Try AWS Native preview for resources not in the classic version.
aws.alb.Listener
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Provides a Load Balancer Listener resource.
Note:
aws.alb.Listener
is known asaws.lb.Listener
. The functionality is identical.
Example Usage
Forward Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 443,
protocol: "HTTPS",
sslPolicy: "ELBSecurityPolicy-2016-08",
certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
defaultActions: [{
type: "forward",
targetGroupArn: frontEndTargetGroup.arn,
}],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_target_group = aws.lb.TargetGroup("front_end")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=443,
protocol="HTTPS",
ssl_policy="ELBSecurityPolicy-2016-08",
certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
default_actions=[{
"type": "forward",
"targetGroupArn": front_end_target_group.arn,
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(443),
Protocol: pulumi.String("HTTPS"),
SslPolicy: pulumi.String("ELBSecurityPolicy-2016-08"),
CertificateArn: pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: frontEndTargetGroup.Arn,
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 443,
Protocol = "HTTPS",
SslPolicy = "ELBSecurityPolicy-2016-08",
CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndTargetGroup.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("443")
.protocol("HTTPS")
.sslPolicy("ELBSecurityPolicy-2016-08")
.certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("forward")
.targetGroupArn(frontEndTargetGroup.arn())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndTargetGroup:
type: aws:lb:TargetGroup
name: front_end
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '443'
protocol: HTTPS
sslPolicy: ELBSecurityPolicy-2016-08
certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
defaultActions:
- type: forward
targetGroupArn: ${frontEndTargetGroup.arn}
To a NLB:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEndAwsLb.arn,
port: 443,
protocol: "TLS",
certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
alpnPolicy: "HTTP2Preferred",
defaultActions: [{
type: "forward",
targetGroupArn: frontEndAwsLbTargetGroup.arn,
}],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.Listener("front_end",
load_balancer_arn=front_end_aws_lb["arn"],
port=443,
protocol="TLS",
certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
alpn_policy="HTTP2Preferred",
default_actions=[{
"type": "forward",
"targetGroupArn": front_end_aws_lb_target_group["arn"],
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: pulumi.Any(frontEndAwsLb.Arn),
Port: pulumi.Int(443),
Protocol: pulumi.String("TLS"),
CertificateArn: pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
AlpnPolicy: pulumi.String("HTTP2Preferred"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: pulumi.Any(frontEndAwsLbTargetGroup.Arn),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEndAwsLb.Arn,
Port = 443,
Protocol = "TLS",
CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
AlpnPolicy = "HTTP2Preferred",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndAwsLbTargetGroup.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new Listener("frontEnd", ListenerArgs.builder()
.loadBalancerArn(frontEndAwsLb.arn())
.port("443")
.protocol("TLS")
.certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
.alpnPolicy("HTTP2Preferred")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("forward")
.targetGroupArn(frontEndAwsLbTargetGroup.arn())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEndAwsLb.arn}
port: '443'
protocol: TLS
certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
alpnPolicy: HTTP2Preferred
defaultActions:
- type: forward
targetGroupArn: ${frontEndAwsLbTargetGroup.arn}
Redirect Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 80,
protocol: "HTTP",
defaultActions: [{
type: "redirect",
redirect: {
port: "443",
protocol: "HTTPS",
statusCode: "HTTP_301",
},
}],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=80,
protocol="HTTP",
default_actions=[{
"type": "redirect",
"redirect": {
"port": "443",
"protocol": "HTTPS",
"statusCode": "HTTP_301",
},
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("redirect"),
Redirect: &lb.ListenerDefaultActionRedirectArgs{
Port: pulumi.String("443"),
Protocol: pulumi.String("HTTPS"),
StatusCode: pulumi.String("HTTP_301"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "redirect",
Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
{
Port = "443",
Protocol = "HTTPS",
StatusCode = "HTTP_301",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionRedirectArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("80")
.protocol("HTTP")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("redirect")
.redirect(ListenerDefaultActionRedirectArgs.builder()
.port("443")
.protocol("HTTPS")
.statusCode("HTTP_301")
.build())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '80'
protocol: HTTP
defaultActions:
- type: redirect
redirect:
port: '443'
protocol: HTTPS
statusCode: HTTP_301
Fixed-response Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 80,
protocol: "HTTP",
defaultActions: [{
type: "fixed-response",
fixedResponse: {
contentType: "text/plain",
messageBody: "Fixed response content",
statusCode: "200",
},
}],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=80,
protocol="HTTP",
default_actions=[{
"type": "fixed-response",
"fixedResponse": {
"contentType": "text/plain",
"messageBody": "Fixed response content",
"statusCode": "200",
},
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("fixed-response"),
FixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{
ContentType: pulumi.String("text/plain"),
MessageBody: pulumi.String("Fixed response content"),
StatusCode: pulumi.String("200"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "fixed-response",
FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
{
ContentType = "text/plain",
MessageBody = "Fixed response content",
StatusCode = "200",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionFixedResponseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("80")
.protocol("HTTP")
.defaultActions(ListenerDefaultActionArgs.builder()
.type("fixed-response")
.fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
.contentType("text/plain")
.messageBody("Fixed response content")
.statusCode("200")
.build())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '80'
protocol: HTTP
defaultActions:
- type: fixed-response
fixedResponse:
contentType: text/plain
messageBody: Fixed response content
statusCode: '200'
Authenticate-cognito Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
const pool = new aws.cognito.UserPool("pool", {});
const client = new aws.cognito.UserPoolClient("client", {});
const domain = new aws.cognito.UserPoolDomain("domain", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 80,
protocol: "HTTP",
defaultActions: [
{
type: "authenticate-cognito",
authenticateCognito: {
userPoolArn: pool.arn,
userPoolClientId: client.id,
userPoolDomain: domain.domain,
},
},
{
type: "forward",
targetGroupArn: frontEndTargetGroup.arn,
},
],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_target_group = aws.lb.TargetGroup("front_end")
pool = aws.cognito.UserPool("pool")
client = aws.cognito.UserPoolClient("client")
domain = aws.cognito.UserPoolDomain("domain")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=80,
protocol="HTTP",
default_actions=[
{
"type": "authenticate-cognito",
"authenticateCognito": {
"userPoolArn": pool.arn,
"userPoolClientId": client.id,
"userPoolDomain": domain.domain,
},
},
{
"type": "forward",
"targetGroupArn": front_end_target_group.arn,
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
if err != nil {
return err
}
pool, err := cognito.NewUserPool(ctx, "pool", nil)
if err != nil {
return err
}
client, err := cognito.NewUserPoolClient(ctx, "client", nil)
if err != nil {
return err
}
domain, err := cognito.NewUserPoolDomain(ctx, "domain", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("authenticate-cognito"),
AuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{
UserPoolArn: pool.Arn,
UserPoolClientId: client.ID(),
UserPoolDomain: domain.Domain,
},
},
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: frontEndTargetGroup.Arn,
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");
var pool = new Aws.Cognito.UserPool("pool");
var client = new Aws.Cognito.UserPoolClient("client");
var domain = new Aws.Cognito.UserPoolDomain("domain");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "authenticate-cognito",
AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
{
UserPoolArn = pool.Arn,
UserPoolClientId = client.Id,
UserPoolDomain = domain.Domain,
},
},
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndTargetGroup.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolDomain;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateCognitoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
var pool = new UserPool("pool");
var client = new UserPoolClient("client");
var domain = new UserPoolDomain("domain");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("80")
.protocol("HTTP")
.defaultActions(
ListenerDefaultActionArgs.builder()
.type("authenticate-cognito")
.authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
.userPoolArn(pool.arn())
.userPoolClientId(client.id())
.userPoolDomain(domain.domain())
.build())
.build(),
ListenerDefaultActionArgs.builder()
.type("forward")
.targetGroupArn(frontEndTargetGroup.arn())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndTargetGroup:
type: aws:lb:TargetGroup
name: front_end
pool:
type: aws:cognito:UserPool
client:
type: aws:cognito:UserPoolClient
domain:
type: aws:cognito:UserPoolDomain
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '80'
protocol: HTTP
defaultActions:
- type: authenticate-cognito
authenticateCognito:
userPoolArn: ${pool.arn}
userPoolClientId: ${client.id}
userPoolDomain: ${domain.domain}
- type: forward
targetGroupArn: ${frontEndTargetGroup.arn}
Authenticate-OIDC Action
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
loadBalancerArn: frontEnd.arn,
port: 80,
protocol: "HTTP",
defaultActions: [
{
type: "authenticate-oidc",
authenticateOidc: {
authorizationEndpoint: "https://example.com/authorization_endpoint",
clientId: "client_id",
clientSecret: "client_secret",
issuer: "https://example.com",
tokenEndpoint: "https://example.com/token_endpoint",
userInfoEndpoint: "https://example.com/user_info_endpoint",
},
},
{
type: "forward",
targetGroupArn: frontEndTargetGroup.arn,
},
],
});
import pulumi
import pulumi_aws as aws
front_end = aws.lb.LoadBalancer("front_end")
front_end_target_group = aws.lb.TargetGroup("front_end")
front_end_listener = aws.lb.Listener("front_end",
load_balancer_arn=front_end.arn,
port=80,
protocol="HTTP",
default_actions=[
{
"type": "authenticate-oidc",
"authenticateOidc": {
"authorizationEndpoint": "https://example.com/authorization_endpoint",
"clientId": "client_id",
"clientSecret": "client_secret",
"issuer": "https://example.com",
"tokenEndpoint": "https://example.com/token_endpoint",
"userInfoEndpoint": "https://example.com/user_info_endpoint",
},
},
{
"type": "forward",
"targetGroupArn": front_end_target_group.arn,
},
])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
if err != nil {
return err
}
frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("authenticate-oidc"),
AuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{
AuthorizationEndpoint: pulumi.String("https://example.com/authorization_endpoint"),
ClientId: pulumi.String("client_id"),
ClientSecret: pulumi.String("client_secret"),
Issuer: pulumi.String("https://example.com"),
TokenEndpoint: pulumi.String("https://example.com/token_endpoint"),
UserInfoEndpoint: pulumi.String("https://example.com/user_info_endpoint"),
},
},
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: frontEndTargetGroup.Arn,
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var frontEnd = new Aws.LB.LoadBalancer("front_end");
var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");
var frontEndListener = new Aws.LB.Listener("front_end", new()
{
LoadBalancerArn = frontEnd.Arn,
Port = 80,
Protocol = "HTTP",
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "authenticate-oidc",
AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
{
AuthorizationEndpoint = "https://example.com/authorization_endpoint",
ClientId = "client_id",
ClientSecret = "client_secret",
Issuer = "https://example.com",
TokenEndpoint = "https://example.com/token_endpoint",
UserInfoEndpoint = "https://example.com/user_info_endpoint",
},
},
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
Type = "forward",
TargetGroupArn = frontEndTargetGroup.Arn,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateOidcArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var frontEnd = new LoadBalancer("frontEnd");
var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");
var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
.loadBalancerArn(frontEnd.arn())
.port("80")
.protocol("HTTP")
.defaultActions(
ListenerDefaultActionArgs.builder()
.type("authenticate-oidc")
.authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
.authorizationEndpoint("https://example.com/authorization_endpoint")
.clientId("client_id")
.clientSecret("client_secret")
.issuer("https://example.com")
.tokenEndpoint("https://example.com/token_endpoint")
.userInfoEndpoint("https://example.com/user_info_endpoint")
.build())
.build(),
ListenerDefaultActionArgs.builder()
.type("forward")
.targetGroupArn(frontEndTargetGroup.arn())
.build())
.build());
}
}
resources:
frontEnd:
type: aws:lb:LoadBalancer
name: front_end
frontEndTargetGroup:
type: aws:lb:TargetGroup
name: front_end
frontEndListener:
type: aws:lb:Listener
name: front_end
properties:
loadBalancerArn: ${frontEnd.arn}
port: '80'
protocol: HTTP
defaultActions:
- type: authenticate-oidc
authenticateOidc:
authorizationEndpoint: https://example.com/authorization_endpoint
clientId: client_id
clientSecret: client_secret
issuer: https://example.com
tokenEndpoint: https://example.com/token_endpoint
userInfoEndpoint: https://example.com/user_info_endpoint
- type: forward
targetGroupArn: ${frontEndTargetGroup.arn}
Gateway Load Balancer Listener
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lb.LoadBalancer("example", {
loadBalancerType: "gateway",
name: "example",
subnetMappings: [{
subnetId: exampleAwsSubnet.id,
}],
});
const exampleTargetGroup = new aws.lb.TargetGroup("example", {
name: "example",
port: 6081,
protocol: "GENEVE",
vpcId: exampleAwsVpc.id,
healthCheck: {
port: "80",
protocol: "HTTP",
},
});
const exampleListener = new aws.lb.Listener("example", {
loadBalancerArn: example.id,
defaultActions: [{
targetGroupArn: exampleTargetGroup.id,
type: "forward",
}],
});
import pulumi
import pulumi_aws as aws
example = aws.lb.LoadBalancer("example",
load_balancer_type="gateway",
name="example",
subnet_mappings=[{
"subnetId": example_aws_subnet["id"],
}])
example_target_group = aws.lb.TargetGroup("example",
name="example",
port=6081,
protocol="GENEVE",
vpc_id=example_aws_vpc["id"],
health_check={
"port": "80",
"protocol": "HTTP",
})
example_listener = aws.lb.Listener("example",
load_balancer_arn=example.id,
default_actions=[{
"targetGroupArn": example_target_group.id,
"type": "forward",
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
LoadBalancerType: pulumi.String("gateway"),
Name: pulumi.String("example"),
SubnetMappings: lb.LoadBalancerSubnetMappingArray{
&lb.LoadBalancerSubnetMappingArgs{
SubnetId: pulumi.Any(exampleAwsSubnet.Id),
},
},
})
if err != nil {
return err
}
exampleTargetGroup, err := lb.NewTargetGroup(ctx, "example", &lb.TargetGroupArgs{
Name: pulumi.String("example"),
Port: pulumi.Int(6081),
Protocol: pulumi.String("GENEVE"),
VpcId: pulumi.Any(exampleAwsVpc.Id),
HealthCheck: &lb.TargetGroupHealthCheckArgs{
Port: pulumi.String("80"),
Protocol: pulumi.String("HTTP"),
},
})
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "example", &lb.ListenerArgs{
LoadBalancerArn: example.ID(),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
TargetGroupArn: exampleTargetGroup.ID(),
Type: pulumi.String("forward"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LB.LoadBalancer("example", new()
{
LoadBalancerType = "gateway",
Name = "example",
SubnetMappings = new[]
{
new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
{
SubnetId = exampleAwsSubnet.Id,
},
},
});
var exampleTargetGroup = new Aws.LB.TargetGroup("example", new()
{
Name = "example",
Port = 6081,
Protocol = "GENEVE",
VpcId = exampleAwsVpc.Id,
HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs
{
Port = "80",
Protocol = "HTTP",
},
});
var exampleListener = new Aws.LB.Listener("example", new()
{
LoadBalancerArn = example.Id,
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
TargetGroupArn = exampleTargetGroup.Id,
Type = "forward",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.LoadBalancerArgs;
import com.pulumi.aws.lb.inputs.LoadBalancerSubnetMappingArgs;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.TargetGroupArgs;
import com.pulumi.aws.lb.inputs.TargetGroupHealthCheckArgs;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new LoadBalancer("example", LoadBalancerArgs.builder()
.loadBalancerType("gateway")
.name("example")
.subnetMappings(LoadBalancerSubnetMappingArgs.builder()
.subnetId(exampleAwsSubnet.id())
.build())
.build());
var exampleTargetGroup = new TargetGroup("exampleTargetGroup", TargetGroupArgs.builder()
.name("example")
.port(6081)
.protocol("GENEVE")
.vpcId(exampleAwsVpc.id())
.healthCheck(TargetGroupHealthCheckArgs.builder()
.port(80)
.protocol("HTTP")
.build())
.build());
var exampleListener = new Listener("exampleListener", ListenerArgs.builder()
.loadBalancerArn(example.id())
.defaultActions(ListenerDefaultActionArgs.builder()
.targetGroupArn(exampleTargetGroup.id())
.type("forward")
.build())
.build());
}
}
resources:
example:
type: aws:lb:LoadBalancer
properties:
loadBalancerType: gateway
name: example
subnetMappings:
- subnetId: ${exampleAwsSubnet.id}
exampleTargetGroup:
type: aws:lb:TargetGroup
name: example
properties:
name: example
port: 6081
protocol: GENEVE
vpcId: ${exampleAwsVpc.id}
healthCheck:
port: 80
protocol: HTTP
exampleListener:
type: aws:lb:Listener
name: example
properties:
loadBalancerArn: ${example.id}
defaultActions:
- targetGroupArn: ${exampleTargetGroup.id}
type: forward
Mutual TLS Authentication
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.lb.LoadBalancer("example", {loadBalancerType: "application"});
const exampleTargetGroup = new aws.lb.TargetGroup("example", {});
const exampleListener = new aws.lb.Listener("example", {
loadBalancerArn: example.id,
defaultActions: [{
targetGroupArn: exampleTargetGroup.id,
type: "forward",
}],
mutualAuthentication: {
mode: "verify",
trustStoreArn: "...",
},
});
import pulumi
import pulumi_aws as aws
example = aws.lb.LoadBalancer("example", load_balancer_type="application")
example_target_group = aws.lb.TargetGroup("example")
example_listener = aws.lb.Listener("example",
load_balancer_arn=example.id,
default_actions=[{
"targetGroupArn": example_target_group.id,
"type": "forward",
}],
mutual_authentication={
"mode": "verify",
"trustStoreArn": "...",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
LoadBalancerType: pulumi.String("application"),
})
if err != nil {
return err
}
exampleTargetGroup, err := lb.NewTargetGroup(ctx, "example", nil)
if err != nil {
return err
}
_, err = lb.NewListener(ctx, "example", &lb.ListenerArgs{
LoadBalancerArn: example.ID(),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
TargetGroupArn: exampleTargetGroup.ID(),
Type: pulumi.String("forward"),
},
},
MutualAuthentication: &lb.ListenerMutualAuthenticationArgs{
Mode: pulumi.String("verify"),
TrustStoreArn: pulumi.String("..."),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.LB.LoadBalancer("example", new()
{
LoadBalancerType = "application",
});
var exampleTargetGroup = new Aws.LB.TargetGroup("example");
var exampleListener = new Aws.LB.Listener("example", new()
{
LoadBalancerArn = example.Id,
DefaultActions = new[]
{
new Aws.LB.Inputs.ListenerDefaultActionArgs
{
TargetGroupArn = exampleTargetGroup.Id,
Type = "forward",
},
},
MutualAuthentication = new Aws.LB.Inputs.ListenerMutualAuthenticationArgs
{
Mode = "verify",
TrustStoreArn = "...",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.LoadBalancerArgs;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerMutualAuthenticationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new LoadBalancer("example", LoadBalancerArgs.builder()
.loadBalancerType("application")
.build());
var exampleTargetGroup = new TargetGroup("exampleTargetGroup");
var exampleListener = new Listener("exampleListener", ListenerArgs.builder()
.loadBalancerArn(example.id())
.defaultActions(ListenerDefaultActionArgs.builder()
.targetGroupArn(exampleTargetGroup.id())
.type("forward")
.build())
.mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
.mode("verify")
.trustStoreArn("...")
.build())
.build());
}
}
resources:
example:
type: aws:lb:LoadBalancer
properties:
loadBalancerType: application
exampleTargetGroup:
type: aws:lb:TargetGroup
name: example
exampleListener:
type: aws:lb:Listener
name: example
properties:
loadBalancerArn: ${example.id}
defaultActions:
- targetGroupArn: ${exampleTargetGroup.id}
type: forward
mutualAuthentication:
mode: verify
trustStoreArn: '...'
Create Listener Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Listener(name: string, args: ListenerArgs, opts?: CustomResourceOptions);
@overload
def Listener(resource_name: str,
args: ListenerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Listener(resource_name: str,
opts: Optional[ResourceOptions] = None,
default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
load_balancer_arn: Optional[str] = None,
alpn_policy: Optional[str] = None,
certificate_arn: Optional[str] = None,
mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
port: Optional[int] = None,
protocol: Optional[str] = None,
ssl_policy: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewListener(ctx *Context, name string, args ListenerArgs, opts ...ResourceOption) (*Listener, error)
public Listener(string name, ListenerArgs args, CustomResourceOptions? opts = null)
public Listener(String name, ListenerArgs args)
public Listener(String name, ListenerArgs args, CustomResourceOptions options)
type: aws:alb:Listener
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ListenerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var listenerResource = new Aws.Alb.Listener("listenerResource", new()
{
DefaultActions = new[]
{
new Aws.Alb.Inputs.ListenerDefaultActionArgs
{
Type = "string",
AuthenticateCognito = new Aws.Alb.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
{
UserPoolArn = "string",
UserPoolClientId = "string",
UserPoolDomain = "string",
AuthenticationRequestExtraParams =
{
{ "string", "string" },
},
OnUnauthenticatedRequest = "string",
Scope = "string",
SessionCookieName = "string",
SessionTimeout = 0,
},
AuthenticateOidc = new Aws.Alb.Inputs.ListenerDefaultActionAuthenticateOidcArgs
{
AuthorizationEndpoint = "string",
ClientId = "string",
ClientSecret = "string",
Issuer = "string",
TokenEndpoint = "string",
UserInfoEndpoint = "string",
AuthenticationRequestExtraParams =
{
{ "string", "string" },
},
OnUnauthenticatedRequest = "string",
Scope = "string",
SessionCookieName = "string",
SessionTimeout = 0,
},
FixedResponse = new Aws.Alb.Inputs.ListenerDefaultActionFixedResponseArgs
{
ContentType = "string",
MessageBody = "string",
StatusCode = "string",
},
Forward = new Aws.Alb.Inputs.ListenerDefaultActionForwardArgs
{
TargetGroups = new[]
{
new Aws.Alb.Inputs.ListenerDefaultActionForwardTargetGroupArgs
{
Arn = "string",
Weight = 0,
},
},
Stickiness = new Aws.Alb.Inputs.ListenerDefaultActionForwardStickinessArgs
{
Duration = 0,
Enabled = false,
},
},
Order = 0,
Redirect = new Aws.Alb.Inputs.ListenerDefaultActionRedirectArgs
{
StatusCode = "string",
Host = "string",
Path = "string",
Port = "string",
Protocol = "string",
Query = "string",
},
TargetGroupArn = "string",
},
},
LoadBalancerArn = "string",
AlpnPolicy = "string",
CertificateArn = "string",
MutualAuthentication = new Aws.Alb.Inputs.ListenerMutualAuthenticationArgs
{
Mode = "string",
IgnoreClientCertificateExpiry = false,
TrustStoreArn = "string",
},
Port = 0,
Protocol = "string",
SslPolicy = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := alb.NewListener(ctx, "listenerResource", &alb.ListenerArgs{
DefaultActions: alb.ListenerDefaultActionArray{
&alb.ListenerDefaultActionArgs{
Type: pulumi.String("string"),
AuthenticateCognito: &alb.ListenerDefaultActionAuthenticateCognitoArgs{
UserPoolArn: pulumi.String("string"),
UserPoolClientId: pulumi.String("string"),
UserPoolDomain: pulumi.String("string"),
AuthenticationRequestExtraParams: pulumi.StringMap{
"string": pulumi.String("string"),
},
OnUnauthenticatedRequest: pulumi.String("string"),
Scope: pulumi.String("string"),
SessionCookieName: pulumi.String("string"),
SessionTimeout: pulumi.Int(0),
},
AuthenticateOidc: &alb.ListenerDefaultActionAuthenticateOidcArgs{
AuthorizationEndpoint: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
Issuer: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
UserInfoEndpoint: pulumi.String("string"),
AuthenticationRequestExtraParams: pulumi.StringMap{
"string": pulumi.String("string"),
},
OnUnauthenticatedRequest: pulumi.String("string"),
Scope: pulumi.String("string"),
SessionCookieName: pulumi.String("string"),
SessionTimeout: pulumi.Int(0),
},
FixedResponse: &alb.ListenerDefaultActionFixedResponseArgs{
ContentType: pulumi.String("string"),
MessageBody: pulumi.String("string"),
StatusCode: pulumi.String("string"),
},
Forward: &alb.ListenerDefaultActionForwardArgs{
TargetGroups: alb.ListenerDefaultActionForwardTargetGroupArray{
&alb.ListenerDefaultActionForwardTargetGroupArgs{
Arn: pulumi.String("string"),
Weight: pulumi.Int(0),
},
},
Stickiness: &alb.ListenerDefaultActionForwardStickinessArgs{
Duration: pulumi.Int(0),
Enabled: pulumi.Bool(false),
},
},
Order: pulumi.Int(0),
Redirect: &alb.ListenerDefaultActionRedirectArgs{
StatusCode: pulumi.String("string"),
Host: pulumi.String("string"),
Path: pulumi.String("string"),
Port: pulumi.String("string"),
Protocol: pulumi.String("string"),
Query: pulumi.String("string"),
},
TargetGroupArn: pulumi.String("string"),
},
},
LoadBalancerArn: pulumi.String("string"),
AlpnPolicy: pulumi.String("string"),
CertificateArn: pulumi.String("string"),
MutualAuthentication: &alb.ListenerMutualAuthenticationArgs{
Mode: pulumi.String("string"),
IgnoreClientCertificateExpiry: pulumi.Bool(false),
TrustStoreArn: pulumi.String("string"),
},
Port: pulumi.Int(0),
Protocol: pulumi.String("string"),
SslPolicy: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var listenerResource = new Listener("listenerResource", ListenerArgs.builder()
.defaultActions(ListenerDefaultActionArgs.builder()
.type("string")
.authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
.userPoolArn("string")
.userPoolClientId("string")
.userPoolDomain("string")
.authenticationRequestExtraParams(Map.of("string", "string"))
.onUnauthenticatedRequest("string")
.scope("string")
.sessionCookieName("string")
.sessionTimeout(0)
.build())
.authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
.authorizationEndpoint("string")
.clientId("string")
.clientSecret("string")
.issuer("string")
.tokenEndpoint("string")
.userInfoEndpoint("string")
.authenticationRequestExtraParams(Map.of("string", "string"))
.onUnauthenticatedRequest("string")
.scope("string")
.sessionCookieName("string")
.sessionTimeout(0)
.build())
.fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
.contentType("string")
.messageBody("string")
.statusCode("string")
.build())
.forward(ListenerDefaultActionForwardArgs.builder()
.targetGroups(ListenerDefaultActionForwardTargetGroupArgs.builder()
.arn("string")
.weight(0)
.build())
.stickiness(ListenerDefaultActionForwardStickinessArgs.builder()
.duration(0)
.enabled(false)
.build())
.build())
.order(0)
.redirect(ListenerDefaultActionRedirectArgs.builder()
.statusCode("string")
.host("string")
.path("string")
.port("string")
.protocol("string")
.query("string")
.build())
.targetGroupArn("string")
.build())
.loadBalancerArn("string")
.alpnPolicy("string")
.certificateArn("string")
.mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
.mode("string")
.ignoreClientCertificateExpiry(false)
.trustStoreArn("string")
.build())
.port(0)
.protocol("string")
.sslPolicy("string")
.tags(Map.of("string", "string"))
.build());
listener_resource = aws.alb.Listener("listenerResource",
default_actions=[{
"type": "string",
"authenticateCognito": {
"userPoolArn": "string",
"userPoolClientId": "string",
"userPoolDomain": "string",
"authenticationRequestExtraParams": {
"string": "string",
},
"onUnauthenticatedRequest": "string",
"scope": "string",
"sessionCookieName": "string",
"sessionTimeout": 0,
},
"authenticateOidc": {
"authorizationEndpoint": "string",
"clientId": "string",
"clientSecret": "string",
"issuer": "string",
"tokenEndpoint": "string",
"userInfoEndpoint": "string",
"authenticationRequestExtraParams": {
"string": "string",
},
"onUnauthenticatedRequest": "string",
"scope": "string",
"sessionCookieName": "string",
"sessionTimeout": 0,
},
"fixedResponse": {
"contentType": "string",
"messageBody": "string",
"statusCode": "string",
},
"forward": {
"targetGroups": [{
"arn": "string",
"weight": 0,
}],
"stickiness": {
"duration": 0,
"enabled": False,
},
},
"order": 0,
"redirect": {
"statusCode": "string",
"host": "string",
"path": "string",
"port": "string",
"protocol": "string",
"query": "string",
},
"targetGroupArn": "string",
}],
load_balancer_arn="string",
alpn_policy="string",
certificate_arn="string",
mutual_authentication={
"mode": "string",
"ignoreClientCertificateExpiry": False,
"trustStoreArn": "string",
},
port=0,
protocol="string",
ssl_policy="string",
tags={
"string": "string",
})
const listenerResource = new aws.alb.Listener("listenerResource", {
defaultActions: [{
type: "string",
authenticateCognito: {
userPoolArn: "string",
userPoolClientId: "string",
userPoolDomain: "string",
authenticationRequestExtraParams: {
string: "string",
},
onUnauthenticatedRequest: "string",
scope: "string",
sessionCookieName: "string",
sessionTimeout: 0,
},
authenticateOidc: {
authorizationEndpoint: "string",
clientId: "string",
clientSecret: "string",
issuer: "string",
tokenEndpoint: "string",
userInfoEndpoint: "string",
authenticationRequestExtraParams: {
string: "string",
},
onUnauthenticatedRequest: "string",
scope: "string",
sessionCookieName: "string",
sessionTimeout: 0,
},
fixedResponse: {
contentType: "string",
messageBody: "string",
statusCode: "string",
},
forward: {
targetGroups: [{
arn: "string",
weight: 0,
}],
stickiness: {
duration: 0,
enabled: false,
},
},
order: 0,
redirect: {
statusCode: "string",
host: "string",
path: "string",
port: "string",
protocol: "string",
query: "string",
},
targetGroupArn: "string",
}],
loadBalancerArn: "string",
alpnPolicy: "string",
certificateArn: "string",
mutualAuthentication: {
mode: "string",
ignoreClientCertificateExpiry: false,
trustStoreArn: "string",
},
port: 0,
protocol: "string",
sslPolicy: "string",
tags: {
string: "string",
},
});
type: aws:alb:Listener
properties:
alpnPolicy: string
certificateArn: string
defaultActions:
- authenticateCognito:
authenticationRequestExtraParams:
string: string
onUnauthenticatedRequest: string
scope: string
sessionCookieName: string
sessionTimeout: 0
userPoolArn: string
userPoolClientId: string
userPoolDomain: string
authenticateOidc:
authenticationRequestExtraParams:
string: string
authorizationEndpoint: string
clientId: string
clientSecret: string
issuer: string
onUnauthenticatedRequest: string
scope: string
sessionCookieName: string
sessionTimeout: 0
tokenEndpoint: string
userInfoEndpoint: string
fixedResponse:
contentType: string
messageBody: string
statusCode: string
forward:
stickiness:
duration: 0
enabled: false
targetGroups:
- arn: string
weight: 0
order: 0
redirect:
host: string
path: string
port: string
protocol: string
query: string
statusCode: string
targetGroupArn: string
type: string
loadBalancerArn: string
mutualAuthentication:
ignoreClientCertificateExpiry: false
mode: string
trustStoreArn: string
port: 0
protocol: string
sslPolicy: string
tags:
string: string
Listener Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Listener resource accepts the following input properties:
- Default
Actions List<ListenerDefault Action> - Configuration block for default actions. Detailed below.
- Load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - Mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. Detailed below.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - Dictionary<string, string>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.
- Default
Actions []ListenerDefault Action Args - Configuration block for default actions. Detailed below.
- Load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - Mutual
Authentication ListenerMutual Authentication Args - The mutual authentication configuration information. Detailed below.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - map[string]string
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.
- default
Actions List<ListenerDefault Action> - Configuration block for default actions. Detailed below.
- load
Balancer StringArn ARN of the load balancer.
The following arguments are optional:
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. Detailed below.
- port Integer
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - Map<String,String>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.
- default
Actions ListenerDefault Action[] - Configuration block for default actions. Detailed below.
- load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. Detailed below.
- port number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - {[key: string]: string}
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.
- default_
actions Sequence[ListenerDefault Action Args] - Configuration block for default actions. Detailed below.
- load_
balancer_ strarn ARN of the load balancer.
The following arguments are optional:
- alpn_
policy str - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - certificate_
arn str - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - mutual_
authentication ListenerMutual Authentication Args - The mutual authentication configuration information. Detailed below.
- port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol str
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl_
policy str - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - Mapping[str, str]
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.
- default
Actions List<Property Map> - Configuration block for default actions. Detailed below.
- load
Balancer StringArn ARN of the load balancer.
The following arguments are optional:
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - mutual
Authentication Property Map - The mutual authentication configuration information. Detailed below.
- port Number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - Map<String>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.
Outputs
All input properties are implicitly available as output properties. Additionally, the Listener resource produces the following output properties:
Look up Existing Listener Resource
Get an existing Listener resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ListenerState, opts?: CustomResourceOptions): Listener
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
alpn_policy: Optional[str] = None,
arn: Optional[str] = None,
certificate_arn: Optional[str] = None,
default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
load_balancer_arn: Optional[str] = None,
mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
port: Optional[int] = None,
protocol: Optional[str] = None,
ssl_policy: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> Listener
func GetListener(ctx *Context, name string, id IDInput, state *ListenerState, opts ...ResourceOption) (*Listener, error)
public static Listener Get(string name, Input<string> id, ListenerState? state, CustomResourceOptions? opts = null)
public static Listener get(String name, Output<String> id, ListenerState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - Arn string
- ARN of the listener (matches
id
). - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - Default
Actions List<ListenerDefault Action> - Configuration block for default actions. Detailed below.
- Load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- Mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. Detailed below.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - Dictionary<string, string>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - Arn string
- ARN of the listener (matches
id
). - Certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - Default
Actions []ListenerDefault Action Args - Configuration block for default actions. Detailed below.
- Load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- Mutual
Authentication ListenerMutual Authentication Args - The mutual authentication configuration information. Detailed below.
- Port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- Protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - Ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - map[string]string
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - arn String
- ARN of the listener (matches
id
). - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - default
Actions List<ListenerDefault Action> - Configuration block for default actions. Detailed below.
- load
Balancer StringArn ARN of the load balancer.
The following arguments are optional:
- mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. Detailed below.
- port Integer
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - Map<String,String>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- alpn
Policy string - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - arn string
- ARN of the listener (matches
id
). - certificate
Arn string - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - default
Actions ListenerDefault Action[] - Configuration block for default actions. Detailed below.
- load
Balancer stringArn ARN of the load balancer.
The following arguments are optional:
- mutual
Authentication ListenerMutual Authentication - The mutual authentication configuration information. Detailed below.
- port number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol string
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl
Policy string - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - {[key: string]: string}
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- alpn_
policy str - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - arn str
- ARN of the listener (matches
id
). - certificate_
arn str - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - default_
actions Sequence[ListenerDefault Action Args] - Configuration block for default actions. Detailed below.
- load_
balancer_ strarn ARN of the load balancer.
The following arguments are optional:
- mutual_
authentication ListenerMutual Authentication Args - The mutual authentication configuration information. Detailed below.
- port int
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol str
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl_
policy str - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - Mapping[str, str]
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- alpn
Policy String - Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if
protocol
isTLS
. Valid values areHTTP1Only
,HTTP2Only
,HTTP2Optional
,HTTP2Preferred
, andNone
. - arn String
- ARN of the listener (matches
id
). - certificate
Arn String - ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the
aws.lb.ListenerCertificate
resource. - default
Actions List<Property Map> - Configuration block for default actions. Detailed below.
- load
Balancer StringArn ARN of the load balancer.
The following arguments are optional:
- mutual
Authentication Property Map - The mutual authentication configuration information. Detailed below.
- port Number
- Port on which the load balancer is listening. Not valid for Gateway Load Balancers.
- protocol String
- Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are
HTTP
andHTTPS
, with a default ofHTTP
. For Network Load Balancers, valid values areTCP
,TLS
,UDP
, andTCP_UDP
. Not valid to useUDP
orTCP_UDP
if dual-stack mode is enabled. Not valid for Gateway Load Balancers. - ssl
Policy String - Name of the SSL Policy for the listener. Required if
protocol
isHTTPS
orTLS
. - Map<String>
A map of tags to assign to the resource. .If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.NOTE:: Please note that listeners that are attached to Application Load Balancers must use either
HTTP
orHTTPS
protocols while listeners that are attached to Network Load Balancers must use theTCP
protocol.- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Supporting Types
ListenerDefaultAction, ListenerDefaultActionArgs
- Type string
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- Authenticate
Cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. Detailed below. - Authenticate
Oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. Detailed below. - Fixed
Response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - Forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups.
Specify only if
type
isforward
. Cannot be specified withtarget_group_arn
. Detailed below. - Order int
- Order for the action.
The action with the lowest value for order is performed first.
Valid values are between
1
and50000
. Defaults to the position in the list of actions. - Redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. Detailed below. - Target
Group stringArn - ARN of the Target Group to which to route traffic.
Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Cannot be specified withforward
.
- Type string
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- Authenticate
Cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. Detailed below. - Authenticate
Oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. Detailed below. - Fixed
Response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - Forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups.
Specify only if
type
isforward
. Cannot be specified withtarget_group_arn
. Detailed below. - Order int
- Order for the action.
The action with the lowest value for order is performed first.
Valid values are between
1
and50000
. Defaults to the position in the list of actions. - Redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. Detailed below. - Target
Group stringArn - ARN of the Target Group to which to route traffic.
Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Cannot be specified withforward
.
- type String
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- authenticate
Cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. Detailed below. - authenticate
Oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. Detailed below. - fixed
Response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups.
Specify only if
type
isforward
. Cannot be specified withtarget_group_arn
. Detailed below. - order Integer
- Order for the action.
The action with the lowest value for order is performed first.
Valid values are between
1
and50000
. Defaults to the position in the list of actions. - redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. Detailed below. - target
Group StringArn - ARN of the Target Group to which to route traffic.
Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Cannot be specified withforward
.
- type string
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- authenticate
Cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. Detailed below. - authenticate
Oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. Detailed below. - fixed
Response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups.
Specify only if
type
isforward
. Cannot be specified withtarget_group_arn
. Detailed below. - order number
- Order for the action.
The action with the lowest value for order is performed first.
Valid values are between
1
and50000
. Defaults to the position in the list of actions. - redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. Detailed below. - target
Group stringArn - ARN of the Target Group to which to route traffic.
Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Cannot be specified withforward
.
- type str
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- authenticate_
cognito ListenerDefault Action Authenticate Cognito - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. Detailed below. - authenticate_
oidc ListenerDefault Action Authenticate Oidc - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. Detailed below. - fixed_
response ListenerDefault Action Fixed Response - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - forward
Listener
Default Action Forward - Configuration block for creating an action that distributes requests among one or more target groups.
Specify only if
type
isforward
. Cannot be specified withtarget_group_arn
. Detailed below. - order int
- Order for the action.
The action with the lowest value for order is performed first.
Valid values are between
1
and50000
. Defaults to the position in the list of actions. - redirect
Listener
Default Action Redirect - Configuration block for creating a redirect action. Required if
type
isredirect
. Detailed below. - target_
group_ strarn - ARN of the Target Group to which to route traffic.
Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Cannot be specified withforward
.
- type String
Type of routing action. Valid values are
forward
,redirect
,fixed-response
,authenticate-cognito
andauthenticate-oidc
.The following arguments are optional:
- authenticate
Cognito Property Map - Configuration block for using Amazon Cognito to authenticate users. Specify only when
type
isauthenticate-cognito
. Detailed below. - authenticate
Oidc Property Map - Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when
type
isauthenticate-oidc
. Detailed below. - fixed
Response Property Map - Information for creating an action that returns a custom HTTP response. Required if
type
isfixed-response
. - forward Property Map
- Configuration block for creating an action that distributes requests among one or more target groups.
Specify only if
type
isforward
. Cannot be specified withtarget_group_arn
. Detailed below. - order Number
- Order for the action.
The action with the lowest value for order is performed first.
Valid values are between
1
and50000
. Defaults to the position in the list of actions. - redirect Property Map
- Configuration block for creating a redirect action. Required if
type
isredirect
. Detailed below. - target
Group StringArn - ARN of the Target Group to which to route traffic.
Specify only if
type
isforward
and you want to route to a single target group. To route to one or more target groups, use aforward
block instead. Cannot be specified withforward
.
ListenerDefaultActionAuthenticateCognito, ListenerDefaultActionAuthenticateCognitoArgs
- User
Pool stringArn - ARN of the Cognito user pool.
- User
Pool stringClient Id - ID of the Cognito user pool client.
- User
Pool stringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- Authentication
Request Dictionary<string, string>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
- On
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - Scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- Session
Timeout int - Maximum duration of the authentication session, in seconds.
- User
Pool stringArn - ARN of the Cognito user pool.
- User
Pool stringClient Id - ID of the Cognito user pool client.
- User
Pool stringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- Authentication
Request map[string]stringExtra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
- On
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - Scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- Session
Timeout int - Maximum duration of the authentication session, in seconds.
- user
Pool StringArn - ARN of the Cognito user pool.
- user
Pool StringClient Id - ID of the Cognito user pool client.
- user
Pool StringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- authentication
Request Map<String,String>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
- on
Unauthenticated StringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - scope String
- Set of user claims to be requested from the IdP.
- String
- Name of the cookie used to maintain session information.
- session
Timeout Integer - Maximum duration of the authentication session, in seconds.
- user
Pool stringArn - ARN of the Cognito user pool.
- user
Pool stringClient Id - ID of the Cognito user pool client.
- user
Pool stringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- authentication
Request {[key: string]: string}Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
- on
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- session
Timeout number - Maximum duration of the authentication session, in seconds.
- user_
pool_ strarn - ARN of the Cognito user pool.
- user_
pool_ strclient_ id - ID of the Cognito user pool client.
- user_
pool_ strdomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- authentication_
request_ Mapping[str, str]extra_ params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
- on_
unauthenticated_ strrequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - scope str
- Set of user claims to be requested from the IdP.
- str
- Name of the cookie used to maintain session information.
- session_
timeout int - Maximum duration of the authentication session, in seconds.
- user
Pool StringArn - ARN of the Cognito user pool.
- user
Pool StringClient Id - ID of the Cognito user pool client.
- user
Pool StringDomain Domain prefix or fully-qualified domain name of the Cognito user pool.
The following arguments are optional:
- authentication
Request Map<String>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10. Detailed below.
- on
Unauthenticated StringRequest - Behavior if the user is not authenticated. Valid values are
deny
,allow
andauthenticate
. - scope String
- Set of user claims to be requested from the IdP.
- String
- Name of the cookie used to maintain session information.
- session
Timeout Number - Maximum duration of the authentication session, in seconds.
ListenerDefaultActionAuthenticateOidc, ListenerDefaultActionAuthenticateOidcArgs
- string
- Authorization endpoint of the IdP.
- Client
Id string - OAuth 2.0 client identifier.
- Client
Secret string - OAuth 2.0 client secret.
- Issuer string
- OIDC issuer identifier of the IdP.
- Token
Endpoint string - Token endpoint of the IdP.
- User
Info stringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- Authentication
Request Dictionary<string, string>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- On
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- Scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- Session
Timeout int - Maximum duration of the authentication session, in seconds.
- string
- Authorization endpoint of the IdP.
- Client
Id string - OAuth 2.0 client identifier.
- Client
Secret string - OAuth 2.0 client secret.
- Issuer string
- OIDC issuer identifier of the IdP.
- Token
Endpoint string - Token endpoint of the IdP.
- User
Info stringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- Authentication
Request map[string]stringExtra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- On
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- Scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- Session
Timeout int - Maximum duration of the authentication session, in seconds.
- String
- Authorization endpoint of the IdP.
- client
Id String - OAuth 2.0 client identifier.
- client
Secret String - OAuth 2.0 client secret.
- issuer String
- OIDC issuer identifier of the IdP.
- token
Endpoint String - Token endpoint of the IdP.
- user
Info StringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- authentication
Request Map<String,String>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated StringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- scope String
- Set of user claims to be requested from the IdP.
- String
- Name of the cookie used to maintain session information.
- session
Timeout Integer - Maximum duration of the authentication session, in seconds.
- string
- Authorization endpoint of the IdP.
- client
Id string - OAuth 2.0 client identifier.
- client
Secret string - OAuth 2.0 client secret.
- issuer string
- OIDC issuer identifier of the IdP.
- token
Endpoint string - Token endpoint of the IdP.
- user
Info stringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- authentication
Request {[key: string]: string}Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated stringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- scope string
- Set of user claims to be requested from the IdP.
- string
- Name of the cookie used to maintain session information.
- session
Timeout number - Maximum duration of the authentication session, in seconds.
- str
- Authorization endpoint of the IdP.
- client_
id str - OAuth 2.0 client identifier.
- client_
secret str - OAuth 2.0 client secret.
- issuer str
- OIDC issuer identifier of the IdP.
- token_
endpoint str - Token endpoint of the IdP.
- user_
info_ strendpoint User info endpoint of the IdP.
The following arguments are optional:
- authentication_
request_ Mapping[str, str]extra_ params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on_
unauthenticated_ strrequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- scope str
- Set of user claims to be requested from the IdP.
- str
- Name of the cookie used to maintain session information.
- session_
timeout int - Maximum duration of the authentication session, in seconds.
- String
- Authorization endpoint of the IdP.
- client
Id String - OAuth 2.0 client identifier.
- client
Secret String - OAuth 2.0 client secret.
- issuer String
- OIDC issuer identifier of the IdP.
- token
Endpoint String - Token endpoint of the IdP.
- user
Info StringEndpoint User info endpoint of the IdP.
The following arguments are optional:
- authentication
Request Map<String>Extra Params - Query parameters to include in the redirect request to the authorization endpoint. Max: 10.
- on
Unauthenticated StringRequest - Behavior if the user is not authenticated. Valid values:
deny
,allow
andauthenticate
- scope String
- Set of user claims to be requested from the IdP.
- String
- Name of the cookie used to maintain session information.
- session
Timeout Number - Maximum duration of the authentication session, in seconds.
ListenerDefaultActionFixedResponse, ListenerDefaultActionFixedResponseArgs
- Content
Type string Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- Message
Body string - Message body.
- Status
Code string - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- Content
Type string Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- Message
Body string - Message body.
- Status
Code string - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- content
Type String Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- message
Body String - Message body.
- status
Code String - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- content
Type string Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- message
Body string - Message body.
- status
Code string - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- content_
type str Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- message_
body str - Message body.
- status_
code str - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
- content
Type String Content type. Valid values are
text/plain
,text/css
,text/html
,application/javascript
andapplication/json
.The following arguments are optional:
- message
Body String - Message body.
- status
Code String - HTTP response code. Valid values are
2XX
,4XX
, or5XX
.
ListenerDefaultActionForward, ListenerDefaultActionForwardArgs
- Target
Groups List<ListenerDefault Action Forward Target Group> Set of 1-5 target group blocks. Detailed below.
The following arguments are optional:
- Stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. Detailed below.
- Target
Groups []ListenerDefault Action Forward Target Group Set of 1-5 target group blocks. Detailed below.
The following arguments are optional:
- Stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. Detailed below.
- target
Groups List<ListenerDefault Action Forward Target Group> Set of 1-5 target group blocks. Detailed below.
The following arguments are optional:
- stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. Detailed below.
- target
Groups ListenerDefault Action Forward Target Group[] Set of 1-5 target group blocks. Detailed below.
The following arguments are optional:
- stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. Detailed below.
- target_
groups Sequence[ListenerDefault Action Forward Target Group] Set of 1-5 target group blocks. Detailed below.
The following arguments are optional:
- stickiness
Listener
Default Action Forward Stickiness - Configuration block for target group stickiness for the rule. Detailed below.
- target
Groups List<Property Map> Set of 1-5 target group blocks. Detailed below.
The following arguments are optional:
- stickiness Property Map
- Configuration block for target group stickiness for the rule. Detailed below.
ListenerDefaultActionForwardStickiness, ListenerDefaultActionForwardStickinessArgs
ListenerDefaultActionForwardTargetGroup, ListenerDefaultActionForwardTargetGroupArgs
ListenerDefaultActionRedirect, ListenerDefaultActionRedirectArgs
- Status
Code string HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- Host string
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - Path string
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - Port string
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - Protocol string
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - Query string
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- Status
Code string HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- Host string
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - Path string
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - Port string
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - Protocol string
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - Query string
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- status
Code String HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- host String
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - path String
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - port String
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - protocol String
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - query String
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- status
Code string HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- host string
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - path string
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - port string
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - protocol string
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - query string
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- status_
code str HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- host str
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - path str
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - port str
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - protocol str
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - query str
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
- status
Code String HTTP redirect code. The redirect is either permanent (
HTTP_301
) or temporary (HTTP_302
).The following arguments are optional:
- host String
- Hostname. This component is not percent-encoded. The hostname can contain
#{host}
. Defaults to#{host}
. - path String
- Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to
/#{path}
. - port String
- Port. Specify a value from
1
to65535
or#{port}
. Defaults to#{port}
. - protocol String
- Protocol. Valid values are
HTTP
,HTTPS
, or#{protocol}
. Defaults to#{protocol}
. - query String
- Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to
#{query}
.
ListenerMutualAuthentication, ListenerMutualAuthenticationArgs
- Mode string
- Valid values are
off
,verify
andpassthrough
. - Ignore
Client boolCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - Trust
Store stringArn - ARN of the elbv2 Trust Store.
- Mode string
- Valid values are
off
,verify
andpassthrough
. - Ignore
Client boolCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - Trust
Store stringArn - ARN of the elbv2 Trust Store.
- mode String
- Valid values are
off
,verify
andpassthrough
. - ignore
Client BooleanCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - trust
Store StringArn - ARN of the elbv2 Trust Store.
- mode string
- Valid values are
off
,verify
andpassthrough
. - ignore
Client booleanCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - trust
Store stringArn - ARN of the elbv2 Trust Store.
- mode str
- Valid values are
off
,verify
andpassthrough
. - ignore_
client_ boolcertificate_ expiry - Whether client certificate expiry is ignored. Default is
false
. - trust_
store_ strarn - ARN of the elbv2 Trust Store.
- mode String
- Valid values are
off
,verify
andpassthrough
. - ignore
Client BooleanCertificate Expiry - Whether client certificate expiry is ignored. Default is
false
. - trust
Store StringArn - ARN of the elbv2 Trust Store.
Import
Using pulumi import
, import listeners using their ARN. For example:
$ pulumi import aws:alb/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.
Try AWS Native preview for resources not in the classic version.