import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
    loadBalancerArn: frontEnd.arn,
    port: 443,
    protocol: "HTTPS",
    sslPolicy: "ELBSecurityPolicy-2016-08",
    certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
    defaultActions: [{
        type: "forward",
        targetGroupArn: frontEndTargetGroup.arn,
    }],
});

import pulumi
import pulumi_aws as aws

front_end = aws.lb.LoadBalancer("front_end")
front_end_target_group = aws.lb.TargetGroup("front_end")
front_end_listener = aws.lb.Listener("front_end",
    load_balancer_arn=front_end.arn,
    port=443,
    protocol="HTTPS",
    ssl_policy="ELBSecurityPolicy-2016-08",
    certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
    default_actions=[{
        "type": "forward",
        "target_group_arn": front_end_target_group.arn,
    }])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
		if err != nil {
			return err
		}
		frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
			LoadBalancerArn: frontEnd.Arn,
			Port:            pulumi.Int(443),
			Protocol:        pulumi.String("HTTPS"),
			SslPolicy:       pulumi.String("ELBSecurityPolicy-2016-08"),
			CertificateArn:  pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type:           pulumi.String("forward"),
					TargetGroupArn: frontEndTargetGroup.Arn,
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEnd = new Aws.LB.LoadBalancer("front_end");

    var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");

    var frontEndListener = new Aws.LB.Listener("front_end", new()
    {
        LoadBalancerArn = frontEnd.Arn,
        Port = 443,
        Protocol = "HTTPS",
        SslPolicy = "ELBSecurityPolicy-2016-08",
        CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "forward",
                TargetGroupArn = frontEndTargetGroup.Arn,
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEnd = new LoadBalancer("frontEnd");

        var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
            .loadBalancerArn(frontEnd.arn())
            .port("443")
            .protocol("HTTPS")
            .sslPolicy("ELBSecurityPolicy-2016-08")
            .certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
            .defaultActions(ListenerDefaultActionArgs.builder()
                .type("forward")
                .targetGroupArn(frontEndTargetGroup.arn())
                .build())
            .build());

    }
}

resources:
  frontEnd:
    type: aws:lb:LoadBalancer
    name: front_end
  frontEndTargetGroup:
    type: aws:lb:TargetGroup
    name: front_end
  frontEndListener:
    type: aws:lb:Listener
    name: front_end
    properties:
      loadBalancerArn: ${frontEnd.arn}
      port: '443'
      protocol: HTTPS
      sslPolicy: ELBSecurityPolicy-2016-08
      certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
      defaultActions:
        - type: forward
          targetGroupArn: ${frontEndTargetGroup.arn}

To a NLB:

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEnd = new aws.lb.Listener("front_end", {
    loadBalancerArn: frontEndAwsLb.arn,
    port: 443,
    protocol: "TLS",
    sslPolicy: "ELBSecurityPolicy-2016-08",
    certificateArn: "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
    alpnPolicy: "HTTP2Preferred",
    defaultActions: [{
        type: "forward",
        targetGroupArn: frontEndAwsLbTargetGroup.arn,
    }],
});

import pulumi
import pulumi_aws as aws

front_end = aws.lb.Listener("front_end",
    load_balancer_arn=front_end_aws_lb["arn"],
    port=443,
    protocol="TLS",
    ssl_policy="ELBSecurityPolicy-2016-08",
    certificate_arn="arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
    alpn_policy="HTTP2Preferred",
    default_actions=[{
        "type": "forward",
        "target_group_arn": front_end_aws_lb_target_group["arn"],
    }])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
			LoadBalancerArn: pulumi.Any(frontEndAwsLb.Arn),
			Port:            pulumi.Int(443),
			Protocol:        pulumi.String("TLS"),
			SslPolicy:       pulumi.String("ELBSecurityPolicy-2016-08"),
			CertificateArn:  pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4"),
			AlpnPolicy:      pulumi.String("HTTP2Preferred"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type:           pulumi.String("forward"),
					TargetGroupArn: pulumi.Any(frontEndAwsLbTargetGroup.Arn),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEnd = new Aws.LB.Listener("front_end", new()
    {
        LoadBalancerArn = frontEndAwsLb.Arn,
        Port = 443,
        Protocol = "TLS",
        SslPolicy = "ELBSecurityPolicy-2016-08",
        CertificateArn = "arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4",
        AlpnPolicy = "HTTP2Preferred",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "forward",
                TargetGroupArn = frontEndAwsLbTargetGroup.Arn,
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEnd = new Listener("frontEnd", ListenerArgs.builder()
            .loadBalancerArn(frontEndAwsLb.arn())
            .port("443")
            .protocol("TLS")
            .sslPolicy("ELBSecurityPolicy-2016-08")
            .certificateArn("arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4")
            .alpnPolicy("HTTP2Preferred")
            .defaultActions(ListenerDefaultActionArgs.builder()
                .type("forward")
                .targetGroupArn(frontEndAwsLbTargetGroup.arn())
                .build())
            .build());

    }
}

resources:
  frontEnd:
    type: aws:lb:Listener
    name: front_end
    properties:
      loadBalancerArn: ${frontEndAwsLb.arn}
      port: '443'
      protocol: TLS
      sslPolicy: ELBSecurityPolicy-2016-08
      certificateArn: arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4
      alpnPolicy: HTTP2Preferred
      defaultActions:
        - type: forward
          targetGroupArn: ${frontEndAwsLbTargetGroup.arn}

Redirect Action

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
    loadBalancerArn: frontEnd.arn,
    port: 80,
    protocol: "HTTP",
    defaultActions: [{
        type: "redirect",
        redirect: {
            port: "443",
            protocol: "HTTPS",
            statusCode: "HTTP_301",
        },
    }],
});

import pulumi
import pulumi_aws as aws

front_end = aws.lb.LoadBalancer("front_end")
front_end_listener = aws.lb.Listener("front_end",
    load_balancer_arn=front_end.arn,
    port=80,
    protocol="HTTP",
    default_actions=[{
        "type": "redirect",
        "redirect": {
            "port": "443",
            "protocol": "HTTPS",
            "status_code": "HTTP_301",
        },
    }])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
			LoadBalancerArn: frontEnd.Arn,
			Port:            pulumi.Int(80),
			Protocol:        pulumi.String("HTTP"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type: pulumi.String("redirect"),
					Redirect: &lb.ListenerDefaultActionRedirectArgs{
						Port:       pulumi.String("443"),
						Protocol:   pulumi.String("HTTPS"),
						StatusCode: pulumi.String("HTTP_301"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEnd = new Aws.LB.LoadBalancer("front_end");

    var frontEndListener = new Aws.LB.Listener("front_end", new()
    {
        LoadBalancerArn = frontEnd.Arn,
        Port = 80,
        Protocol = "HTTP",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "redirect",
                Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs
                {
                    Port = "443",
                    Protocol = "HTTPS",
                    StatusCode = "HTTP_301",
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionRedirectArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEnd = new LoadBalancer("frontEnd");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
            .loadBalancerArn(frontEnd.arn())
            .port("80")
            .protocol("HTTP")
            .defaultActions(ListenerDefaultActionArgs.builder()
                .type("redirect")
                .redirect(ListenerDefaultActionRedirectArgs.builder()
                    .port("443")
                    .protocol("HTTPS")
                    .statusCode("HTTP_301")
                    .build())
                .build())
            .build());

    }
}

resources:
  frontEnd:
    type: aws:lb:LoadBalancer
    name: front_end
  frontEndListener:
    type: aws:lb:Listener
    name: front_end
    properties:
      loadBalancerArn: ${frontEnd.arn}
      port: '80'
      protocol: HTTP
      defaultActions:
        - type: redirect
          redirect:
            port: '443'
            protocol: HTTPS
            statusCode: HTTP_301

Fixed-response Action

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
    loadBalancerArn: frontEnd.arn,
    port: 80,
    protocol: "HTTP",
    defaultActions: [{
        type: "fixed-response",
        fixedResponse: {
            contentType: "text/plain",
            messageBody: "Fixed response content",
            statusCode: "200",
        },
    }],
});

import pulumi
import pulumi_aws as aws

front_end = aws.lb.LoadBalancer("front_end")
front_end_listener = aws.lb.Listener("front_end",
    load_balancer_arn=front_end.arn,
    port=80,
    protocol="HTTP",
    default_actions=[{
        "type": "fixed-response",
        "fixed_response": {
            "content_type": "text/plain",
            "message_body": "Fixed response content",
            "status_code": "200",
        },
    }])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
			LoadBalancerArn: frontEnd.Arn,
			Port:            pulumi.Int(80),
			Protocol:        pulumi.String("HTTP"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type: pulumi.String("fixed-response"),
					FixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{
						ContentType: pulumi.String("text/plain"),
						MessageBody: pulumi.String("Fixed response content"),
						StatusCode:  pulumi.String("200"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEnd = new Aws.LB.LoadBalancer("front_end");

    var frontEndListener = new Aws.LB.Listener("front_end", new()
    {
        LoadBalancerArn = frontEnd.Arn,
        Port = 80,
        Protocol = "HTTP",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "fixed-response",
                FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs
                {
                    ContentType = "text/plain",
                    MessageBody = "Fixed response content",
                    StatusCode = "200",
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionFixedResponseArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEnd = new LoadBalancer("frontEnd");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
            .loadBalancerArn(frontEnd.arn())
            .port("80")
            .protocol("HTTP")
            .defaultActions(ListenerDefaultActionArgs.builder()
                .type("fixed-response")
                .fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
                    .contentType("text/plain")
                    .messageBody("Fixed response content")
                    .statusCode("200")
                    .build())
                .build())
            .build());

    }
}

resources:
  frontEnd:
    type: aws:lb:LoadBalancer
    name: front_end
  frontEndListener:
    type: aws:lb:Listener
    name: front_end
    properties:
      loadBalancerArn: ${frontEnd.arn}
      port: '80'
      protocol: HTTP
      defaultActions:
        - type: fixed-response
          fixedResponse:
            contentType: text/plain
            messageBody: Fixed response content
            statusCode: '200'

Authenticate-cognito Action

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
const pool = new aws.cognito.UserPool("pool", {});
const client = new aws.cognito.UserPoolClient("client", {});
const domain = new aws.cognito.UserPoolDomain("domain", {});
const frontEndListener = new aws.lb.Listener("front_end", {
    loadBalancerArn: frontEnd.arn,
    port: 80,
    protocol: "HTTP",
    defaultActions: [
        {
            type: "authenticate-cognito",
            authenticateCognito: {
                userPoolArn: pool.arn,
                userPoolClientId: client.id,
                userPoolDomain: domain.domain,
            },
        },
        {
            type: "forward",
            targetGroupArn: frontEndTargetGroup.arn,
        },
    ],
});

import pulumi
import pulumi_aws as aws

front_end = aws.lb.LoadBalancer("front_end")
front_end_target_group = aws.lb.TargetGroup("front_end")
pool = aws.cognito.UserPool("pool")
client = aws.cognito.UserPoolClient("client")
domain = aws.cognito.UserPoolDomain("domain")
front_end_listener = aws.lb.Listener("front_end",
    load_balancer_arn=front_end.arn,
    port=80,
    protocol="HTTP",
    default_actions=[
        {
            "type": "authenticate-cognito",
            "authenticate_cognito": {
                "user_pool_arn": pool.arn,
                "user_pool_client_id": client.id,
                "user_pool_domain": domain.domain,
            },
        },
        {
            "type": "forward",
            "target_group_arn": front_end_target_group.arn,
        },
    ])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
		if err != nil {
			return err
		}
		frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
		if err != nil {
			return err
		}
		pool, err := cognito.NewUserPool(ctx, "pool", nil)
		if err != nil {
			return err
		}
		client, err := cognito.NewUserPoolClient(ctx, "client", nil)
		if err != nil {
			return err
		}
		domain, err := cognito.NewUserPoolDomain(ctx, "domain", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
			LoadBalancerArn: frontEnd.Arn,
			Port:            pulumi.Int(80),
			Protocol:        pulumi.String("HTTP"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type: pulumi.String("authenticate-cognito"),
					AuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{
						UserPoolArn:      pool.Arn,
						UserPoolClientId: client.ID(),
						UserPoolDomain:   domain.Domain,
					},
				},
				&lb.ListenerDefaultActionArgs{
					Type:           pulumi.String("forward"),
					TargetGroupArn: frontEndTargetGroup.Arn,
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEnd = new Aws.LB.LoadBalancer("front_end");

    var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");

    var pool = new Aws.Cognito.UserPool("pool");

    var client = new Aws.Cognito.UserPoolClient("client");

    var domain = new Aws.Cognito.UserPoolDomain("domain");

    var frontEndListener = new Aws.LB.Listener("front_end", new()
    {
        LoadBalancerArn = frontEnd.Arn,
        Port = 80,
        Protocol = "HTTP",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "authenticate-cognito",
                AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
                {
                    UserPoolArn = pool.Arn,
                    UserPoolClientId = client.Id,
                    UserPoolDomain = domain.Domain,
                },
            },
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "forward",
                TargetGroupArn = frontEndTargetGroup.Arn,
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolDomain;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateCognitoArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEnd = new LoadBalancer("frontEnd");

        var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");

        var pool = new UserPool("pool");

        var client = new UserPoolClient("client");

        var domain = new UserPoolDomain("domain");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
            .loadBalancerArn(frontEnd.arn())
            .port("80")
            .protocol("HTTP")
            .defaultActions(            
                ListenerDefaultActionArgs.builder()
                    .type("authenticate-cognito")
                    .authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
                        .userPoolArn(pool.arn())
                        .userPoolClientId(client.id())
                        .userPoolDomain(domain.domain())
                        .build())
                    .build(),
                ListenerDefaultActionArgs.builder()
                    .type("forward")
                    .targetGroupArn(frontEndTargetGroup.arn())
                    .build())
            .build());

    }
}

resources:
  frontEnd:
    type: aws:lb:LoadBalancer
    name: front_end
  frontEndTargetGroup:
    type: aws:lb:TargetGroup
    name: front_end
  pool:
    type: aws:cognito:UserPool
  client:
    type: aws:cognito:UserPoolClient
  domain:
    type: aws:cognito:UserPoolDomain
  frontEndListener:
    type: aws:lb:Listener
    name: front_end
    properties:
      loadBalancerArn: ${frontEnd.arn}
      port: '80'
      protocol: HTTP
      defaultActions:
        - type: authenticate-cognito
          authenticateCognito:
            userPoolArn: ${pool.arn}
            userPoolClientId: ${client.id}
            userPoolDomain: ${domain.domain}
        - type: forward
          targetGroupArn: ${frontEndTargetGroup.arn}

Authenticate-OIDC Action

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const frontEnd = new aws.lb.LoadBalancer("front_end", {});
const frontEndTargetGroup = new aws.lb.TargetGroup("front_end", {});
const frontEndListener = new aws.lb.Listener("front_end", {
    loadBalancerArn: frontEnd.arn,
    port: 80,
    protocol: "HTTP",
    defaultActions: [
        {
            type: "authenticate-oidc",
            authenticateOidc: {
                authorizationEndpoint: "https://example.com/authorization_endpoint",
                clientId: "client_id",
                clientSecret: "client_secret",
                issuer: "https://example.com",
                tokenEndpoint: "https://example.com/token_endpoint",
                userInfoEndpoint: "https://example.com/user_info_endpoint",
            },
        },
        {
            type: "forward",
            targetGroupArn: frontEndTargetGroup.arn,
        },
    ],
});

import pulumi
import pulumi_aws as aws

front_end = aws.lb.LoadBalancer("front_end")
front_end_target_group = aws.lb.TargetGroup("front_end")
front_end_listener = aws.lb.Listener("front_end",
    load_balancer_arn=front_end.arn,
    port=80,
    protocol="HTTP",
    default_actions=[
        {
            "type": "authenticate-oidc",
            "authenticate_oidc": {
                "authorization_endpoint": "https://example.com/authorization_endpoint",
                "client_id": "client_id",
                "client_secret": "client_secret",
                "issuer": "https://example.com",
                "token_endpoint": "https://example.com/token_endpoint",
                "user_info_endpoint": "https://example.com/user_info_endpoint",
            },
        },
        {
            "type": "forward",
            "target_group_arn": front_end_target_group.arn,
        },
    ])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		frontEnd, err := lb.NewLoadBalancer(ctx, "front_end", nil)
		if err != nil {
			return err
		}
		frontEndTargetGroup, err := lb.NewTargetGroup(ctx, "front_end", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "front_end", &lb.ListenerArgs{
			LoadBalancerArn: frontEnd.Arn,
			Port:            pulumi.Int(80),
			Protocol:        pulumi.String("HTTP"),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					Type: pulumi.String("authenticate-oidc"),
					AuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{
						AuthorizationEndpoint: pulumi.String("https://example.com/authorization_endpoint"),
						ClientId:              pulumi.String("client_id"),
						ClientSecret:          pulumi.String("client_secret"),
						Issuer:                pulumi.String("https://example.com"),
						TokenEndpoint:         pulumi.String("https://example.com/token_endpoint"),
						UserInfoEndpoint:      pulumi.String("https://example.com/user_info_endpoint"),
					},
				},
				&lb.ListenerDefaultActionArgs{
					Type:           pulumi.String("forward"),
					TargetGroupArn: frontEndTargetGroup.Arn,
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var frontEnd = new Aws.LB.LoadBalancer("front_end");

    var frontEndTargetGroup = new Aws.LB.TargetGroup("front_end");

    var frontEndListener = new Aws.LB.Listener("front_end", new()
    {
        LoadBalancerArn = frontEnd.Arn,
        Port = 80,
        Protocol = "HTTP",
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "authenticate-oidc",
                AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs
                {
                    AuthorizationEndpoint = "https://example.com/authorization_endpoint",
                    ClientId = "client_id",
                    ClientSecret = "client_secret",
                    Issuer = "https://example.com",
                    TokenEndpoint = "https://example.com/token_endpoint",
                    UserInfoEndpoint = "https://example.com/user_info_endpoint",
                },
            },
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                Type = "forward",
                TargetGroupArn = frontEndTargetGroup.Arn,
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionAuthenticateOidcArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var frontEnd = new LoadBalancer("frontEnd");

        var frontEndTargetGroup = new TargetGroup("frontEndTargetGroup");

        var frontEndListener = new Listener("frontEndListener", ListenerArgs.builder()
            .loadBalancerArn(frontEnd.arn())
            .port("80")
            .protocol("HTTP")
            .defaultActions(            
                ListenerDefaultActionArgs.builder()
                    .type("authenticate-oidc")
                    .authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
                        .authorizationEndpoint("https://example.com/authorization_endpoint")
                        .clientId("client_id")
                        .clientSecret("client_secret")
                        .issuer("https://example.com")
                        .tokenEndpoint("https://example.com/token_endpoint")
                        .userInfoEndpoint("https://example.com/user_info_endpoint")
                        .build())
                    .build(),
                ListenerDefaultActionArgs.builder()
                    .type("forward")
                    .targetGroupArn(frontEndTargetGroup.arn())
                    .build())
            .build());

    }
}

resources:
  frontEnd:
    type: aws:lb:LoadBalancer
    name: front_end
  frontEndTargetGroup:
    type: aws:lb:TargetGroup
    name: front_end
  frontEndListener:
    type: aws:lb:Listener
    name: front_end
    properties:
      loadBalancerArn: ${frontEnd.arn}
      port: '80'
      protocol: HTTP
      defaultActions:
        - type: authenticate-oidc
          authenticateOidc:
            authorizationEndpoint: https://example.com/authorization_endpoint
            clientId: client_id
            clientSecret: client_secret
            issuer: https://example.com
            tokenEndpoint: https://example.com/token_endpoint
            userInfoEndpoint: https://example.com/user_info_endpoint
        - type: forward
          targetGroupArn: ${frontEndTargetGroup.arn}

Gateway Load Balancer Listener

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lb.LoadBalancer("example", {
    loadBalancerType: "gateway",
    name: "example",
    subnetMappings: [{
        subnetId: exampleAwsSubnet.id,
    }],
});
const exampleTargetGroup = new aws.lb.TargetGroup("example", {
    name: "example",
    port: 6081,
    protocol: "GENEVE",
    vpcId: exampleAwsVpc.id,
    healthCheck: {
        port: "80",
        protocol: "HTTP",
    },
});
const exampleListener = new aws.lb.Listener("example", {
    loadBalancerArn: example.id,
    defaultActions: [{
        targetGroupArn: exampleTargetGroup.id,
        type: "forward",
    }],
});

import pulumi
import pulumi_aws as aws

example = aws.lb.LoadBalancer("example",
    load_balancer_type="gateway",
    name="example",
    subnet_mappings=[{
        "subnet_id": example_aws_subnet["id"],
    }])
example_target_group = aws.lb.TargetGroup("example",
    name="example",
    port=6081,
    protocol="GENEVE",
    vpc_id=example_aws_vpc["id"],
    health_check={
        "port": "80",
        "protocol": "HTTP",
    })
example_listener = aws.lb.Listener("example",
    load_balancer_arn=example.id,
    default_actions=[{
        "target_group_arn": example_target_group.id,
        "type": "forward",
    }])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
			LoadBalancerType: pulumi.String("gateway"),
			Name:             pulumi.String("example"),
			SubnetMappings: lb.LoadBalancerSubnetMappingArray{
				&lb.LoadBalancerSubnetMappingArgs{
					SubnetId: pulumi.Any(exampleAwsSubnet.Id),
				},
			},
		})
		if err != nil {
			return err
		}
		exampleTargetGroup, err := lb.NewTargetGroup(ctx, "example", &lb.TargetGroupArgs{
			Name:     pulumi.String("example"),
			Port:     pulumi.Int(6081),
			Protocol: pulumi.String("GENEVE"),
			VpcId:    pulumi.Any(exampleAwsVpc.Id),
			HealthCheck: &lb.TargetGroupHealthCheckArgs{
				Port:     pulumi.String("80"),
				Protocol: pulumi.String("HTTP"),
			},
		})
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "example", &lb.ListenerArgs{
			LoadBalancerArn: example.ID(),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					TargetGroupArn: exampleTargetGroup.ID(),
					Type:           pulumi.String("forward"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LB.LoadBalancer("example", new()
    {
        LoadBalancerType = "gateway",
        Name = "example",
        SubnetMappings = new[]
        {
            new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
            {
                SubnetId = exampleAwsSubnet.Id,
            },
        },
    });

    var exampleTargetGroup = new Aws.LB.TargetGroup("example", new()
    {
        Name = "example",
        Port = 6081,
        Protocol = "GENEVE",
        VpcId = exampleAwsVpc.Id,
        HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs
        {
            Port = "80",
            Protocol = "HTTP",
        },
    });

    var exampleListener = new Aws.LB.Listener("example", new()
    {
        LoadBalancerArn = example.Id,
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                TargetGroupArn = exampleTargetGroup.Id,
                Type = "forward",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.LoadBalancerArgs;
import com.pulumi.aws.lb.inputs.LoadBalancerSubnetMappingArgs;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.TargetGroupArgs;
import com.pulumi.aws.lb.inputs.TargetGroupHealthCheckArgs;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new LoadBalancer("example", LoadBalancerArgs.builder()
            .loadBalancerType("gateway")
            .name("example")
            .subnetMappings(LoadBalancerSubnetMappingArgs.builder()
                .subnetId(exampleAwsSubnet.id())
                .build())
            .build());

        var exampleTargetGroup = new TargetGroup("exampleTargetGroup", TargetGroupArgs.builder()
            .name("example")
            .port(6081)
            .protocol("GENEVE")
            .vpcId(exampleAwsVpc.id())
            .healthCheck(TargetGroupHealthCheckArgs.builder()
                .port(80)
                .protocol("HTTP")
                .build())
            .build());

        var exampleListener = new Listener("exampleListener", ListenerArgs.builder()
            .loadBalancerArn(example.id())
            .defaultActions(ListenerDefaultActionArgs.builder()
                .targetGroupArn(exampleTargetGroup.id())
                .type("forward")
                .build())
            .build());

    }
}

resources:
  example:
    type: aws:lb:LoadBalancer
    properties:
      loadBalancerType: gateway
      name: example
      subnetMappings:
        - subnetId: ${exampleAwsSubnet.id}
  exampleTargetGroup:
    type: aws:lb:TargetGroup
    name: example
    properties:
      name: example
      port: 6081
      protocol: GENEVE
      vpcId: ${exampleAwsVpc.id}
      healthCheck:
        port: 80
        protocol: HTTP
  exampleListener:
    type: aws:lb:Listener
    name: example
    properties:
      loadBalancerArn: ${example.id}
      defaultActions:
        - targetGroupArn: ${exampleTargetGroup.id}
          type: forward

Mutual TLS Authentication

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lb.LoadBalancer("example", {loadBalancerType: "application"});
const exampleTargetGroup = new aws.lb.TargetGroup("example", {});
const exampleListener = new aws.lb.Listener("example", {
    loadBalancerArn: example.id,
    defaultActions: [{
        targetGroupArn: exampleTargetGroup.id,
        type: "forward",
    }],
    mutualAuthentication: {
        mode: "verify",
        trustStoreArn: "...",
    },
});

import pulumi
import pulumi_aws as aws

example = aws.lb.LoadBalancer("example", load_balancer_type="application")
example_target_group = aws.lb.TargetGroup("example")
example_listener = aws.lb.Listener("example",
    load_balancer_arn=example.id,
    default_actions=[{
        "target_group_arn": example_target_group.id,
        "type": "forward",
    }],
    mutual_authentication={
        "mode": "verify",
        "trust_store_arn": "...",
    })

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
			LoadBalancerType: pulumi.String("application"),
		})
		if err != nil {
			return err
		}
		exampleTargetGroup, err := lb.NewTargetGroup(ctx, "example", nil)
		if err != nil {
			return err
		}
		_, err = lb.NewListener(ctx, "example", &lb.ListenerArgs{
			LoadBalancerArn: example.ID(),
			DefaultActions: lb.ListenerDefaultActionArray{
				&lb.ListenerDefaultActionArgs{
					TargetGroupArn: exampleTargetGroup.ID(),
					Type:           pulumi.String("forward"),
				},
			},
			MutualAuthentication: &lb.ListenerMutualAuthenticationArgs{
				Mode:          pulumi.String("verify"),
				TrustStoreArn: pulumi.String("..."),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LB.LoadBalancer("example", new()
    {
        LoadBalancerType = "application",
    });

    var exampleTargetGroup = new Aws.LB.TargetGroup("example");

    var exampleListener = new Aws.LB.Listener("example", new()
    {
        LoadBalancerArn = example.Id,
        DefaultActions = new[]
        {
            new Aws.LB.Inputs.ListenerDefaultActionArgs
            {
                TargetGroupArn = exampleTargetGroup.Id,
                Type = "forward",
            },
        },
        MutualAuthentication = new Aws.LB.Inputs.ListenerMutualAuthenticationArgs
        {
            Mode = "verify",
            TrustStoreArn = "...",
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.LoadBalancerArgs;
import com.pulumi.aws.lb.TargetGroup;
import com.pulumi.aws.lb.Listener;
import com.pulumi.aws.lb.ListenerArgs;
import com.pulumi.aws.lb.inputs.ListenerDefaultActionArgs;
import com.pulumi.aws.lb.inputs.ListenerMutualAuthenticationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new LoadBalancer("example", LoadBalancerArgs.builder()
            .loadBalancerType("application")
            .build());

        var exampleTargetGroup = new TargetGroup("exampleTargetGroup");

        var exampleListener = new Listener("exampleListener", ListenerArgs.builder()
            .loadBalancerArn(example.id())
            .defaultActions(ListenerDefaultActionArgs.builder()
                .targetGroupArn(exampleTargetGroup.id())
                .type("forward")
                .build())
            .mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
                .mode("verify")
                .trustStoreArn("...")
                .build())
            .build());

    }
}

resources:
  example:
    type: aws:lb:LoadBalancer
    properties:
      loadBalancerType: application
  exampleTargetGroup:
    type: aws:lb:TargetGroup
    name: example
  exampleListener:
    type: aws:lb:Listener
    name: example
    properties:
      loadBalancerArn: ${example.id}
      defaultActions:
        - targetGroupArn: ${exampleTargetGroup.id}
          type: forward
      mutualAuthentication:
        mode: verify
        trustStoreArn: '...'

Create Listener Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new Listener(name: string, args: ListenerArgs, opts?: CustomResourceOptions);

@overload
def Listener(resource_name: str,
             args: ListenerArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Listener(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
             load_balancer_arn: Optional[str] = None,
             routing_http_request_x_amzn_tls_version_header_name: Optional[str] = None,
             tcp_idle_timeout_seconds: Optional[int] = None,
             alpn_policy: Optional[str] = None,
             port: Optional[int] = None,
             protocol: Optional[str] = None,
             routing_http_request_x_amzn_mtls_clientcert_header_name: Optional[str] = None,
             routing_http_request_x_amzn_mtls_clientcert_issuer_header_name: Optional[str] = None,
             routing_http_request_x_amzn_mtls_clientcert_leaf_header_name: Optional[str] = None,
             routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name: Optional[str] = None,
             routing_http_request_x_amzn_mtls_clientcert_subject_header_name: Optional[str] = None,
             routing_http_request_x_amzn_mtls_clientcert_validity_header_name: Optional[str] = None,
             routing_http_request_x_amzn_tls_cipher_suite_header_name: Optional[str] = None,
             mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
             certificate_arn: Optional[str] = None,
             routing_http_response_strict_transport_security_header_value: Optional[str] = None,
             routing_http_response_access_control_allow_methods_header_value: Optional[str] = None,
             routing_http_response_access_control_allow_origin_header_value: Optional[str] = None,
             routing_http_response_access_control_expose_headers_header_value: Optional[str] = None,
             routing_http_response_access_control_max_age_header_value: Optional[str] = None,
             routing_http_response_content_security_policy_header_value: Optional[str] = None,
             routing_http_response_server_enabled: Optional[bool] = None,
             routing_http_response_access_control_allow_headers_header_value: Optional[str] = None,
             routing_http_response_x_content_type_options_header_value: Optional[str] = None,
             routing_http_response_x_frame_options_header_value: Optional[str] = None,
             ssl_policy: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             routing_http_response_access_control_allow_credentials_header_value: Optional[str] = None)

func NewListener(ctx *Context, name string, args ListenerArgs, opts ...ResourceOption) (*Listener, error)

public Listener(string name, ListenerArgs args, CustomResourceOptions? opts = null)

public Listener(String name, ListenerArgs args)
public Listener(String name, ListenerArgs args, CustomResourceOptions options)

type: aws:alb:Listener
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var listenerResource = new Aws.Alb.Listener("listenerResource", new()
{
    DefaultActions = new[]
    {
        new Aws.Alb.Inputs.ListenerDefaultActionArgs
        {
            Type = "string",
            AuthenticateCognito = new Aws.Alb.Inputs.ListenerDefaultActionAuthenticateCognitoArgs
            {
                UserPoolArn = "string",
                UserPoolClientId = "string",
                UserPoolDomain = "string",
                AuthenticationRequestExtraParams = 
                {
                    { "string", "string" },
                },
                OnUnauthenticatedRequest = "string",
                Scope = "string",
                SessionCookieName = "string",
                SessionTimeout = 0,
            },
            AuthenticateOidc = new Aws.Alb.Inputs.ListenerDefaultActionAuthenticateOidcArgs
            {
                AuthorizationEndpoint = "string",
                ClientId = "string",
                ClientSecret = "string",
                Issuer = "string",
                TokenEndpoint = "string",
                UserInfoEndpoint = "string",
                AuthenticationRequestExtraParams = 
                {
                    { "string", "string" },
                },
                OnUnauthenticatedRequest = "string",
                Scope = "string",
                SessionCookieName = "string",
                SessionTimeout = 0,
            },
            FixedResponse = new Aws.Alb.Inputs.ListenerDefaultActionFixedResponseArgs
            {
                ContentType = "string",
                MessageBody = "string",
                StatusCode = "string",
            },
            Forward = new Aws.Alb.Inputs.ListenerDefaultActionForwardArgs
            {
                TargetGroups = new[]
                {
                    new Aws.Alb.Inputs.ListenerDefaultActionForwardTargetGroupArgs
                    {
                        Arn = "string",
                        Weight = 0,
                    },
                },
                Stickiness = new Aws.Alb.Inputs.ListenerDefaultActionForwardStickinessArgs
                {
                    Duration = 0,
                    Enabled = false,
                },
            },
            Order = 0,
            Redirect = new Aws.Alb.Inputs.ListenerDefaultActionRedirectArgs
            {
                StatusCode = "string",
                Host = "string",
                Path = "string",
                Port = "string",
                Protocol = "string",
                Query = "string",
            },
            TargetGroupArn = "string",
        },
    },
    LoadBalancerArn = "string",
    RoutingHttpRequestXAmznTlsVersionHeaderName = "string",
    TcpIdleTimeoutSeconds = 0,
    AlpnPolicy = "string",
    Port = 0,
    Protocol = "string",
    RoutingHttpRequestXAmznMtlsClientcertHeaderName = "string",
    RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName = "string",
    RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName = "string",
    RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName = "string",
    RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName = "string",
    RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName = "string",
    RoutingHttpRequestXAmznTlsCipherSuiteHeaderName = "string",
    MutualAuthentication = new Aws.Alb.Inputs.ListenerMutualAuthenticationArgs
    {
        Mode = "string",
        AdvertiseTrustStoreCaNames = "string",
        IgnoreClientCertificateExpiry = false,
        TrustStoreArn = "string",
    },
    CertificateArn = "string",
    RoutingHttpResponseStrictTransportSecurityHeaderValue = "string",
    RoutingHttpResponseAccessControlAllowMethodsHeaderValue = "string",
    RoutingHttpResponseAccessControlAllowOriginHeaderValue = "string",
    RoutingHttpResponseAccessControlExposeHeadersHeaderValue = "string",
    RoutingHttpResponseAccessControlMaxAgeHeaderValue = "string",
    RoutingHttpResponseContentSecurityPolicyHeaderValue = "string",
    RoutingHttpResponseServerEnabled = false,
    RoutingHttpResponseAccessControlAllowHeadersHeaderValue = "string",
    RoutingHttpResponseXContentTypeOptionsHeaderValue = "string",
    RoutingHttpResponseXFrameOptionsHeaderValue = "string",
    SslPolicy = "string",
    Tags = 
    {
        { "string", "string" },
    },
    RoutingHttpResponseAccessControlAllowCredentialsHeaderValue = "string",
});

example, err := alb.NewListener(ctx, "listenerResource", &alb.ListenerArgs{
	DefaultActions: alb.ListenerDefaultActionArray{
		&alb.ListenerDefaultActionArgs{
			Type: pulumi.String("string"),
			AuthenticateCognito: &alb.ListenerDefaultActionAuthenticateCognitoArgs{
				UserPoolArn:      pulumi.String("string"),
				UserPoolClientId: pulumi.String("string"),
				UserPoolDomain:   pulumi.String("string"),
				AuthenticationRequestExtraParams: pulumi.StringMap{
					"string": pulumi.String("string"),
				},
				OnUnauthenticatedRequest: pulumi.String("string"),
				Scope:                    pulumi.String("string"),
				SessionCookieName:        pulumi.String("string"),
				SessionTimeout:           pulumi.Int(0),
			},
			AuthenticateOidc: &alb.ListenerDefaultActionAuthenticateOidcArgs{
				AuthorizationEndpoint: pulumi.String("string"),
				ClientId:              pulumi.String("string"),
				ClientSecret:          pulumi.String("string"),
				Issuer:                pulumi.String("string"),
				TokenEndpoint:         pulumi.String("string"),
				UserInfoEndpoint:      pulumi.String("string"),
				AuthenticationRequestExtraParams: pulumi.StringMap{
					"string": pulumi.String("string"),
				},
				OnUnauthenticatedRequest: pulumi.String("string"),
				Scope:                    pulumi.String("string"),
				SessionCookieName:        pulumi.String("string"),
				SessionTimeout:           pulumi.Int(0),
			},
			FixedResponse: &alb.ListenerDefaultActionFixedResponseArgs{
				ContentType: pulumi.String("string"),
				MessageBody: pulumi.String("string"),
				StatusCode:  pulumi.String("string"),
			},
			Forward: &alb.ListenerDefaultActionForwardArgs{
				TargetGroups: alb.ListenerDefaultActionForwardTargetGroupArray{
					&alb.ListenerDefaultActionForwardTargetGroupArgs{
						Arn:    pulumi.String("string"),
						Weight: pulumi.Int(0),
					},
				},
				Stickiness: &alb.ListenerDefaultActionForwardStickinessArgs{
					Duration: pulumi.Int(0),
					Enabled:  pulumi.Bool(false),
				},
			},
			Order: pulumi.Int(0),
			Redirect: &alb.ListenerDefaultActionRedirectArgs{
				StatusCode: pulumi.String("string"),
				Host:       pulumi.String("string"),
				Path:       pulumi.String("string"),
				Port:       pulumi.String("string"),
				Protocol:   pulumi.String("string"),
				Query:      pulumi.String("string"),
			},
			TargetGroupArn: pulumi.String("string"),
		},
	},
	LoadBalancerArn: pulumi.String("string"),
	RoutingHttpRequestXAmznTlsVersionHeaderName: pulumi.String("string"),
	TcpIdleTimeoutSeconds:                       pulumi.Int(0),
	AlpnPolicy:                                  pulumi.String("string"),
	Port:                                        pulumi.Int(0),
	Protocol:                                    pulumi.String("string"),
	RoutingHttpRequestXAmznMtlsClientcertHeaderName:             pulumi.String("string"),
	RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName:       pulumi.String("string"),
	RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName:         pulumi.String("string"),
	RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName: pulumi.String("string"),
	RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName:      pulumi.String("string"),
	RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName:     pulumi.String("string"),
	RoutingHttpRequestXAmznTlsCipherSuiteHeaderName:             pulumi.String("string"),
	MutualAuthentication: &alb.ListenerMutualAuthenticationArgs{
		Mode:                          pulumi.String("string"),
		AdvertiseTrustStoreCaNames:    pulumi.String("string"),
		IgnoreClientCertificateExpiry: pulumi.Bool(false),
		TrustStoreArn:                 pulumi.String("string"),
	},
	CertificateArn: pulumi.String("string"),
	RoutingHttpResponseStrictTransportSecurityHeaderValue:    pulumi.String("string"),
	RoutingHttpResponseAccessControlAllowMethodsHeaderValue:  pulumi.String("string"),
	RoutingHttpResponseAccessControlAllowOriginHeaderValue:   pulumi.String("string"),
	RoutingHttpResponseAccessControlExposeHeadersHeaderValue: pulumi.String("string"),
	RoutingHttpResponseAccessControlMaxAgeHeaderValue:        pulumi.String("string"),
	RoutingHttpResponseContentSecurityPolicyHeaderValue:      pulumi.String("string"),
	RoutingHttpResponseServerEnabled:                         pulumi.Bool(false),
	RoutingHttpResponseAccessControlAllowHeadersHeaderValue:  pulumi.String("string"),
	RoutingHttpResponseXContentTypeOptionsHeaderValue:        pulumi.String("string"),
	RoutingHttpResponseXFrameOptionsHeaderValue:              pulumi.String("string"),
	SslPolicy: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	RoutingHttpResponseAccessControlAllowCredentialsHeaderValue: pulumi.String("string"),
})

var listenerResource = new Listener("listenerResource", ListenerArgs.builder()
    .defaultActions(ListenerDefaultActionArgs.builder()
        .type("string")
        .authenticateCognito(ListenerDefaultActionAuthenticateCognitoArgs.builder()
            .userPoolArn("string")
            .userPoolClientId("string")
            .userPoolDomain("string")
            .authenticationRequestExtraParams(Map.of("string", "string"))
            .onUnauthenticatedRequest("string")
            .scope("string")
            .sessionCookieName("string")
            .sessionTimeout(0)
            .build())
        .authenticateOidc(ListenerDefaultActionAuthenticateOidcArgs.builder()
            .authorizationEndpoint("string")
            .clientId("string")
            .clientSecret("string")
            .issuer("string")
            .tokenEndpoint("string")
            .userInfoEndpoint("string")
            .authenticationRequestExtraParams(Map.of("string", "string"))
            .onUnauthenticatedRequest("string")
            .scope("string")
            .sessionCookieName("string")
            .sessionTimeout(0)
            .build())
        .fixedResponse(ListenerDefaultActionFixedResponseArgs.builder()
            .contentType("string")
            .messageBody("string")
            .statusCode("string")
            .build())
        .forward(ListenerDefaultActionForwardArgs.builder()
            .targetGroups(ListenerDefaultActionForwardTargetGroupArgs.builder()
                .arn("string")
                .weight(0)
                .build())
            .stickiness(ListenerDefaultActionForwardStickinessArgs.builder()
                .duration(0)
                .enabled(false)
                .build())
            .build())
        .order(0)
        .redirect(ListenerDefaultActionRedirectArgs.builder()
            .statusCode("string")
            .host("string")
            .path("string")
            .port("string")
            .protocol("string")
            .query("string")
            .build())
        .targetGroupArn("string")
        .build())
    .loadBalancerArn("string")
    .routingHttpRequestXAmznTlsVersionHeaderName("string")
    .tcpIdleTimeoutSeconds(0)
    .alpnPolicy("string")
    .port(0)
    .protocol("string")
    .routingHttpRequestXAmznMtlsClientcertHeaderName("string")
    .routingHttpRequestXAmznMtlsClientcertIssuerHeaderName("string")
    .routingHttpRequestXAmznMtlsClientcertLeafHeaderName("string")
    .routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName("string")
    .routingHttpRequestXAmznMtlsClientcertSubjectHeaderName("string")
    .routingHttpRequestXAmznMtlsClientcertValidityHeaderName("string")
    .routingHttpRequestXAmznTlsCipherSuiteHeaderName("string")
    .mutualAuthentication(ListenerMutualAuthenticationArgs.builder()
        .mode("string")
        .advertiseTrustStoreCaNames("string")
        .ignoreClientCertificateExpiry(false)
        .trustStoreArn("string")
        .build())
    .certificateArn("string")
    .routingHttpResponseStrictTransportSecurityHeaderValue("string")
    .routingHttpResponseAccessControlAllowMethodsHeaderValue("string")
    .routingHttpResponseAccessControlAllowOriginHeaderValue("string")
    .routingHttpResponseAccessControlExposeHeadersHeaderValue("string")
    .routingHttpResponseAccessControlMaxAgeHeaderValue("string")
    .routingHttpResponseContentSecurityPolicyHeaderValue("string")
    .routingHttpResponseServerEnabled(false)
    .routingHttpResponseAccessControlAllowHeadersHeaderValue("string")
    .routingHttpResponseXContentTypeOptionsHeaderValue("string")
    .routingHttpResponseXFrameOptionsHeaderValue("string")
    .sslPolicy("string")
    .tags(Map.of("string", "string"))
    .routingHttpResponseAccessControlAllowCredentialsHeaderValue("string")
    .build());

listener_resource = aws.alb.Listener("listenerResource",
    default_actions=[{
        "type": "string",
        "authenticate_cognito": {
            "user_pool_arn": "string",
            "user_pool_client_id": "string",
            "user_pool_domain": "string",
            "authentication_request_extra_params": {
                "string": "string",
            },
            "on_unauthenticated_request": "string",
            "scope": "string",
            "session_cookie_name": "string",
            "session_timeout": 0,
        },
        "authenticate_oidc": {
            "authorization_endpoint": "string",
            "client_id": "string",
            "client_secret": "string",
            "issuer": "string",
            "token_endpoint": "string",
            "user_info_endpoint": "string",
            "authentication_request_extra_params": {
                "string": "string",
            },
            "on_unauthenticated_request": "string",
            "scope": "string",
            "session_cookie_name": "string",
            "session_timeout": 0,
        },
        "fixed_response": {
            "content_type": "string",
            "message_body": "string",
            "status_code": "string",
        },
        "forward": {
            "target_groups": [{
                "arn": "string",
                "weight": 0,
            }],
            "stickiness": {
                "duration": 0,
                "enabled": False,
            },
        },
        "order": 0,
        "redirect": {
            "status_code": "string",
            "host": "string",
            "path": "string",
            "port": "string",
            "protocol": "string",
            "query": "string",
        },
        "target_group_arn": "string",
    }],
    load_balancer_arn="string",
    routing_http_request_x_amzn_tls_version_header_name="string",
    tcp_idle_timeout_seconds=0,
    alpn_policy="string",
    port=0,
    protocol="string",
    routing_http_request_x_amzn_mtls_clientcert_header_name="string",
    routing_http_request_x_amzn_mtls_clientcert_issuer_header_name="string",
    routing_http_request_x_amzn_mtls_clientcert_leaf_header_name="string",
    routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name="string",
    routing_http_request_x_amzn_mtls_clientcert_subject_header_name="string",
    routing_http_request_x_amzn_mtls_clientcert_validity_header_name="string",
    routing_http_request_x_amzn_tls_cipher_suite_header_name="string",
    mutual_authentication={
        "mode": "string",
        "advertise_trust_store_ca_names": "string",
        "ignore_client_certificate_expiry": False,
        "trust_store_arn": "string",
    },
    certificate_arn="string",
    routing_http_response_strict_transport_security_header_value="string",
    routing_http_response_access_control_allow_methods_header_value="string",
    routing_http_response_access_control_allow_origin_header_value="string",
    routing_http_response_access_control_expose_headers_header_value="string",
    routing_http_response_access_control_max_age_header_value="string",
    routing_http_response_content_security_policy_header_value="string",
    routing_http_response_server_enabled=False,
    routing_http_response_access_control_allow_headers_header_value="string",
    routing_http_response_x_content_type_options_header_value="string",
    routing_http_response_x_frame_options_header_value="string",
    ssl_policy="string",
    tags={
        "string": "string",
    },
    routing_http_response_access_control_allow_credentials_header_value="string")

const listenerResource = new aws.alb.Listener("listenerResource", {
    defaultActions: [{
        type: "string",
        authenticateCognito: {
            userPoolArn: "string",
            userPoolClientId: "string",
            userPoolDomain: "string",
            authenticationRequestExtraParams: {
                string: "string",
            },
            onUnauthenticatedRequest: "string",
            scope: "string",
            sessionCookieName: "string",
            sessionTimeout: 0,
        },
        authenticateOidc: {
            authorizationEndpoint: "string",
            clientId: "string",
            clientSecret: "string",
            issuer: "string",
            tokenEndpoint: "string",
            userInfoEndpoint: "string",
            authenticationRequestExtraParams: {
                string: "string",
            },
            onUnauthenticatedRequest: "string",
            scope: "string",
            sessionCookieName: "string",
            sessionTimeout: 0,
        },
        fixedResponse: {
            contentType: "string",
            messageBody: "string",
            statusCode: "string",
        },
        forward: {
            targetGroups: [{
                arn: "string",
                weight: 0,
            }],
            stickiness: {
                duration: 0,
                enabled: false,
            },
        },
        order: 0,
        redirect: {
            statusCode: "string",
            host: "string",
            path: "string",
            port: "string",
            protocol: "string",
            query: "string",
        },
        targetGroupArn: "string",
    }],
    loadBalancerArn: "string",
    routingHttpRequestXAmznTlsVersionHeaderName: "string",
    tcpIdleTimeoutSeconds: 0,
    alpnPolicy: "string",
    port: 0,
    protocol: "string",
    routingHttpRequestXAmznMtlsClientcertHeaderName: "string",
    routingHttpRequestXAmznMtlsClientcertIssuerHeaderName: "string",
    routingHttpRequestXAmznMtlsClientcertLeafHeaderName: "string",
    routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName: "string",
    routingHttpRequestXAmznMtlsClientcertSubjectHeaderName: "string",
    routingHttpRequestXAmznMtlsClientcertValidityHeaderName: "string",
    routingHttpRequestXAmznTlsCipherSuiteHeaderName: "string",
    mutualAuthentication: {
        mode: "string",
        advertiseTrustStoreCaNames: "string",
        ignoreClientCertificateExpiry: false,
        trustStoreArn: "string",
    },
    certificateArn: "string",
    routingHttpResponseStrictTransportSecurityHeaderValue: "string",
    routingHttpResponseAccessControlAllowMethodsHeaderValue: "string",
    routingHttpResponseAccessControlAllowOriginHeaderValue: "string",
    routingHttpResponseAccessControlExposeHeadersHeaderValue: "string",
    routingHttpResponseAccessControlMaxAgeHeaderValue: "string",
    routingHttpResponseContentSecurityPolicyHeaderValue: "string",
    routingHttpResponseServerEnabled: false,
    routingHttpResponseAccessControlAllowHeadersHeaderValue: "string",
    routingHttpResponseXContentTypeOptionsHeaderValue: "string",
    routingHttpResponseXFrameOptionsHeaderValue: "string",
    sslPolicy: "string",
    tags: {
        string: "string",
    },
    routingHttpResponseAccessControlAllowCredentialsHeaderValue: "string",
});

type: aws:alb:Listener
properties:
    alpnPolicy: string
    certificateArn: string
    defaultActions:
        - authenticateCognito:
            authenticationRequestExtraParams:
                string: string
            onUnauthenticatedRequest: string
            scope: string
            sessionCookieName: string
            sessionTimeout: 0
            userPoolArn: string
            userPoolClientId: string
            userPoolDomain: string
          authenticateOidc:
            authenticationRequestExtraParams:
                string: string
            authorizationEndpoint: string
            clientId: string
            clientSecret: string
            issuer: string
            onUnauthenticatedRequest: string
            scope: string
            sessionCookieName: string
            sessionTimeout: 0
            tokenEndpoint: string
            userInfoEndpoint: string
          fixedResponse:
            contentType: string
            messageBody: string
            statusCode: string
          forward:
            stickiness:
                duration: 0
                enabled: false
            targetGroups:
                - arn: string
                  weight: 0
          order: 0
          redirect:
            host: string
            path: string
            port: string
            protocol: string
            query: string
            statusCode: string
          targetGroupArn: string
          type: string
    loadBalancerArn: string
    mutualAuthentication:
        advertiseTrustStoreCaNames: string
        ignoreClientCertificateExpiry: false
        mode: string
        trustStoreArn: string
    port: 0
    protocol: string
    routingHttpRequestXAmznMtlsClientcertHeaderName: string
    routingHttpRequestXAmznMtlsClientcertIssuerHeaderName: string
    routingHttpRequestXAmznMtlsClientcertLeafHeaderName: string
    routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName: string
    routingHttpRequestXAmznMtlsClientcertSubjectHeaderName: string
    routingHttpRequestXAmznMtlsClientcertValidityHeaderName: string
    routingHttpRequestXAmznTlsCipherSuiteHeaderName: string
    routingHttpRequestXAmznTlsVersionHeaderName: string
    routingHttpResponseAccessControlAllowCredentialsHeaderValue: string
    routingHttpResponseAccessControlAllowHeadersHeaderValue: string
    routingHttpResponseAccessControlAllowMethodsHeaderValue: string
    routingHttpResponseAccessControlAllowOriginHeaderValue: string
    routingHttpResponseAccessControlExposeHeadersHeaderValue: string
    routingHttpResponseAccessControlMaxAgeHeaderValue: string
    routingHttpResponseContentSecurityPolicyHeaderValue: string
    routingHttpResponseServerEnabled: false
    routingHttpResponseStrictTransportSecurityHeaderValue: string
    routingHttpResponseXContentTypeOptionsHeaderValue: string
    routingHttpResponseXFrameOptionsHeaderValue: string
    sslPolicy: string
    tags:
        string: string
    tcpIdleTimeoutSeconds: 0

Listener Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Listener resource accepts the following input properties:

DefaultActions List<ListenerDefaultAction>

Configuration block for default actions. See below.

LoadBalancerArn string

ARN of the load balancer.

The following arguments are optional:

AlpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

CertificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

MutualAuthentication ListenerMutualAuthentication

The mutual authentication configuration information. See below.

Port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

Protocol string

Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are HTTP and HTTPS, with a default of HTTP. For Network Load Balancers, valid values are TCP, TLS, UDP, and TCP_UDP. Not valid to use UDP or TCP_UDP if dual-stack mode is enabled. Not valid for Gateway Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznTlsCipherSuiteHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznTlsVersionHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpResponseAccessControlAllowCredentialsHeaderValue string

Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is true.

RoutingHttpResponseAccessControlAllowHeadersHeaderValue string

Specifies which headers can be used during the request. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are *, Accept, Accept-Language, Cache-Control, Content-Language, Content-Length, Content-Type, Expires, Last-Modified, Pragma. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation.

RoutingHttpResponseAccessControlAllowMethodsHeaderValue string

Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are GET, HEAD, POST, DELETE, CONNECT, OPTIONS, TRACE or PATCH.

RoutingHttpResponseAccessControlAllowOriginHeaderValue string

Specifies which origins are allowed to access the server. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: https://example.com.

RoutingHttpResponseAccessControlExposeHeadersHeaderValue string

Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are *, Cache-Control, Content-Language, Content-Length, Content-Type, Expires, Last-Modified, or Pragma. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation.

RoutingHttpResponseAccessControlMaxAgeHeaderValue string

Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between 0 and 86400. This value is browser specific, consult the Access-Control-Max-Age documentation.

RoutingHttpResponseContentSecurityPolicyHeaderValue string

Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation.

RoutingHttpResponseServerEnabled bool

Enables you to allow or remove the HTTP response server header. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are true or false.

RoutingHttpResponseStrictTransportSecurityHeaderValue string

Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are max-age=31536000; includeSubDomains; preload consult the Strict-Transport-Security documentation for further details.

RoutingHttpResponseXContentTypeOptionsHeaderValue string

Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is nosniff.

RoutingHttpResponseXFrameOptionsHeaderValue string

Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is HTTP or HTTPS for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are DENY, SAMEORIGIN, or ALLOW-FROM https://example.com.

SslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

Tags Dictionary<string, string>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TcpIdleTimeoutSeconds int

TCP idle timeout value in seconds. Can only be set if protocol is TCP on Network Load Balancer, or with a Gateway Load Balancer. Not supported for Application Load Balancers. Valid values are between 60 and 6000 inclusive. Default: 350.

DefaultActions []ListenerDefaultActionArgs

Configuration block for default actions. See below.

LoadBalancerArn string

ARN of the load balancer.

The following arguments are optional:

AlpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

CertificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

MutualAuthentication ListenerMutualAuthenticationArgs

The mutual authentication configuration information. See below.

Port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

Protocol string

RoutingHttpRequestXAmznMtlsClientcertHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznTlsCipherSuiteHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznTlsVersionHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpResponseAccessControlAllowCredentialsHeaderValue string

RoutingHttpResponseAccessControlAllowHeadersHeaderValue string

RoutingHttpResponseAccessControlAllowMethodsHeaderValue string

RoutingHttpResponseAccessControlAllowOriginHeaderValue string

RoutingHttpResponseAccessControlExposeHeadersHeaderValue string

RoutingHttpResponseAccessControlMaxAgeHeaderValue string

RoutingHttpResponseContentSecurityPolicyHeaderValue string

RoutingHttpResponseServerEnabled bool

RoutingHttpResponseStrictTransportSecurityHeaderValue string

RoutingHttpResponseXContentTypeOptionsHeaderValue string

RoutingHttpResponseXFrameOptionsHeaderValue string

SslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

Tags map[string]string

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TcpIdleTimeoutSeconds int

defaultActions List<ListenerDefaultAction>

Configuration block for default actions. See below.

loadBalancerArn String

ARN of the load balancer.

The following arguments are optional:

alpnPolicy String

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

certificateArn String

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

mutualAuthentication ListenerMutualAuthentication

The mutual authentication configuration information. See below.

port Integer

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol String

routingHttpRequestXAmznMtlsClientcertHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertIssuerHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertLeafHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSubjectHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertValidityHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsCipherSuiteHeaderName String

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsVersionHeaderName String

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpResponseAccessControlAllowCredentialsHeaderValue String

routingHttpResponseAccessControlAllowHeadersHeaderValue String

routingHttpResponseAccessControlAllowMethodsHeaderValue String

routingHttpResponseAccessControlAllowOriginHeaderValue String

routingHttpResponseAccessControlExposeHeadersHeaderValue String

routingHttpResponseAccessControlMaxAgeHeaderValue String

routingHttpResponseContentSecurityPolicyHeaderValue String

routingHttpResponseServerEnabled Boolean

routingHttpResponseStrictTransportSecurityHeaderValue String

routingHttpResponseXContentTypeOptionsHeaderValue String

routingHttpResponseXFrameOptionsHeaderValue String

sslPolicy String

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

tags Map<String,String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tcpIdleTimeoutSeconds Integer

defaultActions ListenerDefaultAction[]

Configuration block for default actions. See below.

loadBalancerArn string

ARN of the load balancer.

The following arguments are optional:

alpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

certificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

mutualAuthentication ListenerMutualAuthentication

The mutual authentication configuration information. See below.

port number

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol string

routingHttpRequestXAmznMtlsClientcertHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertIssuerHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertLeafHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSubjectHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertValidityHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsCipherSuiteHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsVersionHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpResponseAccessControlAllowCredentialsHeaderValue string

routingHttpResponseAccessControlAllowHeadersHeaderValue string

routingHttpResponseAccessControlAllowMethodsHeaderValue string

routingHttpResponseAccessControlAllowOriginHeaderValue string

routingHttpResponseAccessControlExposeHeadersHeaderValue string

routingHttpResponseAccessControlMaxAgeHeaderValue string

routingHttpResponseContentSecurityPolicyHeaderValue string

routingHttpResponseServerEnabled boolean

routingHttpResponseStrictTransportSecurityHeaderValue string

routingHttpResponseXContentTypeOptionsHeaderValue string

routingHttpResponseXFrameOptionsHeaderValue string

sslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

tags {[key: string]: string}

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tcpIdleTimeoutSeconds number

default_actions Sequence[ListenerDefaultActionArgs]

Configuration block for default actions. See below.

load_balancer_arn str

ARN of the load balancer.

The following arguments are optional:

alpn_policy str

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

certificate_arn str

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

mutual_authentication ListenerMutualAuthenticationArgs

The mutual authentication configuration information. See below.

port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol str

routing_http_request_x_amzn_mtls_clientcert_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_issuer_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_leaf_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_subject_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_validity_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_tls_cipher_suite_header_name str

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_tls_version_header_name str

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_response_access_control_allow_credentials_header_value str

routing_http_response_access_control_allow_headers_header_value str

routing_http_response_access_control_allow_methods_header_value str

routing_http_response_access_control_allow_origin_header_value str

routing_http_response_access_control_expose_headers_header_value str

routing_http_response_access_control_max_age_header_value str

routing_http_response_content_security_policy_header_value str

routing_http_response_server_enabled bool

routing_http_response_strict_transport_security_header_value str

routing_http_response_x_content_type_options_header_value str

routing_http_response_x_frame_options_header_value str

ssl_policy str

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

tags Mapping[str, str]

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tcp_idle_timeout_seconds int

defaultActions List<Property Map>

Configuration block for default actions. See below.

loadBalancerArn String

ARN of the load balancer.

The following arguments are optional:

alpnPolicy String

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

certificateArn String

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

mutualAuthentication Property Map

The mutual authentication configuration information. See below.

port Number

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol String

routingHttpRequestXAmznMtlsClientcertHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertIssuerHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertLeafHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSubjectHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertValidityHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsCipherSuiteHeaderName String

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsVersionHeaderName String

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpResponseAccessControlAllowCredentialsHeaderValue String

routingHttpResponseAccessControlAllowHeadersHeaderValue String

routingHttpResponseAccessControlAllowMethodsHeaderValue String

routingHttpResponseAccessControlAllowOriginHeaderValue String

routingHttpResponseAccessControlExposeHeadersHeaderValue String

routingHttpResponseAccessControlMaxAgeHeaderValue String

routingHttpResponseContentSecurityPolicyHeaderValue String

routingHttpResponseServerEnabled Boolean

routingHttpResponseStrictTransportSecurityHeaderValue String

routingHttpResponseXContentTypeOptionsHeaderValue String

routingHttpResponseXFrameOptionsHeaderValue String

sslPolicy String

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

tags Map<String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tcpIdleTimeoutSeconds Number

Outputs

All input properties are implicitly available as output properties. Additionally, the Listener resource produces the following output properties:

Arn string: ARN of the listener (matches id).
Id string: The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string: ARN of the listener (matches id).
Id string: The provider-assigned unique ID for this managed resource.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: ARN of the listener (matches id).
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string: ARN of the listener (matches id).
id string: The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str: ARN of the listener (matches id).
id str: The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String: ARN of the listener (matches id).
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing Listener Resource

Get an existing Listener resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: ListenerState, opts?: CustomResourceOptions): Listener

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        alpn_policy: Optional[str] = None,
        arn: Optional[str] = None,
        certificate_arn: Optional[str] = None,
        default_actions: Optional[Sequence[ListenerDefaultActionArgs]] = None,
        load_balancer_arn: Optional[str] = None,
        mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
        port: Optional[int] = None,
        protocol: Optional[str] = None,
        routing_http_request_x_amzn_mtls_clientcert_header_name: Optional[str] = None,
        routing_http_request_x_amzn_mtls_clientcert_issuer_header_name: Optional[str] = None,
        routing_http_request_x_amzn_mtls_clientcert_leaf_header_name: Optional[str] = None,
        routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name: Optional[str] = None,
        routing_http_request_x_amzn_mtls_clientcert_subject_header_name: Optional[str] = None,
        routing_http_request_x_amzn_mtls_clientcert_validity_header_name: Optional[str] = None,
        routing_http_request_x_amzn_tls_cipher_suite_header_name: Optional[str] = None,
        routing_http_request_x_amzn_tls_version_header_name: Optional[str] = None,
        routing_http_response_access_control_allow_credentials_header_value: Optional[str] = None,
        routing_http_response_access_control_allow_headers_header_value: Optional[str] = None,
        routing_http_response_access_control_allow_methods_header_value: Optional[str] = None,
        routing_http_response_access_control_allow_origin_header_value: Optional[str] = None,
        routing_http_response_access_control_expose_headers_header_value: Optional[str] = None,
        routing_http_response_access_control_max_age_header_value: Optional[str] = None,
        routing_http_response_content_security_policy_header_value: Optional[str] = None,
        routing_http_response_server_enabled: Optional[bool] = None,
        routing_http_response_strict_transport_security_header_value: Optional[str] = None,
        routing_http_response_x_content_type_options_header_value: Optional[str] = None,
        routing_http_response_x_frame_options_header_value: Optional[str] = None,
        ssl_policy: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        tcp_idle_timeout_seconds: Optional[int] = None) -> Listener

func GetListener(ctx *Context, name string, id IDInput, state *ListenerState, opts ...ResourceOption) (*Listener, error)

public static Listener Get(string name, Input<string> id, ListenerState? state, CustomResourceOptions? opts = null)

public static Listener get(String name, Output<String> id, ListenerState state, CustomResourceOptions options)

resources:  _:    type: aws:alb:Listener    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AlpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

Arn string

ARN of the listener (matches id).

CertificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

DefaultActions List<ListenerDefaultAction>

Configuration block for default actions. See below.

LoadBalancerArn string

ARN of the load balancer.

The following arguments are optional:

MutualAuthentication ListenerMutualAuthentication

The mutual authentication configuration information. See below.

Port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

Protocol string

RoutingHttpRequestXAmznMtlsClientcertHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznTlsCipherSuiteHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznTlsVersionHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpResponseAccessControlAllowCredentialsHeaderValue string

RoutingHttpResponseAccessControlAllowHeadersHeaderValue string

RoutingHttpResponseAccessControlAllowMethodsHeaderValue string

RoutingHttpResponseAccessControlAllowOriginHeaderValue string

RoutingHttpResponseAccessControlExposeHeadersHeaderValue string

RoutingHttpResponseAccessControlMaxAgeHeaderValue string

RoutingHttpResponseContentSecurityPolicyHeaderValue string

RoutingHttpResponseServerEnabled bool

RoutingHttpResponseStrictTransportSecurityHeaderValue string

RoutingHttpResponseXContentTypeOptionsHeaderValue string

RoutingHttpResponseXFrameOptionsHeaderValue string

SslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

Tags Dictionary<string, string>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

TcpIdleTimeoutSeconds int

AlpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

Arn string

ARN of the listener (matches id).

CertificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

DefaultActions []ListenerDefaultActionArgs

Configuration block for default actions. See below.

LoadBalancerArn string

ARN of the load balancer.

The following arguments are optional:

MutualAuthentication ListenerMutualAuthenticationArgs

The mutual authentication configuration information. See below.

Port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

Protocol string

RoutingHttpRequestXAmznMtlsClientcertHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznTlsCipherSuiteHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpRequestXAmznTlsVersionHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

RoutingHttpResponseAccessControlAllowCredentialsHeaderValue string

RoutingHttpResponseAccessControlAllowHeadersHeaderValue string

RoutingHttpResponseAccessControlAllowMethodsHeaderValue string

RoutingHttpResponseAccessControlAllowOriginHeaderValue string

RoutingHttpResponseAccessControlExposeHeadersHeaderValue string

RoutingHttpResponseAccessControlMaxAgeHeaderValue string

RoutingHttpResponseContentSecurityPolicyHeaderValue string

RoutingHttpResponseServerEnabled bool

RoutingHttpResponseStrictTransportSecurityHeaderValue string

RoutingHttpResponseXContentTypeOptionsHeaderValue string

RoutingHttpResponseXFrameOptionsHeaderValue string

SslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

Tags map[string]string

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

TcpIdleTimeoutSeconds int

alpnPolicy String

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

arn String

ARN of the listener (matches id).

certificateArn String

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

defaultActions List<ListenerDefaultAction>

Configuration block for default actions. See below.

loadBalancerArn String

ARN of the load balancer.

The following arguments are optional:

mutualAuthentication ListenerMutualAuthentication

The mutual authentication configuration information. See below.

port Integer

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol String

routingHttpRequestXAmznMtlsClientcertHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertIssuerHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertLeafHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSubjectHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertValidityHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsCipherSuiteHeaderName String

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsVersionHeaderName String

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpResponseAccessControlAllowCredentialsHeaderValue String

routingHttpResponseAccessControlAllowHeadersHeaderValue String

routingHttpResponseAccessControlAllowMethodsHeaderValue String

routingHttpResponseAccessControlAllowOriginHeaderValue String

routingHttpResponseAccessControlExposeHeadersHeaderValue String

routingHttpResponseAccessControlMaxAgeHeaderValue String

routingHttpResponseContentSecurityPolicyHeaderValue String

routingHttpResponseServerEnabled Boolean

routingHttpResponseStrictTransportSecurityHeaderValue String

routingHttpResponseXContentTypeOptionsHeaderValue String

routingHttpResponseXFrameOptionsHeaderValue String

sslPolicy String

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

tags Map<String,String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

tcpIdleTimeoutSeconds Integer

alpnPolicy string

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

arn string

ARN of the listener (matches id).

certificateArn string

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

defaultActions ListenerDefaultAction[]

Configuration block for default actions. See below.

loadBalancerArn string

ARN of the load balancer.

The following arguments are optional:

mutualAuthentication ListenerMutualAuthentication

The mutual authentication configuration information. See below.

port number

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol string

routingHttpRequestXAmznMtlsClientcertHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertIssuerHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertLeafHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSubjectHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertValidityHeaderName string

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsCipherSuiteHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsVersionHeaderName string

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpResponseAccessControlAllowCredentialsHeaderValue string

routingHttpResponseAccessControlAllowHeadersHeaderValue string

routingHttpResponseAccessControlAllowMethodsHeaderValue string

routingHttpResponseAccessControlAllowOriginHeaderValue string

routingHttpResponseAccessControlExposeHeadersHeaderValue string

routingHttpResponseAccessControlMaxAgeHeaderValue string

routingHttpResponseContentSecurityPolicyHeaderValue string

routingHttpResponseServerEnabled boolean

routingHttpResponseStrictTransportSecurityHeaderValue string

routingHttpResponseXContentTypeOptionsHeaderValue string

routingHttpResponseXFrameOptionsHeaderValue string

sslPolicy string

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

tags {[key: string]: string}

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

tcpIdleTimeoutSeconds number

alpn_policy str

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

arn str

ARN of the listener (matches id).

certificate_arn str

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

default_actions Sequence[ListenerDefaultActionArgs]

Configuration block for default actions. See below.

load_balancer_arn str

ARN of the load balancer.

The following arguments are optional:

mutual_authentication ListenerMutualAuthenticationArgs

The mutual authentication configuration information. See below.

port int

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol str

routing_http_request_x_amzn_mtls_clientcert_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_issuer_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_leaf_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_subject_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_mtls_clientcert_validity_header_name str

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_tls_cipher_suite_header_name str

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_request_x_amzn_tls_version_header_name str

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routing_http_response_access_control_allow_credentials_header_value str

routing_http_response_access_control_allow_headers_header_value str

routing_http_response_access_control_allow_methods_header_value str

routing_http_response_access_control_allow_origin_header_value str

routing_http_response_access_control_expose_headers_header_value str

routing_http_response_access_control_max_age_header_value str

routing_http_response_content_security_policy_header_value str

routing_http_response_server_enabled bool

routing_http_response_strict_transport_security_header_value str

routing_http_response_x_content_type_options_header_value str

routing_http_response_x_frame_options_header_value str

ssl_policy str

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

tags Mapping[str, str]

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

tcp_idle_timeout_seconds int

alpnPolicy String

Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if protocol is TLS. Valid values are HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, and None.

arn String

ARN of the listener (matches id).

certificateArn String

ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the aws.lb.ListenerCertificate resource.

defaultActions List<Property Map>

Configuration block for default actions. See below.

loadBalancerArn String

ARN of the load balancer.

The following arguments are optional:

mutualAuthentication Property Map

The mutual authentication configuration information. See below.

port Number

Port on which the load balancer is listening. Not valid for Gateway Load Balancers.

protocol String

routingHttpRequestXAmznMtlsClientcertHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertIssuerHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertLeafHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertSubjectHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznMtlsClientcertValidityHeaderName String

Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsCipherSuiteHeaderName String

Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpRequestXAmznTlsVersionHeaderName String

Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header. Can only be set if protocol is HTTPS for Application Load Balancers.

routingHttpResponseAccessControlAllowCredentialsHeaderValue String

routingHttpResponseAccessControlAllowHeadersHeaderValue String

routingHttpResponseAccessControlAllowMethodsHeaderValue String

routingHttpResponseAccessControlAllowOriginHeaderValue String

routingHttpResponseAccessControlExposeHeadersHeaderValue String

routingHttpResponseAccessControlMaxAgeHeaderValue String

routingHttpResponseContentSecurityPolicyHeaderValue String

routingHttpResponseServerEnabled Boolean

routingHttpResponseStrictTransportSecurityHeaderValue String

routingHttpResponseXContentTypeOptionsHeaderValue String

routingHttpResponseXFrameOptionsHeaderValue String

sslPolicy String

Name of the SSL Policy for the listener. Required if protocol is HTTPS or TLS. Default is ELBSecurityPolicy-2016-08.

tags Map<String>

A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

tcpIdleTimeoutSeconds Number

Supporting Types

ListenerDefaultAction
, ListenerDefaultActionArgs

Type string

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

The following arguments are optional:

AuthenticateCognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. See below.

AuthenticateOidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. See below.

FixedResponse ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

Forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. See below.

Order int

Order for the action. The action with the lowest value for order is performed first. Valid values are between 1 and 50000. Defaults to the position in the list of actions.

Redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. See below.

TargetGroupArn string

ARN of the Target Group to which to route traffic. Specify only if type is forward and you want to route to a single target group. To route to one or more target groups, use a forward block instead. Can be specified with forward but ARNs must match.

Type string

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

The following arguments are optional:

AuthenticateCognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. See below.

AuthenticateOidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. See below.

FixedResponse ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

Forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. See below.

Order int

Order for the action. The action with the lowest value for order is performed first. Valid values are between 1 and 50000. Defaults to the position in the list of actions.

Redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. See below.

TargetGroupArn string

type String

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

The following arguments are optional:

authenticateCognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. See below.

authenticateOidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. See below.

fixedResponse ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. See below.

order Integer

Order for the action. The action with the lowest value for order is performed first. Valid values are between 1 and 50000. Defaults to the position in the list of actions.

redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. See below.

targetGroupArn String

type string

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

The following arguments are optional:

authenticateCognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. See below.

authenticateOidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. See below.

fixedResponse ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. See below.

order number

Order for the action. The action with the lowest value for order is performed first. Valid values are between 1 and 50000. Defaults to the position in the list of actions.

redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. See below.

targetGroupArn string

type str

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

The following arguments are optional:

authenticate_cognito ListenerDefaultActionAuthenticateCognito

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. See below.

authenticate_oidc ListenerDefaultActionAuthenticateOidc

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. See below.

fixed_response ListenerDefaultActionFixedResponse

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

forward ListenerDefaultActionForward

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. See below.

order int

Order for the action. The action with the lowest value for order is performed first. Valid values are between 1 and 50000. Defaults to the position in the list of actions.

redirect ListenerDefaultActionRedirect

Configuration block for creating a redirect action. Required if type is redirect. See below.

target_group_arn str

type String

Type of routing action. Valid values are forward, redirect, fixed-response, authenticate-cognito and authenticate-oidc.

The following arguments are optional:

authenticateCognito Property Map

Configuration block for using Amazon Cognito to authenticate users. Specify only when type is authenticate-cognito. See below.

authenticateOidc Property Map

Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when type is authenticate-oidc. See below.

fixedResponse Property Map

Information for creating an action that returns a custom HTTP response. Required if type is fixed-response.

forward Property Map

Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. See below.

order Number

Order for the action. The action with the lowest value for order is performed first. Valid values are between 1 and 50000. Defaults to the position in the list of actions.

redirect Property Map

Configuration block for creating a redirect action. Required if type is redirect. See below.

targetGroupArn String

ListenerDefaultActionAuthenticateCognito
, ListenerDefaultActionAuthenticateCognitoArgs

UserPoolArn string

ARN of the Cognito user pool.

UserPoolClientId string

ID of the Cognito user pool client.

UserPoolDomain string

Domain prefix or fully-qualified domain name of the Cognito user pool.

The following arguments are optional:

AuthenticationRequestExtraParams Dictionary<string, string>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.

OnUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

Scope string

Set of user claims to be requested from the IdP.

SessionCookieName string

Name of the cookie used to maintain session information.

SessionTimeout int

Maximum duration of the authentication session, in seconds.

UserPoolArn string

ARN of the Cognito user pool.

UserPoolClientId string

ID of the Cognito user pool client.

UserPoolDomain string

Domain prefix or fully-qualified domain name of the Cognito user pool.

The following arguments are optional:

AuthenticationRequestExtraParams map[string]string

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.

OnUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

Scope string

Set of user claims to be requested from the IdP.

SessionCookieName string

Name of the cookie used to maintain session information.

SessionTimeout int

Maximum duration of the authentication session, in seconds.

userPoolArn String

ARN of the Cognito user pool.

userPoolClientId String

ID of the Cognito user pool client.

userPoolDomain String

Domain prefix or fully-qualified domain name of the Cognito user pool.

The following arguments are optional:

authenticationRequestExtraParams Map<String,String>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.

onUnauthenticatedRequest String

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

scope String

Set of user claims to be requested from the IdP.

sessionCookieName String

Name of the cookie used to maintain session information.

sessionTimeout Integer

Maximum duration of the authentication session, in seconds.

userPoolArn string

ARN of the Cognito user pool.

userPoolClientId string

ID of the Cognito user pool client.

userPoolDomain string

Domain prefix or fully-qualified domain name of the Cognito user pool.

The following arguments are optional:

authenticationRequestExtraParams {[key: string]: string}

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.

onUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

scope string

Set of user claims to be requested from the IdP.

sessionCookieName string

Name of the cookie used to maintain session information.

sessionTimeout number

Maximum duration of the authentication session, in seconds.

user_pool_arn str

ARN of the Cognito user pool.

user_pool_client_id str

ID of the Cognito user pool client.

user_pool_domain str

Domain prefix or fully-qualified domain name of the Cognito user pool.

The following arguments are optional:

authentication_request_extra_params Mapping[str, str]

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.

on_unauthenticated_request str

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

scope str

Set of user claims to be requested from the IdP.

session_cookie_name str

Name of the cookie used to maintain session information.

session_timeout int

Maximum duration of the authentication session, in seconds.

userPoolArn String

ARN of the Cognito user pool.

userPoolClientId String

ID of the Cognito user pool client.

userPoolDomain String

Domain prefix or fully-qualified domain name of the Cognito user pool.

The following arguments are optional:

authenticationRequestExtraParams Map<String>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below.

onUnauthenticatedRequest String

Behavior if the user is not authenticated. Valid values are deny, allow and authenticate.

scope String

Set of user claims to be requested from the IdP.

sessionCookieName String

Name of the cookie used to maintain session information.

sessionTimeout Number

Maximum duration of the authentication session, in seconds.

ListenerDefaultActionAuthenticateOidc
, ListenerDefaultActionAuthenticateOidcArgs

AuthorizationEndpoint string

Authorization endpoint of the IdP.

ClientId string

OAuth 2.0 client identifier.

ClientSecret string

OAuth 2.0 client secret.

Issuer string

OIDC issuer identifier of the IdP.

TokenEndpoint string

Token endpoint of the IdP.

UserInfoEndpoint string

User info endpoint of the IdP.

The following arguments are optional:

AuthenticationRequestExtraParams Dictionary<string, string>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

OnUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

Scope string

Set of user claims to be requested from the IdP.

SessionCookieName string

Name of the cookie used to maintain session information.

SessionTimeout int

Maximum duration of the authentication session, in seconds.

AuthorizationEndpoint string

Authorization endpoint of the IdP.

ClientId string

OAuth 2.0 client identifier.

ClientSecret string

OAuth 2.0 client secret.

Issuer string

OIDC issuer identifier of the IdP.

TokenEndpoint string

Token endpoint of the IdP.

UserInfoEndpoint string

User info endpoint of the IdP.

The following arguments are optional:

AuthenticationRequestExtraParams map[string]string

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

OnUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

Scope string

Set of user claims to be requested from the IdP.

SessionCookieName string

Name of the cookie used to maintain session information.

SessionTimeout int

Maximum duration of the authentication session, in seconds.

authorizationEndpoint String

Authorization endpoint of the IdP.

clientId String

OAuth 2.0 client identifier.

clientSecret String

OAuth 2.0 client secret.

issuer String

OIDC issuer identifier of the IdP.

tokenEndpoint String

Token endpoint of the IdP.

userInfoEndpoint String

User info endpoint of the IdP.

The following arguments are optional:

authenticationRequestExtraParams Map<String,String>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

onUnauthenticatedRequest String

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

scope String

Set of user claims to be requested from the IdP.

sessionCookieName String

Name of the cookie used to maintain session information.

sessionTimeout Integer

Maximum duration of the authentication session, in seconds.

authorizationEndpoint string

Authorization endpoint of the IdP.

clientId string

OAuth 2.0 client identifier.

clientSecret string

OAuth 2.0 client secret.

issuer string

OIDC issuer identifier of the IdP.

tokenEndpoint string

Token endpoint of the IdP.

userInfoEndpoint string

User info endpoint of the IdP.

The following arguments are optional:

authenticationRequestExtraParams {[key: string]: string}

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

onUnauthenticatedRequest string

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

scope string

Set of user claims to be requested from the IdP.

sessionCookieName string

Name of the cookie used to maintain session information.

sessionTimeout number

Maximum duration of the authentication session, in seconds.

authorization_endpoint str

Authorization endpoint of the IdP.

client_id str

OAuth 2.0 client identifier.

client_secret str

OAuth 2.0 client secret.

issuer str

OIDC issuer identifier of the IdP.

token_endpoint str

Token endpoint of the IdP.

user_info_endpoint str

User info endpoint of the IdP.

The following arguments are optional:

authentication_request_extra_params Mapping[str, str]

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

on_unauthenticated_request str

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

scope str

Set of user claims to be requested from the IdP.

session_cookie_name str

Name of the cookie used to maintain session information.

session_timeout int

Maximum duration of the authentication session, in seconds.

authorizationEndpoint String

Authorization endpoint of the IdP.

clientId String

OAuth 2.0 client identifier.

clientSecret String

OAuth 2.0 client secret.

issuer String

OIDC issuer identifier of the IdP.

tokenEndpoint String

Token endpoint of the IdP.

userInfoEndpoint String

User info endpoint of the IdP.

The following arguments are optional:

authenticationRequestExtraParams Map<String>

Query parameters to include in the redirect request to the authorization endpoint. Max: 10.

onUnauthenticatedRequest String

Behavior if the user is not authenticated. Valid values: deny, allow and authenticate

scope String

Set of user claims to be requested from the IdP.

sessionCookieName String

Name of the cookie used to maintain session information.

sessionTimeout Number

Maximum duration of the authentication session, in seconds.

ListenerDefaultActionFixedResponse
, ListenerDefaultActionFixedResponseArgs

ContentType string

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

The following arguments are optional:

MessageBody string

Message body.

StatusCode string

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

ContentType string

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

The following arguments are optional:

MessageBody string

Message body.

StatusCode string

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

contentType String

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

The following arguments are optional:

messageBody String

Message body.

statusCode String

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

contentType string

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

The following arguments are optional:

messageBody string

Message body.

statusCode string

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

content_type str

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

The following arguments are optional:

message_body str

Message body.

status_code str

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

contentType String

Content type. Valid values are text/plain, text/css, text/html, application/javascript and application/json.

The following arguments are optional:

messageBody String

Message body.

statusCode String

HTTP response code. Valid values are 2XX, 4XX, or 5XX.

ListenerDefaultActionForward
, ListenerDefaultActionForwardArgs

TargetGroups List<ListenerDefaultActionForwardTargetGroup>

Set of 1-5 target group blocks. See below.

The following arguments are optional:

Stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. See below.

TargetGroups []ListenerDefaultActionForwardTargetGroup

Set of 1-5 target group blocks. See below.

The following arguments are optional:

Stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. See below.

targetGroups List<ListenerDefaultActionForwardTargetGroup>

Set of 1-5 target group blocks. See below.

The following arguments are optional:

stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. See below.

targetGroups ListenerDefaultActionForwardTargetGroup[]

Set of 1-5 target group blocks. See below.

The following arguments are optional:

stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. See below.

target_groups Sequence[ListenerDefaultActionForwardTargetGroup]

Set of 1-5 target group blocks. See below.

The following arguments are optional:

stickiness ListenerDefaultActionForwardStickiness

Configuration block for target group stickiness for the rule. See below.

targetGroups List<Property Map>

Set of 1-5 target group blocks. See below.

The following arguments are optional:

stickiness Property Map

Configuration block for target group stickiness for the rule. See below.

ListenerDefaultActionForwardStickiness
, ListenerDefaultActionForwardStickinessArgs

Duration int

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

The following arguments are optional:

Enabled bool

Whether target group stickiness is enabled. Default is false.

Duration int

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

The following arguments are optional:

Enabled bool

Whether target group stickiness is enabled. Default is false.

duration Integer

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

The following arguments are optional:

enabled Boolean

Whether target group stickiness is enabled. Default is false.

duration number

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

The following arguments are optional:

enabled boolean

Whether target group stickiness is enabled. Default is false.

duration int

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

The following arguments are optional:

enabled bool

Whether target group stickiness is enabled. Default is false.

duration Number

Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

The following arguments are optional:

enabled Boolean

Whether target group stickiness is enabled. Default is false.

ListenerDefaultActionForwardTargetGroup
, ListenerDefaultActionForwardTargetGroupArgs

Arn string

ARN of the target group.

The following arguments are optional:

Weight int

Weight. The range is 0 to 999.

Arn string

ARN of the target group.

The following arguments are optional:

Weight int

Weight. The range is 0 to 999.

arn String

ARN of the target group.

The following arguments are optional:

weight Integer

Weight. The range is 0 to 999.

arn string

ARN of the target group.

The following arguments are optional:

weight number

Weight. The range is 0 to 999.

arn str

ARN of the target group.

The following arguments are optional:

weight int

Weight. The range is 0 to 999.

arn String

ARN of the target group.

The following arguments are optional:

weight Number

Weight. The range is 0 to 999.

ListenerDefaultActionRedirect
, ListenerDefaultActionRedirectArgs

StatusCode string

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

The following arguments are optional:

Host string

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

Path string

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

Port string

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

Protocol string

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

Query string

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

StatusCode string

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

The following arguments are optional:

Host string

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

Path string

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

Port string

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

Protocol string

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

Query string

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

statusCode String

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

The following arguments are optional:

host String

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

path String

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

port String

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

protocol String

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

query String

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

statusCode string

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

The following arguments are optional:

host string

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

path string

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

port string

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

protocol string

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

query string

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

status_code str

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

The following arguments are optional:

host str

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

path str

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

port str

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

protocol str

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

query str

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

statusCode String

HTTP redirect code. The redirect is either permanent (HTTP_301) or temporary (HTTP_302).

The following arguments are optional:

host String

Hostname. This component is not percent-encoded. The hostname can contain #{host}. Defaults to #{host}.

path String

Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to /#{path}.

port String

Port. Specify a value from 1 to 65535 or #{port}. Defaults to #{port}.

protocol String

Protocol. Valid values are HTTP, HTTPS, or #{protocol}. Defaults to #{protocol}.

query String

Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to #{query}.

ListenerMutualAuthentication
, ListenerMutualAuthenticationArgs

Mode string: Valid values are off, verify and passthrough.
AdvertiseTrustStoreCaNames string: Valid values are off and on.
IgnoreClientCertificateExpiry bool: Whether client certificate expiry is ignored. Default is false.
TrustStoreArn string: ARN of the elbv2 Trust Store.

Mode string: Valid values are off, verify and passthrough.
AdvertiseTrustStoreCaNames string: Valid values are off and on.
IgnoreClientCertificateExpiry bool: Whether client certificate expiry is ignored. Default is false.
TrustStoreArn string: ARN of the elbv2 Trust Store.

mode String: Valid values are off, verify and passthrough.
advertiseTrustStoreCaNames String: Valid values are off and on.
ignoreClientCertificateExpiry Boolean: Whether client certificate expiry is ignored. Default is false.
trustStoreArn String: ARN of the elbv2 Trust Store.

mode string: Valid values are off, verify and passthrough.
advertiseTrustStoreCaNames string: Valid values are off and on.
ignoreClientCertificateExpiry boolean: Whether client certificate expiry is ignored. Default is false.
trustStoreArn string: ARN of the elbv2 Trust Store.

mode str: Valid values are off, verify and passthrough.
advertise_trust_store_ca_names str: Valid values are off and on.
ignore_client_certificate_expiry bool: Whether client certificate expiry is ignored. Default is false.
trust_store_arn str: ARN of the elbv2 Trust Store.

mode String: Valid values are off, verify and passthrough.
advertiseTrustStoreCaNames String: Valid values are off and on.
ignoreClientCertificateExpiry Boolean: Whether client certificate expiry is ignored. Default is false.
trustStoreArn String: ARN of the elbv2 Trust Store.

Import

Using pulumi import, import listeners using their ARN. For example:

$ pulumi import aws:alb/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

pulumi/pulumi-aws

Example Usage
Forward Action
Redirect Action
Fixed-response Action
Authenticate-cognito Action
Authenticate-OIDC Action
Gateway Load Balancer Listener
Mutual TLS Authentication
Create Listener Resource
Constructor syntax
Constructor example
Listener Resource Properties
Inputs
Outputs
Look up Existing Listener Resource
Supporting Types
Import
Package Details

Related Resources

appautoscaling.Target

lb.TargetGroup

Request a Change

aws.alb.Listener

On this page

On this page

Example Usage

Forward Action

Redirect Action

Fixed-response Action

Authenticate-cognito Action

Authenticate-OIDC Action

Gateway Load Balancer Listener

Mutual TLS Authentication

Create Listener Resource

Constructor syntax

Parameters

Constructor example

Listener Resource Properties

Inputs

Outputs

Look up Existing Listener Resource

Supporting Types

ListenerDefaultAction
, ListenerDefaultActionArgs

ListenerDefaultActionAuthenticateCognito
, ListenerDefaultActionAuthenticateCognitoArgs

ListenerDefaultActionAuthenticateOidc
, ListenerDefaultActionAuthenticateOidcArgs

ListenerDefaultActionFixedResponse
, ListenerDefaultActionFixedResponseArgs

ListenerDefaultActionForward
, ListenerDefaultActionForwardArgs

ListenerDefaultActionForwardStickiness
, ListenerDefaultActionForwardStickinessArgs

ListenerDefaultActionForwardTargetGroup
, ListenerDefaultActionForwardTargetGroupArgs

ListenerDefaultActionRedirect
, ListenerDefaultActionRedirectArgs

ListenerMutualAuthentication
, ListenerMutualAuthenticationArgs

Import

Package Details

On this page

On this page

aws.alb.Listener

On this page

On this page

Example Usage

Forward Action

Redirect Action

Fixed-response Action

Authenticate-cognito Action

Authenticate-OIDC Action

Gateway Load Balancer Listener

Mutual TLS Authentication

Create Listener Resource

Constructor syntax

Parameters

Constructor example

Listener Resource Properties

Inputs

Outputs

Look up Existing Listener Resource

Supporting Types

ListenerDefaultAction, ListenerDefaultActionArgs

ListenerDefaultActionAuthenticateCognito, ListenerDefaultActionAuthenticateCognitoArgs

ListenerDefaultActionAuthenticateOidc, ListenerDefaultActionAuthenticateOidcArgs

ListenerDefaultActionFixedResponse, ListenerDefaultActionFixedResponseArgs

ListenerDefaultActionForward, ListenerDefaultActionForwardArgs

ListenerDefaultActionForwardStickiness, ListenerDefaultActionForwardStickinessArgs

ListenerDefaultActionForwardTargetGroup, ListenerDefaultActionForwardTargetGroupArgs

ListenerDefaultActionRedirect, ListenerDefaultActionRedirectArgs

ListenerMutualAuthentication, ListenerMutualAuthenticationArgs

Import

Package Details

On this page

On this page

ListenerDefaultAction
, ListenerDefaultActionArgs

ListenerDefaultActionAuthenticateCognito
, ListenerDefaultActionAuthenticateCognitoArgs

ListenerDefaultActionAuthenticateOidc
, ListenerDefaultActionAuthenticateOidcArgs

ListenerDefaultActionFixedResponse
, ListenerDefaultActionFixedResponseArgs

ListenerDefaultActionForward
, ListenerDefaultActionForwardArgs

ListenerDefaultActionForwardStickiness
, ListenerDefaultActionForwardStickinessArgs

ListenerDefaultActionForwardTargetGroup
, ListenerDefaultActionForwardTargetGroupArgs

ListenerDefaultActionRedirect
, ListenerDefaultActionRedirectArgs

ListenerMutualAuthentication
, ListenerMutualAuthenticationArgs