AWS Native is in preview. AWS Classic is fully supported.
aws-native.elasticloadbalancingv2.Listener
Explore with Pulumi AI
AWS Native is in preview. AWS Classic is fully supported.
Specifies a listener for an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer.
Create Listener Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Listener(name: string, args: ListenerArgs, opts?: CustomResourceOptions);
@overload
def Listener(resource_name: str,
args: ListenerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Listener(resource_name: str,
opts: Optional[ResourceOptions] = None,
default_actions: Optional[Sequence[ListenerActionArgs]] = None,
load_balancer_arn: Optional[str] = None,
alpn_policy: Optional[Sequence[str]] = None,
certificates: Optional[Sequence[ListenerCertificateArgs]] = None,
mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
port: Optional[int] = None,
protocol: Optional[str] = None,
ssl_policy: Optional[str] = None)
func NewListener(ctx *Context, name string, args ListenerArgs, opts ...ResourceOption) (*Listener, error)
public Listener(string name, ListenerArgs args, CustomResourceOptions? opts = null)
public Listener(String name, ListenerArgs args)
public Listener(String name, ListenerArgs args, CustomResourceOptions options)
type: aws-native:elasticloadbalancingv2:Listener
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Listener Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Listener resource accepts the following input properties:
- Default
Actions List<Pulumi.Aws Native. Elastic Load Balancing V2. Inputs. Listener Action> - The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
- Load
Balancer stringArn - The Amazon Resource Name (ARN) of the load balancer.
- Alpn
Policy List<string> - [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
- Certificates
List<Pulumi.
Aws Native. Elastic Load Balancing V2. Inputs. Listener Certificate> - The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
- Mutual
Authentication Pulumi.Aws Native. Elastic Load Balancing V2. Inputs. Listener Mutual Authentication - The mutual authentication configuration information.
- Port int
- The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
- Protocol string
- The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
- Ssl
Policy string - [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
- Default
Actions []ListenerAction Args - The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
- Load
Balancer stringArn - The Amazon Resource Name (ARN) of the load balancer.
- Alpn
Policy []string - [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
- Certificates
[]Listener
Certificate Args - The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
- Mutual
Authentication ListenerMutual Authentication Args - The mutual authentication configuration information.
- Port int
- The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
- Protocol string
- The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
- Ssl
Policy string - [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
- default
Actions List<ListenerAction> - The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
- load
Balancer StringArn - The Amazon Resource Name (ARN) of the load balancer.
- alpn
Policy List<String> - [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
- certificates
List<Listener
Certificate> - The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
- mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information.
- port Integer
- The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
- protocol String
- The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
- ssl
Policy String - [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
- default
Actions ListenerAction[] - The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
- load
Balancer stringArn - The Amazon Resource Name (ARN) of the load balancer.
- alpn
Policy string[] - [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
- certificates
Listener
Certificate[] - The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
- mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information.
- port number
- The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
- protocol string
- The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
- ssl
Policy string - [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
- default_
actions Sequence[ListenerAction Args] - The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
- load_
balancer_ strarn - The Amazon Resource Name (ARN) of the load balancer.
- alpn_
policy Sequence[str] - [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
- certificates
Sequence[Listener
Certificate Args] - The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
- mutual_
authentication ListenerMutual Authentication Args - The mutual authentication configuration information.
- port int
- The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
- protocol str
- The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
- ssl_
policy str - [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
- default
Actions List<Property Map> - The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
- load
Balancer StringArn - The Amazon Resource Name (ARN) of the load balancer.
- alpn
Policy List<String> - [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
- certificates List<Property Map>
- The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
- mutual
Authentication Property Map - The mutual authentication configuration information.
- port Number
- The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
- protocol String
- The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
- ssl
Policy String - [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
Outputs
All input properties are implicitly available as output properties. Additionally, the Listener resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Listener
Arn string - The Amazon Resource Name (ARN) of the listener.
- Id string
- The provider-assigned unique ID for this managed resource.
- Listener
Arn string - The Amazon Resource Name (ARN) of the listener.
- id String
- The provider-assigned unique ID for this managed resource.
- listener
Arn String - The Amazon Resource Name (ARN) of the listener.
- id string
- The provider-assigned unique ID for this managed resource.
- listener
Arn string - The Amazon Resource Name (ARN) of the listener.
- id str
- The provider-assigned unique ID for this managed resource.
- listener_
arn str - The Amazon Resource Name (ARN) of the listener.
- id String
- The provider-assigned unique ID for this managed resource.
- listener
Arn String - The Amazon Resource Name (ARN) of the listener.
Supporting Types
ListenerAction, ListenerActionArgs
- Type string
- The type of action.
- Authenticate
Cognito Pulumi.Config Aws Native. Elastic Load Balancing V2. Inputs. Listener Authenticate Cognito Config - [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when
Type
isauthenticate-cognito
. - Authenticate
Oidc Pulumi.Config Aws Native. Elastic Load Balancing V2. Inputs. Listener Authenticate Oidc Config - [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
Type
isauthenticate-oidc
. - Fixed
Response Pulumi.Config Aws Native. Elastic Load Balancing V2. Inputs. Listener Fixed Response Config - [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when
Type
isfixed-response
. - Forward
Config Pulumi.Aws Native. Elastic Load Balancing V2. Inputs. Listener Forward Config - Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when
Type
isforward
. If you specify bothForwardConfig
andTargetGroupArn
, you can specify only one target group usingForwardConfig
and it must be the same target group specified inTargetGroupArn
. - Order int
- The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
- Redirect
Config Pulumi.Aws Native. Elastic Load Balancing V2. Inputs. Listener Redirect Config - [Application Load Balancer] Information for creating a redirect action. Specify only when
Type
isredirect
. - Target
Group stringArn - The Amazon Resource Name (ARN) of the target group. Specify only when
Type
isforward
and you want to route to a single target group. To route to one or more target groups, useForwardConfig
instead.
- Type string
- The type of action.
- Authenticate
Cognito ListenerConfig Authenticate Cognito Config - [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when
Type
isauthenticate-cognito
. - Authenticate
Oidc ListenerConfig Authenticate Oidc Config - [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
Type
isauthenticate-oidc
. - Fixed
Response ListenerConfig Fixed Response Config - [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when
Type
isfixed-response
. - Forward
Config ListenerForward Config - Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when
Type
isforward
. If you specify bothForwardConfig
andTargetGroupArn
, you can specify only one target group usingForwardConfig
and it must be the same target group specified inTargetGroupArn
. - Order int
- The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
- Redirect
Config ListenerRedirect Config - [Application Load Balancer] Information for creating a redirect action. Specify only when
Type
isredirect
. - Target
Group stringArn - The Amazon Resource Name (ARN) of the target group. Specify only when
Type
isforward
and you want to route to a single target group. To route to one or more target groups, useForwardConfig
instead.
- type String
- The type of action.
- authenticate
Cognito ListenerConfig Authenticate Cognito Config - [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when
Type
isauthenticate-cognito
. - authenticate
Oidc ListenerConfig Authenticate Oidc Config - [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
Type
isauthenticate-oidc
. - fixed
Response ListenerConfig Fixed Response Config - [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when
Type
isfixed-response
. - forward
Config ListenerForward Config - Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when
Type
isforward
. If you specify bothForwardConfig
andTargetGroupArn
, you can specify only one target group usingForwardConfig
and it must be the same target group specified inTargetGroupArn
. - order Integer
- The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
- redirect
Config ListenerRedirect Config - [Application Load Balancer] Information for creating a redirect action. Specify only when
Type
isredirect
. - target
Group StringArn - The Amazon Resource Name (ARN) of the target group. Specify only when
Type
isforward
and you want to route to a single target group. To route to one or more target groups, useForwardConfig
instead.
- type string
- The type of action.
- authenticate
Cognito ListenerConfig Authenticate Cognito Config - [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when
Type
isauthenticate-cognito
. - authenticate
Oidc ListenerConfig Authenticate Oidc Config - [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
Type
isauthenticate-oidc
. - fixed
Response ListenerConfig Fixed Response Config - [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when
Type
isfixed-response
. - forward
Config ListenerForward Config - Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when
Type
isforward
. If you specify bothForwardConfig
andTargetGroupArn
, you can specify only one target group usingForwardConfig
and it must be the same target group specified inTargetGroupArn
. - order number
- The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
- redirect
Config ListenerRedirect Config - [Application Load Balancer] Information for creating a redirect action. Specify only when
Type
isredirect
. - target
Group stringArn - The Amazon Resource Name (ARN) of the target group. Specify only when
Type
isforward
and you want to route to a single target group. To route to one or more target groups, useForwardConfig
instead.
- type str
- The type of action.
- authenticate_
cognito_ Listenerconfig Authenticate Cognito Config - [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when
Type
isauthenticate-cognito
. - authenticate_
oidc_ Listenerconfig Authenticate Oidc Config - [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
Type
isauthenticate-oidc
. - fixed_
response_ Listenerconfig Fixed Response Config - [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when
Type
isfixed-response
. - forward_
config ListenerForward Config - Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when
Type
isforward
. If you specify bothForwardConfig
andTargetGroupArn
, you can specify only one target group usingForwardConfig
and it must be the same target group specified inTargetGroupArn
. - order int
- The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
- redirect_
config ListenerRedirect Config - [Application Load Balancer] Information for creating a redirect action. Specify only when
Type
isredirect
. - target_
group_ strarn - The Amazon Resource Name (ARN) of the target group. Specify only when
Type
isforward
and you want to route to a single target group. To route to one or more target groups, useForwardConfig
instead.
- type String
- The type of action.
- authenticate
Cognito Property MapConfig - [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when
Type
isauthenticate-cognito
. - authenticate
Oidc Property MapConfig - [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
Type
isauthenticate-oidc
. - fixed
Response Property MapConfig - [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when
Type
isfixed-response
. - forward
Config Property Map - Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when
Type
isforward
. If you specify bothForwardConfig
andTargetGroupArn
, you can specify only one target group usingForwardConfig
and it must be the same target group specified inTargetGroupArn
. - order Number
- The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
- redirect
Config Property Map - [Application Load Balancer] Information for creating a redirect action. Specify only when
Type
isredirect
. - target
Group StringArn - The Amazon Resource Name (ARN) of the target group. Specify only when
Type
isforward
and you want to route to a single target group. To route to one or more target groups, useForwardConfig
instead.
ListenerAuthenticateCognitoConfig, ListenerAuthenticateCognitoConfigArgs
- User
Pool stringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
- User
Pool stringClient Id - The ID of the Amazon Cognito user pool client.
- User
Pool stringDomain - The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
- Authentication
Request Dictionary<string, string>Extra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- On
Unauthenticated stringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- Scope string
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - string
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- Session
Timeout string - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- User
Pool stringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
- User
Pool stringClient Id - The ID of the Amazon Cognito user pool client.
- User
Pool stringDomain - The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
- Authentication
Request map[string]stringExtra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- On
Unauthenticated stringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- Scope string
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - string
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- Session
Timeout string - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- user
Pool StringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
- user
Pool StringClient Id - The ID of the Amazon Cognito user pool client.
- user
Pool StringDomain - The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
- authentication
Request Map<String,String>Extra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- on
Unauthenticated StringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- scope String
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - String
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- session
Timeout String - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- user
Pool stringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
- user
Pool stringClient Id - The ID of the Amazon Cognito user pool client.
- user
Pool stringDomain - The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
- authentication
Request {[key: string]: string}Extra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- on
Unauthenticated stringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- scope string
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - string
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- session
Timeout string - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- user_
pool_ strarn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
- user_
pool_ strclient_ id - The ID of the Amazon Cognito user pool client.
- user_
pool_ strdomain - The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
- authentication_
request_ Mapping[str, str]extra_ params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- on_
unauthenticated_ strrequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- scope str
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - str
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- session_
timeout str - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- user
Pool StringArn - The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
- user
Pool StringClient Id - The ID of the Amazon Cognito user pool client.
- user
Pool StringDomain - The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
- authentication
Request Map<String>Extra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- on
Unauthenticated StringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- scope String
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - String
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- session
Timeout String - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
ListenerAuthenticateOidcConfig, ListenerAuthenticateOidcConfigArgs
- string
- The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Client
Id string - The OAuth 2.0 client identifier.
- Issuer string
- The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Token
Endpoint string - The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- User
Info stringEndpoint - The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Authentication
Request Dictionary<string, string>Extra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- Client
Secret string - The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set
UseExistingClientSecret
to true. - On
Unauthenticated stringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- Scope string
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - string
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- Session
Timeout string - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- Use
Existing boolClient Secret - Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
- string
- The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Client
Id string - The OAuth 2.0 client identifier.
- Issuer string
- The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Token
Endpoint string - The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- User
Info stringEndpoint - The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Authentication
Request map[string]stringExtra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- Client
Secret string - The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set
UseExistingClientSecret
to true. - On
Unauthenticated stringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- Scope string
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - string
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- Session
Timeout string - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- Use
Existing boolClient Secret - Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
- String
- The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- client
Id String - The OAuth 2.0 client identifier.
- issuer String
- The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- token
Endpoint String - The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- user
Info StringEndpoint - The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- authentication
Request Map<String,String>Extra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- client
Secret String - The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set
UseExistingClientSecret
to true. - on
Unauthenticated StringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- scope String
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - String
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- session
Timeout String - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- use
Existing BooleanClient Secret - Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
- string
- The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- client
Id string - The OAuth 2.0 client identifier.
- issuer string
- The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- token
Endpoint string - The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- user
Info stringEndpoint - The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- authentication
Request {[key: string]: string}Extra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- client
Secret string - The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set
UseExistingClientSecret
to true. - on
Unauthenticated stringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- scope string
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - string
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- session
Timeout string - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- use
Existing booleanClient Secret - Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
- str
- The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- client_
id str - The OAuth 2.0 client identifier.
- issuer str
- The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- token_
endpoint str - The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- user_
info_ strendpoint - The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- authentication_
request_ Mapping[str, str]extra_ params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- client_
secret str - The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set
UseExistingClientSecret
to true. - on_
unauthenticated_ strrequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- scope str
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - str
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- session_
timeout str - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- use_
existing_ boolclient_ secret - Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
- String
- The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- client
Id String - The OAuth 2.0 client identifier.
- issuer String
- The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- token
Endpoint String - The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- user
Info StringEndpoint - The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- authentication
Request Map<String>Extra Params - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- client
Secret String - The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set
UseExistingClientSecret
to true. - on
Unauthenticated StringRequest - The behavior if the user is not authenticated. The following are possible values:
- deny```` - Return an HTTP 401 Unauthorized error.
- allow```` - Allow the request to be forwarded to the target.
- authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.
- scope String
- The set of user claims to be requested from the IdP. The default is
openid
. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. - String
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- session
Timeout String - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- use
Existing BooleanClient Secret - Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
ListenerCertificate, ListenerCertificateArgs
- Certificate
Arn string - The Amazon Resource Name (ARN) of the certificate.
- Certificate
Arn string - The Amazon Resource Name (ARN) of the certificate.
- certificate
Arn String - The Amazon Resource Name (ARN) of the certificate.
- certificate
Arn string - The Amazon Resource Name (ARN) of the certificate.
- certificate_
arn str - The Amazon Resource Name (ARN) of the certificate.
- certificate
Arn String - The Amazon Resource Name (ARN) of the certificate.
ListenerFixedResponseConfig, ListenerFixedResponseConfigArgs
- Status
Code string - The HTTP response code (2XX, 4XX, or 5XX).
- Content
Type string - The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
- Message
Body string - The message.
- Status
Code string - The HTTP response code (2XX, 4XX, or 5XX).
- Content
Type string - The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
- Message
Body string - The message.
- status
Code String - The HTTP response code (2XX, 4XX, or 5XX).
- content
Type String - The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
- message
Body String - The message.
- status
Code string - The HTTP response code (2XX, 4XX, or 5XX).
- content
Type string - The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
- message
Body string - The message.
- status_
code str - The HTTP response code (2XX, 4XX, or 5XX).
- content_
type str - The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
- message_
body str - The message.
- status
Code String - The HTTP response code (2XX, 4XX, or 5XX).
- content
Type String - The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
- message
Body String - The message.
ListenerForwardConfig, ListenerForwardConfigArgs
- Target
Group Pulumi.Stickiness Config Aws Native. Elastic Load Balancing V2. Inputs. Listener Target Group Stickiness Config - Information about the target group stickiness for a rule.
- Target
Groups List<Pulumi.Aws Native. Elastic Load Balancing V2. Inputs. Listener Target Group Tuple> - Information about how traffic will be distributed between multiple target groups in a forward rule.
- Target
Group ListenerStickiness Config Target Group Stickiness Config - Information about the target group stickiness for a rule.
- Target
Groups []ListenerTarget Group Tuple - Information about how traffic will be distributed between multiple target groups in a forward rule.
- target
Group ListenerStickiness Config Target Group Stickiness Config - Information about the target group stickiness for a rule.
- target
Groups List<ListenerTarget Group Tuple> - Information about how traffic will be distributed between multiple target groups in a forward rule.
- target
Group ListenerStickiness Config Target Group Stickiness Config - Information about the target group stickiness for a rule.
- target
Groups ListenerTarget Group Tuple[] - Information about how traffic will be distributed between multiple target groups in a forward rule.
- target_
group_ Listenerstickiness_ config Target Group Stickiness Config - Information about the target group stickiness for a rule.
- target_
groups Sequence[ListenerTarget Group Tuple] - Information about how traffic will be distributed between multiple target groups in a forward rule.
- target
Group Property MapStickiness Config - Information about the target group stickiness for a rule.
- target
Groups List<Property Map> - Information about how traffic will be distributed between multiple target groups in a forward rule.
ListenerMutualAuthentication, ListenerMutualAuthenticationArgs
- Ignore
Client boolCertificate Expiry - Indicates whether expired client certificates are ignored.
- Mode string
- The client certificate handling method. Options are
off
,passthrough
orverify
. The default value isoff
. - Trust
Store stringArn - The Amazon Resource Name (ARN) of the trust store.
- Ignore
Client boolCertificate Expiry - Indicates whether expired client certificates are ignored.
- Mode string
- The client certificate handling method. Options are
off
,passthrough
orverify
. The default value isoff
. - Trust
Store stringArn - The Amazon Resource Name (ARN) of the trust store.
- ignore
Client BooleanCertificate Expiry - Indicates whether expired client certificates are ignored.
- mode String
- The client certificate handling method. Options are
off
,passthrough
orverify
. The default value isoff
. - trust
Store StringArn - The Amazon Resource Name (ARN) of the trust store.
- ignore
Client booleanCertificate Expiry - Indicates whether expired client certificates are ignored.
- mode string
- The client certificate handling method. Options are
off
,passthrough
orverify
. The default value isoff
. - trust
Store stringArn - The Amazon Resource Name (ARN) of the trust store.
- ignore_
client_ boolcertificate_ expiry - Indicates whether expired client certificates are ignored.
- mode str
- The client certificate handling method. Options are
off
,passthrough
orverify
. The default value isoff
. - trust_
store_ strarn - The Amazon Resource Name (ARN) of the trust store.
- ignore
Client BooleanCertificate Expiry - Indicates whether expired client certificates are ignored.
- mode String
- The client certificate handling method. Options are
off
,passthrough
orverify
. The default value isoff
. - trust
Store StringArn - The Amazon Resource Name (ARN) of the trust store.
ListenerRedirectConfig, ListenerRedirectConfigArgs
- Status
Code string - The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
- Host string
- The hostname. This component is not percent-encoded. The hostname can contain #{host}.
- Path string
- The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
- Port string
- The port. You can specify a value from 1 to 65535 or #{port}.
- Protocol string
- The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
- Query string
- The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
- Status
Code string - The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
- Host string
- The hostname. This component is not percent-encoded. The hostname can contain #{host}.
- Path string
- The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
- Port string
- The port. You can specify a value from 1 to 65535 or #{port}.
- Protocol string
- The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
- Query string
- The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
- status
Code String - The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
- host String
- The hostname. This component is not percent-encoded. The hostname can contain #{host}.
- path String
- The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
- port String
- The port. You can specify a value from 1 to 65535 or #{port}.
- protocol String
- The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
- query String
- The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
- status
Code string - The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
- host string
- The hostname. This component is not percent-encoded. The hostname can contain #{host}.
- path string
- The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
- port string
- The port. You can specify a value from 1 to 65535 or #{port}.
- protocol string
- The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
- query string
- The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
- status_
code str - The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
- host str
- The hostname. This component is not percent-encoded. The hostname can contain #{host}.
- path str
- The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
- port str
- The port. You can specify a value from 1 to 65535 or #{port}.
- protocol str
- The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
- query str
- The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
- status
Code String - The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
- host String
- The hostname. This component is not percent-encoded. The hostname can contain #{host}.
- path String
- The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
- port String
- The port. You can specify a value from 1 to 65535 or #{port}.
- protocol String
- The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
- query String
- The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
ListenerTargetGroupStickinessConfig, ListenerTargetGroupStickinessConfigArgs
- Duration
Seconds int - The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
- Enabled bool
- Indicates whether target group stickiness is enabled.
- Duration
Seconds int - The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
- Enabled bool
- Indicates whether target group stickiness is enabled.
- duration
Seconds Integer - The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
- enabled Boolean
- Indicates whether target group stickiness is enabled.
- duration
Seconds number - The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
- enabled boolean
- Indicates whether target group stickiness is enabled.
- duration_
seconds int - The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
- enabled bool
- Indicates whether target group stickiness is enabled.
- duration
Seconds Number - The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
- enabled Boolean
- Indicates whether target group stickiness is enabled.
ListenerTargetGroupTuple, ListenerTargetGroupTupleArgs
- Target
Group stringArn - The Amazon Resource Name (ARN) of the target group.
- Weight int
- The weight. The range is 0 to 999.
- Target
Group stringArn - The Amazon Resource Name (ARN) of the target group.
- Weight int
- The weight. The range is 0 to 999.
- target
Group StringArn - The Amazon Resource Name (ARN) of the target group.
- weight Integer
- The weight. The range is 0 to 999.
- target
Group stringArn - The Amazon Resource Name (ARN) of the target group.
- weight number
- The weight. The range is 0 to 999.
- target_
group_ strarn - The Amazon Resource Name (ARN) of the target group.
- weight int
- The weight. The range is 0 to 999.
- target
Group StringArn - The Amazon Resource Name (ARN) of the target group.
- weight Number
- The weight. The range is 0 to 999.
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
AWS Native is in preview. AWS Classic is fully supported.