aws.lb.ListenerRule
Provides a Load Balancer Listener Rule resource.
Note:
aws.alb.ListenerRuleis known asaws.lb.ListenerRule. The functionality is identical.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEndLoadBalancer = new Aws.LB.LoadBalancer("frontEndLoadBalancer");
// ...
var frontEndListener = new Aws.LB.Listener("frontEndListener");
// Other parameters
var @static = new Aws.LB.ListenerRule("static", new()
{
ListenerArn = frontEndListener.Arn,
Priority = 100,
Actions = new[]
{
new Aws.LB.Inputs.ListenerRuleActionArgs
{
Type = "forward",
TargetGroupArn = aws_lb_target_group.Static.Arn,
},
},
Conditions = new[]
{
new Aws.LB.Inputs.ListenerRuleConditionArgs
{
PathPattern = new Aws.LB.Inputs.ListenerRuleConditionPathPatternArgs
{
Values = new[]
{
"/static/*",
},
},
},
new Aws.LB.Inputs.ListenerRuleConditionArgs
{
HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs
{
Values = new[]
{
"example.com",
},
},
},
},
});
// Forward action
var hostBasedWeightedRouting = new Aws.LB.ListenerRule("hostBasedWeightedRouting", new()
{
ListenerArn = frontEndListener.Arn,
Priority = 99,
Actions = new[]
{
new Aws.LB.Inputs.ListenerRuleActionArgs
{
Type = "forward",
TargetGroupArn = aws_lb_target_group.Static.Arn,
},
},
Conditions = new[]
{
new Aws.LB.Inputs.ListenerRuleConditionArgs
{
HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs
{
Values = new[]
{
"my-service.*.mycompany.io",
},
},
},
},
});
// Weighted Forward action
var hostBasedRouting = new Aws.LB.ListenerRule("hostBasedRouting", new()
{
ListenerArn = frontEndListener.Arn,
Priority = 99,
Actions = new[]
{
new Aws.LB.Inputs.ListenerRuleActionArgs
{
Type = "forward",
Forward = new Aws.LB.Inputs.ListenerRuleActionForwardArgs
{
TargetGroups = new[]
{
new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs
{
Arn = aws_lb_target_group.Main.Arn,
Weight = 80,
},
new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs
{
Arn = aws_lb_target_group.Canary.Arn,
Weight = 20,
},
},
Stickiness = new Aws.LB.Inputs.ListenerRuleActionForwardStickinessArgs
{
Enabled = true,
Duration = 600,
},
},
},
},
Conditions = new[]
{
new Aws.LB.Inputs.ListenerRuleConditionArgs
{
HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs
{
Values = new[]
{
"my-service.*.mycompany.io",
},
},
},
},
});
// Redirect action
var redirectHttpToHttps = new Aws.LB.ListenerRule("redirectHttpToHttps", new()
{
ListenerArn = frontEndListener.Arn,
Actions = new[]
{
new Aws.LB.Inputs.ListenerRuleActionArgs
{
Type = "redirect",
Redirect = new Aws.LB.Inputs.ListenerRuleActionRedirectArgs
{
Port = "443",
Protocol = "HTTPS",
StatusCode = "HTTP_301",
},
},
},
Conditions = new[]
{
new Aws.LB.Inputs.ListenerRuleConditionArgs
{
HttpHeader = new Aws.LB.Inputs.ListenerRuleConditionHttpHeaderArgs
{
HttpHeaderName = "X-Forwarded-For",
Values = new[]
{
"192.168.1.*",
},
},
},
},
});
// Fixed-response action
var healthCheck = new Aws.LB.ListenerRule("healthCheck", new()
{
ListenerArn = frontEndListener.Arn,
Actions = new[]
{
new Aws.LB.Inputs.ListenerRuleActionArgs
{
Type = "fixed-response",
FixedResponse = new Aws.LB.Inputs.ListenerRuleActionFixedResponseArgs
{
ContentType = "text/plain",
MessageBody = "HEALTHY",
StatusCode = "200",
},
},
},
Conditions = new[]
{
new Aws.LB.Inputs.ListenerRuleConditionArgs
{
QueryStrings = new[]
{
new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs
{
Key = "health",
Value = "check",
},
new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs
{
Value = "bar",
},
},
},
},
});
// Authenticate-cognito Action
var pool = new Aws.Cognito.UserPool("pool");
// ...
var client = new Aws.Cognito.UserPoolClient("client");
// ...
var domain = new Aws.Cognito.UserPoolDomain("domain");
// ...
var admin = new Aws.LB.ListenerRule("admin", new()
{
ListenerArn = frontEndListener.Arn,
Actions = new[]
{
new Aws.LB.Inputs.ListenerRuleActionArgs
{
Type = "authenticate-cognito",
AuthenticateCognito = new Aws.LB.Inputs.ListenerRuleActionAuthenticateCognitoArgs
{
UserPoolArn = pool.Arn,
UserPoolClientId = client.Id,
UserPoolDomain = domain.Domain,
},
},
new Aws.LB.Inputs.ListenerRuleActionArgs
{
Type = "forward",
TargetGroupArn = aws_lb_target_group.Static.Arn,
},
},
});
// Authenticate-oidc Action
var oidc = new Aws.LB.ListenerRule("oidc", new()
{
ListenerArn = frontEndListener.Arn,
Actions = new[]
{
new Aws.LB.Inputs.ListenerRuleActionArgs
{
Type = "authenticate-oidc",
AuthenticateOidc = new Aws.LB.Inputs.ListenerRuleActionAuthenticateOidcArgs
{
AuthorizationEndpoint = "https://example.com/authorization_endpoint",
ClientId = "client_id",
ClientSecret = "client_secret",
Issuer = "https://example.com",
TokenEndpoint = "https://example.com/token_endpoint",
UserInfoEndpoint = "https://example.com/user_info_endpoint",
},
},
new Aws.LB.Inputs.ListenerRuleActionArgs
{
Type = "forward",
TargetGroupArn = aws_lb_target_group.Static.Arn,
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cognito"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lb.NewLoadBalancer(ctx, "frontEndLoadBalancer", nil)
if err != nil {
return err
}
frontEndListener, err := lb.NewListener(ctx, "frontEndListener", nil)
if err != nil {
return err
}
_, err = lb.NewListenerRule(ctx, "static", &lb.ListenerRuleArgs{
ListenerArn: frontEndListener.Arn,
Priority: pulumi.Int(100),
Actions: lb.ListenerRuleActionArray{
&lb.ListenerRuleActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),
},
},
Conditions: lb.ListenerRuleConditionArray{
&lb.ListenerRuleConditionArgs{
PathPattern: &lb.ListenerRuleConditionPathPatternArgs{
Values: pulumi.StringArray{
pulumi.String("/static/*"),
},
},
},
&lb.ListenerRuleConditionArgs{
HostHeader: &lb.ListenerRuleConditionHostHeaderArgs{
Values: pulumi.StringArray{
pulumi.String("example.com"),
},
},
},
},
})
if err != nil {
return err
}
_, err = lb.NewListenerRule(ctx, "hostBasedWeightedRouting", &lb.ListenerRuleArgs{
ListenerArn: frontEndListener.Arn,
Priority: pulumi.Int(99),
Actions: lb.ListenerRuleActionArray{
&lb.ListenerRuleActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),
},
},
Conditions: lb.ListenerRuleConditionArray{
&lb.ListenerRuleConditionArgs{
HostHeader: &lb.ListenerRuleConditionHostHeaderArgs{
Values: pulumi.StringArray{
pulumi.String("my-service.*.mycompany.io"),
},
},
},
},
})
if err != nil {
return err
}
_, err = lb.NewListenerRule(ctx, "hostBasedRouting", &lb.ListenerRuleArgs{
ListenerArn: frontEndListener.Arn,
Priority: pulumi.Int(99),
Actions: lb.ListenerRuleActionArray{
&lb.ListenerRuleActionArgs{
Type: pulumi.String("forward"),
Forward: &lb.ListenerRuleActionForwardArgs{
TargetGroups: lb.ListenerRuleActionForwardTargetGroupArray{
&lb.ListenerRuleActionForwardTargetGroupArgs{
Arn: pulumi.Any(aws_lb_target_group.Main.Arn),
Weight: pulumi.Int(80),
},
&lb.ListenerRuleActionForwardTargetGroupArgs{
Arn: pulumi.Any(aws_lb_target_group.Canary.Arn),
Weight: pulumi.Int(20),
},
},
Stickiness: &lb.ListenerRuleActionForwardStickinessArgs{
Enabled: pulumi.Bool(true),
Duration: pulumi.Int(600),
},
},
},
},
Conditions: lb.ListenerRuleConditionArray{
&lb.ListenerRuleConditionArgs{
HostHeader: &lb.ListenerRuleConditionHostHeaderArgs{
Values: pulumi.StringArray{
pulumi.String("my-service.*.mycompany.io"),
},
},
},
},
})
if err != nil {
return err
}
_, err = lb.NewListenerRule(ctx, "redirectHttpToHttps", &lb.ListenerRuleArgs{
ListenerArn: frontEndListener.Arn,
Actions: lb.ListenerRuleActionArray{
&lb.ListenerRuleActionArgs{
Type: pulumi.String("redirect"),
Redirect: &lb.ListenerRuleActionRedirectArgs{
Port: pulumi.String("443"),
Protocol: pulumi.String("HTTPS"),
StatusCode: pulumi.String("HTTP_301"),
},
},
},
Conditions: lb.ListenerRuleConditionArray{
&lb.ListenerRuleConditionArgs{
HttpHeader: &lb.ListenerRuleConditionHttpHeaderArgs{
HttpHeaderName: pulumi.String("X-Forwarded-For"),
Values: pulumi.StringArray{
pulumi.String("192.168.1.*"),
},
},
},
},
})
if err != nil {
return err
}
_, err = lb.NewListenerRule(ctx, "healthCheck", &lb.ListenerRuleArgs{
ListenerArn: frontEndListener.Arn,
Actions: lb.ListenerRuleActionArray{
&lb.ListenerRuleActionArgs{
Type: pulumi.String("fixed-response"),
FixedResponse: &lb.ListenerRuleActionFixedResponseArgs{
ContentType: pulumi.String("text/plain"),
MessageBody: pulumi.String("HEALTHY"),
StatusCode: pulumi.String("200"),
},
},
},
Conditions: lb.ListenerRuleConditionArray{
&lb.ListenerRuleConditionArgs{
QueryStrings: lb.ListenerRuleConditionQueryStringArray{
&lb.ListenerRuleConditionQueryStringArgs{
Key: pulumi.String("health"),
Value: pulumi.String("check"),
},
&lb.ListenerRuleConditionQueryStringArgs{
Value: pulumi.String("bar"),
},
},
},
},
})
if err != nil {
return err
}
pool, err := cognito.NewUserPool(ctx, "pool", nil)
if err != nil {
return err
}
client, err := cognito.NewUserPoolClient(ctx, "client", nil)
if err != nil {
return err
}
domain, err := cognito.NewUserPoolDomain(ctx, "domain", nil)
if err != nil {
return err
}
_, err = lb.NewListenerRule(ctx, "admin", &lb.ListenerRuleArgs{
ListenerArn: frontEndListener.Arn,
Actions: lb.ListenerRuleActionArray{
&lb.ListenerRuleActionArgs{
Type: pulumi.String("authenticate-cognito"),
AuthenticateCognito: &lb.ListenerRuleActionAuthenticateCognitoArgs{
UserPoolArn: pool.Arn,
UserPoolClientId: client.ID(),
UserPoolDomain: domain.Domain,
},
},
&lb.ListenerRuleActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),
},
},
})
if err != nil {
return err
}
_, err = lb.NewListenerRule(ctx, "oidc", &lb.ListenerRuleArgs{
ListenerArn: frontEndListener.Arn,
Actions: lb.ListenerRuleActionArray{
&lb.ListenerRuleActionArgs{
Type: pulumi.String("authenticate-oidc"),
AuthenticateOidc: &lb.ListenerRuleActionAuthenticateOidcArgs{
AuthorizationEndpoint: pulumi.String("https://example.com/authorization_endpoint"),
ClientId: pulumi.String("client_id"),
ClientSecret: pulumi.String("client_secret"),
Issuer: pulumi.String("https://example.com"),
TokenEndpoint: pulumi.String("https://example.com/token_endpoint"),
UserInfoEndpoint: pulumi.String("https://example.com/user_info_endpoint"),
},
},
&lb.ListenerRuleActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerRule;
import com.pulumi.aws.lb.ListenerRuleArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleActionArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleConditionArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleConditionPathPatternArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleConditionHostHeaderArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleActionForwardArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleActionForwardStickinessArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleActionRedirectArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleConditionHttpHeaderArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleActionFixedResponseArgs;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolDomain;
import com.pulumi.aws.lb.inputs.ListenerRuleActionAuthenticateCognitoArgs;
import com.pulumi.aws.lb.inputs.ListenerRuleActionAuthenticateOidcArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEndLoadBalancer = new LoadBalancer("frontEndLoadBalancer");
var frontEndListener = new Listener("frontEndListener");
var static_ = new ListenerRule("static", ListenerRuleArgs.builder()
.listenerArn(frontEndListener.arn())
.priority(100)
.actions(ListenerRuleActionArgs.builder()
.type("forward")
.targetGroupArn(aws_lb_target_group.static().arn())
.build())
.conditions(
ListenerRuleConditionArgs.builder()
.pathPattern(ListenerRuleConditionPathPatternArgs.builder()
.values("/static/*")
.build())
.build(),
ListenerRuleConditionArgs.builder()
.hostHeader(ListenerRuleConditionHostHeaderArgs.builder()
.values("example.com")
.build())
.build())
.build());
var hostBasedWeightedRouting = new ListenerRule("hostBasedWeightedRouting", ListenerRuleArgs.builder()
.listenerArn(frontEndListener.arn())
.priority(99)
.actions(ListenerRuleActionArgs.builder()
.type("forward")
.targetGroupArn(aws_lb_target_group.static().arn())
.build())
.conditions(ListenerRuleConditionArgs.builder()
.hostHeader(ListenerRuleConditionHostHeaderArgs.builder()
.values("my-service.*.mycompany.io")
.build())
.build())
.build());
var hostBasedRouting = new ListenerRule("hostBasedRouting", ListenerRuleArgs.builder()
.listenerArn(frontEndListener.arn())
.priority(99)
.actions(ListenerRuleActionArgs.builder()
.type("forward")
.forward(ListenerRuleActionForwardArgs.builder()
.targetGroups(
ListenerRuleActionForwardTargetGroupArgs.builder()
.arn(aws_lb_target_group.main().arn())
.weight(80)
.build(),
ListenerRuleActionForwardTargetGroupArgs.builder()
.arn(aws_lb_target_group.canary().arn())
.weight(20)
.build())
.stickiness(ListenerRuleActionForwardStickinessArgs.builder()
.enabled(true)
.duration(600)
.build())
.build())
.build())
.conditions(ListenerRuleConditionArgs.builder()
.hostHeader(ListenerRuleConditionHostHeaderArgs.builder()
.values("my-service.*.mycompany.io")
.build())
.build())
.build());
var redirectHttpToHttps = new ListenerRule("redirectHttpToHttps", ListenerRuleArgs.builder()
.listenerArn(frontEndListener.arn())
.actions(ListenerRuleActionArgs.builder()
.type("redirect")
.redirect(ListenerRuleActionRedirectArgs.builder()
.port("443")
.protocol("HTTPS")
.statusCode("HTTP_301")
.build())
.build())
.conditions(ListenerRuleConditionArgs.builder()
.httpHeader(ListenerRuleConditionHttpHeaderArgs.builder()
.httpHeaderName("X-Forwarded-For")
.values("192.168.1.*")
.build())
.build())
.build());
var healthCheck = new ListenerRule("healthCheck", ListenerRuleArgs.builder()
.listenerArn(frontEndListener.arn())
.actions(ListenerRuleActionArgs.builder()
.type("fixed-response")
.fixedResponse(ListenerRuleActionFixedResponseArgs.builder()
.contentType("text/plain")
.messageBody("HEALTHY")
.statusCode("200")
.build())
.build())
.conditions(ListenerRuleConditionArgs.builder()
.queryStrings(
ListenerRuleConditionQueryStringArgs.builder()
.key("health")
.value("check")
.build(),
ListenerRuleConditionQueryStringArgs.builder()
.value("bar")
.build())
.build())
.build());
var pool = new UserPool("pool");
var client = new UserPoolClient("client");
var domain = new UserPoolDomain("domain");
var admin = new ListenerRule("admin", ListenerRuleArgs.builder()
.listenerArn(frontEndListener.arn())
.actions(
ListenerRuleActionArgs.builder()
.type("authenticate-cognito")
.authenticateCognito(ListenerRuleActionAuthenticateCognitoArgs.builder()
.userPoolArn(pool.arn())
.userPoolClientId(client.id())
.userPoolDomain(domain.domain())
.build())
.build(),
ListenerRuleActionArgs.builder()
.type("forward")
.targetGroupArn(aws_lb_target_group.static().arn())
.build())
.build());
var oidc = new ListenerRule("oidc", ListenerRuleArgs.builder()
.listenerArn(frontEndListener.arn())
.actions(
ListenerRuleActionArgs.builder()
.type("authenticate-oidc")
.authenticateOidc(ListenerRuleActionAuthenticateOidcArgs.builder()
.authorizationEndpoint("https://example.com/authorization_endpoint")
.clientId("client_id")
.clientSecret("client_secret")
.issuer("https://example.com")
.tokenEndpoint("https://example.com/token_endpoint")
.userInfoEndpoint("https://example.com/user_info_endpoint")
.build())
.build(),
ListenerRuleActionArgs.builder()
.type("forward")
.targetGroupArn(aws_lb_target_group.static().arn())
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
front_end_load_balancer = aws.lb.LoadBalancer("frontEndLoadBalancer")
# ...
front_end_listener = aws.lb.Listener("frontEndListener")
# Other parameters
static = aws.lb.ListenerRule("static",
listener_arn=front_end_listener.arn,
priority=100,
actions=[aws.lb.ListenerRuleActionArgs(
type="forward",
target_group_arn=aws_lb_target_group["static"]["arn"],
)],
conditions=[
aws.lb.ListenerRuleConditionArgs(
path_pattern=aws.lb.ListenerRuleConditionPathPatternArgs(
values=["/static/*"],
),
),
aws.lb.ListenerRuleConditionArgs(
host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(
values=["example.com"],
),
),
])
# Forward action
host_based_weighted_routing = aws.lb.ListenerRule("hostBasedWeightedRouting",
listener_arn=front_end_listener.arn,
priority=99,
actions=[aws.lb.ListenerRuleActionArgs(
type="forward",
target_group_arn=aws_lb_target_group["static"]["arn"],
)],
conditions=[aws.lb.ListenerRuleConditionArgs(
host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(
values=["my-service.*.mycompany.io"],
),
)])
# Weighted Forward action
host_based_routing = aws.lb.ListenerRule("hostBasedRouting",
listener_arn=front_end_listener.arn,
priority=99,
actions=[aws.lb.ListenerRuleActionArgs(
type="forward",
forward=aws.lb.ListenerRuleActionForwardArgs(
target_groups=[
aws.lb.ListenerRuleActionForwardTargetGroupArgs(
arn=aws_lb_target_group["main"]["arn"],
weight=80,
),
aws.lb.ListenerRuleActionForwardTargetGroupArgs(
arn=aws_lb_target_group["canary"]["arn"],
weight=20,
),
],
stickiness=aws.lb.ListenerRuleActionForwardStickinessArgs(
enabled=True,
duration=600,
),
),
)],
conditions=[aws.lb.ListenerRuleConditionArgs(
host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(
values=["my-service.*.mycompany.io"],
),
)])
# Redirect action
redirect_http_to_https = aws.lb.ListenerRule("redirectHttpToHttps",
listener_arn=front_end_listener.arn,
actions=[aws.lb.ListenerRuleActionArgs(
type="redirect",
redirect=aws.lb.ListenerRuleActionRedirectArgs(
port="443",
protocol="HTTPS",
status_code="HTTP_301",
),
)],
conditions=[aws.lb.ListenerRuleConditionArgs(
http_header=aws.lb.ListenerRuleConditionHttpHeaderArgs(
http_header_name="X-Forwarded-For",
values=["192.168.1.*"],
),
)])
# Fixed-response action
health_check = aws.lb.ListenerRule("healthCheck",
listener_arn=front_end_listener.arn,
actions=[aws.lb.ListenerRuleActionArgs(
type="fixed-response",
fixed_response=aws.lb.ListenerRuleActionFixedResponseArgs(
content_type="text/plain",
message_body="HEALTHY",
status_code="200",
),
)],
conditions=[aws.lb.ListenerRuleConditionArgs(
query_strings=[
aws.lb.ListenerRuleConditionQueryStringArgs(
key="health",
value="check",
),
aws.lb.ListenerRuleConditionQueryStringArgs(
value="bar",
),
],
)])
# Authenticate-cognito Action
pool = aws.cognito.UserPool("pool")
# ...
client = aws.cognito.UserPoolClient("client")
# ...
domain = aws.cognito.UserPoolDomain("domain")
# ...
admin = aws.lb.ListenerRule("admin",
listener_arn=front_end_listener.arn,
actions=[
aws.lb.ListenerRuleActionArgs(
type="authenticate-cognito",
authenticate_cognito=aws.lb.ListenerRuleActionAuthenticateCognitoArgs(
user_pool_arn=pool.arn,
user_pool_client_id=client.id,
user_pool_domain=domain.domain,
),
),
aws.lb.ListenerRuleActionArgs(
type="forward",
target_group_arn=aws_lb_target_group["static"]["arn"],
),
])
# Authenticate-oidc Action
oidc = aws.lb.ListenerRule("oidc",
listener_arn=front_end_listener.arn,
actions=[
aws.lb.ListenerRuleActionArgs(
type="authenticate-oidc",
authenticate_oidc=aws.lb.ListenerRuleActionAuthenticateOidcArgs(
authorization_endpoint="https://example.com/authorization_endpoint",
client_id="client_id",
client_secret="client_secret",
issuer="https://example.com",
token_endpoint="https://example.com/token_endpoint",
user_info_endpoint="https://example.com/user_info_endpoint",
),
),
aws.lb.ListenerRuleActionArgs(
type="forward",
target_group_arn=aws_lb_target_group["static"]["arn"],
),
])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEndLoadBalancer = new aws.lb.LoadBalancer("frontEndLoadBalancer", {});
// ...
const frontEndListener = new aws.lb.Listener("frontEndListener", {});
// Other parameters
const static = new aws.lb.ListenerRule("static", {
listenerArn: frontEndListener.arn,
priority: 100,
actions: [{
type: "forward",
targetGroupArn: aws_lb_target_group.static.arn,
}],
conditions: [
{
pathPattern: {
values: ["/static/*"],
},
},
{
hostHeader: {
values: ["example.com"],
},
},
],
});
// Forward action
const hostBasedWeightedRouting = new aws.lb.ListenerRule("hostBasedWeightedRouting", {
listenerArn: frontEndListener.arn,
priority: 99,
actions: [{
type: "forward",
targetGroupArn: aws_lb_target_group.static.arn,
}],
conditions: [{
hostHeader: {
values: ["my-service.*.mycompany.io"],
},
}],
});
// Weighted Forward action
const hostBasedRouting = new aws.lb.ListenerRule("hostBasedRouting", {
listenerArn: frontEndListener.arn,
priority: 99,
actions: [{
type: "forward",
forward: {
targetGroups: [
{
arn: aws_lb_target_group.main.arn,
weight: 80,
},
{
arn: aws_lb_target_group.canary.arn,
weight: 20,
},
],
stickiness: {
enabled: true,
duration: 600,
},
},
}],
conditions: [{
hostHeader: {
values: ["my-service.*.mycompany.io"],
},
}],
});
// Redirect action
const redirectHttpToHttps = new aws.lb.ListenerRule("redirectHttpToHttps", {
listenerArn: frontEndListener.arn,
actions: [{
type: "redirect",
redirect: {
port: "443",
protocol: "HTTPS",
statusCode: "HTTP_301",
},
}],
conditions: [{
httpHeader: {
httpHeaderName: "X-Forwarded-For",
values: ["192.168.1.*"],
},
}],
});
// Fixed-response action
const healthCheck = new aws.lb.ListenerRule("healthCheck", {
listenerArn: frontEndListener.arn,
actions: [{
type: "fixed-response",
fixedResponse: {
contentType: "text/plain",
messageBody: "HEALTHY",
statusCode: "200",
},
}],
conditions: [{
queryStrings: [
{
key: "health",
value: "check",
},
{
value: "bar",
},
],
}],
});
// Authenticate-cognito Action
const pool = new aws.cognito.UserPool("pool", {});
// ...
const client = new aws.cognito.UserPoolClient("client", {});
// ...
const domain = new aws.cognito.UserPoolDomain("domain", {});
// ...
const admin = new aws.lb.ListenerRule("admin", {
listenerArn: frontEndListener.arn,
actions: [
{
type: "authenticate-cognito",
authenticateCognito: {
userPoolArn: pool.arn,
userPoolClientId: client.id,
userPoolDomain: domain.domain,
},
},
{
type: "forward",
targetGroupArn: aws_lb_target_group.static.arn,
},
],
});
// Authenticate-oidc Action
const oidc = new aws.lb.ListenerRule("oidc", {
listenerArn: frontEndListener.arn,
actions: [
{
type: "authenticate-oidc",
authenticateOidc: {
authorizationEndpoint: "https://example.com/authorization_endpoint",
clientId: "client_id",
clientSecret: "client_secret",
issuer: "https://example.com",
tokenEndpoint: "https://example.com/token_endpoint",
userInfoEndpoint: "https://example.com/user_info_endpoint",
},
},
{
type: "forward",
targetGroupArn: aws_lb_target_group.static.arn,
},
],
});
resources:
frontEndLoadBalancer:
type: aws:lb:LoadBalancer
frontEndListener:
type: aws:lb:Listener
static: # Forward action
type: aws:lb:ListenerRule
properties:
listenerArn: ${frontEndListener.arn}
priority: 100
actions:
- type: forward
targetGroupArn: ${aws_lb_target_group.static.arn}
conditions:
- pathPattern:
values:
- /static/*
- hostHeader:
values:
- example.com
hostBasedWeightedRouting: # Weighted Forward action
type: aws:lb:ListenerRule
properties:
listenerArn: ${frontEndListener.arn}
priority: 99
actions:
- type: forward
targetGroupArn: ${aws_lb_target_group.static.arn}
conditions:
- hostHeader:
values:
- my-service.*.mycompany.io
hostBasedRouting: # Redirect action
type: aws:lb:ListenerRule
properties:
listenerArn: ${frontEndListener.arn}
priority: 99
actions:
- type: forward
forward:
targetGroups:
- arn: ${aws_lb_target_group.main.arn}
weight: 80
- arn: ${aws_lb_target_group.canary.arn}
weight: 20
stickiness:
enabled: true
duration: 600
conditions:
- hostHeader:
values:
- my-service.*.mycompany.io
redirectHttpToHttps: # Fixed-response action
type: aws:lb:ListenerRule
properties:
listenerArn: ${frontEndListener.arn}
actions:
- type: redirect
redirect:
port: '443'
protocol: HTTPS
statusCode: HTTP_301
conditions:
- httpHeader:
httpHeaderName: X-Forwarded-For
values:
- 192.168.1.*
healthCheck: # Authenticate-cognito Action
type: aws:lb:ListenerRule
properties:
listenerArn: ${frontEndListener.arn}
actions:
- type: fixed-response
fixedResponse:
contentType: text/plain
messageBody: HEALTHY
statusCode: '200'
conditions:
- queryStrings:
- key: health
value: check
- value: bar
pool:
type: aws:cognito:UserPool
client:
type: aws:cognito:UserPoolClient
domain:
type: aws:cognito:UserPoolDomain
admin: # Authenticate-oidc Action
type: aws:lb:ListenerRule
properties:
listenerArn: ${frontEndListener.arn}
actions:
- type: authenticate-cognito
authenticateCognito:
userPoolArn: ${pool.arn}
userPoolClientId: ${client.id}
userPoolDomain: ${domain.domain}
- type: forward
targetGroupArn: ${aws_lb_target_group.static.arn}
oidc:
type: aws:lb:ListenerRule
properties:
listenerArn: ${frontEndListener.arn}
actions:
- type: authenticate-oidc
authenticateOidc:
authorizationEndpoint: https://example.com/authorization_endpoint
clientId: client_id
clientSecret: client_secret
issuer: https://example.com
tokenEndpoint: https://example.com/token_endpoint
userInfoEndpoint: https://example.com/user_info_endpoint
- type: forward
targetGroupArn: ${aws_lb_target_group.static.arn}
Create ListenerRule Resource
new ListenerRule(name: string, args: ListenerRuleArgs, opts?: CustomResourceOptions);@overload
def ListenerRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[ListenerRuleActionArgs]] = None,
conditions: Optional[Sequence[ListenerRuleConditionArgs]] = None,
listener_arn: Optional[str] = None,
priority: Optional[int] = None,
tags: Optional[Mapping[str, str]] = None)
@overload
def ListenerRule(resource_name: str,
args: ListenerRuleArgs,
opts: Optional[ResourceOptions] = None)func NewListenerRule(ctx *Context, name string, args ListenerRuleArgs, opts ...ResourceOption) (*ListenerRule, error)public ListenerRule(string name, ListenerRuleArgs args, CustomResourceOptions? opts = null)
public ListenerRule(String name, ListenerRuleArgs args)
public ListenerRule(String name, ListenerRuleArgs args, CustomResourceOptions options)
type: aws:lb:ListenerRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ListenerRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ListenerRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ListenerRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ListenerRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ListenerRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ListenerRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ListenerRule resource accepts the following input properties:
- Actions
List<Listener
Rule Action Args> An Action block. Action blocks are documented below.
- Conditions
List<Listener
Rule Condition Args> A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- Listener
Arn string The ARN of the listener to which to attach the rule.
- Priority int
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- Dictionary<string, string>
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Actions
[]Listener
Rule Action Args An Action block. Action blocks are documented below.
- Conditions
[]Listener
Rule Condition Args A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- Listener
Arn string The ARN of the listener to which to attach the rule.
- Priority int
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- map[string]string
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- actions
List<Listener
Rule Action Args> An Action block. Action blocks are documented below.
- conditions
List<Listener
Rule Condition Args> A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- listener
Arn String The ARN of the listener to which to attach the rule.
- priority Integer
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- Map<String,String>
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- actions
Listener
Rule Action Args[] An Action block. Action blocks are documented below.
- conditions
Listener
Rule Condition Args[] A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- listener
Arn string The ARN of the listener to which to attach the rule.
- priority number
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- {[key: string]: string}
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- actions
Sequence[Listener
Rule Action Args] An Action block. Action blocks are documented below.
- conditions
Sequence[Listener
Rule Condition Args] A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- listener_
arn str The ARN of the listener to which to attach the rule.
- priority int
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- Mapping[str, str]
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- actions List<Property Map>
An Action block. Action blocks are documented below.
- conditions List<Property Map>
A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- listener
Arn String The ARN of the listener to which to attach the rule.
- priority Number
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- Map<String>
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the ListenerRule resource produces the following output properties:
Look up Existing ListenerRule Resource
Get an existing ListenerRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ListenerRuleState, opts?: CustomResourceOptions): ListenerRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
actions: Optional[Sequence[ListenerRuleActionArgs]] = None,
arn: Optional[str] = None,
conditions: Optional[Sequence[ListenerRuleConditionArgs]] = None,
listener_arn: Optional[str] = None,
priority: Optional[int] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> ListenerRulefunc GetListenerRule(ctx *Context, name string, id IDInput, state *ListenerRuleState, opts ...ResourceOption) (*ListenerRule, error)public static ListenerRule Get(string name, Input<string> id, ListenerRuleState? state, CustomResourceOptions? opts = null)public static ListenerRule get(String name, Output<String> id, ListenerRuleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Actions
List<Listener
Rule Action Args> An Action block. Action blocks are documented below.
- Arn string
The Amazon Resource Name (ARN) of the target group.
- Conditions
List<Listener
Rule Condition Args> A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- Listener
Arn string The ARN of the listener to which to attach the rule.
- Priority int
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- Dictionary<string, string>
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Actions
[]Listener
Rule Action Args An Action block. Action blocks are documented below.
- Arn string
The Amazon Resource Name (ARN) of the target group.
- Conditions
[]Listener
Rule Condition Args A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- Listener
Arn string The ARN of the listener to which to attach the rule.
- Priority int
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- map[string]string
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- actions
List<Listener
Rule Action Args> An Action block. Action blocks are documented below.
- arn String
The Amazon Resource Name (ARN) of the target group.
- conditions
List<Listener
Rule Condition Args> A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- listener
Arn String The ARN of the listener to which to attach the rule.
- priority Integer
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- Map<String,String>
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- actions
Listener
Rule Action Args[] An Action block. Action blocks are documented below.
- arn string
The Amazon Resource Name (ARN) of the target group.
- conditions
Listener
Rule Condition Args[] A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- listener
Arn string The ARN of the listener to which to attach the rule.
- priority number
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- {[key: string]: string}
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- actions
Sequence[Listener
Rule Action Args] An Action block. Action blocks are documented below.
- arn str
The Amazon Resource Name (ARN) of the target group.
- conditions
Sequence[Listener
Rule Condition Args] A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- listener_
arn str The ARN of the listener to which to attach the rule.
- priority int
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- Mapping[str, str]
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- actions List<Property Map>
An Action block. Action blocks are documented below.
- arn String
The Amazon Resource Name (ARN) of the target group.
- conditions List<Property Map>
A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.
- listener
Arn String The ARN of the listener to which to attach the rule.
- priority Number
The priority for the rule between
1and50000. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.- Map<String>
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Supporting Types
ListenerRuleAction
- Type string
The type of routing action. Valid values are
forward,redirect,fixed-response,authenticate-cognitoandauthenticate-oidc.- Authenticate
Cognito ListenerRule Action Authenticate Cognito Information for creating an authenticate action using Cognito. Required if
typeisauthenticate-cognito.- Authenticate
Oidc ListenerRule Action Authenticate Oidc Information for creating an authenticate action using OIDC. Required if
typeisauthenticate-oidc.- Fixed
Response ListenerRule Action Fixed Response Information for creating an action that returns a custom HTTP response. Required if
typeisfixed-response.- Forward
Listener
Rule Action Forward Information for creating an action that distributes requests among one or more target groups. Specify only if
typeisforward. If you specify bothforwardblock andtarget_group_arnattribute, you can specify only one target group usingforwardand it must be the same target group specified intarget_group_arn.- Order int
- Redirect
Listener
Rule Action Redirect Information for creating a redirect action. Required if
typeisredirect.- Target
Group stringArn The ARN of the Target Group to which to route traffic. Specify only if
typeisforwardand you want to route to a single target group. To route to one or more target groups, use aforwardblock instead.
- Type string
The type of routing action. Valid values are
forward,redirect,fixed-response,authenticate-cognitoandauthenticate-oidc.- Authenticate
Cognito ListenerRule Action Authenticate Cognito Information for creating an authenticate action using Cognito. Required if
typeisauthenticate-cognito.- Authenticate
Oidc ListenerRule Action Authenticate Oidc Information for creating an authenticate action using OIDC. Required if
typeisauthenticate-oidc.- Fixed
Response ListenerRule Action Fixed Response Information for creating an action that returns a custom HTTP response. Required if
typeisfixed-response.- Forward
Listener
Rule Action Forward Information for creating an action that distributes requests among one or more target groups. Specify only if
typeisforward. If you specify bothforwardblock andtarget_group_arnattribute, you can specify only one target group usingforwardand it must be the same target group specified intarget_group_arn.- Order int
- Redirect
Listener
Rule Action Redirect Information for creating a redirect action. Required if
typeisredirect.- Target
Group stringArn The ARN of the Target Group to which to route traffic. Specify only if
typeisforwardand you want to route to a single target group. To route to one or more target groups, use aforwardblock instead.
- type String
The type of routing action. Valid values are
forward,redirect,fixed-response,authenticate-cognitoandauthenticate-oidc.- authenticate
Cognito ListenerRule Action Authenticate Cognito Information for creating an authenticate action using Cognito. Required if
typeisauthenticate-cognito.- authenticate
Oidc ListenerRule Action Authenticate Oidc Information for creating an authenticate action using OIDC. Required if
typeisauthenticate-oidc.- fixed
Response ListenerRule Action Fixed Response Information for creating an action that returns a custom HTTP response. Required if
typeisfixed-response.- forward
Listener
Rule Action Forward Information for creating an action that distributes requests among one or more target groups. Specify only if
typeisforward. If you specify bothforwardblock andtarget_group_arnattribute, you can specify only one target group usingforwardand it must be the same target group specified intarget_group_arn.- order Integer
- redirect
Listener
Rule Action Redirect Information for creating a redirect action. Required if
typeisredirect.- target
Group StringArn The ARN of the Target Group to which to route traffic. Specify only if
typeisforwardand you want to route to a single target group. To route to one or more target groups, use aforwardblock instead.
- type string
The type of routing action. Valid values are
forward,redirect,fixed-response,authenticate-cognitoandauthenticate-oidc.- authenticate
Cognito ListenerRule Action Authenticate Cognito Information for creating an authenticate action using Cognito. Required if
typeisauthenticate-cognito.- authenticate
Oidc ListenerRule Action Authenticate Oidc Information for creating an authenticate action using OIDC. Required if
typeisauthenticate-oidc.- fixed
Response ListenerRule Action Fixed Response Information for creating an action that returns a custom HTTP response. Required if
typeisfixed-response.- forward
Listener
Rule Action Forward Information for creating an action that distributes requests among one or more target groups. Specify only if
typeisforward. If you specify bothforwardblock andtarget_group_arnattribute, you can specify only one target group usingforwardand it must be the same target group specified intarget_group_arn.- order number
- redirect
Listener
Rule Action Redirect Information for creating a redirect action. Required if
typeisredirect.- target
Group stringArn The ARN of the Target Group to which to route traffic. Specify only if
typeisforwardand you want to route to a single target group. To route to one or more target groups, use aforwardblock instead.
- type str
The type of routing action. Valid values are
forward,redirect,fixed-response,authenticate-cognitoandauthenticate-oidc.- authenticate_
cognito ListenerRule Action Authenticate Cognito Information for creating an authenticate action using Cognito. Required if
typeisauthenticate-cognito.- authenticate_
oidc ListenerRule Action Authenticate Oidc Information for creating an authenticate action using OIDC. Required if
typeisauthenticate-oidc.- fixed_
response ListenerRule Action Fixed Response Information for creating an action that returns a custom HTTP response. Required if
typeisfixed-response.- forward
Listener
Rule Action Forward Information for creating an action that distributes requests among one or more target groups. Specify only if
typeisforward. If you specify bothforwardblock andtarget_group_arnattribute, you can specify only one target group usingforwardand it must be the same target group specified intarget_group_arn.- order int
- redirect
Listener
Rule Action Redirect Information for creating a redirect action. Required if
typeisredirect.- target_
group_ strarn The ARN of the Target Group to which to route traffic. Specify only if
typeisforwardand you want to route to a single target group. To route to one or more target groups, use aforwardblock instead.
- type String
The type of routing action. Valid values are
forward,redirect,fixed-response,authenticate-cognitoandauthenticate-oidc.- authenticate
Cognito Property Map Information for creating an authenticate action using Cognito. Required if
typeisauthenticate-cognito.- authenticate
Oidc Property Map Information for creating an authenticate action using OIDC. Required if
typeisauthenticate-oidc.- fixed
Response Property Map Information for creating an action that returns a custom HTTP response. Required if
typeisfixed-response.- forward Property Map
Information for creating an action that distributes requests among one or more target groups. Specify only if
typeisforward. If you specify bothforwardblock andtarget_group_arnattribute, you can specify only one target group usingforwardand it must be the same target group specified intarget_group_arn.- order Number
- redirect Property Map
Information for creating a redirect action. Required if
typeisredirect.- target
Group StringArn The ARN of the Target Group to which to route traffic. Specify only if
typeisforwardand you want to route to a single target group. To route to one or more target groups, use aforwardblock instead.
ListenerRuleActionAuthenticateCognito
- User
Pool stringArn The ARN of the Cognito user pool.
- User
Pool stringClient Id The ID of the Cognito user pool client.
- User
Pool stringDomain The domain prefix or fully-qualified domain name of the Cognito user pool.
- Authentication
Request Dictionary<string, string>Extra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- On
Unauthenticated stringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- Scope string
The set of user claims to be requested from the IdP.
- string
The name of the cookie used to maintain session information.
- Session
Timeout int The maximum duration of the authentication session, in seconds.
- User
Pool stringArn The ARN of the Cognito user pool.
- User
Pool stringClient Id The ID of the Cognito user pool client.
- User
Pool stringDomain The domain prefix or fully-qualified domain name of the Cognito user pool.
- Authentication
Request map[string]stringExtra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- On
Unauthenticated stringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- Scope string
The set of user claims to be requested from the IdP.
- string
The name of the cookie used to maintain session information.
- Session
Timeout int The maximum duration of the authentication session, in seconds.
- user
Pool StringArn The ARN of the Cognito user pool.
- user
Pool StringClient Id The ID of the Cognito user pool client.
- user
Pool StringDomain The domain prefix or fully-qualified domain name of the Cognito user pool.
- authentication
Request Map<String,String>Extra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated StringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- scope String
The set of user claims to be requested from the IdP.
- String
The name of the cookie used to maintain session information.
- session
Timeout Integer The maximum duration of the authentication session, in seconds.
- user
Pool stringArn The ARN of the Cognito user pool.
- user
Pool stringClient Id The ID of the Cognito user pool client.
- user
Pool stringDomain The domain prefix or fully-qualified domain name of the Cognito user pool.
- authentication
Request {[key: string]: string}Extra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated stringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- scope string
The set of user claims to be requested from the IdP.
- string
The name of the cookie used to maintain session information.
- session
Timeout number The maximum duration of the authentication session, in seconds.
- user_
pool_ strarn The ARN of the Cognito user pool.
- user_
pool_ strclient_ id The ID of the Cognito user pool client.
- user_
pool_ strdomain The domain prefix or fully-qualified domain name of the Cognito user pool.
- authentication_
request_ Mapping[str, str]extra_ params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on_
unauthenticated_ strrequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- scope str
The set of user claims to be requested from the IdP.
- str
The name of the cookie used to maintain session information.
- session_
timeout int The maximum duration of the authentication session, in seconds.
- user
Pool StringArn The ARN of the Cognito user pool.
- user
Pool StringClient Id The ID of the Cognito user pool client.
- user
Pool StringDomain The domain prefix or fully-qualified domain name of the Cognito user pool.
- authentication
Request Map<String>Extra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated StringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- scope String
The set of user claims to be requested from the IdP.
- String
The name of the cookie used to maintain session information.
- session
Timeout Number The maximum duration of the authentication session, in seconds.
ListenerRuleActionAuthenticateOidc
- string
The authorization endpoint of the IdP.
- Client
Id string The OAuth 2.0 client identifier.
- Client
Secret string The OAuth 2.0 client secret.
- Issuer string
The OIDC issuer identifier of the IdP.
- Token
Endpoint string The token endpoint of the IdP.
- User
Info stringEndpoint The user info endpoint of the IdP.
- Authentication
Request Dictionary<string, string>Extra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- On
Unauthenticated stringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- Scope string
The set of user claims to be requested from the IdP.
- string
The name of the cookie used to maintain session information.
- Session
Timeout int The maximum duration of the authentication session, in seconds.
- string
The authorization endpoint of the IdP.
- Client
Id string The OAuth 2.0 client identifier.
- Client
Secret string The OAuth 2.0 client secret.
- Issuer string
The OIDC issuer identifier of the IdP.
- Token
Endpoint string The token endpoint of the IdP.
- User
Info stringEndpoint The user info endpoint of the IdP.
- Authentication
Request map[string]stringExtra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- On
Unauthenticated stringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- Scope string
The set of user claims to be requested from the IdP.
- string
The name of the cookie used to maintain session information.
- Session
Timeout int The maximum duration of the authentication session, in seconds.
- String
The authorization endpoint of the IdP.
- client
Id String The OAuth 2.0 client identifier.
- client
Secret String The OAuth 2.0 client secret.
- issuer String
The OIDC issuer identifier of the IdP.
- token
Endpoint String The token endpoint of the IdP.
- user
Info StringEndpoint The user info endpoint of the IdP.
- authentication
Request Map<String,String>Extra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated StringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- scope String
The set of user claims to be requested from the IdP.
- String
The name of the cookie used to maintain session information.
- session
Timeout Integer The maximum duration of the authentication session, in seconds.
- string
The authorization endpoint of the IdP.
- client
Id string The OAuth 2.0 client identifier.
- client
Secret string The OAuth 2.0 client secret.
- issuer string
The OIDC issuer identifier of the IdP.
- token
Endpoint string The token endpoint of the IdP.
- user
Info stringEndpoint The user info endpoint of the IdP.
- authentication
Request {[key: string]: string}Extra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated stringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- scope string
The set of user claims to be requested from the IdP.
- string
The name of the cookie used to maintain session information.
- session
Timeout number The maximum duration of the authentication session, in seconds.
- str
The authorization endpoint of the IdP.
- client_
id str The OAuth 2.0 client identifier.
- client_
secret str The OAuth 2.0 client secret.
- issuer str
The OIDC issuer identifier of the IdP.
- token_
endpoint str The token endpoint of the IdP.
- user_
info_ strendpoint The user info endpoint of the IdP.
- authentication_
request_ Mapping[str, str]extra_ params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on_
unauthenticated_ strrequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- scope str
The set of user claims to be requested from the IdP.
- str
The name of the cookie used to maintain session information.
- session_
timeout int The maximum duration of the authentication session, in seconds.
- String
The authorization endpoint of the IdP.
- client
Id String The OAuth 2.0 client identifier.
- client
Secret String The OAuth 2.0 client secret.
- issuer String
The OIDC issuer identifier of the IdP.
- token
Endpoint String The token endpoint of the IdP.
- user
Info StringEndpoint The user info endpoint of the IdP.
- authentication
Request Map<String>Extra Params The query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated StringRequest The behavior if the user is not authenticated. Valid values:
deny,allowandauthenticate- scope String
The set of user claims to be requested from the IdP.
- String
The name of the cookie used to maintain session information.
- session
Timeout Number The maximum duration of the authentication session, in seconds.
ListenerRuleActionFixedResponse
- Content
Type string The content type. Valid values are
text/plain,text/css,text/html,application/javascriptandapplication/json.- Message
Body string The message body.
- Status
Code string The HTTP response code. Valid values are
2XX,4XX, or5XX.
- Content
Type string The content type. Valid values are
text/plain,text/css,text/html,application/javascriptandapplication/json.- Message
Body string The message body.
- Status
Code string The HTTP response code. Valid values are
2XX,4XX, or5XX.
- content
Type String The content type. Valid values are
text/plain,text/css,text/html,application/javascriptandapplication/json.- message
Body String The message body.
- status
Code String The HTTP response code. Valid values are
2XX,4XX, or5XX.
- content
Type string The content type. Valid values are
text/plain,text/css,text/html,application/javascriptandapplication/json.- message
Body string The message body.
- status
Code string The HTTP response code. Valid values are
2XX,4XX, or5XX.
- content_
type str The content type. Valid values are
text/plain,text/css,text/html,application/javascriptandapplication/json.- message_
body str The message body.
- status_
code str The HTTP response code. Valid values are
2XX,4XX, or5XX.
- content
Type String The content type. Valid values are
text/plain,text/css,text/html,application/javascriptandapplication/json.- message
Body String The message body.
- status
Code String The HTTP response code. Valid values are
2XX,4XX, or5XX.
ListenerRuleActionForward
- Target
Groups List<ListenerRule Action Forward Target Group> One or more target groups block.
- Stickiness
Listener
Rule Action Forward Stickiness The target group stickiness for the rule.
- Target
Groups []ListenerRule Action Forward Target Group One or more target groups block.
- Stickiness
Listener
Rule Action Forward Stickiness The target group stickiness for the rule.
- target
Groups List<ListenerRule Action Forward Target Group> One or more target groups block.
- stickiness
Listener
Rule Action Forward Stickiness The target group stickiness for the rule.
- target
Groups ListenerRule Action Forward Target Group[] One or more target groups block.
- stickiness
Listener
Rule Action Forward Stickiness The target group stickiness for the rule.
- target_
groups Sequence[ListenerRule Action Forward Target Group] One or more target groups block.
- stickiness
Listener
Rule Action Forward Stickiness The target group stickiness for the rule.
- target
Groups List<Property Map> One or more target groups block.
- stickiness Property Map
The target group stickiness for the rule.
ListenerRuleActionForwardStickiness
ListenerRuleActionForwardTargetGroup
ListenerRuleActionRedirect
- Status
Code string The HTTP redirect code. The redirect is either permanent (
HTTP_301) or temporary (HTTP_302).- Host string
The hostname. This component is not percent-encoded. The hostname can contain
#{host}. Defaults to#{host}.- Path string
The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}.- Port string
The port. Specify a value from
1to65535or#{port}. Defaults to#{port}.- Protocol string
The protocol. Valid values are
HTTP,HTTPS, or#{protocol}. Defaults to#{protocol}.- Query string
The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}.
- Status
Code string The HTTP redirect code. The redirect is either permanent (
HTTP_301) or temporary (HTTP_302).- Host string
The hostname. This component is not percent-encoded. The hostname can contain
#{host}. Defaults to#{host}.- Path string
The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}.- Port string
The port. Specify a value from
1to65535or#{port}. Defaults to#{port}.- Protocol string
The protocol. Valid values are
HTTP,HTTPS, or#{protocol}. Defaults to#{protocol}.- Query string
The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}.
- status
Code String The HTTP redirect code. The redirect is either permanent (
HTTP_301) or temporary (HTTP_302).- host String
The hostname. This component is not percent-encoded. The hostname can contain
#{host}. Defaults to#{host}.- path String
The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}.- port String
The port. Specify a value from
1to65535or#{port}. Defaults to#{port}.- protocol String
The protocol. Valid values are
HTTP,HTTPS, or#{protocol}. Defaults to#{protocol}.- query String
The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}.
- status
Code string The HTTP redirect code. The redirect is either permanent (
HTTP_301) or temporary (HTTP_302).- host string
The hostname. This component is not percent-encoded. The hostname can contain
#{host}. Defaults to#{host}.- path string
The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}.- port string
The port. Specify a value from
1to65535or#{port}. Defaults to#{port}.- protocol string
The protocol. Valid values are
HTTP,HTTPS, or#{protocol}. Defaults to#{protocol}.- query string
The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}.
- status_
code str The HTTP redirect code. The redirect is either permanent (
HTTP_301) or temporary (HTTP_302).- host str
The hostname. This component is not percent-encoded. The hostname can contain
#{host}. Defaults to#{host}.- path str
The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}.- port str
The port. Specify a value from
1to65535or#{port}. Defaults to#{port}.- protocol str
The protocol. Valid values are
HTTP,HTTPS, or#{protocol}. Defaults to#{protocol}.- query str
The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}.
- status
Code String The HTTP redirect code. The redirect is either permanent (
HTTP_301) or temporary (HTTP_302).- host String
The hostname. This component is not percent-encoded. The hostname can contain
#{host}. Defaults to#{host}.- path String
The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}.- port String
The port. Specify a value from
1to65535or#{port}. Defaults to#{port}.- protocol String
The protocol. Valid values are
HTTP,HTTPS, or#{protocol}. Defaults to#{protocol}.- query String
The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}.
ListenerRuleCondition
- Host
Header ListenerRule Condition Host Header Contains a single
valuesitem which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.- Http
Header ListenerRule Condition Http Header HTTP headers to match. HTTP Header block fields documented below.
- Http
Request ListenerMethod Rule Condition Http Request Method Contains a single
valuesitem which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.- Path
Pattern ListenerRule Condition Path Pattern Contains a single
valuesitem which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use aquery_stringcondition.- Query
Strings List<ListenerRule Condition Query String> Query strings to match. Query String block fields documented below.
- Source
Ip ListenerRule Condition Source Ip Contains a single
valuesitem which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in theX-Forwarded-Forheader, usehttp_headercondition instead.
- Host
Header ListenerRule Condition Host Header Contains a single
valuesitem which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.- Http
Header ListenerRule Condition Http Header HTTP headers to match. HTTP Header block fields documented below.
- Http
Request ListenerMethod Rule Condition Http Request Method Contains a single
valuesitem which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.- Path
Pattern ListenerRule Condition Path Pattern Contains a single
valuesitem which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use aquery_stringcondition.- Query
Strings []ListenerRule Condition Query String Query strings to match. Query String block fields documented below.
- Source
Ip ListenerRule Condition Source Ip Contains a single
valuesitem which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in theX-Forwarded-Forheader, usehttp_headercondition instead.
- host
Header ListenerRule Condition Host Header Contains a single
valuesitem which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.- http
Header ListenerRule Condition Http Header HTTP headers to match. HTTP Header block fields documented below.
- http
Request ListenerMethod Rule Condition Http Request Method Contains a single
valuesitem which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.- path
Pattern ListenerRule Condition Path Pattern Contains a single
valuesitem which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use aquery_stringcondition.- query
Strings List<ListenerRule Condition Query String> Query strings to match. Query String block fields documented below.
- source
Ip ListenerRule Condition Source Ip Contains a single
valuesitem which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in theX-Forwarded-Forheader, usehttp_headercondition instead.
- host
Header ListenerRule Condition Host Header Contains a single
valuesitem which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.- http
Header ListenerRule Condition Http Header HTTP headers to match. HTTP Header block fields documented below.
- http
Request ListenerMethod Rule Condition Http Request Method Contains a single
valuesitem which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.- path
Pattern ListenerRule Condition Path Pattern Contains a single
valuesitem which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use aquery_stringcondition.- query
Strings ListenerRule Condition Query String[] Query strings to match. Query String block fields documented below.
- source
Ip ListenerRule Condition Source Ip Contains a single
valuesitem which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in theX-Forwarded-Forheader, usehttp_headercondition instead.
- host_
header ListenerRule Condition Host Header Contains a single
valuesitem which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.- http_
header ListenerRule Condition Http Header HTTP headers to match. HTTP Header block fields documented below.
- http_
request_ Listenermethod Rule Condition Http Request Method Contains a single
valuesitem which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.- path_
pattern ListenerRule Condition Path Pattern Contains a single
valuesitem which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use aquery_stringcondition.- query_
strings Sequence[ListenerRule Condition Query String] Query strings to match. Query String block fields documented below.
- source_
ip ListenerRule Condition Source Ip Contains a single
valuesitem which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in theX-Forwarded-Forheader, usehttp_headercondition instead.
- host
Header Property Map Contains a single
valuesitem which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.- http
Header Property Map HTTP headers to match. HTTP Header block fields documented below.
- http
Request Property MapMethod Contains a single
valuesitem which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.- path
Pattern Property Map Contains a single
valuesitem which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use aquery_stringcondition.- query
Strings List<Property Map> Query strings to match. Query String block fields documented below.
- source
Ip Property Map Contains a single
valuesitem which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in theX-Forwarded-Forheader, usehttp_headercondition instead.
ListenerRuleConditionHostHeader
- Values List<string>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- Values []string
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values string[]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values Sequence[str]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
ListenerRuleConditionHttpHeader
- Http
Header stringName Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a
host-headercondition instead.- Values List<string>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- Http
Header stringName Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a
host-headercondition instead.- Values []string
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- http
Header StringName Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a
host-headercondition instead.- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- http
Header stringName Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a
host-headercondition instead.- values string[]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- http_
header_ strname Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a
host-headercondition instead.- values Sequence[str]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- http
Header StringName Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a
host-headercondition instead.- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
ListenerRuleConditionHttpRequestMethod
- Values List<string>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- Values []string
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values string[]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values Sequence[str]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
ListenerRuleConditionPathPattern
- Values List<string>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- Values []string
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values string[]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values Sequence[str]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
ListenerRuleConditionQueryString
ListenerRuleConditionSourceIp
- Values List<string>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- Values []string
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values string[]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values Sequence[str]
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
- values List<String>
List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.
Import
Rules can be imported using their ARN, e.g.,
$ pulumi import aws:lb/listenerRule:ListenerRule front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener-rule/app/test/8e4497da625e2d8a/9ab28ade35828f96/67b3d2d36dd7c26b
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.