listener("front_end", {
        loadBalancerArn: frontEnd.arn,
        port: 80,
        protocol: "HTTP",
        defaultActions: [
            {
                type: "authenticate-oidc",
                authenticateOidc: {
                    authorizationEndpoint: "https://example.com/authorization_endpoint",
                    clientId: "client_id",
                    clientSecret: "client_secret",
                    issuer: "https://example.com",
                    tokenEndpoint: "https://example.com/token_endpoint",
                    userInfoEndpoint: "https://example.com/user_info_endpoint",
                },
            },
            {
                type: "forward",
                targetGroupArn: frontEndTargetGroup.arn,
            },
        ],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    front_end = aws.lb.LoadBalancer("front_end")
    front_end_target_group = aws.lb.TargetGroup("front_end")
    front_end_listener = aws.lb.Listener("front_end",
        load_balancer_arn=front_end.arn,
        port=80,
        protocol="HTTP",
        default_actions=[
            aws.lb.ListenerDefaultActionArgs(
                type="authenticate-oidc",
                authenticate_oidc=aws.lb.ListenerDefaultActionAuthenticateOidcArgs(
                    authorization_endpoint="https://example.com/authorization_endpoint",
                    client_id="client_id",
                    client_secret="client_secret",
                    issuer="https://example.com",
                    token_endpoint="https://example.com/token_endpoint",
                    user_info_endpoint="https://example.com/user_info_endpoint",
                ),
            ),
            aws.lb.ListenerDefaultActionArgs(
                type="forward",
                target_group_arn=front_end_target_group.arn,
            ),
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
    		if err != nil {
    			return err
    		}
    		frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
    		if err != nil {
    			return err
    		}
    		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
    			LoadBalancerArn: frontEnd.Arn,
    			Port:            pulumi.Int(80),
    			Protocol:        pulumi.String("HTTP"),
    			DefaultActions: lb.ListenerDefaultActionArray{
    				&lb.ListenerDefaultActionArgs{
    					Type: pulumi.String("authenticate-oidc"),
    					AuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{
    						AuthorizationEndpoint: pulumi.String("https://example.com/authorization_endpoint"),
    						ClientId:              pulumi.String("client_id"),
    						ClientSecret:          pulumi.String("client_secret"),
    						Issuer:                pulumi.String("https://example.com"),
    						TokenEndpoint:         pulumi.String("https://example.com/token_endpoint"),
    						UserInfoEndpoint:      pulumi.String("https://example.com/user_info_endpoint"),
    					},
    				},
    				&lb.ListenerDefaultActionArgs{
    					Type:           pulumi.String("forward"),
    					TargetGroupArn: frontEndTargetGroup.Arn,
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var frontEnd = new Aws.LB.LoadBalancer("front_end");
    
        var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");
    
        var frontEndListener = new Aws.LB.Listener("front_end", new()
        {
            LoadBalancerArn = frontEnd.Arn,
            Port = 80,
            Protocol = "HTTP",
            DefaultActions = new[]
            {
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    Type = "authenticate-oidc",
                    AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
                    {
                        AuthorizationEndpoint = "https://example.com/authorization_endpoint",
                        ClientId = "client_id",
                        ClientSecret = "client_secret",
                        Issuer = "https://example.com",
                        TokenEndpoint = "https://example.com/token_endpoint",
                        UserInfoEndpoint = "https://example.com/user_info_endpoint",
                    },
                },
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    Type = "forward",
                    TargetGroupArn = frontEndTargetGroup.Arn,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lb.LoadBalancer;
    import com.pulumi.aws.lb.TargetGroup;
    import com.pulumi.aws.lb.Listener;
    import com.pulumi.aws.lb.ListenerArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateOidcArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var frontEnd = new LoadBalancer("frontEnd");
    
            var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
    
            var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
                .loadBalancerArn(frontEnd.arn())
                .port("80")
                .protocol("HTTP")
                .defaultActions(            
                    ListenerDefaultActionArgs.builder()
                        .type("authenticate-oidc")
                        .authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
                            .authorizationEndpoint("https://example.com/authorization_endpoint")
                            .clientId("client_id")
                            .clientSecret("client_secret")
                            .issuer("https://example.com")
                            .tokenEndpoint("https://example.com/token_endpoint")
                            .userInfoEndpoint("https://example.com/user_info_endpoint")
                            .build())
                        .build(),
                    ListenerDefaultActionArgs.builder()
                        .type("forward")
                        .targetGroupArn(frontEndTargetGroup.arn())
                        .build())
                .build());
    
        }
    }
    
    resources:
      frontEnd:
        type: aws:lb:LoadBalancer
        name: front_end
      frontEndTargetGroup:
        type: aws:lb:TargetGroup
        name: front_end
      frontEndListener:
        type: aws:lb:Listener
        name: front_end
        properties:
          loadBalancerArn: ${frontEnd.arn}
          port: '80'
          protocol: HTTP
          defaultActions:
            - type: authenticate-oidc
              authenticateOidc:
                authorizationEndpoint: https://example.com/authorization_endpoint
                clientId: client_id
                clientSecret: client_secret
                issuer: https://example.com
                tokenEndpoint: https://example.com/token_endpoint
                userInfoEndpoint: https://example.com/user_info_endpoint
            - type: forward
              targetGroupArn: ${frontEndTargetGroup.arn}
    

    Gateway Load Balancer Listener

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lb.LoadBalancer("example", {
        loadBalancerType: "gateway",
        name: "example",
        subnetMappings: [{
            subnetId: exampleAwsSubnet.id,
        }],
    });
    const exampleTargetGroup = new aws.lb.TargetGroup("example", {
        name: "example",
        port: 6081,
        protocol: "GENEVE",
        vpcId: exampleAwsVpc.id,
        healthCheck: {
            port: "80",
            protocol: "HTTP",
        },
    });
    const exampleListener = new aws.lb.Listener("example", {
        loadBalancerArn: example.id,
        defaultActions: [{
            targetGroupArn: exampleTargetGroup.id,
            type: "forward",
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lb.LoadBalancer("example",
        load_balancer_type="gateway",
        name="example",
        subnet_mappings=[aws.lb.LoadBalancerSubnetMappingArgs(
            subnet_id=example_aws_subnet["id"],
        )])
    example_target_group = aws.lb.TargetGroup("example",
        name="example",
        port=6081,
        protocol="GENEVE",
        vpc_id=example_aws_vpc["id"],
        health_check=aws.lb.TargetGroupHealthCheckArgs(
            port="80",
            protocol="HTTP",
        ))
    example_listener = aws.lb.Listener("example",
        load_balancer_arn=example.id,
        default_actions=[aws.lb.ListenerDefaultActionArgs(
            target_group_arn=example_target_group.id,
            type="forward",
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
    			LoadBalancerType: pulumi.String("gateway"),
    			Name:             pulumi.String("example"),
    			SubnetMappings: lb.LoadBalancerSubnetMappingArray{
    				&lb.LoadBalancerSubnetMappingArgs{
    					SubnetId: pulumi.Any(exampleAwsSubnet.Id),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		exampleTargetGroup, err := lb.NewTargetGroup(ctx, "example", &lb.TargetGroupArgs{
    			Name:     pulumi.String("example"),
    			Port:     pulumi.Int(6081),
    			Protocol: pulumi.String("GENEVE"),
    			VpcId:    pulumi.Any(exampleAwsVpc.Id),
    			HealthCheck: &lb.TargetGroupHealthCheckArgs{
    				Port:     pulumi.String("80"),
    				Protocol: pulumi.String("HTTP"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = lb.NewListener(ctx, "example", &lb.ListenerArgs{
    			LoadBalancerArn: example.ID(),
    			DefaultActions: lb.ListenerDefaultActionArray{
    				&lb.ListenerDefaultActionArgs{
    					TargetGroupArn: exampleTargetGroup.ID(),
    					Type:           pulumi.String("forward"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LB.LoadBalancer("example", new()
        {
            LoadBalancerType = "gateway",
            Name = "example",
            SubnetMappings = new[]
            {
                new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
                {
                    SubnetId = exampleAwsSubnet.Id,
                },
            },
        });
    
        var exampleTargetGroup = new Aws.LB.TargetGroup("example", new()
        {
            Name = "example",
            Port = 6081,
            Protocol = "GENEVE",
            VpcId = exampleAwsVpc.Id,
            HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs
            {
                Port = "80",
                Protocol = "HTTP",
            },
        });
    
        var exampleListener = new Aws.LB.Listener("example", new()
        {
            LoadBalancerArn = example.Id,
            DefaultActions = new[]
            {
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    TargetGroupArn = exampleTargetGroup.Id,
                    Type = "forward",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lb.LoadBalancer;
    import com.pulumi.aws.lb.LoadBalancerArgs;
    import com.pulumi.aws.lb.inputs.LoadBalancerSubnetMappingArgs;
    import com.pulumi.aws.lb.TargetGroup;
    import com.pulumi.aws.lb.TargetGroupArgs;
    import com.pulumi.aws.lb.inputs.TargetGroupHealthCheckArgs;
    import com.pulumi.aws.lb.Listener;
    import com.pulumi.aws.lb.ListenerArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new LoadBalancer("example", LoadBalancerArgs.builder()
                .loadBalancerType("gateway")
                .name("example")
                .subnetMappings(LoadBalancerSubnetMappingArgs.builder()
                    .subnetId(exampleAwsSubnet.id())
                    .build())
                .build());
    
            var exampleTargetGroup = new TargetGroup("exampleTargetGroup", TargetGroupArgs.builder()
                .name("example")
                .port(6081)
                .protocol("GENEVE")
                .vpcId(exampleAwsVpc.id())
                .healthCheck(TargetGroupHealthCheckArgs.builder()
                    .port(80)
                    .protocol("HTTP")
                    .build())
                .build());
    
            var exampleListener = new Listener("exampleListener", ListenerArgs.builder()
                .loadBalancerArn(example.id())
                .defaultActions(ListenerDefaultActionArgs.builder()
                    .targetGroupArn(exampleTargetGroup.id())
                    .type("forward")
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:lb:LoadBalancer
        properties:
          loadBalancerType: gateway
          name: example
          subnetMappings:
            - subnetId: ${exampleAwsSubnet.id}
      exampleTargetGroup:
        type: aws:lb:TargetGroup
        name: example
        properties:
          name: example
          port: 6081
          protocol: GENEVE
          vpcId: ${exampleAwsVpc.id}
          healthCheck:
            port: 80
            protocol: HTTP
      exampleListener:
        type: aws:lb:Listener
        name: example
        properties:
          loadBalancerArn: ${example.id}
          defaultActions:
            - targetGroupArn: ${exampleTargetGroup.id}
              type: forward
    

    Mutual TLS Authentication

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.lb.LoadBalancer("example", {loadBalancerType: "application"});
    const exampleTargetGroup = new aws.lb.TargetGroup("example", {});
    const exampleListener = new aws.lb.Listener("example", {
        loadBalancerArn: example.id,
        defaultActions: [{
            targetGroupArn: exampleTargetGroup.id,
            type: "forward",
        }],
        mutualAuthentication: {
            mode: "verify",
            trustStoreArn: "...",
        },
    });
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.lb.LoadBalancer("example", load_balancer_type="application")
    example_target_group = aws.lb.TargetGroup("example")
    example_listener = aws.lb.Listener("example",
        load_balancer_arn=example.id,
        default_actions=[aws.lb.ListenerDefaultActionArgs(
            target_group_arn=example_target_group.id,
            type="forward",
        )],
        mutual_authentication=aws.lb.ListenerMutualAuthenticationArgs(
            mode="verify",
            trust_store_arn="...",
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
    			LoadBalancerType: pulumi.String("application"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleTargetGroup, err := lb.NewTargetGroup(ctx, "example", nil)
    		if err != nil {
    			return err
    		}
    		_, err = lb.NewListener(ctx, "example", &lb.ListenerArgs{
    			LoadBalancerArn: example.ID(),
    			DefaultActions: lb.ListenerDefaultActionArray{
    				&lb.ListenerDefaultActionArgs{
    					TargetGroupArn: exampleTargetGroup.ID(),
    					Type:           pulumi.String("forward"),
    				},
    			},
    			MutualAuthentication: &lb.ListenerMutualAuthenticationArgs{
    				Mode:          pulumi.String("verify"),
    				TrustStoreArn: pulumi.String("..."),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.LB.LoadBalancer("example", new()
        {
            LoadBalancerType = "application",
        });
    
        var exampleTargetGroup = new Aws.LB.TargetGroup("example");
    
        var exampleListener = new Aws.LB.Listener("example", new()
        {
            LoadBalancerArn = example.Id,
            DefaultActions = new[]
            {
                new Aws.LB.Inputs.ListenerDefaultActionArgs
                {
                    TargetGroupArn = exampleTargetGroup.Id,
                    Type = "forward",
                },
            },
            MutualAuthentication = new Aws.LB.Inputs.ListenerMutualAuthenticationArgs
            {
                Mode = "verify",
                TrustStoreArn = "...",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.lb.LoadBalancer;
    import com.pulumi.aws.lb.LoadBalancerArgs;
    import com.pulumi.aws.lb.TargetGroup;
    import com.pulumi.aws.lb.Listener;
    import com.pulumi.aws.lb.ListenerArgs;
    import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
    import com.pulumi.aws.lb.inputs.ListenerMutualAuthenticationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new LoadBalancer("example", LoadBalancerArgs.builder()
                .loadBalancerType("application")
                .build());
    
            var exampleTargetGroup = new TargetGroup("exampleTargetGroup");
    
            var exampleListener = new Listener("exampleListener", ListenerArgs.builder()
                .loadBalancerArn(example.id())
                .defaultActions(ListenerDefaultActionArgs.builder()
                    .targetGroupArn(exampleTargetGroup.id())
                    .type("forward")
                    .build())
                .mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
                    .mode("verify")
                    .trustStoreArn("...")
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:lb:LoadBalancer
        properties:
          loadBalancerType: application
      exampleTargetGroup:
        type: aws:lb:TargetGroup
        name: example
      exampleListener:
        type: aws:lb:Listener
        name: example
        properties:
          loadBalancerArn: ${example.id}
          defaultActions:
            - targetGroupArn: ${exampleTargetGroup.id}
              type: forward
          mutualAuthentication:
            mode: verify
            trustStoreArn: '...'
    

    Create Listener Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Listener(name: string, args: ListenerArgs, opts?: CustomResourceOptions);
    @overload
    def Listener(resource_name: str,
                 args: ListenerArgs,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Listener(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
                 load_balancer_arn: Optional[str] = None,
                 alpn_policy: Optional[str] = None,
                 certificate_arn: Optional[str] = None,
                 mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
                 port: Optional[int] = None,
                 protocol: Optional[str] = None,
                 ssl_policy: Optional[str] = None,
                 tags: Optional[Mapping[str, str]] = None)
    func NewListener(ctx *Context, name string, args ListenerArgs, opts ...ResourceOption) (*Listener, error)
    public Listener(string name, ListenerArgs args, CustomResourceOptions? opts = null)
    public Listener(String name, ListenerArgs args)
    public Listener(String name, ListenerArgs args, CustomResourceOptions options)
    
    type: aws:lb:Listener
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ListenerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ListenerArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ListenerArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ListenerArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ListenerArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var examplelistenerResourceResourceFromLblistener = new Aws.LB.Listener("examplelistenerResourceResourceFromLblistener", new()
    {
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "string",
                AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
                {
                    UserPoolArn = "string",
                    UserPoolClientId = "string",
                    UserPoolDomain = "string",
                    AuthenticationRequestExtraParams = 
                    {
                        { "string", "string" },
                    },
                    OnUnauthenticatedRequest = "string",
                    Scope = "string",
                    SessionCookieName = "string",
                    SessionTimeout = 0,
                },
                AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
                {
                    AuthorizationEndpoint = "string",
                    ClientId = "string",
                    ClientSecret = "string",
                    Issuer = "string",
                    TokenEndpoint = "string",
                    UserInfoEndpoint = "string",
                    AuthenticationRequestExtraParams = 
                    {
                        { "string", "string" },
                    },
                    OnUnauthenticatedRequest = "string",
                    Scope = "string",
                    SessionCookieName = "string",
                    SessionTimeout = 0,
                },
                FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
                {
                    ContentType = "string",
                    MessageBody = "string",
                    StatusCode = "string",
                },
                Forward = new Aws.LB.Inputs.ListenerDefaultActionForwardArgs
                {
                    TargetGroups = new[]
                    {
                        new Aws.LB.Inputs.ListenerDefaultActionForwardTargetGroupArgs
                        {
                            Arn = "string",
                            Weight = 0,
                        },
                    },
                    Stickiness = new Aws.LB.Inputs.ListenerDefaultActionForwardStickinessArgs
                    {
                        Duration = 0,
                        Enabled = false,
                    },
                },
                Order = 0,
                Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
                {
                    StatusCode = "string",
                    Host = "string",
                    Path = "string",
                    Port = "string",
                    Protocol = "string",
                    Query = "string",
                },
                TargetGroupArn = "string",
            },
        },
        LoadBalancerArn = "string",
        AlpnPolicy = "string",
        CertificateArn = "string",
        MutualAuthentication = new Aws.LB.Inputs.ListenerMutualAuthenticationArgs
        {
            Mode = "string",
            IgnoreClientCertificateExpiry = false,
            TrustStoreArn = "string",
        },
        Port = 0,
        Protocol = "string",
        SslPolicy = "string",
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := lb.NewListener(ctx, "examplelistenerResourceResourceFromLblistener", &lb.ListenerArgs{
    	DefaultActions: lb.ListenerDefaultActionArray{
    		&lb.ListenerDefaultActionArgs{
    			Type: pulumi.String("string"),
    			AuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{
    				UserPoolArn:      pulumi.String("string"),
    				UserPoolClientId: pulumi.String("string"),
    				UserPoolDomain:   pulumi.String("string"),
    				AuthenticationRequestExtraParams: pulumi.StringMap{
    					"string": pulumi.String("string"),
    				},
    				OnUnauthenticatedRequest: pulumi.String("string"),
    				Scope:                    pulumi.String("string"),
    				SessionCookieName:        pulumi.String("string"),
    				SessionTimeout:           pulumi.Int(0),
    			},
    			AuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{
    				AuthorizationEndpoint: pulumi.String("string"),
    				ClientId:              pulumi.String("string"),
    				ClientSecret:          pulumi.String("string"),
    				Issuer:                pulumi.String("string"),
    				TokenEndpoint:         pulumi.String("string"),
    				UserInfoEndpoint:      pulumi.String("string"),
    				AuthenticationRequestExtraParams: pulumi.StringMap{
    					"string": pulumi.String("string"),
    				},
    				OnUnauthenticatedRequest: pulumi.String("string"),
    				Scope:                    pulumi.String("string"),
    				SessionCookieName:        pulumi.String("string"),
    				SessionTimeout:           pulumi.Int(0),
    			},
    			FixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{
    				ContentType: pulumi.String("string"),
    				MessageBody: pulumi.String("string"),
    				StatusCode:  pulumi.String("string"),
    			},
    			Forward: &lb.ListenerDefaultActionForwardArgs{
    				TargetGroups: lb.ListenerDefaultActionForwardTargetGroupArray{
    					&lb.ListenerDefaultActionForwardTargetGroupArgs{
    						Arn:    pulumi.String("string"),
    						Weight: pulumi.Int(0),
    					},
    				},
    				Stickiness: &lb.ListenerDefaultActionForwardStickinessArgs{
    					Duration: pulumi.Int(0),
    					Enabled:  pulumi.Bool(false),
    				},
    			},
    			Order: pulumi.Int(0),
    			Redirect: &lb.ListenerDefaultActionRedirectArgs{
    				StatusCode: pulumi.String("string"),
    				Host:       pulumi.String("string"),
    				Path:       pulumi.String("string"),
    				Port:       pulumi.String("string"),
    				Protocol:   pulumi.String("string"),
    				Query:      pulumi.String("string"),
    			},
    			TargetGroupArn: pulumi.String("string"),
    		},
    	},
    	LoadBalancerArn: pulumi.String("string"),
    	AlpnPolicy:      pulumi.String("string"),
    	CertificateArn:  pulumi.String("string"),
    	MutualAuthentication: &lb.ListenerMutualAuthenticationArgs{
    		Mode:                          pulumi.String("string"),
    		IgnoreClientCertificateExpiry: pulumi.Bool(false),
    		TrustStoreArn:                 pulumi.String("string"),
    	},
    	Port:      pulumi.Int(0),
    	Protocol:  pulumi.String("string"),
    	SslPolicy: pulumi.String("string"),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var examplelistenerResourceResourceFromLblistener = new Listener("examplelistenerResourceResourceFromLblistener", ListenerArgs.builder()
        .defaultActions(ListenerDefaultActionArgs.builder()
            .type("string")
            .authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
                .userPoolArn("string")
                .userPoolClientId("string")
                .userPoolDomain("string")
                .authenticationRequestExtraParams(Map.of("string", "string"))
                .onUnauthenticatedRequest("string")
                .scope("string")
                .sessionCookieName("string")
                .sessionTimeout(0)
                .build())
            .authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
                .authorizationEndpoint("string")
                .clientId("string")
                .clientSecret("string")
                .issuer("string")
                .tokenEndpoint("string")
                .userInfoEndpoint("string")
                .authenticationRequestExtraParams(Map.of("string", "string"))
                .onUnauthenticatedRequest("string")
                .scope("string")
                .sessionCookieName("string")
                .sessionTimeout(0)
                .build())
            .fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
                .contentType("string")
                .messageBody("string")
                .statusCode("string")
                .build())
            .forward(ListenerDefaultActionForwardArgs.builder()
                .targetGroups(ListenerDefaultActionForwardTargetGroupArgs.builder()
                    .arn("string")
                    .weight(0)
                    .build())
                .stickiness(ListenerDefaultActionForwardStickinessArgs.builder()
                    .duration(0)
                    .enabled(false)
                    .build())
                .build())
            .order(0)
            .redirect(ListenerDefaultActionRedirectArgs.builder()
                .statusCode("string")
                .host("string")
                .path("string")
                .port("string")
                .protocol("string")
                .query("string")
                .build())
            .targetGroupArn("string")
            .build())
        .loadBalancerArn("string")
        .alpnPolicy("string")
        .certificateArn("string")
        .mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
            .mode("string")
            .ignoreClientCertificateExpiry(false)
            .trustStoreArn("string")
            .build())
        .port(0)
        .protocol("string")
        .sslPolicy("string")
        .tags(Map.of("string", "string"))
        .build());
    
    examplelistener_resource_resource_from_lblistener = aws.lb.Listener("examplelistenerResourceResourceFromLblistener",
        default_actions=[aws.lb.ListenerDefaultActionArgs(
            type="string",
            authenticate_cognito=aws.lb.ListenerDefaultActionAuthenticateCognitoArgs(
                user_pool_arn="string",
                user_pool_client_id="string",
                user_pool_domain="string",
                authentication_request_extra_params={
                    "string": "string",
                },
                on_unauthenticated_request="string",
                scope="string",
                session_cookie_name="string",
                session_timeout=0,
            ),
            authenticate_oidc=aws.lb.ListenerDefaultActionAuthenticateOidcArgs(
                authorization_endpoint="string",
                client_id="string",
                client_secret="string",
                issuer="string",
                token_endpoint="string",
                user_info_endpoint="string",
                authentication_request_extra_params={
                    "string": "string",
                },
                on_unauthenticated_request="string",
                scope="string",
                session_cookie_name="string",
                session_timeout=0,
            ),
            fixed_response=aws.lb.ListenerDefaultActionFixedResponseArgs(
                content_type="string",
                message_body="string",
                status_code="string",
            ),
            forward=aws.lb.ListenerDefaultActionForwardArgs(
                target_groups=[aws.lb.ListenerDefaultActionForwardTargetGroupArgs(
                    arn="string",
                    weight=0,
                )],
                stickiness=aws.lb.ListenerDefaultActionForwardStickinessArgs(
                    duration=0,
                    enabled=False,
                ),
            ),
            order=0,
            redirect=aws.lb.ListenerDefaultActionRedirectArgs(
                status_code="string",
                host="string",
                path="string",
                port="string",
                protocol="string",
                query="string",
            ),
            target_group_arn="string",
        )],
        load_balancer_arn="string",
        alpn_policy="string",
        certificate_arn="string",
        mutual_authentication=aws.lb.ListenerMutualAuthenticationArgs(
            mode="string",
            ignore_client_certificate_expiry=False,
            trust_store_arn="string",
        ),
        port=0,
        protocol="string",
        ssl_policy="string",
        tags={
            "string": "string",
        })
    
    const examplelistenerResourceResourceFromLblistener = new aws.lb.Listener("examplelistenerResourceResourceFromLblistener", {
        defaultActions: [{
            type: "string",
            authenticateCognito: {
                userPoolArn: "string",
                userPoolClientId: "string",
                userPoolDomain: "string",
                authenticationRequestExtraParams: {
                    string: "string",
                },
                onUnauthenticatedRequest: "string",
                scope: "string",
                sessionCookieName: "string",
                sessionTimeout: 0,
            },
            authenticateOidc: {
                authorizationEndpoint: "string",
                clientId: "string",
                clientSecret: "string",
                issuer: "string",
                tokenEndpoint: "string",
                userInfoEndpoint: "string",
                authenticationRequestExtraParams: {
                    string: "string",
                },
                onUnauthenticatedRequest: "string",
                scope: "string",
                sessionCookieName: "string",
                sessionTimeout: 0,
            },
            fixedResponse: {
                contentType: "string",
                messageBody: "string",
                statusCode: "string",
            },
            forward: {
                targetGroups: [{
                    arn: "string",
                    weight: 0,
                }],
                stickiness: {
                    duration: 0,
                    enabled: false,
                },
            },
            order: 0,
            redirect: {
                statusCode: "string",
                host: "string",
                path: "string",
                port: "string",
                protocol: "string",
                query: "string",
            },
            targetGroupArn: "string",
        }],
        loadBalancerArn: "string",
        alpnPolicy: "string",
        certificateArn: "string",
        mutualAuthentication: {
            mode: "string",
            ignoreClientCertificateExpiry: false,
            trustStoreArn: "string",
        },
        port: 0,
        protocol: "string",
        sslPolicy: "string",
        tags: {
            string: "string",
        },
    });
    
    type: aws:lb:Listener
    properties:
        alpnPolicy: string
        certificateArn: string
        defaultActions:
            - authenticateCognito:
                authenticationRequestExtraParams:
                    string: string
                onUnauthenticatedRequest: string
                scope: string
                sessionCookieName: string
                sessionTimeout: 0
                userPoolArn: string
                userPoolClientId: string
                userPoolDomain: string
              authenticateOidc:
                authenticationRequestExtraParams:
                    string: string
                authorizationEndpoint: string
                clientId: string
                clientSecret: string
                issuer: string
                onUnauthenticatedRequest: string
                scope: string
                sessionCookieName: string
                sessionTimeout: 0
                tokenEndpoint: string
                userInfoEndpoint: string
              fixedResponse:
                contentType: string
                messageBody: string
                statusCode: string
              forward:
                stickiness:
                    duration: 0
                    enabled: false
                targetGroups:
                    - arn: string
                      weight: 0
              order: 0
              redirect:
                host: string
                path: string
                port: string
                protocol: string
                query: string
                statusCode: string
              targetGroupArn: string
              type: string
        loadBalancerArn: string
        mutualAuthentication:
            ignoreClientCertificateExpiry: false
            mode: string
            trustStoreArn: string
        port: 0
        protocol: string
        sslPolicy: string
        tags:
            string: string
    

    Listener Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Listener resource accepts the following input properties:

    DefaultActions List<ListenerDefaultAction>
    Configuration block for default actions. Detailed below.
    LoadBalancerArn string

    ARN of the load balancer.

    The following arguments are optional:

    AlpnPolicy string
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    CertificateArn string
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    MutualAuthentication ListenerMutualAuthentication
    The mutual authentication configuration information. Detailed below.
    Port int
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    Protocol string
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    SslPolicy string
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    Tags Dictionary<string, string>

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    DefaultActions []ListenerDefaultActionArgs
    Configuration block for default actions. Detailed below.
    LoadBalancerArn string

    ARN of the load balancer.

    The following arguments are optional:

    AlpnPolicy string
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    CertificateArn string
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    MutualAuthentication ListenerMutualAuthenticationArgs
    The mutual authentication configuration information. Detailed below.
    Port int
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    Protocol string
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    SslPolicy string
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    Tags map[string]string

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    defaultActions List<ListenerDefaultAction>
    Configuration block for default actions. Detailed below.
    loadBalancerArn String

    ARN of the load balancer.

    The following arguments are optional:

    alpnPolicy String
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    certificateArn String
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    mutualAuthentication ListenerMutualAuthentication
    The mutual authentication configuration information. Detailed below.
    port Integer
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    protocol String
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    sslPolicy String
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    tags Map<String,String>

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    defaultActions ListenerDefaultAction[]
    Configuration block for default actions. Detailed below.
    loadBalancerArn string

    ARN of the load balancer.

    The following arguments are optional:

    alpnPolicy string
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    certificateArn string
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    mutualAuthentication ListenerMutualAuthentication
    The mutual authentication configuration information. Detailed below.
    port number
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    protocol string
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    sslPolicy string
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    tags {[key: string]: string}

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    default_actions Sequence[ListenerDefaultActionArgs]
    Configuration block for default actions. Detailed below.
    load_balancer_arn str

    ARN of the load balancer.

    The following arguments are optional:

    alpn_policy str
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    certificate_arn str
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    mutual_authentication ListenerMutualAuthenticationArgs
    The mutual authentication configuration information. Detailed below.
    port int
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    protocol str
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    ssl_policy str
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    tags Mapping[str, str]

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    defaultActions List<Property Map>
    Configuration block for default actions. Detailed below.
    loadBalancerArn String

    ARN of the load balancer.

    The following arguments are optional:

    alpnPolicy String
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    certificateArn String
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    mutualAuthentication Property Map
    The mutual authentication configuration information. Detailed below.
    port Number
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    protocol String
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    sslPolicy String
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    tags Map<String>

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Listener resource produces the following output properties:

    Arn string
    ARN of the listener (matches id).
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Arn string
    ARN of the listener (matches id).
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the listener (matches id).
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn string
    ARN of the listener (matches id).
    id string
    The provider-assigned unique ID for this managed resource.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn str
    ARN of the listener (matches id).
    id str
    The provider-assigned unique ID for this managed resource.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    arn String
    ARN of the listener (matches id).
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Look up Existing Listener Resource

    Get an existing Listener resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ListenerState, opts?: CustomResourceOptions): Listener
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            alpn_policy: Optional[str] = None,
            arn: Optional[str] = None,
            certificate_arn: Optional[str] = None,
            default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
            load_balancer_arn: Optional[str] = None,
            mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
            port: Optional[int] = None,
            protocol: Optional[str] = None,
            ssl_policy: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None) -> Listener
    func GetListener(ctx *Context, name string, id IDInput, state *ListenerState, opts ...ResourceOption) (*Listener, error)
    public static Listener Get(string name, Input<string> id, ListenerState? state, CustomResourceOptions? opts = null)
    public static Listener get(String name, Output<String> id, ListenerState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AlpnPolicy string
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    Arn string
    ARN of the listener (matches id).
    CertificateArn string
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    DefaultActions List<ListenerDefaultAction>
    Configuration block for default actions. Detailed below.
    LoadBalancerArn string

    ARN of the load balancer.

    The following arguments are optional:

    MutualAuthentication ListenerMutualAuthentication
    The mutual authentication configuration information. Detailed below.
    Port int
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    Protocol string
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    SslPolicy string
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    Tags Dictionary<string, string>

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    AlpnPolicy string
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    Arn string
    ARN of the listener (matches id).
    CertificateArn string
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    DefaultActions []ListenerDefaultActionArgs
    Configuration block for default actions. Detailed below.
    LoadBalancerArn string

    ARN of the load balancer.

    The following arguments are optional:

    MutualAuthentication ListenerMutualAuthenticationArgs
    The mutual authentication configuration information. Detailed below.
    Port int
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    Protocol string
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    SslPolicy string
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    Tags map[string]string

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    alpnPolicy String
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    arn String
    ARN of the listener (matches id).
    certificateArn String
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    defaultActions List<ListenerDefaultAction>
    Configuration block for default actions. Detailed below.
    loadBalancerArn String

    ARN of the load balancer.

    The following arguments are optional:

    mutualAuthentication ListenerMutualAuthentication
    The mutual authentication configuration information. Detailed below.
    port Integer
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    protocol String
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    sslPolicy String
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    tags Map<String,String>

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    alpnPolicy string
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    arn string
    ARN of the listener (matches id).
    certificateArn string
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    defaultActions ListenerDefaultAction[]
    Configuration block for default actions. Detailed below.
    loadBalancerArn string

    ARN of the load balancer.

    The following arguments are optional:

    mutualAuthentication ListenerMutualAuthentication
    The mutual authentication configuration information. Detailed below.
    port number
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    protocol string
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    sslPolicy string
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    tags {[key: string]: string}

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    alpn_policy str
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    arn str
    ARN of the listener (matches id).
    certificate_arn str
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    default_actions Sequence[ListenerDefaultActionArgs]
    Configuration block for default actions. Detailed below.
    load_balancer_arn str

    ARN of the load balancer.

    The following arguments are optional:

    mutual_authentication ListenerMutualAuthenticationArgs
    The mutual authentication configuration information. Detailed below.
    port int
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    protocol str
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    ssl_policy str
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    tags Mapping[str, str]

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    alpnPolicy String
    Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.
    arn String
    ARN of the listener (matches id).
    certificateArn String
    ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.
    defaultActions List<Property Map>
    Configuration block for default actions. Detailed below.
    loadBalancerArn String

    ARN of the load balancer.

    The following arguments are optional:

    mutualAuthentication Property Map
    The mutual authentication configuration information. Detailed below.
    port Number
    Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
    protocol String
    Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.
    sslPolicy String
    Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS.
    tags Map<String>

    A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE:: Please note that listeners that are attached to Application Load Balancers must use either HTTP or HTTPS protocols while listeners that are attached to Network Load Balancers must use the TCP protocol.

    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    Supporting Types

    ListenerDefaultAction, ListenerDefaultActionArgs

    Type string

    Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

    The following arguments are optional:

    AuthenticateCognito ListenerDefaultActionAuthenticateCognito
    Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.
    AuthenticateOidc ListenerDefaultActionAuthenticateOidc
    Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.
    FixedResponse ListenerDefaultActionFixedResponse
    Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.
    Forward ListenerDefaultActionForward
    Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.
    Order int
    Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.
    Redirect ListenerDefaultActionRedirect
    Configuration block for creating a redirect action. Required if type is redirect. Detailed below.
    TargetGroupArn string
    ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.
    Type string

    Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

    The following arguments are optional:

    AuthenticateCognito ListenerDefaultActionAuthenticateCognito
    Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.
    AuthenticateOidc ListenerDefaultActionAuthenticateOidc
    Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.
    FixedResponse ListenerDefaultActionFixedResponse
    Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.
    Forward ListenerDefaultActionForward
    Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.
    Order int
    Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.
    Redirect ListenerDefaultActionRedirect
    Configuration block for creating a redirect action. Required if type is redirect. Detailed below.
    TargetGroupArn string
    ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.
    type String

    Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

    The following arguments are optional:

    authenticateCognito ListenerDefaultActionAuthenticateCognito
    Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.
    authenticateOidc ListenerDefaultActionAuthenticateOidc
    Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.
    fixedResponse ListenerDefaultActionFixedResponse
    Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.
    forward ListenerDefaultActionForward
    Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.
    order Integer
    Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.
    redirect ListenerDefaultActionRedirect
    Configuration block for creating a redirect action. Required if type is redirect. Detailed below.
    targetGroupArn String
    ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.
    type string

    Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

    The following arguments are optional:

    authenticateCognito ListenerDefaultActionAuthenticateCognito
    Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.
    authenticateOidc ListenerDefaultActionAuthenticateOidc
    Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.
    fixedResponse ListenerDefaultActionFixedResponse
    Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.
    forward ListenerDefaultActionForward
    Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.
    order number
    Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.
    redirect ListenerDefaultActionRedirect
    Configuration block for creating a redirect action. Required if type is redirect. Detailed below.
    targetGroupArn string
    ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.
    type str

    Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

    The following arguments are optional:

    authenticate_cognito ListenerDefaultActionAuthenticateCognito
    Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.
    authenticate_oidc ListenerDefaultActionAuthenticateOidc
    Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.
    fixed_response ListenerDefaultActionFixedResponse
    Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.
    forward ListenerDefaultActionForward
    Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.
    order int
    Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.
    redirect ListenerDefaultActionRedirect
    Configuration block for creating a redirect action. Required if type is redirect. Detailed below.
    target_group_arn str
    ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.
    type String

    Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

    The following arguments are optional:

    authenticateCognito Property Map
    Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. Detailed below.
    authenticateOidc Property Map
    Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. Detailed below.
    fixedResponse Property Map
    Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.
    forward Property Map
    Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.
    order Number
    Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between 1 and 50000.
    redirect Property Map
    Configuration block for creating a redirect action. Required if type is redirect. Detailed below.
    targetGroupArn String
    ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead.

    ListenerDefaultActionAuthenticateCognito, ListenerDefaultActionAuthenticateCognitoArgs

    UserPoolArn string
    ARN of the Cognito user pool.
    UserPoolClientId string
    ID of the Cognito user pool client.
    UserPoolDomain string

    Domain prefix or fully-qualified domain name of the Cognito user pool.

    The following arguments are optional:

    AuthenticationRequestExtraParams Dictionary<string, string>
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
    OnUnauthenticatedRequest string
    Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.
    Scope string
    Set of user claims to be requested from the IdP.
    SessionCookieName string
    Name of the cookie used to maintain session information.
    SessionTimeout int
    Maximum duration of the authentication session, in seconds.
    UserPoolArn string
    ARN of the Cognito user pool.
    UserPoolClientId string
    ID of the Cognito user pool client.
    UserPoolDomain string

    Domain prefix or fully-qualified domain name of the Cognito user pool.

    The following arguments are optional:

    AuthenticationRequestExtraParams map[string]string
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
    OnUnauthenticatedRequest string
    Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.
    Scope string
    Set of user claims to be requested from the IdP.
    SessionCookieName string
    Name of the cookie used to maintain session information.
    SessionTimeout int
    Maximum duration of the authentication session, in seconds.
    userPoolArn String
    ARN of the Cognito user pool.
    userPoolClientId String
    ID of the Cognito user pool client.
    userPoolDomain String

    Domain prefix or fully-qualified domain name of the Cognito user pool.

    The following arguments are optional:

    authenticationRequestExtraParams Map<String,String>
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
    onUnauthenticatedRequest String
    Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.
    scope String
    Set of user claims to be requested from the IdP.
    sessionCookieName String
    Name of the cookie used to maintain session information.
    sessionTimeout Integer
    Maximum duration of the authentication session, in seconds.
    userPoolArn string
    ARN of the Cognito user pool.
    userPoolClientId string
    ID of the Cognito user pool client.
    userPoolDomain string

    Domain prefix or fully-qualified domain name of the Cognito user pool.

    The following arguments are optional:

    authenticationRequestExtraParams {[key: string]: string}
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
    onUnauthenticatedRequest string
    Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.
    scope string
    Set of user claims to be requested from the IdP.
    sessionCookieName string
    Name of the cookie used to maintain session information.
    sessionTimeout number
    Maximum duration of the authentication session, in seconds.
    user_pool_arn str
    ARN of the Cognito user pool.
    user_pool_client_id str
    ID of the Cognito user pool client.
    user_pool_domain str

    Domain prefix or fully-qualified domain name of the Cognito user pool.

    The following arguments are optional:

    authentication_request_extra_params Mapping[str, str]
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
    on_unauthenticated_request str
    Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.
    scope str
    Set of user claims to be requested from the IdP.
    session_cookie_name str
    Name of the cookie used to maintain session information.
    session_timeout int
    Maximum duration of the authentication session, in seconds.
    userPoolArn String
    ARN of the Cognito user pool.
    userPoolClientId String
    ID of the Cognito user pool client.
    userPoolDomain String

    Domain prefix or fully-qualified domain name of the Cognito user pool.

    The following arguments are optional:

    authenticationRequestExtraParams Map<String>
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
    onUnauthenticatedRequest String
    Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.
    scope String
    Set of user claims to be requested from the IdP.
    sessionCookieName String
    Name of the cookie used to maintain session information.
    sessionTimeout Number
    Maximum duration of the authentication session, in seconds.

    ListenerDefaultActionAuthenticateOidc, ListenerDefaultActionAuthenticateOidcArgs

    AuthorizationEndpoint string
    Authorization endpoint of the IdP.
    ClientId string
    OAuth 2.0 client identifier.
    ClientSecret string
    OAuth 2.0 client secret.
    Issuer string
    OIDC issuer identifier of the IdP.
    TokenEndpoint string
    Token endpoint of the IdP.
    UserInfoEndpoint string

    User info endpoint of the IdP.

    The following arguments are optional:

    AuthenticationRequestExtraParams Dictionary<string, string>
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
    OnUnauthenticatedRequest string
    Behavior if the user is not authenticated. Valid values: deny, allow and authenticate
    Scope string
    Set of user claims to be requested from the IdP.
    SessionCookieName string
    Name of the cookie used to maintain session information.
    SessionTimeout int
    Maximum duration of the authentication session, in seconds.
    AuthorizationEndpoint string
    Authorization endpoint of the IdP.
    ClientId string
    OAuth 2.0 client identifier.
    ClientSecret string
    OAuth 2.0 client secret.
    Issuer string
    OIDC issuer identifier of the IdP.
    TokenEndpoint string
    Token endpoint of the IdP.
    UserInfoEndpoint string

    User info endpoint of the IdP.

    The following arguments are optional:

    AuthenticationRequestExtraParams map[string]string
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
    OnUnauthenticatedRequest string
    Behavior if the user is not authenticated. Valid values: deny, allow and authenticate
    Scope string
    Set of user claims to be requested from the IdP.
    SessionCookieName string
    Name of the cookie used to maintain session information.
    SessionTimeout int
    Maximum duration of the authentication session, in seconds.
    authorizationEndpoint String
    Authorization endpoint of the IdP.
    clientId String
    OAuth 2.0 client identifier.
    clientSecret String
    OAuth 2.0 client secret.
    issuer String
    OIDC issuer identifier of the IdP.
    tokenEndpoint String
    Token endpoint of the IdP.
    userInfoEndpoint String

    User info endpoint of the IdP.

    The following arguments are optional:

    authenticationRequestExtraParams Map<String,String>
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
    onUnauthenticatedRequest String
    Behavior if the user is not authenticated. Valid values: deny, allow and authenticate
    scope String
    Set of user claims to be requested from the IdP.
    sessionCookieName String
    Name of the cookie used to maintain session information.
    sessionTimeout Integer
    Maximum duration of the authentication session, in seconds.
    authorizationEndpoint string
    Authorization endpoint of the IdP.
    clientId string
    OAuth 2.0 client identifier.
    clientSecret string
    OAuth 2.0 client secret.
    issuer string
    OIDC issuer identifier of the IdP.
    tokenEndpoint string
    Token endpoint of the IdP.
    userInfoEndpoint string

    User info endpoint of the IdP.

    The following arguments are optional:

    authenticationRequestExtraParams {[key: string]: string}
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
    onUnauthenticatedRequest string
    Behavior if the user is not authenticated. Valid values: deny, allow and authenticate
    scope string
    Set of user claims to be requested from the IdP.
    sessionCookieName string
    Name of the cookie used to maintain session information.
    sessionTimeout number
    Maximum duration of the authentication session, in seconds.
    authorization_endpoint str
    Authorization endpoint of the IdP.
    client_id str
    OAuth 2.0 client identifier.
    client_secret str
    OAuth 2.0 client secret.
    issuer str
    OIDC issuer identifier of the IdP.
    token_endpoint str
    Token endpoint of the IdP.
    user_info_endpoint str

    User info endpoint of the IdP.

    The following arguments are optional:

    authentication_request_extra_params Mapping[str, str]
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
    on_unauthenticated_request str
    Behavior if the user is not authenticated. Valid values: deny, allow and authenticate
    scope str
    Set of user claims to be requested from the IdP.
    session_cookie_name str
    Name of the cookie used to maintain session information.
    session_timeout int
    Maximum duration of the authentication session, in seconds.
    authorizationEndpoint String
    Authorization endpoint of the IdP.
    clientId String
    OAuth 2.0 client identifier.
    clientSecret String
    OAuth 2.0 client secret.
    issuer String
    OIDC issuer identifier of the IdP.
    tokenEndpoint String
    Token endpoint of the IdP.
    userInfoEndpoint String

    User info endpoint of the IdP.

    The following arguments are optional:

    authenticationRequestExtraParams Map<String>
    Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
    onUnauthenticatedRequest String
    Behavior if the user is not authenticated. Valid values: deny, allow and authenticate
    scope String
    Set of user claims to be requested from the IdP.
    sessionCookieName String
    Name of the cookie used to maintain session information.
    sessionTimeout Number
    Maximum duration of the authentication session, in seconds.

    ListenerDefaultActionFixedResponse, ListenerDefaultActionFixedResponseArgs

    ContentType string

    Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

    The following arguments are optional:

    MessageBody string
    Message body.
    StatusCode string
    HTTP response code. Valid values are 2XX, 4XX, or 5XX.
    ContentType string

    Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

    The following arguments are optional:

    MessageBody string
    Message body.
    StatusCode string
    HTTP response code. Valid values are 2XX, 4XX, or 5XX.
    contentType String

    Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

    The following arguments are optional:

    messageBody String
    Message body.
    statusCode String
    HTTP response code. Valid values are 2XX, 4XX, or 5XX.
    contentType string

    Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

    The following arguments are optional:

    messageBody string
    Message body.
    statusCode string
    HTTP response code. Valid values are 2XX, 4XX, or 5XX.
    content_type str

    Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

    The following arguments are optional:

    message_body str
    Message body.
    status_code str
    HTTP response code. Valid values are 2XX, 4XX, or 5XX.
    contentType String

    Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

    The following arguments are optional:

    messageBody String
    Message body.
    statusCode String
    HTTP response code. Valid values are 2XX, 4XX, or 5XX.

    ListenerDefaultActionForward, ListenerDefaultActionForwardArgs

    TargetGroups List<ListenerDefaultActionForwardTargetGroup>

    Set of 1-5 target group blocks. Detailed below.

    The following arguments are optional:

    Stickiness ListenerDefaultActionForwardStickiness
    Configuration block for target group stickiness for the rule. Detailed below.
    TargetGroups []ListenerDefaultActionForwardTargetGroup

    Set of 1-5 target group blocks. Detailed below.

    The following arguments are optional:

    Stickiness ListenerDefaultActionForwardStickiness
    Configuration block for target group stickiness for the rule. Detailed below.
    targetGroups List<ListenerDefaultActionForwardTargetGroup>

    Set of 1-5 target group blocks. Detailed below.

    The following arguments are optional:

    stickiness ListenerDefaultActionForwardStickiness
    Configuration block for target group stickiness for the rule. Detailed below.
    targetGroups ListenerDefaultActionForwardTargetGroup[]

    Set of 1-5 target group blocks. Detailed below.

    The following arguments are optional:

    stickiness ListenerDefaultActionForwardStickiness
    Configuration block for target group stickiness for the rule. Detailed below.
    target_groups Sequence[ListenerDefaultActionForwardTargetGroup]

    Set of 1-5 target group blocks. Detailed below.

    The following arguments are optional:

    stickiness ListenerDefaultActionForwardStickiness
    Configuration block for target group stickiness for the rule. Detailed below.
    targetGroups List<Property Map>

    Set of 1-5 target group blocks. Detailed below.

    The following arguments are optional:

    stickiness Property Map
    Configuration block for target group stickiness for the rule. Detailed below.

    ListenerDefaultActionForwardStickiness, ListenerDefaultActionForwardStickinessArgs

    Duration int

    Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

    The following arguments are optional:

    Enabled bool
    Whether target group stickiness is enabled. Default is false.
    Duration int

    Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

    The following arguments are optional:

    Enabled bool
    Whether target group stickiness is enabled. Default is false.
    duration Integer

    Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

    The following arguments are optional:

    enabled Boolean
    Whether target group stickiness is enabled. Default is false.
    duration number

    Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

    The following arguments are optional:

    enabled boolean
    Whether target group stickiness is enabled. Default is false.
    duration int

    Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

    The following arguments are optional:

    enabled bool
    Whether target group stickiness is enabled. Default is false.
    duration Number

    Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

    The following arguments are optional:

    enabled Boolean
    Whether target group stickiness is enabled. Default is false.

    ListenerDefaultActionForwardTargetGroup, ListenerDefaultActionForwardTargetGroupArgs

    Arn string

    ARN of the target group.

    The following arguments are optional:

    Weight int
    Weight. The range is 0 to 999.
    Arn string

    ARN of the target group.

    The following arguments are optional:

    Weight int
    Weight. The range is 0 to 999.
    arn String

    ARN of the target group.

    The following arguments are optional:

    weight Integer
    Weight. The range is 0 to 999.
    arn string

    ARN of the target group.

    The following arguments are optional:

    weight number
    Weight. The range is 0 to 999.
    arn str

    ARN of the target group.

    The following arguments are optional:

    weight int
    Weight. The range is 0 to 999.
    arn String

    ARN of the target group.

    The following arguments are optional:

    weight Number
    Weight. The range is 0 to 999.

    ListenerDefaultActionRedirect, ListenerDefaultActionRedirectArgs

    StatusCode string

    HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

    The following arguments are optional:

    Host string
    Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.
    Path string
    Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.
    Port string
    Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.
    Protocol string
    Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.
    Query string
    Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.
    StatusCode string

    HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

    The following arguments are optional:

    Host string
    Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.
    Path string
    Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.
    Port string
    Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.
    Protocol string
    Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.
    Query string
    Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.
    statusCode String

    HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

    The following arguments are optional:

    host String
    Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.
    path String
    Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.
    port String
    Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.
    protocol String
    Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.
    query String
    Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.
    statusCode string

    HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

    The following arguments are optional:

    host string
    Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.
    path string
    Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.
    port string
    Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.
    protocol string
    Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.
    query string
    Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.
    status_code str

    HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

    The following arguments are optional:

    host str
    Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.
    path str
    Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.
    port str
    Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.
    protocol str
    Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.
    query str
    Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.
    statusCode String

    HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

    The following arguments are optional:

    host String
    Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.
    path String
    Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.
    port String
    Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.
    protocol String
    Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.
    query String
    Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

    ListenerMutualAuthentication, ListenerMutualAuthenticationArgs

    Mode string
    Valid values are off, verify and passthrough.
    IgnoreClientCertificateExpiry bool
    Whether client certificate expiry is ignored. Default is false.
    TrustStoreArn string
    ARN of the elbv2 Trust Store.
    Mode string
    Valid values are off, verify and passthrough.
    IgnoreClientCertificateExpiry bool
    Whether client certificate expiry is ignored. Default is false.
    TrustStoreArn string
    ARN of the elbv2 Trust Store.
    mode String
    Valid values are off, verify and passthrough.
    ignoreClientCertificateExpiry Boolean
    Whether client certificate expiry is ignored. Default is false.
    trustStoreArn String
    ARN of the elbv2 Trust Store.
    mode string
    Valid values are off, verify and passthrough.
    ignoreClientCertificateExpiry boolean
    Whether client certificate expiry is ignored. Default is false.
    trustStoreArn string
    ARN of the elbv2 Trust Store.
    mode str
    Valid values are off, verify and passthrough.
    ignore_client_certificate_expiry bool
    Whether client certificate expiry is ignored. Default is false.
    trust_store_arn str
    ARN of the elbv2 Trust Store.
    mode String
    Valid values are off, verify and passthrough.
    ignoreClientCertificateExpiry Boolean
    Whether client certificate expiry is ignored. Default is false.
    trustStoreArn String
    ARN of the elbv2 Trust Store.

    Import

    Using pulumi import, import listeners using their ARN. For example:

    $ pulumi import aws:lb/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi