Docs Home
AWSx (Pulumi Crosswalk for AWS) v2.21.1 published on Monday, Mar 10, 2025 by Pulumi
awsx.lb.ApplicationLoadBalancer
Explore with Pulumi AI
AWSx (Pulumi Crosswalk for AWS) v2.21.1 published on Monday, Mar 10, 2025 by Pulumi
Provides an Application Load Balancer resource with listeners, default target group and default security group.
Create ApplicationLoadBalancer Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ApplicationLoadBalancer(name: string, args?: ApplicationLoadBalancerArgs, opts?: ComponentResourceOptions);@overload
def ApplicationLoadBalancer(resource_name: str,
args: Optional[ApplicationLoadBalancerArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ApplicationLoadBalancer(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_logs: Optional[pulumi_aws.lb.LoadBalancerAccessLogsArgs] = None,
client_keep_alive: Optional[int] = None,
connection_logs: Optional[pulumi_aws.lb.LoadBalancerConnectionLogsArgs] = None,
customer_owned_ipv4_pool: Optional[str] = None,
default_security_group: Optional[_awsx.DefaultSecurityGroupArgs] = None,
default_target_group: Optional[TargetGroupArgs] = None,
default_target_group_port: Optional[int] = None,
desync_mitigation_mode: Optional[str] = None,
dns_record_client_routing_policy: Optional[str] = None,
drop_invalid_header_fields: Optional[bool] = None,
enable_deletion_protection: Optional[bool] = None,
enable_http2: Optional[bool] = None,
enable_tls_version_and_cipher_suite_headers: Optional[bool] = None,
enable_waf_fail_open: Optional[bool] = None,
enable_xff_client_port: Optional[bool] = None,
enable_zonal_shift: Optional[bool] = None,
enforce_security_group_inbound_rules_on_private_link_traffic: Optional[str] = None,
idle_timeout: Optional[int] = None,
internal: Optional[bool] = None,
ip_address_type: Optional[str] = None,
listener: Optional[ListenerArgs] = None,
listeners: Optional[Sequence[ListenerArgs]] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
preserve_host_header: Optional[bool] = None,
security_groups: Optional[Sequence[str]] = None,
subnet_ids: Optional[Sequence[str]] = None,
subnet_mappings: Optional[Sequence[pulumi_aws.lb.LoadBalancerSubnetMappingArgs]] = None,
subnets: Optional[Sequence[pulumi_aws.ec2.Subnet]] = None,
tags: Optional[Mapping[str, str]] = None,
xff_header_processing_mode: Optional[str] = None)func NewApplicationLoadBalancer(ctx *Context, name string, args *ApplicationLoadBalancerArgs, opts ...ResourceOption) (*ApplicationLoadBalancer, error)public ApplicationLoadBalancer(string name, ApplicationLoadBalancerArgs? args = null, ComponentResourceOptions? opts = null)
public ApplicationLoadBalancer(String name, ApplicationLoadBalancerArgs args)
public ApplicationLoadBalancer(String name, ApplicationLoadBalancerArgs args, ComponentResourceOptions options)
type: awsx:lb:ApplicationLoadBalancer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ApplicationLoadBalancerArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ApplicationLoadBalancerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ApplicationLoadBalancerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ApplicationLoadBalancerArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ApplicationLoadBalancerArgs
- The arguments to resource properties.
- options ComponentResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var applicationLoadBalancerResource = new Awsx.Lb.ApplicationLoadBalancer("applicationLoadBalancerResource", new()
{
AccessLogs = new Aws.LB.Inputs.LoadBalancerAccessLogsArgs
{
Bucket = "string",
Enabled = false,
Prefix = "string",
},
ClientKeepAlive = 0,
ConnectionLogs = new Aws.LB.Inputs.LoadBalancerConnectionLogsArgs
{
Bucket = "string",
Enabled = false,
Prefix = "string",
},
CustomerOwnedIpv4Pool = "string",
DefaultSecurityGroup = new Awsx.Awsx.Inputs.DefaultSecurityGroupArgs
{
Args = new Awsx.Awsx.Inputs.SecurityGroupArgs
{
Description = "string",
Egress = new()
{
new Aws.Ec2.Inputs.SecurityGroupEgressArgs
{
FromPort = 0,
Protocol = "string",
ToPort = 0,
CidrBlocks = new()
{
"string",
},
Description = "string",
Ipv6CidrBlocks = new()
{
"string",
},
PrefixListIds = new()
{
"string",
},
SecurityGroups = new()
{
"string",
},
Self = false,
},
},
Ingress = new()
{
new Aws.Ec2.Inputs.SecurityGroupIngressArgs
{
FromPort = 0,
Protocol = "string",
ToPort = 0,
CidrBlocks = new()
{
"string",
},
Description = "string",
Ipv6CidrBlocks = new()
{
"string",
},
PrefixListIds = new()
{
"string",
},
SecurityGroups = new()
{
"string",
},
Self = false,
},
},
Name = "string",
NamePrefix = "string",
RevokeRulesOnDelete = false,
Tags =
{
{ "string", "string" },
},
VpcId = "string",
},
SecurityGroupId = "string",
Skip = false,
},
DefaultTargetGroup = new Awsx.Lb.Inputs.TargetGroupArgs
{
ConnectionTermination = false,
DeregistrationDelay = 0,
HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs
{
Enabled = false,
HealthyThreshold = 0,
Interval = 0,
Matcher = "string",
Path = "string",
Port = "string",
Protocol = "string",
Timeout = 0,
UnhealthyThreshold = 0,
},
IpAddressType = "string",
LambdaMultiValueHeadersEnabled = false,
LoadBalancingAlgorithmType = "string",
LoadBalancingAnomalyMitigation = "string",
LoadBalancingCrossZoneEnabled = "string",
Name = "string",
NamePrefix = "string",
Port = 0,
PreserveClientIp = "string",
Protocol = "string",
ProtocolVersion = "string",
ProxyProtocolV2 = false,
SlowStart = 0,
Stickiness = new Aws.LB.Inputs.TargetGroupStickinessArgs
{
Type = "string",
CookieDuration = 0,
CookieName = "string",
Enabled = false,
},
Tags =
{
{ "string", "string" },
},
TargetFailovers = new()
{
new Aws.LB.Inputs.TargetGroupTargetFailoverArgs
{
OnDeregistration = "string",
OnUnhealthy = "string",
},
},
TargetGroupHealth = new Aws.LB.Inputs.TargetGroupTargetGroupHealthArgs
{
DnsFailover = new Aws.LB.Inputs.TargetGroupTargetGroupHealthDnsFailoverArgs
{
MinimumHealthyTargetsCount = "string",
MinimumHealthyTargetsPercentage = "string",
},
UnhealthyStateRouting = new Aws.LB.Inputs.TargetGroupTargetGroupHealthUnhealthyStateRoutingArgs
{
MinimumHealthyTargetsCount = 0,
MinimumHealthyTargetsPercentage = "string",
},
},
TargetHealthStates = new()
{
new Aws.LB.Inputs.TargetGroupTargetHealthStateArgs
{
EnableUnhealthyConnectionTermination = false,
UnhealthyDrainingInterval = 0,
},
},
TargetType = "string",
VpcId = "string",
},
DefaultTargetGroupPort = 0,
DesyncMitigationMode = "string",
DnsRecordClientRoutingPolicy = "string",
DropInvalidHeaderFields = false,
EnableDeletionProtection = false,
EnableHttp2 = false,
EnableTlsVersionAndCipherSuiteHeaders = false,
EnableWafFailOpen = false,
EnableXffClientPort = false,
EnableZonalShift = false,
EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = "string",
IdleTimeout = 0,
Internal = false,
IpAddressType = "string",
Listener = new Awsx.Lb.Inputs.ListenerArgs
{
AlpnPolicy = "string",
CertificateArn = "string",
DefaultActions = new()
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "string",
AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
{
UserPoolArn = "string",
UserPoolClientId = "string",
UserPoolDomain = "string",
AuthenticationRequestExtraParams =
{
{ "string", "string" },
},
OnUnauthenticatedRequest = "string",
Scope = "string",
SessionCookieName = "string",
SessionTimeout = 0,
},
AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
{
AuthorizationEndpoint = "string",
ClientId = "string",
ClientSecret = "string",
Issuer = "string",
TokenEndpoint = "string",
UserInfoEndpoint = "string",
AuthenticationRequestExtraParams =
{
{ "string", "string" },
},
OnUnauthenticatedRequest = "string",
Scope = "string",
SessionCookieName = "string",
SessionTimeout = 0,
},
FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
{
ContentType = "string",
MessageBody = "string",
StatusCode = "string",
},
Forward = new Aws.LB.Inputs.ListenerDefaultActionForwardArgs
{
TargetGroups = new()
{
new Aws.LB.Inputs.ListenerDefaultActionForwardTargetGroupArgs
{
Arn = "string",
Weight = 0,
},
},
Stickiness = new Aws.LB.Inputs.ListenerDefaultActionForwardStickinessArgs
{
Duration = 0,
Enabled = false,
},
},
Order = 0,
Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
{
StatusCode = "string",
Host = "string",
Path = "string",
Port = "string",
Protocol = "string",
Query = "string",
},
TargetGroupArn = "string",
},
},
MutualAuthentication = new Aws.LB.Inputs.ListenerMutualAuthenticationArgs
{
Mode = "string",
AdvertiseTrustStoreCaNames = "string",
IgnoreClientCertificateExpiry = false,
TrustStoreArn = "string",
},
Port = 0,
Protocol = "string",
SslPolicy = "string",
Tags =
{
{ "string", "string" },
},
TcpIdleTimeoutSeconds = 0,
},
Listeners = new()
{
new Awsx.Lb.Inputs.ListenerArgs
{
AlpnPolicy = "string",
CertificateArn = "string",
DefaultActions = new()
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "string",
AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
{
UserPoolArn = "string",
UserPoolClientId = "string",
UserPoolDomain = "string",
AuthenticationRequestExtraParams =
{
{ "string", "string" },
},
OnUnauthenticatedRequest = "string",
Scope = "string",
SessionCookieName = "string",
SessionTimeout = 0,
},
AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
{
AuthorizationEndpoint = "string",
ClientId = "string",
ClientSecret = "string",
Issuer = "string",
TokenEndpoint = "string",
UserInfoEndpoint = "string",
AuthenticationRequestExtraParams =
{
{ "string", "string" },
},
OnUnauthenticatedRequest = "string",
Scope = "string",
SessionCookieName = "string",
SessionTimeout = 0,
},
FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
{
ContentType = "string",
MessageBody = "string",
StatusCode = "string",
},
Forward = new Aws.LB.Inputs.ListenerDefaultActionForwardArgs
{
TargetGroups = new()
{
new Aws.LB.Inputs.ListenerDefaultActionForwardTargetGroupArgs
{
Arn = "string",
Weight = 0,
},
},
Stickiness = new Aws.LB.Inputs.ListenerDefaultActionForwardStickinessArgs
{
Duration = 0,
Enabled = false,
},
},
Order = 0,
Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
{
StatusCode = "string",
Host = "string",
Path = "string",
Port = "string",
Protocol = "string",
Query = "string",
},
TargetGroupArn = "string",
},
},
MutualAuthentication = new Aws.LB.Inputs.ListenerMutualAuthenticationArgs
{
Mode = "string",
AdvertiseTrustStoreCaNames = "string",
IgnoreClientCertificateExpiry = false,
TrustStoreArn = "string",
},
Port = 0,
Protocol = "string",
SslPolicy = "string",
Tags =
{
{ "string", "string" },
},
TcpIdleTimeoutSeconds = 0,
},
},
Name = "string",
NamePrefix = "string",
PreserveHostHeader = false,
SecurityGroups = new[]
{
"string",
},
SubnetIds = new[]
{
"string",
},
SubnetMappings = new[]
{
new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
{
SubnetId = "string",
AllocationId = "string",
Ipv6Address = "string",
OutpostId = "string",
PrivateIpv4Address = "string",
},
},
Subnets = new[]
{
subnet,
},
Tags =
{
{ "string", "string" },
},
XffHeaderProcessingMode = "string",
});
example, err := lb.NewApplicationLoadBalancer(ctx, "applicationLoadBalancerResource", &lb.ApplicationLoadBalancerArgs{
AccessLogs: &lb.LoadBalancerAccessLogsArgs{
Bucket: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Prefix: pulumi.String("string"),
},
ClientKeepAlive: pulumi.Int(0),
ConnectionLogs: &lb.LoadBalancerConnectionLogsArgs{
Bucket: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Prefix: pulumi.String("string"),
},
CustomerOwnedIpv4Pool: pulumi.String("string"),
DefaultSecurityGroup: &awsx.DefaultSecurityGroupArgs{
Args: &awsx.SecurityGroupArgs{
Description: pulumi.String("string"),
Egress: ec2.SecurityGroupEgressArray{
&ec2.SecurityGroupEgressArgs{
FromPort: pulumi.Int(0),
Protocol: pulumi.String("string"),
ToPort: pulumi.Int(0),
CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Ipv6CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
PrefixListIds: pulumi.StringArray{
pulumi.String("string"),
},
SecurityGroups: pulumi.StringArray{
pulumi.String("string"),
},
Self: pulumi.Bool(false),
},
},
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
FromPort: pulumi.Int(0),
Protocol: pulumi.String("string"),
ToPort: pulumi.Int(0),
CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
Ipv6CidrBlocks: pulumi.StringArray{
pulumi.String("string"),
},
PrefixListIds: pulumi.StringArray{
pulumi.String("string"),
},
SecurityGroups: pulumi.StringArray{
pulumi.String("string"),
},
Self: pulumi.Bool(false),
},
},
Name: pulumi.String("string"),
NamePrefix: pulumi.String("string"),
RevokeRulesOnDelete: pulumi.Bool(false),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
VpcId: pulumi.String("string"),
},
SecurityGroupId: pulumi.String("string"),
Skip: false,
},
DefaultTargetGroup: &lb.TargetGroupArgs{
ConnectionTermination: pulumi.Bool(false),
DeregistrationDelay: pulumi.Int(0),
HealthCheck: &lb.TargetGroupHealthCheckArgs{
Enabled: pulumi.Bool(false),
HealthyThreshold: pulumi.Int(0),
Interval: pulumi.Int(0),
Matcher: pulumi.String("string"),
Path: pulumi.String("string"),
Port: pulumi.String("string"),
Protocol: pulumi.String("string"),
Timeout: pulumi.Int(0),
UnhealthyThreshold: pulumi.Int(0),
},
IpAddressType: pulumi.String("string"),
LambdaMultiValueHeadersEnabled: pulumi.Bool(false),
LoadBalancingAlgorithmType: pulumi.String("string"),
LoadBalancingAnomalyMitigation: pulumi.String("string"),
LoadBalancingCrossZoneEnabled: pulumi.String("string"),
Name: pulumi.String("string"),
NamePrefix: pulumi.String("string"),
Port: pulumi.Int(0),
PreserveClientIp: pulumi.String("string"),
Protocol: pulumi.String("string"),
ProtocolVersion: pulumi.String("string"),
ProxyProtocolV2: pulumi.Bool(false),
SlowStart: pulumi.Int(0),
Stickiness: &lb.TargetGroupStickinessArgs{
Type: pulumi.String("string"),
CookieDuration: pulumi.Int(0),
CookieName: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TargetFailovers: lb.TargetGroupTargetFailoverArray{
&lb.TargetGroupTargetFailoverArgs{
OnDeregistration: pulumi.String("string"),
OnUnhealthy: pulumi.String("string"),
},
},
TargetGroupHealth: &lb.TargetGroupTargetGroupHealthArgs{
DnsFailover: &lb.TargetGroupTargetGroupHealthDnsFailoverArgs{
MinimumHealthyTargetsCount: pulumi.String("string"),
MinimumHealthyTargetsPercentage: pulumi.String("string"),
},
UnhealthyStateRouting: &lb.TargetGroupTargetGroupHealthUnhealthyStateRoutingArgs{
MinimumHealthyTargetsCount: pulumi.Int(0),
MinimumHealthyTargetsPercentage: pulumi.String("string"),
},
},
TargetHealthStates: lb.TargetGroupTargetHealthStateArray{
&lb.TargetGroupTargetHealthStateArgs{
EnableUnhealthyConnectionTermination: pulumi.Bool(false),
UnhealthyDrainingInterval: pulumi.Int(0),
},
},
TargetType: pulumi.String("string"),
VpcId: pulumi.String("string"),
},
DefaultTargetGroupPort: pulumi.Int(0),
DesyncMitigationMode: pulumi.String("string"),
DnsRecordClientRoutingPolicy: pulumi.String("string"),
DropInvalidHeaderFields: pulumi.Bool(false),
EnableDeletionProtection: pulumi.Bool(false),
EnableHttp2: pulumi.Bool(false),
EnableTlsVersionAndCipherSuiteHeaders: pulumi.Bool(false),
EnableWafFailOpen: pulumi.Bool(false),
EnableXffClientPort: pulumi.Bool(false),
EnableZonalShift: pulumi.Bool(false),
EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: pulumi.String("string"),
IdleTimeout: pulumi.Int(0),
Internal: pulumi.Bool(false),
IpAddressType: pulumi.String("string"),
Listener: &lb.ListenerArgs{
AlpnPolicy: pulumi.String("string"),
CertificateArn: pulumi.String("string"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("string"),
AuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{
UserPoolArn: pulumi.String("string"),
UserPoolClientId: pulumi.String("string"),
UserPoolDomain: pulumi.String("string"),
AuthenticationRequestExtraParams: pulumi.StringMap{
"string": pulumi.String("string"),
},
OnUnauthenticatedRequest: pulumi.String("string"),
Scope: pulumi.String("string"),
SessionCookieName: pulumi.String("string"),
SessionTimeout: pulumi.Int(0),
},
AuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{
AuthorizationEndpoint: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
Issuer: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
UserInfoEndpoint: pulumi.String("string"),
AuthenticationRequestExtraParams: pulumi.StringMap{
"string": pulumi.String("string"),
},
OnUnauthenticatedRequest: pulumi.String("string"),
Scope: pulumi.String("string"),
SessionCookieName: pulumi.String("string"),
SessionTimeout: pulumi.Int(0),
},
FixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{
ContentType: pulumi.String("string"),
MessageBody: pulumi.String("string"),
StatusCode: pulumi.String("string"),
},
Forward: &lb.ListenerDefaultActionForwardArgs{
TargetGroups: lb.ListenerDefaultActionForwardTargetGroupArray{
&lb.ListenerDefaultActionForwardTargetGroupArgs{
Arn: pulumi.String("string"),
Weight: pulumi.Int(0),
},
},
Stickiness: &lb.ListenerDefaultActionForwardStickinessArgs{
Duration: pulumi.Int(0),
Enabled: pulumi.Bool(false),
},
},
Order: pulumi.Int(0),
Redirect: &lb.ListenerDefaultActionRedirectArgs{
StatusCode: pulumi.String("string"),
Host: pulumi.String("string"),
Path: pulumi.String("string"),
Port: pulumi.String("string"),
Protocol: pulumi.String("string"),
Query: pulumi.String("string"),
},
TargetGroupArn: pulumi.String("string"),
},
},
MutualAuthentication: &lb.ListenerMutualAuthenticationArgs{
Mode: pulumi.String("string"),
AdvertiseTrustStoreCaNames: pulumi.String("string"),
IgnoreClientCertificateExpiry: pulumi.Bool(false),
TrustStoreArn: pulumi.String("string"),
},
Port: pulumi.Int(0),
Protocol: pulumi.String("string"),
SslPolicy: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
TcpIdleTimeoutSeconds: pulumi.Int(0),
},
Listeners: []lb.ListenerArgs{
{
AlpnPolicy: pulumi.String("string"),
CertificateArn: pulumi.String("string"),
DefaultActions: lb.ListenerDefaultActionArray{
{
Type: pulumi.String("string"),
AuthenticateCognito: {
UserPoolArn: pulumi.String("string"),
UserPoolClientId: pulumi.String("string"),
UserPoolDomain: pulumi.String("string"),
AuthenticationRequestExtraParams: {
"string": pulumi.String("string"),
},
OnUnauthenticatedRequest: pulumi.String("string"),
Scope: pulumi.String("string"),
SessionCookieName: pulumi.String("string"),
SessionTimeout: pulumi.Int(0),
},
AuthenticateOidc: {
AuthorizationEndpoint: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
Issuer: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
UserInfoEndpoint: pulumi.String("string"),
AuthenticationRequestExtraParams: {
"string": pulumi.String("string"),
},
OnUnauthenticatedRequest: pulumi.String("string"),
Scope: pulumi.String("string"),
SessionCookieName: pulumi.String("string"),
SessionTimeout: pulumi.Int(0),
},
FixedResponse: {
ContentType: pulumi.String("string"),
MessageBody: pulumi.String("string"),
StatusCode: pulumi.String("string"),
},
Forward: {
TargetGroups: lb.ListenerDefaultActionForwardTargetGroupArray{
{
Arn: pulumi.String("string"),
Weight: pulumi.Int(0),
},
},
Stickiness: {
Duration: pulumi.Int(0),
Enabled: pulumi.Bool(false),
},
},
Order: pulumi.Int(0),
Redirect: {
StatusCode: pulumi.String("string"),
Host: pulumi.String("string"),
Path: pulumi.String("string"),
Port: pulumi.String("string"),
Protocol: pulumi.String("string"),
Query: pulumi.String("string"),
},
TargetGroupArn: pulumi.String("string"),
},
},
MutualAuthentication: {
Mode: pulumi.String("string"),
AdvertiseTrustStoreCaNames: pulumi.String("string"),
IgnoreClientCertificateExpiry: pulumi.Bool(false),
TrustStoreArn: pulumi.String("string"),
},
Port: pulumi.Int(0),
Protocol: pulumi.String("string"),
SslPolicy: pulumi.String("string"),
Tags: {
"string": pulumi.String("string"),
},
TcpIdleTimeoutSeconds: pulumi.Int(0),
},
},
Name: pulumi.String("string"),
NamePrefix: pulumi.String("string"),
PreserveHostHeader: pulumi.Bool(false),
SecurityGroups: pulumi.StringArray{
pulumi.String("string"),
},
SubnetIds: pulumi.StringArray{
pulumi.String("string"),
},
SubnetMappings: lb.LoadBalancerSubnetMappingArray{
&lb.LoadBalancerSubnetMappingArgs{
SubnetId: pulumi.String("string"),
AllocationId: pulumi.String("string"),
Ipv6Address: pulumi.String("string"),
OutpostId: pulumi.String("string"),
PrivateIpv4Address: pulumi.String("string"),
},
},
Subnets: ec2.SubnetArray{
subnet,
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
XffHeaderProcessingMode: pulumi.String("string"),
})
var applicationLoadBalancerResource = new ApplicationLoadBalancer("applicationLoadBalancerResource", ApplicationLoadBalancerArgs.builder()
.accessLogs(LoadBalancerAccessLogsArgs.builder()
.bucket("string")
.enabled(false)
.prefix("string")
.build())
.clientKeepAlive(0)
.connectionLogs(LoadBalancerConnectionLogsArgs.builder()
.bucket("string")
.enabled(false)
.prefix("string")
.build())
.customerOwnedIpv4Pool("string")
.defaultSecurityGroup(DefaultSecurityGroupArgs.builder()
.args(SecurityGroupArgs.builder()
.description("string")
.egress(SecurityGroupEgressArgs.builder()
.fromPort(0)
.protocol("string")
.toPort(0)
.cidrBlocks("string")
.description("string")
.ipv6CidrBlocks("string")
.prefixListIds("string")
.securityGroups("string")
.self(false)
.build())
.ingress(SecurityGroupIngressArgs.builder()
.fromPort(0)
.protocol("string")
.toPort(0)
.cidrBlocks("string")
.description("string")
.ipv6CidrBlocks("string")
.prefixListIds("string")
.securityGroups("string")
.self(false)
.build())
.name("string")
.namePrefix("string")
.revokeRulesOnDelete(false)
.tags(Map.of("string", "string"))
.vpcId("string")
.build())
.securityGroupId("string")
.skip(false)
.build())
.defaultTargetGroup(TargetGroupArgs.builder()
.connectionTermination(false)
.deregistrationDelay(0)
.healthCheck(TargetGroupHealthCheckArgs.builder()
.enabled(false)
.healthyThreshold(0)
.interval(0)
.matcher("string")
.path("string")
.port("string")
.protocol("string")
.timeout(0)
.unhealthyThreshold(0)
.build())
.ipAddressType("string")
.lambdaMultiValueHeadersEnabled(false)
.loadBalancingAlgorithmType("string")
.loadBalancingAnomalyMitigation("string")
.loadBalancingCrossZoneEnabled("string")
.name("string")
.namePrefix("string")
.port(0)
.preserveClientIp("string")
.protocol("string")
.protocolVersion("string")
.proxyProtocolV2(false)
.slowStart(0)
.stickiness(TargetGroupStickinessArgs.builder()
.type("string")
.cookieDuration(0)
.cookieName("string")
.enabled(false)
.build())
.tags(Map.of("string", "string"))
.targetFailovers(TargetGroupTargetFailoverArgs.builder()
.onDeregistration("string")
.onUnhealthy("string")
.build())
.targetGroupHealth(TargetGroupTargetGroupHealthArgs.builder()
.dnsFailover(TargetGroupTargetGroupHealthDnsFailoverArgs.builder()
.minimumHealthyTargetsCount("string")
.minimumHealthyTargetsPercentage("string")
.build())
.unhealthyStateRouting(TargetGroupTargetGroupHealthUnhealthyStateRoutingArgs.builder()
.minimumHealthyTargetsCount(0)
.minimumHealthyTargetsPercentage("string")
.build())
.build())
.targetHealthStates(TargetGroupTargetHealthStateArgs.builder()
.enableUnhealthyConnectionTermination(false)
.unhealthyDrainingInterval(0)
.build())
.targetType("string")
.vpcId("string")
.build())
.defaultTargetGroupPort(0)
.desyncMitigationMode("string")
.dnsRecordClientRoutingPolicy("string")
.dropInvalidHeaderFields(false)
.enableDeletionProtection(false)
.enableHttp2(false)
.enableTlsVersionAndCipherSuiteHeaders(false)
.enableWafFailOpen(false)
.enableXffClientPort(false)
.enableZonalShift(false)
.enforceSecurityGroupInboundRulesOnPrivateLinkTraffic("string")
.idleTimeout(0)
.internal(false)
.ipAddressType("string")
.listener(ListenerArgs.builder()
.alpnPolicy("string")
.certificateArn("string")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("string")
.authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
.userPoolArn("string")
.userPoolClientId("string")
.userPoolDomain("string")
.authenticationRequestExtraParams(Map.of("string", "string"))
.onUnauthenticatedRequest("string")
.scope("string")
.sessionCookieName("string")
.sessionTimeout(0)
.build())
.authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
.authorizationEndpoint("string")
.clientId("string")
.clientSecret("string")
.issuer("string")
.tokenEndpoint("string")
.userInfoEndpoint("string")
.authenticationRequestExtraParams(Map.of("string", "string"))
.onUnauthenticatedRequest("string")
.scope("string")
.sessionCookieName("string")
.sessionTimeout(0)
.build())
.fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
.contentType("string")
.messageBody("string")
.statusCode("string")
.build())
.forward(ListenerDefaultActionForwardArgs.builder()
.targetGroups(ListenerDefaultActionForwardTargetGroupArgs.builder()
.arn("string")
.weight(0)
.build())
.stickiness(ListenerDefaultActionForwardStickinessArgs.builder()
.duration(0)
.enabled(false)
.build())
.build())
.order(0)
.redirect(ListenerDefaultActionRedirectArgs.builder()
.statusCode("string")
.host("string")
.path("string")
.port("string")
.protocol("string")
.query("string")
.build())
.targetGroupArn("string")
.build())
.mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
.mode("string")
.advertiseTrustStoreCaNames("string")
.ignoreClientCertificateExpiry(false)
.trustStoreArn("string")
.build())
.port(0)
.protocol("string")
.sslPolicy("string")
.tags(Map.of("string", "string"))
.tcpIdleTimeoutSeconds(0)
.build())
.listeners(ListenerArgs.builder()
.alpnPolicy("string")
.certificateArn("string")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("string")
.authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
.userPoolArn("string")
.userPoolClientId("string")
.userPoolDomain("string")
.authenticationRequestExtraParams(Map.of("string", "string"))
.onUnauthenticatedRequest("string")
.scope("string")
.sessionCookieName("string")
.sessionTimeout(0)
.build())
.authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
.authorizationEndpoint("string")
.clientId("string")
.clientSecret("string")
.issuer("string")
.tokenEndpoint("string")
.userInfoEndpoint("string")
.authenticationRequestExtraParams(Map.of("string", "string"))
.onUnauthenticatedRequest("string")
.scope("string")
.sessionCookieName("string")
.sessionTimeout(0)
.build())
.fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
.contentType("string")
.messageBody("string")
.statusCode("string")
.build())
.forward(ListenerDefaultActionForwardArgs.builder()
.targetGroups(ListenerDefaultActionForwardTargetGroupArgs.builder()
.arn("string")
.weight(0)
.build())
.stickiness(ListenerDefaultActionForwardStickinessArgs.builder()
.duration(0)
.enabled(false)
.build())
.build())
.order(0)
.redirect(ListenerDefaultActionRedirectArgs.builder()
.statusCode("string")
.host("string")
.path("string")
.port("string")
.protocol("string")
.query("string")
.build())
.targetGroupArn("string")
.build())
.mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
.mode("string")
.advertiseTrustStoreCaNames("string")
.ignoreClientCertificateExpiry(false)
.trustStoreArn("string")
.build())
.port(0)
.protocol("string")
.sslPolicy("string")
.tags(Map.of("string", "string"))
.tcpIdleTimeoutSeconds(0)
.build())
.name("string")
.namePrefix("string")
.preserveHostHeader(false)
.securityGroups("string")
.subnetIds("string")
.subnetMappings(LoadBalancerSubnetMappingArgs.builder()
.subnetId("string")
.allocationId("string")
.ipv6Address("string")
.outpostId("string")
.privateIpv4Address("string")
.build())
.subnets(subnet)
.tags(Map.of("string", "string"))
.xffHeaderProcessingMode("string")
.build());
application_load_balancer_resource = awsx.lb.ApplicationLoadBalancer("applicationLoadBalancerResource",
access_logs={
"bucket": "string",
"enabled": False,
"prefix": "string",
},
client_keep_alive=0,
connection_logs={
"bucket": "string",
"enabled": False,
"prefix": "string",
},
customer_owned_ipv4_pool="string",
default_security_group={
"args": {
"description": "string",
"egress": [{
"from_port": 0,
"protocol": "string",
"to_port": 0,
"cidr_blocks": ["string"],
"description": "string",
"ipv6_cidr_blocks": ["string"],
"prefix_list_ids": ["string"],
"security_groups": ["string"],
"self": False,
}],
"ingress": [{
"from_port": 0,
"protocol": "string",
"to_port": 0,
"cidr_blocks": ["string"],
"description": "string",
"ipv6_cidr_blocks": ["string"],
"prefix_list_ids": ["string"],
"security_groups": ["string"],
"self": False,
}],
"name": "string",
"name_prefix": "string",
"revoke_rules_on_delete": False,
"tags": {
"string": "string",
},
"vpc_id": "string",
},
"security_group_id": "string",
"skip": False,
},
default_target_group={
"connection_termination": False,
"deregistration_delay": 0,
"health_check": {
"enabled": False,
"healthy_threshold": 0,
"interval": 0,
"matcher": "string",
"path": "string",
"port": "string",
"protocol": "string",
"timeout": 0,
"unhealthy_threshold": 0,
},
"ip_address_type": "string",
"lambda_multi_value_headers_enabled": False,
"load_balancing_algorithm_type": "string",
"load_balancing_anomaly_mitigation": "string",
"load_balancing_cross_zone_enabled": "string",
"name": "string",
"name_prefix": "string",
"port": 0,
"preserve_client_ip": "string",
"protocol": "string",
"protocol_version": "string",
"proxy_protocol_v2": False,
"slow_start": 0,
"stickiness": {
"type": "string",
"cookie_duration": 0,
"cookie_name": "string",
"enabled": False,
},
"tags": {
"string": "string",
},
"target_failovers": [{
"on_deregistration": "string",
"on_unhealthy": "string",
}],
"target_group_health": {
"dns_failover": {
"minimum_healthy_targets_count": "string",
"minimum_healthy_targets_percentage": "string",
},
"unhealthy_state_routing": {
"minimum_healthy_targets_count": 0,
"minimum_healthy_targets_percentage": "string",
},
},
"target_health_states": [{
"enable_unhealthy_connection_termination": False,
"unhealthy_draining_interval": 0,
}],
"target_type": "string",
"vpc_id": "string",
},
default_target_group_port=0,
desync_mitigation_mode="string",
dns_record_client_routing_policy="string",
drop_invalid_header_fields=False,
enable_deletion_protection=False,
enable_http2=False,
enable_tls_version_and_cipher_suite_headers=False,
enable_waf_fail_open=False,
enable_xff_client_port=False,
enable_zonal_shift=False,
enforce_security_group_inbound_rules_on_private_link_traffic="string",
idle_timeout=0,
internal=False,
ip_address_type="string",
listener={
"alpn_policy": "string",
"certificate_arn": "string",
"default_actions": [{
"type": "string",
"authenticate_cognito": {
"user_pool_arn": "string",
"user_pool_client_id": "string",
"user_pool_domain": "string",
"authentication_request_extra_params": {
"string": "string",
},
"on_unauthenticated_request": "string",
"scope": "string",
"session_cookie_name": "string",
"session_timeout": 0,
},
"authenticate_oidc": {
"authorization_endpoint": "string",
"client_id": "string",
"client_secret": "string",
"issuer": "string",
"token_endpoint": "string",
"user_info_endpoint": "string",
"authentication_request_extra_params": {
"string": "string",
},
"on_unauthenticated_request": "string",
"scope": "string",
"session_cookie_name": "string",
"session_timeout": 0,
},
"fixed_response": {
"content_type": "string",
"message_body": "string",
"status_code": "string",
},
"forward": {
"target_groups": [{
"arn": "string",
"weight": 0,
}],
"stickiness": {
"duration": 0,
"enabled": False,
},
},
"order": 0,
"redirect": {
"status_code": "string",
"host": "string",
"path": "string",
"port": "string",
"protocol": "string",
"query": "string",
},
"target_group_arn": "string",
}],
"mutual_authentication": {
"mode": "string",
"advertise_trust_store_ca_names": "string",
"ignore_client_certificate_expiry": False,
"trust_store_arn": "string",
},
"port": 0,
"protocol": "string",
"ssl_policy": "string",
"tags": {
"string": "string",
},
"tcp_idle_timeout_seconds": 0,
},
listeners=[{
"alpn_policy": "string",
"certificate_arn": "string",
"default_actions": [{
"type": "string",
"authenticate_cognito": {
"user_pool_arn": "string",
"user_pool_client_id": "string",
"user_pool_domain": "string",
"authentication_request_extra_params": {
"string": "string",
},
"on_unauthenticated_request": "string",
"scope": "string",
"session_cookie_name": "string",
"session_timeout": 0,
},
"authenticate_oidc": {
"authorization_endpoint": "string",
"client_id": "string",
"client_secret": "string",
"issuer": "string",
"token_endpoint": "string",
"user_info_endpoint": "string",
"authentication_request_extra_params": {
"string": "string",
},
"on_unauthenticated_request": "string",
"scope": "string",
"session_cookie_name": "string",
"session_timeout": 0,
},
"fixed_response": {
"content_type": "string",
"message_body": "string",
"status_code": "string",
},
"forward": {
"target_groups": [{
"arn": "string",
"weight": 0,
}],
"stickiness": {
"duration": 0,
"enabled": False,
},
},
"order": 0,
"redirect": {
"status_code": "string",
"host": "string",
"path": "string",
"port": "string",
"protocol": "string",
"query": "string",
},
"target_group_arn": "string",
}],
"mutual_authentication": {
"mode": "string",
"advertise_trust_store_ca_names": "string",
"ignore_client_certificate_expiry": False,
"trust_store_arn": "string",
},
"port": 0,
"protocol": "string",
"ssl_policy": "string",
"tags": {
"string": "string",
},
"tcp_idle_timeout_seconds": 0,
}],
name="string",
name_prefix="string",
preserve_host_header=False,
security_groups=["string"],
subnet_ids=["string"],
subnet_mappings=[{
"subnet_id": "string",
"allocation_id": "string",
"ipv6_address": "string",
"outpost_id": "string",
"private_ipv4_address": "string",
}],
subnets=[subnet],
tags={
"string": "string",
},
xff_header_processing_mode="string")
const applicationLoadBalancerResource = new awsx.lb.ApplicationLoadBalancer("applicationLoadBalancerResource", {
accessLogs: {
bucket: "string",
enabled: false,
prefix: "string",
},
clientKeepAlive: 0,
connectionLogs: {
bucket: "string",
enabled: false,
prefix: "string",
},
customerOwnedIpv4Pool: "string",
defaultSecurityGroup: {
args: {
description: "string",
egress: [{
fromPort: 0,
protocol: "string",
toPort: 0,
cidrBlocks: ["string"],
description: "string",
ipv6CidrBlocks: ["string"],
prefixListIds: ["string"],
securityGroups: ["string"],
self: false,
}],
ingress: [{
fromPort: 0,
protocol: "string",
toPort: 0,
cidrBlocks: ["string"],
description: "string",
ipv6CidrBlocks: ["string"],
prefixListIds: ["string"],
securityGroups: ["string"],
self: false,
}],
name: "string",
namePrefix: "string",
revokeRulesOnDelete: false,
tags: {
string: "string",
},
vpcId: "string",
},
securityGroupId: "string",
skip: false,
},
defaultTargetGroup: {
connectionTermination: false,
deregistrationDelay: 0,
healthCheck: {
enabled: false,
healthyThreshold: 0,
interval: 0,
matcher: "string",
path: "string",
port: "string",
protocol: "string",
timeout: 0,
unhealthyThreshold: 0,
},
ipAddressType: "string",
lambdaMultiValueHeadersEnabled: false,
loadBalancingAlgorithmType: "string",
loadBalancingAnomalyMitigation: "string",
loadBalancingCrossZoneEnabled: "string",
name: "string",
namePrefix: "string",
port: 0,
preserveClientIp: "string",
protocol: "string",
protocolVersion: "string",
proxyProtocolV2: false,
slowStart: 0,
stickiness: {
type: "string",
cookieDuration: 0,
cookieName: "string",
enabled: false,
},
tags: {
string: "string",
},
targetFailovers: [{
onDeregistration: "string",
onUnhealthy: "string",
}],
targetGroupHealth: {
dnsFailover: {
minimumHealthyTargetsCount: "string",
minimumHealthyTargetsPercentage: "string",
},
unhealthyStateRouting: {
minimumHealthyTargetsCount: 0,
minimumHealthyTargetsPercentage: "string",
},
},
targetHealthStates: [{
enableUnhealthyConnectionTermination: false,
unhealthyDrainingInterval: 0,
}],
targetType: "string",
vpcId: "string",
},
defaultTargetGroupPort: 0,
desyncMitigationMode: "string",
dnsRecordClientRoutingPolicy: "string",
dropInvalidHeaderFields: false,
enableDeletionProtection: false,
enableHttp2: false,
enableTlsVersionAndCipherSuiteHeaders: false,
enableWafFailOpen: false,
enableXffClientPort: false,
enableZonalShift: false,
enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: "string",
idleTimeout: 0,
internal: false,
ipAddressType: "string",
listener: {
alpnPolicy: "string",
certificateArn: "string",
defaultActions: [{
type: "string",
authenticateCognito: {
userPoolArn: "string",
userPoolClientId: "string",
userPoolDomain: "string",
authenticationRequestExtraParams: {
string: "string",
},
onUnauthenticatedRequest: "string",
scope: "string",
sessionCookieName: "string",
sessionTimeout: 0,
},
authenticateOidc: {
authorizationEndpoint: "string",
clientId: "string",
clientSecret: "string",
issuer: "string",
tokenEndpoint: "string",
userInfoEndpoint: "string",
authenticationRequestExtraParams: {
string: "string",
},
onUnauthenticatedRequest: "string",
scope: "string",
sessionCookieName: "string",
sessionTimeout: 0,
},
fixedResponse: {
contentType: "string",
messageBody: "string",
statusCode: "string",
},
forward: {
targetGroups: [{
arn: "string",
weight: 0,
}],
stickiness: {
duration: 0,
enabled: false,
},
},
order: 0,
redirect: {
statusCode: "string",
host: "string",
path: "string",
port: "string",
protocol: "string",
query: "string",
},
targetGroupArn: "string",
}],
mutualAuthentication: {
mode: "string",
advertiseTrustStoreCaNames: "string",
ignoreClientCertificateExpiry: false,
trustStoreArn: "string",
},
port: 0,
protocol: "string",
sslPolicy: "string",
tags: {
string: "string",
},
tcpIdleTimeoutSeconds: 0,
},
listeners: [{
alpnPolicy: "string",
certificateArn: "string",
defaultActions: [{
type: "string",
authenticateCognito: {
userPoolArn: "string",
userPoolClientId: "string",
userPoolDomain: "string",
authenticationRequestExtraParams: {
string: "string",
},
onUnauthenticatedRequest: "string",
scope: "string",
sessionCookieName: "string",
sessionTimeout: 0,
},
authenticateOidc: {
authorizationEndpoint: "string",
clientId: "string",
clientSecret: "string",
issuer: "string",
tokenEndpoint: "string",
userInfoEndpoint: "string",
authenticationRequestExtraParams: {
string: "string",
},
onUnauthenticatedRequest: "string",
scope: "string",
sessionCookieName: "string",
sessionTimeout: 0,
},
fixedResponse: {
contentType: "string",
messageBody: "string",
statusCode: "string",
},
forward: {
targetGroups: [{
arn: "string",
weight: 0,
}],
stickiness: {
duration: 0,
enabled: false,
},
},
order: 0,
redirect: {
statusCode: "string",
host: "string",
path: "string",
port: "string",
protocol: "string",
query: "string",
},
targetGroupArn: "string",
}],
mutualAuthentication: {
mode: "string",
advertiseTrustStoreCaNames: "string",
ignoreClientCertificateExpiry: false,
trustStoreArn: "string",
},
port: 0,
protocol: "string",
sslPolicy: "string",
tags: {
string: "string",
},
tcpIdleTimeoutSeconds: 0,
}],
name: "string",
namePrefix: "string",
preserveHostHeader: false,
securityGroups: ["string"],
subnetIds: ["string"],
subnetMappings: [{
subnetId: "string",
allocationId: "string",
ipv6Address: "string",
outpostId: "string",
privateIpv4Address: "string",
}],
subnets: [subnet],
tags: {
string: "string",
},
xffHeaderProcessingMode: "string",
});
type: awsx:lb:ApplicationLoadBalancer
properties:
accessLogs:
bucket: string
enabled: false
prefix: string
clientKeepAlive: 0
connectionLogs:
bucket: string
enabled: false
prefix: string
customerOwnedIpv4Pool: string
defaultSecurityGroup:
args:
description: string
egress:
- cidrBlocks:
- string
description: string
fromPort: 0
ipv6CidrBlocks:
- string
prefixListIds:
- string
protocol: string
securityGroups:
- string
self: false
toPort: 0
ingress:
- cidrBlocks:
- string
description: string
fromPort: 0
ipv6CidrBlocks:
- string
prefixListIds:
- string
protocol: string
securityGroups:
- string
self: false
toPort: 0
name: string
namePrefix: string
revokeRulesOnDelete: false
tags:
string: string
vpcId: string
securityGroupId: string
skip: false
defaultTargetGroup:
connectionTermination: false
deregistrationDelay: 0
healthCheck:
enabled: false
healthyThreshold: 0
interval: 0
matcher: string
path: string
port: string
protocol: string
timeout: 0
unhealthyThreshold: 0
ipAddressType: string
lambdaMultiValueHeadersEnabled: false
loadBalancingAlgorithmType: string
loadBalancingAnomalyMitigation: string
loadBalancingCrossZoneEnabled: string
name: string
namePrefix: string
port: 0
preserveClientIp: string
protocol: string
protocolVersion: string
proxyProtocolV2: false
slowStart: 0
stickiness:
cookieDuration: 0
cookieName: string
enabled: false
type: string
tags:
string: string
targetFailovers:
- onDeregistration: string
onUnhealthy: string
targetGroupHealth:
dnsFailover:
minimumHealthyTargetsCount: string
minimumHealthyTargetsPercentage: string
unhealthyStateRouting:
minimumHealthyTargetsCount: 0
minimumHealthyTargetsPercentage: string
targetHealthStates:
- enableUnhealthyConnectionTermination: false
unhealthyDrainingInterval: 0
targetType: string
vpcId: string
defaultTargetGroupPort: 0
desyncMitigationMode: string
dnsRecordClientRoutingPolicy: string
dropInvalidHeaderFields: false
enableDeletionProtection: false
enableHttp2: false
enableTlsVersionAndCipherSuiteHeaders: false
enableWafFailOpen: false
enableXffClientPort: false
enableZonalShift: false
enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: string
idleTimeout: 0
internal: false
ipAddressType: string
listener:
alpnPolicy: string
certificateArn: string
defaultActions:
- authenticateCognito:
authenticationRequestExtraParams:
string: string
onUnauthenticatedRequest: string
scope: string
sessionCookieName: string
sessionTimeout: 0
userPoolArn: string
userPoolClientId: string
userPoolDomain: string
authenticateOidc:
authenticationRequestExtraParams:
string: string
authorizationEndpoint: string
clientId: string
clientSecret: string
issuer: string
onUnauthenticatedRequest: string
scope: string
sessionCookieName: string
sessionTimeout: 0
tokenEndpoint: string
userInfoEndpoint: string
fixedResponse:
contentType: string
messageBody: string
statusCode: string
forward:
stickiness:
duration: 0
enabled: false
targetGroups:
- arn: string
weight: 0
order: 0
redirect:
host: string
path: string
port: string
protocol: string
query: string
statusCode: string
targetGroupArn: string
type: string
mutualAuthentication:
advertiseTrustStoreCaNames: string
ignoreClientCertificateExpiry: false
mode: string
trustStoreArn: string
port: 0
protocol: string
sslPolicy: string
tags:
string: string
tcpIdleTimeoutSeconds: 0
listeners:
- alpnPolicy: string
certificateArn: string
defaultActions:
- authenticateCognito:
authenticationRequestExtraParams:
string: string
onUnauthenticatedRequest: string
scope: string
sessionCookieName: string
sessionTimeout: 0
userPoolArn: string
userPoolClientId: string
userPoolDomain: string
authenticateOidc:
authenticationRequestExtraParams:
string: string
authorizationEndpoint: string
clientId: string
clientSecret: string
issuer: string
onUnauthenticatedRequest: string
scope: string
sessionCookieName: string
sessionTimeout: 0
tokenEndpoint: string
userInfoEndpoint: string
fixedResponse:
contentType: string
messageBody: string
statusCode: string
forward:
stickiness:
duration: 0
enabled: false
targetGroups:
- arn: string
weight: 0
order: 0
redirect:
host: string
path: string
port: string
protocol: string
query: string
statusCode: string
targetGroupArn: string
type: string
mutualAuthentication:
advertiseTrustStoreCaNames: string
ignoreClientCertificateExpiry: false
mode: string
trustStoreArn: string
port: 0
protocol: string
sslPolicy: string
tags:
string: string
tcpIdleTimeoutSeconds: 0
name: string
namePrefix: string
preserveHostHeader: false
securityGroups:
- string
subnetIds:
- string
subnetMappings:
- allocationId: string
ipv6Address: string
outpostId: string
privateIpv4Address: string
subnetId: string
subnets:
- ${subnet}
tags:
string: string
xffHeaderProcessingMode: string
ApplicationLoadBalancer Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ApplicationLoadBalancer resource accepts the following input properties:
- Access
Logs Pulumi.Aws. LB. Inputs. Load Balancer Access Logs Access Logs block. See below.
This type is defined in the AWS Classic package.
- Client
Keep intAlive - Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
- Connection
Logs Pulumi.Aws. LB. Inputs. Load Balancer Connection Logs Connection Logs block. See below. Only valid for Load Balancers of type
application.This type is defined in the AWS Classic package.
- Customer
Owned stringIpv4Pool - ID of the customer owned ipv4 pool to use for this load balancer.
- Default
Security Pulumi.Group Awsx. Awsx. Inputs. Default Security Group - Options for creating a default security group if [securityGroups] not specified.
- Default
Target TargetGroup Group - Options creating a default target group.
- Default
Target intGroup Port - Port to use to connect with the target. Valid values are ports 1-65535. Defaults to 80.
- Desync
Mitigation stringMode - How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are
monitor,defensive(default),strictest. - Dns
Record stringClient Routing Policy - How traffic is distributed among the load balancer Availability Zones. Possible values are
any_availability_zone(default),availability_zone_affinity, orpartial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid fornetworktype load balancers. - Drop
Invalid boolHeader Fields - Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type
application. - Enable
Deletion boolProtection - If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to
false. - Enable
Http2 bool - Whether HTTP/2 is enabled in
applicationload balancers. Defaults totrue. - Enable
Tls boolVersion And Cipher Suite Headers - Whether the two headers (
x-amzn-tls-versionandx-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of typeapplication. Defaults tofalse - Enable
Waf boolFail Open - Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to
false. - Enable
Xff boolClient Port - Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in
applicationload balancers. Defaults tofalse. - Enable
Zonal boolShift - Whether zonal shift is enabled. Defaults to
false. - Enforce
Security stringGroup Inbound Rules On Private Link Traffic - Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type
network. The possible values areonandoff. - Idle
Timeout int - Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type
application. Default: 60. - Internal bool
- If true, the LB will be internal. Defaults to
false. - Ip
Address stringType - Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type:
ipv4(all load balancer types),dualstack(all load balancer types), anddualstack-without-public-ipv4(typeapplicationonly). - Listener Listener
- A listener to create. Only one of [listener] and [listeners] can be specified.
- Listeners List<Listener>
- List of listeners to create. Only one of [listener] and [listeners] can be specified.
- Name string
- Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with
tf-lb. - Name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. - Preserve
Host boolHeader - Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to
false. - Security
Groups List<string> - List of security group IDs to assign to the LB. Only valid for Load Balancers of type
applicationornetwork. For load balancers of typenetworksecurity groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource. - Subnet
Ids List<string> - List of subnet IDs to attach to the LB. For Load Balancers of type
networksubnets can only be added (see Availability Zones), deleting a subnet for load balancers of typenetworkwill force a recreation of the resource. - Subnet
Mappings List<Pulumi.Aws. LB. Inputs. Load Balancer Subnet Mapping> - Subnet mapping block. See below. For Load Balancers of type
networksubnet mappings can only be added. - Subnets
List<Pulumi.
Aws. Ec2. Subnet> - A list of subnets to attach to the LB. Only one of [subnets], [subnetIds] or [subnetMappings] can be specified
- Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Xff
Header stringProcessing Mode - Determines how the load balancer modifies the
X-Forwarded-Forheader in the HTTP request before sending the request to the target. The possible values areappend,preserve, andremove. Only valid for Load Balancers of typeapplication. The default isappend.
- Access
Logs LoadBalancer Access Logs Args Access Logs block. See below.
This type is defined in the AWS Classic package.
- Client
Keep intAlive - Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
- Connection
Logs LoadBalancer Connection Logs Args Connection Logs block. See below. Only valid for Load Balancers of type
application.This type is defined in the AWS Classic package.
- Customer
Owned stringIpv4Pool - ID of the customer owned ipv4 pool to use for this load balancer.
- Default
Security DefaultGroup Security Group Args - Options for creating a default security group if [securityGroups] not specified.
- Default
Target TargetGroup Group Args - Options creating a default target group.
- Default
Target intGroup Port - Port to use to connect with the target. Valid values are ports 1-65535. Defaults to 80.
- Desync
Mitigation stringMode - How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are
monitor,defensive(default),strictest. - Dns
Record stringClient Routing Policy - How traffic is distributed among the load balancer Availability Zones. Possible values are
any_availability_zone(default),availability_zone_affinity, orpartial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid fornetworktype load balancers. - Drop
Invalid boolHeader Fields - Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type
application. - Enable
Deletion boolProtection - If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to
false. - Enable
Http2 bool - Whether HTTP/2 is enabled in
applicationload balancers. Defaults totrue. - Enable
Tls boolVersion And Cipher Suite Headers - Whether the two headers (
x-amzn-tls-versionandx-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of typeapplication. Defaults tofalse - Enable
Waf boolFail Open - Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to
false. - Enable
Xff boolClient Port - Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in
applicationload balancers. Defaults tofalse. - Enable
Zonal boolShift - Whether zonal shift is enabled. Defaults to
false. - Enforce
Security stringGroup Inbound Rules On Private Link Traffic - Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type
network. The possible values areonandoff. - Idle
Timeout int - Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type
application. Default: 60. - Internal bool
- If true, the LB will be internal. Defaults to
false. - Ip
Address stringType - Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type:
ipv4(all load balancer types),dualstack(all load balancer types), anddualstack-without-public-ipv4(typeapplicationonly). - Listener
Listener
Args - A listener to create. Only one of [listener] and [listeners] can be specified.
- Listeners
[]Listener
Args - List of listeners to create. Only one of [listener] and [listeners] can be specified.
- Name string
- Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with
tf-lb. - Name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. - Preserve
Host boolHeader - Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to
false. - Security
Groups []string - List of security group IDs to assign to the LB. Only valid for Load Balancers of type
applicationornetwork. For load balancers of typenetworksecurity groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource. - Subnet
Ids []string - List of subnet IDs to attach to the LB. For Load Balancers of type
networksubnets can only be added (see Availability Zones), deleting a subnet for load balancers of typenetworkwill force a recreation of the resource. - Subnet
Mappings LoadBalancer Subnet Mapping Args - Subnet mapping block. See below. For Load Balancers of type
networksubnet mappings can only be added. - Subnets Subnet
- A list of subnets to attach to the LB. Only one of [subnets], [subnetIds] or [subnetMappings] can be specified
- map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Xff
Header stringProcessing Mode - Determines how the load balancer modifies the
X-Forwarded-Forheader in the HTTP request before sending the request to the target. The possible values areappend,preserve, andremove. Only valid for Load Balancers of typeapplication. The default isappend.
- access
Logs LoadBalancer Access Logs Access Logs block. See below.
This type is defined in the AWS Classic package.
- client
Keep IntegerAlive - Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
- connection
Logs LoadBalancer Connection Logs Connection Logs block. See below. Only valid for Load Balancers of type
application.This type is defined in the AWS Classic package.
- customer
Owned StringIpv4Pool - ID of the customer owned ipv4 pool to use for this load balancer.
- default
Security DefaultGroup Security Group - Options for creating a default security group if [securityGroups] not specified.
- default
Target TargetGroup Group - Options creating a default target group.
- default
Target IntegerGroup Port - Port to use to connect with the target. Valid values are ports 1-65535. Defaults to 80.
- desync
Mitigation StringMode - How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are
monitor,defensive(default),strictest. - dns
Record StringClient Routing Policy - How traffic is distributed among the load balancer Availability Zones. Possible values are
any_availability_zone(default),availability_zone_affinity, orpartial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid fornetworktype load balancers. - drop
Invalid BooleanHeader Fields - Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type
application. - enable
Deletion BooleanProtection - If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to
false. - enable
Http2 Boolean - Whether HTTP/2 is enabled in
applicationload balancers. Defaults totrue. - enable
Tls BooleanVersion And Cipher Suite Headers - Whether the two headers (
x-amzn-tls-versionandx-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of typeapplication. Defaults tofalse - enable
Waf BooleanFail Open - Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to
false. - enable
Xff BooleanClient Port - Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in
applicationload balancers. Defaults tofalse. - enable
Zonal BooleanShift - Whether zonal shift is enabled. Defaults to
false. - enforce
Security StringGroup Inbound Rules On Private Link Traffic - Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type
network. The possible values areonandoff. - idle
Timeout Integer - Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type
application. Default: 60. - internal Boolean
- If true, the LB will be internal. Defaults to
false. - ip
Address StringType - Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type:
ipv4(all load balancer types),dualstack(all load balancer types), anddualstack-without-public-ipv4(typeapplicationonly). - listener Listener
- A listener to create. Only one of [listener] and [listeners] can be specified.
- listeners List<Listener>
- List of listeners to create. Only one of [listener] and [listeners] can be specified.
- name String
- Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with
tf-lb. - name
Prefix String - Creates a unique name beginning with the specified prefix. Conflicts with
name. - preserve
Host BooleanHeader - Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to
false. - security
Groups List<String> - List of security group IDs to assign to the LB. Only valid for Load Balancers of type
applicationornetwork. For load balancers of typenetworksecurity groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource. - subnet
Ids List<String> - List of subnet IDs to attach to the LB. For Load Balancers of type
networksubnets can only be added (see Availability Zones), deleting a subnet for load balancers of typenetworkwill force a recreation of the resource. - subnet
Mappings List<LoadBalancer Subnet Mapping> - Subnet mapping block. See below. For Load Balancers of type
networksubnet mappings can only be added. - subnets List<Subnet>
- A list of subnets to attach to the LB. Only one of [subnets], [subnetIds] or [subnetMappings] can be specified
- Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - xff
Header StringProcessing Mode - Determines how the load balancer modifies the
X-Forwarded-Forheader in the HTTP request before sending the request to the target. The possible values areappend,preserve, andremove. Only valid for Load Balancers of typeapplication. The default isappend.
- access
Logs pulumiAws.types.input. Load Balancer Access Logs Access Logs block. See below.
This type is defined in the AWS Classic package.
- client
Keep numberAlive - Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
- connection
Logs pulumiAws.types.input. Load Balancer Connection Logs Connection Logs block. See below. Only valid for Load Balancers of type
application.This type is defined in the AWS Classic package.
- customer
Owned stringIpv4Pool - ID of the customer owned ipv4 pool to use for this load balancer.
- default
Security awsx.Group Default Security Group - Options for creating a default security group if [securityGroups] not specified.
- default
Target TargetGroup Group - Options creating a default target group.
- default
Target numberGroup Port - Port to use to connect with the target. Valid values are ports 1-65535. Defaults to 80.
- desync
Mitigation stringMode - How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are
monitor,defensive(default),strictest. - dns
Record stringClient Routing Policy - How traffic is distributed among the load balancer Availability Zones. Possible values are
any_availability_zone(default),availability_zone_affinity, orpartial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid fornetworktype load balancers. - drop
Invalid booleanHeader Fields - Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type
application. - enable
Deletion booleanProtection - If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to
false. - enable
Http2 boolean - Whether HTTP/2 is enabled in
applicationload balancers. Defaults totrue. - enable
Tls booleanVersion And Cipher Suite Headers - Whether the two headers (
x-amzn-tls-versionandx-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of typeapplication. Defaults tofalse - enable
Waf booleanFail Open - Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to
false. - enable
Xff booleanClient Port - Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in
applicationload balancers. Defaults tofalse. - enable
Zonal booleanShift - Whether zonal shift is enabled. Defaults to
false. - enforce
Security stringGroup Inbound Rules On Private Link Traffic - Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type
network. The possible values areonandoff. - idle
Timeout number - Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type
application. Default: 60. - internal boolean
- If true, the LB will be internal. Defaults to
false. - ip
Address stringType - Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type:
ipv4(all load balancer types),dualstack(all load balancer types), anddualstack-without-public-ipv4(typeapplicationonly). - listener Listener
- A listener to create. Only one of [listener] and [listeners] can be specified.
- listeners Listener[]
- List of listeners to create. Only one of [listener] and [listeners] can be specified.
- name string
- Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with
tf-lb. - name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. - preserve
Host booleanHeader - Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to
false. - security
Groups string[] - List of security group IDs to assign to the LB. Only valid for Load Balancers of type
applicationornetwork. For load balancers of typenetworksecurity groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource. - subnet
Ids string[] - List of subnet IDs to attach to the LB. For Load Balancers of type
networksubnets can only be added (see Availability Zones), deleting a subnet for load balancers of typenetworkwill force a recreation of the resource. - subnet
Mappings pulumiAws.types.input. Load Balancer Subnet Mapping[] - Subnet mapping block. See below. For Load Balancers of type
networksubnet mappings can only be added. - subnets
pulumi
Aws.ec2. Subnet[] - A list of subnets to attach to the LB. Only one of [subnets], [subnetIds] or [subnetMappings] can be specified
- {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - xff
Header stringProcessing Mode - Determines how the load balancer modifies the
X-Forwarded-Forheader in the HTTP request before sending the request to the target. The possible values areappend,preserve, andremove. Only valid for Load Balancers of typeapplication. The default isappend.
- access_
logs pulumi_aws.lb. Load Balancer Access Logs Args Access Logs block. See below.
This type is defined in the AWS Classic package.
- client_
keep_ intalive - Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
- connection_
logs pulumi_aws.lb. Load Balancer Connection Logs Args Connection Logs block. See below. Only valid for Load Balancers of type
application.This type is defined in the AWS Classic package.
- customer_
owned_ stripv4_ pool - ID of the customer owned ipv4 pool to use for this load balancer.
- default_
security_ awsx.group Default Security Group Args - Options for creating a default security group if [securityGroups] not specified.
- default_
target_ Targetgroup Group Args - Options creating a default target group.
- default_
target_ intgroup_ port - Port to use to connect with the target. Valid values are ports 1-65535. Defaults to 80.
- desync_
mitigation_ strmode - How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are
monitor,defensive(default),strictest. - dns_
record_ strclient_ routing_ policy - How traffic is distributed among the load balancer Availability Zones. Possible values are
any_availability_zone(default),availability_zone_affinity, orpartial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid fornetworktype load balancers. - drop_
invalid_ boolheader_ fields - Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type
application. - enable_
deletion_ boolprotection - If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to
false. - enable_
http2 bool - Whether HTTP/2 is enabled in
applicationload balancers. Defaults totrue. - enable_
tls_ boolversion_ and_ cipher_ suite_ headers - Whether the two headers (
x-amzn-tls-versionandx-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of typeapplication. Defaults tofalse - enable_
waf_ boolfail_ open - Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to
false. - enable_
xff_ boolclient_ port - Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in
applicationload balancers. Defaults tofalse. - enable_
zonal_ boolshift - Whether zonal shift is enabled. Defaults to
false. - enforce_
security_ strgroup_ inbound_ rules_ on_ private_ link_ traffic - Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type
network. The possible values areonandoff. - idle_
timeout int - Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type
application. Default: 60. - internal bool
- If true, the LB will be internal. Defaults to
false. - ip_
address_ strtype - Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type:
ipv4(all load balancer types),dualstack(all load balancer types), anddualstack-without-public-ipv4(typeapplicationonly). - listener
Listener
Args - A listener to create. Only one of [listener] and [listeners] can be specified.
- listeners
Sequence[Listener
Args] - List of listeners to create. Only one of [listener] and [listeners] can be specified.
- name str
- Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with
tf-lb. - name_
prefix str - Creates a unique name beginning with the specified prefix. Conflicts with
name. - preserve_
host_ boolheader - Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to
false. - security_
groups Sequence[str] - List of security group IDs to assign to the LB. Only valid for Load Balancers of type
applicationornetwork. For load balancers of typenetworksecurity groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource. - subnet_
ids Sequence[str] - List of subnet IDs to attach to the LB. For Load Balancers of type
networksubnets can only be added (see Availability Zones), deleting a subnet for load balancers of typenetworkwill force a recreation of the resource. - subnet_
mappings Sequence[pulumi_aws.lb. Load Balancer Subnet Mapping Args] - Subnet mapping block. See below. For Load Balancers of type
networksubnet mappings can only be added. - subnets
Sequence[pulumi_
aws.ec2. Subnet] - A list of subnets to attach to the LB. Only one of [subnets], [subnetIds] or [subnetMappings] can be specified
- Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - xff_
header_ strprocessing_ mode - Determines how the load balancer modifies the
X-Forwarded-Forheader in the HTTP request before sending the request to the target. The possible values areappend,preserve, andremove. Only valid for Load Balancers of typeapplication. The default isappend.
- access
Logs Property Map Access Logs block. See below.
This type is defined in the AWS Classic package.
- client
Keep NumberAlive - Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
- connection
Logs Property Map Connection Logs block. See below. Only valid for Load Balancers of type
application.This type is defined in the AWS Classic package.
- customer
Owned StringIpv4Pool - ID of the customer owned ipv4 pool to use for this load balancer.
- default
Security Property MapGroup - Options for creating a default security group if [securityGroups] not specified.
- default
Target Property MapGroup - Options creating a default target group.
- default
Target NumberGroup Port - Port to use to connect with the target. Valid values are ports 1-65535. Defaults to 80.
- desync
Mitigation StringMode - How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are
monitor,defensive(default),strictest. - dns
Record StringClient Routing Policy - How traffic is distributed among the load balancer Availability Zones. Possible values are
any_availability_zone(default),availability_zone_affinity, orpartial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid fornetworktype load balancers. - drop
Invalid BooleanHeader Fields - Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type
application. - enable
Deletion BooleanProtection - If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to
false. - enable
Http2 Boolean - Whether HTTP/2 is enabled in
applicationload balancers. Defaults totrue. - enable
Tls BooleanVersion And Cipher Suite Headers - Whether the two headers (
x-amzn-tls-versionandx-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of typeapplication. Defaults tofalse - enable
Waf BooleanFail Open - Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to
false. - enable
Xff BooleanClient Port - Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in
applicationload balancers. Defaults tofalse. - enable
Zonal BooleanShift - Whether zonal shift is enabled. Defaults to
false. - enforce
Security StringGroup Inbound Rules On Private Link Traffic - Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type
network. The possible values areonandoff. - idle
Timeout Number - Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type
application. Default: 60. - internal Boolean
- If true, the LB will be internal. Defaults to
false. - ip
Address StringType - Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type:
ipv4(all load balancer types),dualstack(all load balancer types), anddualstack-without-public-ipv4(typeapplicationonly). - listener Property Map
- A listener to create. Only one of [listener] and [listeners] can be specified.
- listeners List<Property Map>
- List of listeners to create. Only one of [listener] and [listeners] can be specified.
- name String
- Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with
tf-lb. - name
Prefix String - Creates a unique name beginning with the specified prefix. Conflicts with
name. - preserve
Host BooleanHeader - Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to
false. - security
Groups List<String> - List of security group IDs to assign to the LB. Only valid for Load Balancers of type
applicationornetwork. For load balancers of typenetworksecurity groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource. - subnet
Ids List<String> - List of subnet IDs to attach to the LB. For Load Balancers of type
networksubnets can only be added (see Availability Zones), deleting a subnet for load balancers of typenetworkwill force a recreation of the resource. - subnet
Mappings List<Property Map> - Subnet mapping block. See below. For Load Balancers of type
networksubnet mappings can only be added. - subnets List<aws:ec2:Subnet>
- A list of subnets to attach to the LB. Only one of [subnets], [subnetIds] or [subnetMappings] can be specified
- Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - xff
Header StringProcessing Mode - Determines how the load balancer modifies the
X-Forwarded-Forheader in the HTTP request before sending the request to the target. The possible values areappend,preserve, andremove. Only valid for Load Balancers of typeapplication. The default isappend.
Outputs
All input properties are implicitly available as output properties. Additionally, the ApplicationLoadBalancer resource produces the following output properties:
- Load
Balancer Pulumi.Aws. LB. Load Balancer - Underlying Load Balancer resource This type is defined in the AWS Classic package.
- Vpc
Id string - Id of the VPC in which this load balancer is operating
- Load
Balancer LoadBalancer - Underlying Load Balancer resource This type is defined in the AWS Classic package.
- Vpc
Id string - Id of the VPC in which this load balancer is operating
- load
Balancer LoadBalancer - Underlying Load Balancer resource This type is defined in the AWS Classic package.
- vpc
Id String - Id of the VPC in which this load balancer is operating
- load
Balancer pulumiAws. Load Balancer - Underlying Load Balancer resource This type is defined in the AWS Classic package.
- vpc
Id string - Id of the VPC in which this load balancer is operating
- load_
balancer pulumi_aws.lb. Load Balancer - Underlying Load Balancer resource This type is defined in the AWS Classic package.
- vpc_
id str - Id of the VPC in which this load balancer is operating
- load
Balancer aws::LoadBalancer - Underlying Load Balancer resource This type is defined in the AWS Classic package.
- vpc
Id String - Id of the VPC in which this load balancer is operating
Supporting Types
DefaultSecurityGroup, DefaultSecurityGroupArgs
- Args
Pulumi.
Awsx. Awsx. Inputs. Security Group - Args to use when creating the security group. Can't be specified if
securityGroupIdis used. - Security
Group stringId - Id of existing security group to use instead of creating a new security group. Cannot be used in combination with
argsoropts. - Skip bool
- Skips creation of the security group if set to
true.
- Args
Security
Group - Args to use when creating the security group. Can't be specified if
securityGroupIdis used. - Security
Group stringId - Id of existing security group to use instead of creating a new security group. Cannot be used in combination with
argsoropts. - Skip bool
- Skips creation of the security group if set to
true.
- args
Security
Group - Args to use when creating the security group. Can't be specified if
securityGroupIdis used. - security
Group StringId - Id of existing security group to use instead of creating a new security group. Cannot be used in combination with
argsoropts. - skip Boolean
- Skips creation of the security group if set to
true.
- args
awsx.
Security Group - Args to use when creating the security group. Can't be specified if
securityGroupIdis used. - security
Group stringId - Id of existing security group to use instead of creating a new security group. Cannot be used in combination with
argsoropts. - skip boolean
- Skips creation of the security group if set to
true.
- args
awsx.
Security Group - Args to use when creating the security group. Can't be specified if
securityGroupIdis used. - security_
group_ strid - Id of existing security group to use instead of creating a new security group. Cannot be used in combination with
argsoropts. - skip bool
- Skips creation of the security group if set to
true.
- args Property Map
- Args to use when creating the security group. Can't be specified if
securityGroupIdis used. - security
Group StringId - Id of existing security group to use instead of creating a new security group. Cannot be used in combination with
argsoropts. - skip Boolean
- Skips creation of the security group if set to
true.
Listener, ListenerArgs
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocolisTLS. Valid values areHTTP1Only,HTTP2Only,HTTP2Optional,HTTP2Preferred, andNone. - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificateresource. - Default
Actions List<Pulumi.Aws. LB. Inputs. Listener Default Action> - Configuration block for default actions. See below.
- Mutual
Authentication Pulumi.Aws. LB. Inputs. Listener Mutual Authentication The mutual authentication configuration information. See below.
This type is defined in the AWS Classic package.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTPandHTTPS, with a default ofHTTP. For Network Load Balancers, valid values areTCP,TLS,UDP, andTCP_UDP. Not valid to useUDPorTCP_UDPif dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocolisHTTPSorTLS. Default isELBSecurityPolicy-2016-08. - Dictionary<string, string>
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Namekey is specified in the map, the AWS Console maps the value to theName Tagcolumn value inside theListener Rulestable within a specific load balancer listener page. Otherwise, the value resolves toDefault.- Tcp
Idle intTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCPon Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60and6000inclusive. Default:350.
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocolisTLS. Valid values areHTTP1Only,HTTP2Only,HTTP2Optional,HTTP2Preferred, andNone. - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificateresource. - Default
Actions ListenerDefault Action - Configuration block for default actions. See below.
- Mutual
Authentication ListenerMutual Authentication The mutual authentication configuration information. See below.
This type is defined in the AWS Classic package.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTPandHTTPS, with a default ofHTTP. For Network Load Balancers, valid values areTCP,TLS,UDP, andTCP_UDP. Not valid to useUDPorTCP_UDPif dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocolisHTTPSorTLS. Default isELBSecurityPolicy-2016-08. - map[string]string
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Namekey is specified in the map, the AWS Console maps the value to theName Tagcolumn value inside theListener Rulestable within a specific load balancer listener page. Otherwise, the value resolves toDefault.- Tcp
Idle intTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCPon Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60and6000inclusive. Default:350.
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocolisTLS. Valid values areHTTP1Only,HTTP2Only,HTTP2Optional,HTTP2Preferred, andNone. - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificateresource. - default
Actions List<ListenerDefault Action> - Configuration block for default actions. See below.
- mutual
Authentication ListenerMutual Authentication The mutual authentication configuration information. See below.
This type is defined in the AWS Classic package.
- port Integer
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTPandHTTPS, with a default ofHTTP. For Network Load Balancers, valid values areTCP,TLS,UDP, andTCP_UDP. Not valid to useUDPorTCP_UDPif dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocolisHTTPSorTLS. Default isELBSecurityPolicy-2016-08. - Map<String,String>
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Namekey is specified in the map, the AWS Console maps the value to theName Tagcolumn value inside theListener Rulestable within a specific load balancer listener page. Otherwise, the value resolves toDefault.- tcp
Idle IntegerTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCPon Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60and6000inclusive. Default:350.
- alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocolisTLS. Valid values areHTTP1Only,HTTP2Only,HTTP2Optional,HTTP2Preferred, andNone. - certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificateresource. - default
Actions pulumiAws.types.input. Listener Default Action[] - Configuration block for default actions. See below.
- mutual
Authentication pulumiAws.types.input. Listener Mutual Authentication The mutual authentication configuration information. See below.
This type is defined in the AWS Classic package.
- port number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTPandHTTPS, with a default ofHTTP. For Network Load Balancers, valid values areTCP,TLS,UDP, andTCP_UDP. Not valid to useUDPorTCP_UDPif dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocolisHTTPSorTLS. Default isELBSecurityPolicy-2016-08. - {[key: string]: string}
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Namekey is specified in the map, the AWS Console maps the value to theName Tagcolumn value inside theListener Rulestable within a specific load balancer listener page. Otherwise, the value resolves toDefault.- tcp
Idle numberTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCPon Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60and6000inclusive. Default:350.
- alpn_
policy str - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocolisTLS. Valid values areHTTP1Only,HTTP2Only,HTTP2Optional,HTTP2Preferred, andNone. - certificate_
arn str - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificateresource. - default_
actions Sequence[pulumi_aws.lb. Listener Default Action Args] - Configuration block for default actions. See below.
- mutual_
authentication pulumi_aws.lb. Listener Mutual Authentication Args The mutual authentication configuration information. See below.
This type is defined in the AWS Classic package.
- port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol str
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTPandHTTPS, with a default ofHTTP. For Network Load Balancers, valid values areTCP,TLS,UDP, andTCP_UDP. Not valid to useUDPorTCP_UDPif dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl_
policy str - Name of the SSL Policy for the listener. Required if
protocolisHTTPSorTLS. Default isELBSecurityPolicy-2016-08. - Mapping[str, str]
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Namekey is specified in the map, the AWS Console maps the value to theName Tagcolumn value inside theListener Rulestable within a specific load balancer listener page. Otherwise, the value resolves toDefault.- tcp_
idle_ inttimeout_ seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCPon Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60and6000inclusive. Default:350.
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocolisTLS. Valid values areHTTP1Only,HTTP2Only,HTTP2Optional,HTTP2Preferred, andNone. - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificateresource. - default
Actions List<Property Map> - Configuration block for default actions. See below.
- mutual
Authentication Property Map The mutual authentication configuration information. See below.
This type is defined in the AWS Classic package.
- port Number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTPandHTTPS, with a default ofHTTP. For Network Load Balancers, valid values areTCP,TLS,UDP, andTCP_UDP. Not valid to useUDPorTCP_UDPif dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocolisHTTPSorTLS. Default isELBSecurityPolicy-2016-08. - Map<String>
A map of tags to assign to the resource. .If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.Note:: When a
Namekey is specified in the map, the AWS Console maps the value to theName Tagcolumn value inside theListener Rulestable within a specific load balancer listener page. Otherwise, the value resolves toDefault.- tcp
Idle NumberTimeout Seconds - TCP idle timeout value in seconds. Can only be set if protocol is
TCPon Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between60and6000inclusive. Default:350.
SecurityGroup, SecurityGroupArgs
- Description string
- Security group description. Defaults to
Managed by Pulumi. Cannot be"". NOTE: This field maps to the AWSGroupDescriptionattribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags. - Egress
List<Pulumi.
Aws. Ec2. Inputs. Security Group Egress> - Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Ingress
List<Pulumi.
Aws. Ec2. Inputs. Security Group Ingress> - Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Name string
- Name of the security group. If omitted, the provider will assign a random, unique name.
- Name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. - Revoke
Rules boolOn Delete - Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false. - Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Vpc
Id string - VPC ID. Defaults to the region's default VPC.
- Description string
- Security group description. Defaults to
Managed by Pulumi. Cannot be"". NOTE: This field maps to the AWSGroupDescriptionattribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags. - Egress
Security
Group Egress - Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Ingress
Security
Group Ingress - Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- Name string
- Name of the security group. If omitted, the provider will assign a random, unique name.
- Name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. - Revoke
Rules boolOn Delete - Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false. - map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Vpc
Id string - VPC ID. Defaults to the region's default VPC.
- description String
- Security group description. Defaults to
Managed by Pulumi. Cannot be"". NOTE: This field maps to the AWSGroupDescriptionattribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags. - egress
List<Security
Group Egress> - Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress
List<Security
Group Ingress> - Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name String
- Name of the security group. If omitted, the provider will assign a random, unique name.
- name
Prefix String - Creates a unique name beginning with the specified prefix. Conflicts with
name. - revoke
Rules BooleanOn Delete - Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false. - Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc
Id String - VPC ID. Defaults to the region's default VPC.
- description string
- Security group description. Defaults to
Managed by Pulumi. Cannot be"". NOTE: This field maps to the AWSGroupDescriptionattribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags. - egress
pulumi
Aws.types.input.ec2. Security Group Egress[] - Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress
pulumi
Aws.types.input.ec2. Security Group Ingress[] - Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name string
- Name of the security group. If omitted, the provider will assign a random, unique name.
- name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. - revoke
Rules booleanOn Delete - Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false. - {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc
Id string - VPC ID. Defaults to the region's default VPC.
- description str
- Security group description. Defaults to
Managed by Pulumi. Cannot be"". NOTE: This field maps to the AWSGroupDescriptionattribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags. - egress
Sequence[pulumi_
aws.ec2. Security Group Egress Args] - Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress
Sequence[pulumi_
aws.ec2. Security Group Ingress Args] - Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name str
- Name of the security group. If omitted, the provider will assign a random, unique name.
- name_
prefix str - Creates a unique name beginning with the specified prefix. Conflicts with
name. - revoke_
rules_ boolon_ delete - Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false. - Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc_
id str - VPC ID. Defaults to the region's default VPC.
- description String
- Security group description. Defaults to
Managed by Pulumi. Cannot be"". NOTE: This field maps to the AWSGroupDescriptionattribute, for which there is no Update API. If you'd like to classify your security groups in a way that can be updated, usetags. - egress List<Property Map>
- Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- ingress List<Property Map>
- Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.
- name String
- Name of the security group. If omitted, the provider will assign a random, unique name.
- name
Prefix String - Creates a unique name beginning with the specified prefix. Conflicts with
name. - revoke
Rules BooleanOn Delete - Instruct the provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default
false. - Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - vpc
Id String - VPC ID. Defaults to the region's default VPC.
TargetGroup, TargetGroupArgs
- Connection
Termination bool - Whether to terminate connections at the end of the deregistration timeout on Network Load Balancers. See doc for more information. Default is
false. - Deregistration
Delay int - Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.
- Health
Check Pulumi.Aws. LB. Inputs. Target Group Health Check Health Check configuration block. Detailed below.
This type is defined in the AWS Classic package.
- Ip
Address stringType - The type of IP addresses used by the target group, only supported when target type is set to
ip. Possible values areipv4oripv6. - Lambda
Multi boolValue Headers Enabled - Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when
target_typeislambda. Default isfalse. - Load
Balancing stringAlgorithm Type - Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is
round_robin,least_outstanding_requests, orweighted_random. The default isround_robin. - Load
Balancing stringAnomaly Mitigation - Determines whether to enable target anomaly mitigation. Target anomaly mitigation is only supported by the
weighted_randomload balancing algorithm type. See doc for more information. The value is"on"or"off". The default is"off". - Load
Balancing stringCross Zone Enabled - Indicates whether cross zone load balancing is enabled. The value is
"true","false"or"use_load_balancer_configuration". The default is"use_load_balancer_configuration". - Name string
- Name of the target group. If omitted, this provider will assign a random, unique name. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.
- Name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. Cannot be longer than 6 characters. - Port int
- Port on which targets receive traffic, unless overridden when registering a specific target. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda. - Preserve
Client stringIp - Whether client IP preservation is enabled. See doc for more information.
- Protocol string
- Protocol to use for routing traffic to the targets.
Should be one of
GENEVE,HTTP,HTTPS,TCP,TCP_UDP,TLS, orUDP. Required whentarget_typeisinstance,ip, oralb. Does not apply whentarget_typeislambda. - Protocol
Version string - Only applicable when
protocolisHTTPorHTTPS. The protocol version. SpecifyGRPCto send requests to targets using gRPC. SpecifyHTTP2to send requests to targets using HTTP/2. The default isHTTP1, which sends requests to targets using HTTP/1.1 - Proxy
Protocol boolV2 - Whether to enable support for proxy protocol v2 on Network Load Balancers. See doc for more information. Default is
false. - Slow
Start int - Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.
- Stickiness
Pulumi.
Aws. LB. Inputs. Target Group Stickiness Stickiness configuration block. Detailed below.
This type is defined in the AWS Classic package.
- Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Target
Failovers List<Pulumi.Aws. LB. Inputs. Target Group Target Failover> - Target failover block. Only applicable for Gateway Load Balancer target groups. See target_failover for more information.
- Target
Group Pulumi.Health Aws. LB. Inputs. Target Group Target Group Health Target health requirements block. See target_group_health for more information.
This type is defined in the AWS Classic package.
- Target
Health List<Pulumi.States Aws. LB. Inputs. Target Group Target Health State> - Target health state block. Only applicable for Network Load Balancer target groups when
protocolisTCPorTLS. See target_health_state for more information. - Target
Type string Type of target that you must specify when registering targets with this target group. See doc for supported values. The default is
instance.Note that you can't specify targets for a target group using both instance IDs and IP addresses.
If the target type is
ip, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.Network Load Balancers do not support the
lambdatarget type.Application Load Balancers do not support the
albtarget type.- Vpc
Id string - Identifier of the VPC in which to create the target group. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda.
- Connection
Termination bool - Whether to terminate connections at the end of the deregistration timeout on Network Load Balancers. See doc for more information. Default is
false. - Deregistration
Delay int - Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.
- Health
Check TargetGroup Health Check Health Check configuration block. Detailed below.
This type is defined in the AWS Classic package.
- Ip
Address stringType - The type of IP addresses used by the target group, only supported when target type is set to
ip. Possible values areipv4oripv6. - Lambda
Multi boolValue Headers Enabled - Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when
target_typeislambda. Default isfalse. - Load
Balancing stringAlgorithm Type - Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is
round_robin,least_outstanding_requests, orweighted_random. The default isround_robin. - Load
Balancing stringAnomaly Mitigation - Determines whether to enable target anomaly mitigation. Target anomaly mitigation is only supported by the
weighted_randomload balancing algorithm type. See doc for more information. The value is"on"or"off". The default is"off". - Load
Balancing stringCross Zone Enabled - Indicates whether cross zone load balancing is enabled. The value is
"true","false"or"use_load_balancer_configuration". The default is"use_load_balancer_configuration". - Name string
- Name of the target group. If omitted, this provider will assign a random, unique name. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.
- Name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. Cannot be longer than 6 characters. - Port int
- Port on which targets receive traffic, unless overridden when registering a specific target. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda. - Preserve
Client stringIp - Whether client IP preservation is enabled. See doc for more information.
- Protocol string
- Protocol to use for routing traffic to the targets.
Should be one of
GENEVE,HTTP,HTTPS,TCP,TCP_UDP,TLS, orUDP. Required whentarget_typeisinstance,ip, oralb. Does not apply whentarget_typeislambda. - Protocol
Version string - Only applicable when
protocolisHTTPorHTTPS. The protocol version. SpecifyGRPCto send requests to targets using gRPC. SpecifyHTTP2to send requests to targets using HTTP/2. The default isHTTP1, which sends requests to targets using HTTP/1.1 - Proxy
Protocol boolV2 - Whether to enable support for proxy protocol v2 on Network Load Balancers. See doc for more information. Default is
false. - Slow
Start int - Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.
- Stickiness
Target
Group Stickiness Stickiness configuration block. Detailed below.
This type is defined in the AWS Classic package.
- map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Target
Failovers TargetGroup Target Failover - Target failover block. Only applicable for Gateway Load Balancer target groups. See target_failover for more information.
- Target
Group TargetHealth Group Target Group Health Target health requirements block. See target_group_health for more information.
This type is defined in the AWS Classic package.
- Target
Health TargetStates Group Target Health State - Target health state block. Only applicable for Network Load Balancer target groups when
protocolisTCPorTLS. See target_health_state for more information. - Target
Type string Type of target that you must specify when registering targets with this target group. See doc for supported values. The default is
instance.Note that you can't specify targets for a target group using both instance IDs and IP addresses.
If the target type is
ip, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.Network Load Balancers do not support the
lambdatarget type.Application Load Balancers do not support the
albtarget type.- Vpc
Id string - Identifier of the VPC in which to create the target group. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda.
- connection
Termination Boolean - Whether to terminate connections at the end of the deregistration timeout on Network Load Balancers. See doc for more information. Default is
false. - deregistration
Delay Integer - Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.
- health
Check TargetGroup Health Check Health Check configuration block. Detailed below.
This type is defined in the AWS Classic package.
- ip
Address StringType - The type of IP addresses used by the target group, only supported when target type is set to
ip. Possible values areipv4oripv6. - lambda
Multi BooleanValue Headers Enabled - Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when
target_typeislambda. Default isfalse. - load
Balancing StringAlgorithm Type - Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is
round_robin,least_outstanding_requests, orweighted_random. The default isround_robin. - load
Balancing StringAnomaly Mitigation - Determines whether to enable target anomaly mitigation. Target anomaly mitigation is only supported by the
weighted_randomload balancing algorithm type. See doc for more information. The value is"on"or"off". The default is"off". - load
Balancing StringCross Zone Enabled - Indicates whether cross zone load balancing is enabled. The value is
"true","false"or"use_load_balancer_configuration". The default is"use_load_balancer_configuration". - name String
- Name of the target group. If omitted, this provider will assign a random, unique name. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.
- name
Prefix String - Creates a unique name beginning with the specified prefix. Conflicts with
name. Cannot be longer than 6 characters. - port Integer
- Port on which targets receive traffic, unless overridden when registering a specific target. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda. - preserve
Client StringIp - Whether client IP preservation is enabled. See doc for more information.
- protocol String
- Protocol to use for routing traffic to the targets.
Should be one of
GENEVE,HTTP,HTTPS,TCP,TCP_UDP,TLS, orUDP. Required whentarget_typeisinstance,ip, oralb. Does not apply whentarget_typeislambda. - protocol
Version String - Only applicable when
protocolisHTTPorHTTPS. The protocol version. SpecifyGRPCto send requests to targets using gRPC. SpecifyHTTP2to send requests to targets using HTTP/2. The default isHTTP1, which sends requests to targets using HTTP/1.1 - proxy
Protocol BooleanV2 - Whether to enable support for proxy protocol v2 on Network Load Balancers. See doc for more information. Default is
false. - slow
Start Integer - Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.
- stickiness
Target
Group Stickiness Stickiness configuration block. Detailed below.
This type is defined in the AWS Classic package.
- Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - target
Failovers List<TargetGroup Target Failover> - Target failover block. Only applicable for Gateway Load Balancer target groups. See target_failover for more information.
- target
Group TargetHealth Group Target Group Health Target health requirements block. See target_group_health for more information.
This type is defined in the AWS Classic package.
- target
Health List<TargetStates Group Target Health State> - Target health state block. Only applicable for Network Load Balancer target groups when
protocolisTCPorTLS. See target_health_state for more information. - target
Type String Type of target that you must specify when registering targets with this target group. See doc for supported values. The default is
instance.Note that you can't specify targets for a target group using both instance IDs and IP addresses.
If the target type is
ip, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.Network Load Balancers do not support the
lambdatarget type.Application Load Balancers do not support the
albtarget type.- vpc
Id String - Identifier of the VPC in which to create the target group. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda.
- connection
Termination boolean - Whether to terminate connections at the end of the deregistration timeout on Network Load Balancers. See doc for more information. Default is
false. - deregistration
Delay number - Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.
- health
Check pulumiAws.types.input. Target Group Health Check Health Check configuration block. Detailed below.
This type is defined in the AWS Classic package.
- ip
Address stringType - The type of IP addresses used by the target group, only supported when target type is set to
ip. Possible values areipv4oripv6. - lambda
Multi booleanValue Headers Enabled - Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when
target_typeislambda. Default isfalse. - load
Balancing stringAlgorithm Type - Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is
round_robin,least_outstanding_requests, orweighted_random. The default isround_robin. - load
Balancing stringAnomaly Mitigation - Determines whether to enable target anomaly mitigation. Target anomaly mitigation is only supported by the
weighted_randomload balancing algorithm type. See doc for more information. The value is"on"or"off". The default is"off". - load
Balancing stringCross Zone Enabled - Indicates whether cross zone load balancing is enabled. The value is
"true","false"or"use_load_balancer_configuration". The default is"use_load_balancer_configuration". - name string
- Name of the target group. If omitted, this provider will assign a random, unique name. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.
- name
Prefix string - Creates a unique name beginning with the specified prefix. Conflicts with
name. Cannot be longer than 6 characters. - port number
- Port on which targets receive traffic, unless overridden when registering a specific target. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda. - preserve
Client stringIp - Whether client IP preservation is enabled. See doc for more information.
- protocol string
- Protocol to use for routing traffic to the targets.
Should be one of
GENEVE,HTTP,HTTPS,TCP,TCP_UDP,TLS, orUDP. Required whentarget_typeisinstance,ip, oralb. Does not apply whentarget_typeislambda. - protocol
Version string - Only applicable when
protocolisHTTPorHTTPS. The protocol version. SpecifyGRPCto send requests to targets using gRPC. SpecifyHTTP2to send requests to targets using HTTP/2. The default isHTTP1, which sends requests to targets using HTTP/1.1 - proxy
Protocol booleanV2 - Whether to enable support for proxy protocol v2 on Network Load Balancers. See doc for more information. Default is
false. - slow
Start number - Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.
- stickiness
pulumi
Aws.types.input. Target Group Stickiness Stickiness configuration block. Detailed below.
This type is defined in the AWS Classic package.
- {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - target
Failovers pulumiAws.types.input. Target Group Target Failover[] - Target failover block. Only applicable for Gateway Load Balancer target groups. See target_failover for more information.
- target
Group pulumiHealth Aws.types.input. Target Group Target Group Health Target health requirements block. See target_group_health for more information.
This type is defined in the AWS Classic package.
- target
Health pulumiStates Aws.types.input. Target Group Target Health State[] - Target health state block. Only applicable for Network Load Balancer target groups when
protocolisTCPorTLS. See target_health_state for more information. - target
Type string Type of target that you must specify when registering targets with this target group. See doc for supported values. The default is
instance.Note that you can't specify targets for a target group using both instance IDs and IP addresses.
If the target type is
ip, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.Network Load Balancers do not support the
lambdatarget type.Application Load Balancers do not support the
albtarget type.- vpc
Id string - Identifier of the VPC in which to create the target group. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda.
- connection_
termination bool - Whether to terminate connections at the end of the deregistration timeout on Network Load Balancers. See doc for more information. Default is
false. - deregistration_
delay int - Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.
- health_
check pulumi_aws.lb. Target Group Health Check Args Health Check configuration block. Detailed below.
This type is defined in the AWS Classic package.
- ip_
address_ strtype - The type of IP addresses used by the target group, only supported when target type is set to
ip. Possible values areipv4oripv6. - lambda_
multi_ boolvalue_ headers_ enabled - Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when
target_typeislambda. Default isfalse. - load_
balancing_ stralgorithm_ type - Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is
round_robin,least_outstanding_requests, orweighted_random. The default isround_robin. - load_
balancing_ stranomaly_ mitigation - Determines whether to enable target anomaly mitigation. Target anomaly mitigation is only supported by the
weighted_randomload balancing algorithm type. See doc for more information. The value is"on"or"off". The default is"off". - load_
balancing_ strcross_ zone_ enabled - Indicates whether cross zone load balancing is enabled. The value is
"true","false"or"use_load_balancer_configuration". The default is"use_load_balancer_configuration". - name str
- Name of the target group. If omitted, this provider will assign a random, unique name. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.
- name_
prefix str - Creates a unique name beginning with the specified prefix. Conflicts with
name. Cannot be longer than 6 characters. - port int
- Port on which targets receive traffic, unless overridden when registering a specific target. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda. - preserve_
client_ strip - Whether client IP preservation is enabled. See doc for more information.
- protocol str
- Protocol to use for routing traffic to the targets.
Should be one of
GENEVE,HTTP,HTTPS,TCP,TCP_UDP,TLS, orUDP. Required whentarget_typeisinstance,ip, oralb. Does not apply whentarget_typeislambda. - protocol_
version str - Only applicable when
protocolisHTTPorHTTPS. The protocol version. SpecifyGRPCto send requests to targets using gRPC. SpecifyHTTP2to send requests to targets using HTTP/2. The default isHTTP1, which sends requests to targets using HTTP/1.1 - proxy_
protocol_ boolv2 - Whether to enable support for proxy protocol v2 on Network Load Balancers. See doc for more information. Default is
false. - slow_
start int - Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.
- stickiness
pulumi_
aws.lb. Target Group Stickiness Args Stickiness configuration block. Detailed below.
This type is defined in the AWS Classic package.
- Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - target_
failovers Sequence[pulumi_aws.lb. Target Group Target Failover Args] - Target failover block. Only applicable for Gateway Load Balancer target groups. See target_failover for more information.
- target_
group_ pulumi_health aws.lb. Target Group Target Group Health Args Target health requirements block. See target_group_health for more information.
This type is defined in the AWS Classic package.
- target_
health_ Sequence[pulumi_states aws.lb. Target Group Target Health State Args] - Target health state block. Only applicable for Network Load Balancer target groups when
protocolisTCPorTLS. See target_health_state for more information. - target_
type str Type of target that you must specify when registering targets with this target group. See doc for supported values. The default is
instance.Note that you can't specify targets for a target group using both instance IDs and IP addresses.
If the target type is
ip, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.Network Load Balancers do not support the
lambdatarget type.Application Load Balancers do not support the
albtarget type.- vpc_
id str - Identifier of the VPC in which to create the target group. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda.
- connection
Termination Boolean - Whether to terminate connections at the end of the deregistration timeout on Network Load Balancers. See doc for more information. Default is
false. - deregistration
Delay Number - Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.
- health
Check Property Map Health Check configuration block. Detailed below.
This type is defined in the AWS Classic package.
- ip
Address StringType - The type of IP addresses used by the target group, only supported when target type is set to
ip. Possible values areipv4oripv6. - lambda
Multi BooleanValue Headers Enabled - Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when
target_typeislambda. Default isfalse. - load
Balancing StringAlgorithm Type - Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is
round_robin,least_outstanding_requests, orweighted_random. The default isround_robin. - load
Balancing StringAnomaly Mitigation - Determines whether to enable target anomaly mitigation. Target anomaly mitigation is only supported by the
weighted_randomload balancing algorithm type. See doc for more information. The value is"on"or"off". The default is"off". - load
Balancing StringCross Zone Enabled - Indicates whether cross zone load balancing is enabled. The value is
"true","false"or"use_load_balancer_configuration". The default is"use_load_balancer_configuration". - name String
- Name of the target group. If omitted, this provider will assign a random, unique name. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.
- name
Prefix String - Creates a unique name beginning with the specified prefix. Conflicts with
name. Cannot be longer than 6 characters. - port Number
- Port on which targets receive traffic, unless overridden when registering a specific target. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda. - preserve
Client StringIp - Whether client IP preservation is enabled. See doc for more information.
- protocol String
- Protocol to use for routing traffic to the targets.
Should be one of
GENEVE,HTTP,HTTPS,TCP,TCP_UDP,TLS, orUDP. Required whentarget_typeisinstance,ip, oralb. Does not apply whentarget_typeislambda. - protocol
Version String - Only applicable when
protocolisHTTPorHTTPS. The protocol version. SpecifyGRPCto send requests to targets using gRPC. SpecifyHTTP2to send requests to targets using HTTP/2. The default isHTTP1, which sends requests to targets using HTTP/1.1 - proxy
Protocol BooleanV2 - Whether to enable support for proxy protocol v2 on Network Load Balancers. See doc for more information. Default is
false. - slow
Start Number - Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.
- stickiness Property Map
Stickiness configuration block. Detailed below.
This type is defined in the AWS Classic package.
- Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - target
Failovers List<Property Map> - Target failover block. Only applicable for Gateway Load Balancer target groups. See target_failover for more information.
- target
Group Property MapHealth Target health requirements block. See target_group_health for more information.
This type is defined in the AWS Classic package.
- target
Health List<Property Map>States - Target health state block. Only applicable for Network Load Balancer target groups when
protocolisTCPorTLS. See target_health_state for more information. - target
Type String Type of target that you must specify when registering targets with this target group. See doc for supported values. The default is
instance.Note that you can't specify targets for a target group using both instance IDs and IP addresses.
If the target type is
ip, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.Network Load Balancers do not support the
lambdatarget type.Application Load Balancers do not support the
albtarget type.- vpc
Id String - Identifier of the VPC in which to create the target group. Required when
target_typeisinstance,iporalb. Does not apply whentarget_typeislambda.
Package Details
- Repository
- AWSx (Pulumi Crosswalk for AWS) pulumi/pulumi-awsx
- License
- Apache-2.0
AWSx (Pulumi Crosswalk for AWS) v2.21.1 published on Monday, Mar 10, 2025 by Pulumi