AWS Cloud Control v1.27.0, Apr 14 25

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

aws-native.elasticloadbalancingv2.Listener

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

Create Listener Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new Listener(name: string, args: ListenerArgs, opts?: CustomResourceOptions);

@overload
def Listener(resource_name: str,
             args: ListenerArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Listener(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             default_actions: Optional[Sequence[ListenerActionArgs]] = None,
             load_balancer_arn: Optional[str] = None,
             alpn_policy: Optional[Sequence[str]] = None,
             certificates: Optional[Sequence[ListenerCertificateArgs]] = None,
             listener_attributes: Optional[Sequence[ListenerAttributeArgs]] = None,
             mutual_authentication: Optional[ListenerMutualAuthenticationArgs] = None,
             port: Optional[int] = None,
             protocol: Optional[str] = None,
             ssl_policy: Optional[str] = None)

func NewListener(ctx *Context, name string, args ListenerArgs, opts ...ResourceOption) (*Listener, error)

public Listener(string name, ListenerArgs args, CustomResourceOptions? opts = null)

public Listener(String name, ListenerArgs args)
public Listener(String name, ListenerArgs args, CustomResourceOptions options)

type: aws-native:elasticloadbalancingv2:Listener
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ListenerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Listener Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Listener resource accepts the following input properties:

DefaultActions List<Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerAction>: The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
LoadBalancerArn string: The Amazon Resource Name (ARN) of the load balancer.
AlpnPolicy List<string>: [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
Certificates List<Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerCertificate>: The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
ListenerAttributes List<Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerAttribute>: The listener attributes.
MutualAuthentication Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerMutualAuthentication: The mutual authentication configuration information.
Port int: The port on which the load balancer is listening. You can't specify a port for a Gateway Load Balancer.
Protocol string: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
SslPolicy string: [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

DefaultActions []ListenerActionArgs: The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
LoadBalancerArn string: The Amazon Resource Name (ARN) of the load balancer.
AlpnPolicy []string: [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
Certificates []ListenerCertificateArgs: The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
ListenerAttributes []ListenerAttributeArgs: The listener attributes.
MutualAuthentication ListenerMutualAuthenticationArgs: The mutual authentication configuration information.
Port int: The port on which the load balancer is listening. You can't specify a port for a Gateway Load Balancer.
Protocol string: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
SslPolicy string: [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

defaultActions List<ListenerAction>: The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
loadBalancerArn String: The Amazon Resource Name (ARN) of the load balancer.
alpnPolicy List<String>: [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
certificates List<ListenerCertificate>: The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
listenerAttributes List<ListenerAttribute>: The listener attributes.
mutualAuthentication ListenerMutualAuthentication: The mutual authentication configuration information.
port Integer: The port on which the load balancer is listening. You can't specify a port for a Gateway Load Balancer.
protocol String: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
sslPolicy String: [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

defaultActions ListenerAction[]: The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
loadBalancerArn string: The Amazon Resource Name (ARN) of the load balancer.
alpnPolicy string[]: [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
certificates ListenerCertificate[]: The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
listenerAttributes ListenerAttribute[]: The listener attributes.
mutualAuthentication ListenerMutualAuthentication: The mutual authentication configuration information.
port number: The port on which the load balancer is listening. You can't specify a port for a Gateway Load Balancer.
protocol string: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
sslPolicy string: [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

default_actions Sequence[ListenerActionArgs]: The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
load_balancer_arn str: The Amazon Resource Name (ARN) of the load balancer.
alpn_policy Sequence[str]: [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
certificates Sequence[ListenerCertificateArgs]: The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
listener_attributes Sequence[ListenerAttributeArgs]: The listener attributes.
mutual_authentication ListenerMutualAuthenticationArgs: The mutual authentication configuration information.
port int: The port on which the load balancer is listening. You can't specify a port for a Gateway Load Balancer.
protocol str: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
ssl_policy str: [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

defaultActions List<Property Map>: The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.
loadBalancerArn String: The Amazon Resource Name (ARN) of the load balancer.
alpnPolicy List<String>: [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
certificates List<Property Map>: The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.
listenerAttributes List<Property Map>: The listener attributes.
mutualAuthentication Property Map: The mutual authentication configuration information.
port Number: The port on which the load balancer is listening. You can't specify a port for a Gateway Load Balancer.
protocol String: The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
sslPolicy String: [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

Outputs

All input properties are implicitly available as output properties. Additionally, the Listener resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
ListenerArn string: The Amazon Resource Name (ARN) of the listener.

Id string: The provider-assigned unique ID for this managed resource.
ListenerArn string: The Amazon Resource Name (ARN) of the listener.

id String: The provider-assigned unique ID for this managed resource.
listenerArn String: The Amazon Resource Name (ARN) of the listener.

id string: The provider-assigned unique ID for this managed resource.
listenerArn string: The Amazon Resource Name (ARN) of the listener.

id str: The provider-assigned unique ID for this managed resource.
listener_arn str: The Amazon Resource Name (ARN) of the listener.

id String: The provider-assigned unique ID for this managed resource.
listenerArn String: The Amazon Resource Name (ARN) of the listener.

Supporting Types

ListenerAction
, ListenerActionArgs

Type string: The type of action.
AuthenticateCognitoConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerAuthenticateCognitoConfig: [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
AuthenticateOidcConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerAuthenticateOidcConfig: [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
FixedResponseConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerFixedResponseConfig: [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
ForwardConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerForwardConfig: Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
Order int: The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
RedirectConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerRedirectConfig: [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
TargetGroupArn string: The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.

Type string: The type of action.
AuthenticateCognitoConfig ListenerAuthenticateCognitoConfig: [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
AuthenticateOidcConfig ListenerAuthenticateOidcConfig: [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
FixedResponseConfig ListenerFixedResponseConfig: [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
ForwardConfig ListenerForwardConfig: Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
Order int: The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
RedirectConfig ListenerRedirectConfig: [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
TargetGroupArn string: The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.

type String: The type of action.
authenticateCognitoConfig ListenerAuthenticateCognitoConfig: [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
authenticateOidcConfig ListenerAuthenticateOidcConfig: [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
fixedResponseConfig ListenerFixedResponseConfig: [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
forwardConfig ListenerForwardConfig: Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
order Integer: The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
redirectConfig ListenerRedirectConfig: [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
targetGroupArn String: The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.

type string: The type of action.
authenticateCognitoConfig ListenerAuthenticateCognitoConfig: [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
authenticateOidcConfig ListenerAuthenticateOidcConfig: [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
fixedResponseConfig ListenerFixedResponseConfig: [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
forwardConfig ListenerForwardConfig: Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
order number: The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
redirectConfig ListenerRedirectConfig: [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
targetGroupArn string: The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.

type str: The type of action.
authenticate_cognito_config ListenerAuthenticateCognitoConfig: [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
authenticate_oidc_config ListenerAuthenticateOidcConfig: [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
fixed_response_config ListenerFixedResponseConfig: [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
forward_config ListenerForwardConfig: Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
order int: The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
redirect_config ListenerRedirectConfig: [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
target_group_arn str: The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.

type String: The type of action.
authenticateCognitoConfig Property Map: [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
authenticateOidcConfig Property Map: [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
fixedResponseConfig Property Map: [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
forwardConfig Property Map: Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
order Number: The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
redirectConfig Property Map: [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
targetGroupArn String: The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.

ListenerAttribute
, ListenerAttributeArgs

Key string

The name of the attribute. The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.

tcp.idle_timeout.seconds - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.

The following attributes are only supported by Application Load Balancers.

routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_issuer.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_subject.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_validity.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_leaf.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header.
routing.http.request.x_amzn_mtls_clientcert.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header.
routing.http.request.x_amzn_tls_version.header_name - Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header.
routing.http.request.x_amzn_tls_cipher_suite.header_name - Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header.
routing.http.response.server.enabled - Enables you to allow or remove the HTTP response server header.
routing.http.response.strict_transport_security.header_value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
routing.http.response.access_control_allow_origin.header_value - Specifies which origins are allowed to access the server.
routing.http.response.access_control_allow_methods.header_value - Returns which HTTP methods are allowed when accessing the server from a different origin.
routing.http.response.access_control_allow_headers.header_value - Specifies which headers can be used during the request.
routing.http.response.access_control_allow_credentials.header_value - Indicates whether the browser should include credentials such as cookies or authentication when making requests.
routing.http.response.access_control_expose_headers.header_value - Returns which headers the browser can expose to the requesting client.
routing.http.response.access_control_max_age.header_value - Specifies how long the results of a preflight request can be cached, in seconds.
routing.http.response.content_security_policy.header_value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.
routing.http.response.x_content_type_options.header_value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed.
routing.http.response.x_frame_options.header_value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object.

Value string

The value of the attribute.

Key string

The name of the attribute. The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.

tcp.idle_timeout.seconds - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.

The following attributes are only supported by Application Load Balancers.

routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_issuer.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_subject.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_validity.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_leaf.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header.
routing.http.request.x_amzn_mtls_clientcert.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header.
routing.http.request.x_amzn_tls_version.header_name - Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header.
routing.http.request.x_amzn_tls_cipher_suite.header_name - Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header.
routing.http.response.server.enabled - Enables you to allow or remove the HTTP response server header.
routing.http.response.strict_transport_security.header_value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
routing.http.response.access_control_allow_origin.header_value - Specifies which origins are allowed to access the server.
routing.http.response.access_control_allow_methods.header_value - Returns which HTTP methods are allowed when accessing the server from a different origin.
routing.http.response.access_control_allow_headers.header_value - Specifies which headers can be used during the request.
routing.http.response.access_control_allow_credentials.header_value - Indicates whether the browser should include credentials such as cookies or authentication when making requests.
routing.http.response.access_control_expose_headers.header_value - Returns which headers the browser can expose to the requesting client.
routing.http.response.access_control_max_age.header_value - Specifies how long the results of a preflight request can be cached, in seconds.
routing.http.response.content_security_policy.header_value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.
routing.http.response.x_content_type_options.header_value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed.
routing.http.response.x_frame_options.header_value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object.

Value string

The value of the attribute.

key String

The name of the attribute. The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.

tcp.idle_timeout.seconds - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.

The following attributes are only supported by Application Load Balancers.

routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_issuer.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_subject.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_validity.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_leaf.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header.
routing.http.request.x_amzn_mtls_clientcert.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header.
routing.http.request.x_amzn_tls_version.header_name - Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header.
routing.http.request.x_amzn_tls_cipher_suite.header_name - Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header.
routing.http.response.server.enabled - Enables you to allow or remove the HTTP response server header.
routing.http.response.strict_transport_security.header_value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
routing.http.response.access_control_allow_origin.header_value - Specifies which origins are allowed to access the server.
routing.http.response.access_control_allow_methods.header_value - Returns which HTTP methods are allowed when accessing the server from a different origin.
routing.http.response.access_control_allow_headers.header_value - Specifies which headers can be used during the request.
routing.http.response.access_control_allow_credentials.header_value - Indicates whether the browser should include credentials such as cookies or authentication when making requests.
routing.http.response.access_control_expose_headers.header_value - Returns which headers the browser can expose to the requesting client.
routing.http.response.access_control_max_age.header_value - Specifies how long the results of a preflight request can be cached, in seconds.
routing.http.response.content_security_policy.header_value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.
routing.http.response.x_content_type_options.header_value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed.
routing.http.response.x_frame_options.header_value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object.

value String

The value of the attribute.

key string

The name of the attribute. The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.

tcp.idle_timeout.seconds - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.

The following attributes are only supported by Application Load Balancers.

routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_issuer.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_subject.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_validity.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_leaf.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header.
routing.http.request.x_amzn_mtls_clientcert.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header.
routing.http.request.x_amzn_tls_version.header_name - Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header.
routing.http.request.x_amzn_tls_cipher_suite.header_name - Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header.
routing.http.response.server.enabled - Enables you to allow or remove the HTTP response server header.
routing.http.response.strict_transport_security.header_value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
routing.http.response.access_control_allow_origin.header_value - Specifies which origins are allowed to access the server.
routing.http.response.access_control_allow_methods.header_value - Returns which HTTP methods are allowed when accessing the server from a different origin.
routing.http.response.access_control_allow_headers.header_value - Specifies which headers can be used during the request.
routing.http.response.access_control_allow_credentials.header_value - Indicates whether the browser should include credentials such as cookies or authentication when making requests.
routing.http.response.access_control_expose_headers.header_value - Returns which headers the browser can expose to the requesting client.
routing.http.response.access_control_max_age.header_value - Specifies how long the results of a preflight request can be cached, in seconds.
routing.http.response.content_security_policy.header_value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.
routing.http.response.x_content_type_options.header_value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed.
routing.http.response.x_frame_options.header_value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object.

value string

The value of the attribute.

key str

The name of the attribute. The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.

tcp.idle_timeout.seconds - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.

The following attributes are only supported by Application Load Balancers.

routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_issuer.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_subject.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_validity.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_leaf.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header.
routing.http.request.x_amzn_mtls_clientcert.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header.
routing.http.request.x_amzn_tls_version.header_name - Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header.
routing.http.request.x_amzn_tls_cipher_suite.header_name - Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header.
routing.http.response.server.enabled - Enables you to allow or remove the HTTP response server header.
routing.http.response.strict_transport_security.header_value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
routing.http.response.access_control_allow_origin.header_value - Specifies which origins are allowed to access the server.
routing.http.response.access_control_allow_methods.header_value - Returns which HTTP methods are allowed when accessing the server from a different origin.
routing.http.response.access_control_allow_headers.header_value - Specifies which headers can be used during the request.
routing.http.response.access_control_allow_credentials.header_value - Indicates whether the browser should include credentials such as cookies or authentication when making requests.
routing.http.response.access_control_expose_headers.header_value - Returns which headers the browser can expose to the requesting client.
routing.http.response.access_control_max_age.header_value - Specifies how long the results of a preflight request can be cached, in seconds.
routing.http.response.content_security_policy.header_value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.
routing.http.response.x_content_type_options.header_value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed.
routing.http.response.x_frame_options.header_value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object.

value str

The value of the attribute.

key String

The name of the attribute. The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.

tcp.idle_timeout.seconds - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.

The following attributes are only supported by Application Load Balancers.

routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Serial-Number HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_issuer.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Issuer HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_subject.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Subject HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_validity.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Validity HTTP request header.
routing.http.request.x_amzn_mtls_clientcert_leaf.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert-Leaf HTTP request header.
routing.http.request.x_amzn_mtls_clientcert.header_name - Enables you to modify the header name of the X-Amzn-Mtls-Clientcert HTTP request header.
routing.http.request.x_amzn_tls_version.header_name - Enables you to modify the header name of the X-Amzn-Tls-Version HTTP request header.
routing.http.request.x_amzn_tls_cipher_suite.header_name - Enables you to modify the header name of the X-Amzn-Tls-Cipher-Suite HTTP request header.
routing.http.response.server.enabled - Enables you to allow or remove the HTTP response server header.
routing.http.response.strict_transport_security.header_value - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
routing.http.response.access_control_allow_origin.header_value - Specifies which origins are allowed to access the server.
routing.http.response.access_control_allow_methods.header_value - Returns which HTTP methods are allowed when accessing the server from a different origin.
routing.http.response.access_control_allow_headers.header_value - Specifies which headers can be used during the request.
routing.http.response.access_control_allow_credentials.header_value - Indicates whether the browser should include credentials such as cookies or authentication when making requests.
routing.http.response.access_control_expose_headers.header_value - Returns which headers the browser can expose to the requesting client.
routing.http.response.access_control_max_age.header_value - Specifies how long the results of a preflight request can be cached, in seconds.
routing.http.response.content_security_policy.header_value - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.
routing.http.response.x_content_type_options.header_value - Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed.
routing.http.response.x_frame_options.header_value - Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object.

value String

The value of the attribute.

ListenerAuthenticateCognitoConfig
, ListenerAuthenticateCognitoConfigArgs

UserPoolArn string

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.

UserPoolClientId string

The ID of the Amazon Cognito user pool client.

UserPoolDomain string

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.

AuthenticationRequestExtraParams Dictionary<string, string>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

OnUnauthenticatedRequest string

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

Scope string

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

SessionCookieName string

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

SessionTimeout string

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

UserPoolArn string

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.

UserPoolClientId string

The ID of the Amazon Cognito user pool client.

UserPoolDomain string

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.

AuthenticationRequestExtraParams map[string]string

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

OnUnauthenticatedRequest string

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

Scope string

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

SessionCookieName string

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

SessionTimeout string

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

userPoolArn String

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.

userPoolClientId String

The ID of the Amazon Cognito user pool client.

userPoolDomain String

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.

authenticationRequestExtraParams Map<String,String>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

onUnauthenticatedRequest String

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope String

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

sessionCookieName String

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

sessionTimeout String

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

userPoolArn string

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.

userPoolClientId string

The ID of the Amazon Cognito user pool client.

userPoolDomain string

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.

authenticationRequestExtraParams {[key: string]: string}

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

onUnauthenticatedRequest string

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope string

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

sessionCookieName string

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

sessionTimeout string

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

user_pool_arn str

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.

user_pool_client_id str

The ID of the Amazon Cognito user pool client.

user_pool_domain str

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.

authentication_request_extra_params Mapping[str, str]

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

on_unauthenticated_request str

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope str

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

session_cookie_name str

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

session_timeout str

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

userPoolArn String

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.

userPoolClientId String

The ID of the Amazon Cognito user pool client.

userPoolDomain String

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.

authenticationRequestExtraParams Map<String>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

onUnauthenticatedRequest String

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope String

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

sessionCookieName String

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

sessionTimeout String

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

ListenerAuthenticateOidcConfig
, ListenerAuthenticateOidcConfigArgs

AuthorizationEndpoint string

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

ClientId string

The OAuth 2.0 client identifier.

Issuer string

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

TokenEndpoint string

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

UserInfoEndpoint string

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

AuthenticationRequestExtraParams Dictionary<string, string>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

ClientSecret string

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

OnUnauthenticatedRequest string

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

Scope string

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

SessionCookieName string

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

SessionTimeout string

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

UseExistingClientSecret bool

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

AuthorizationEndpoint string

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

ClientId string

The OAuth 2.0 client identifier.

Issuer string

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

TokenEndpoint string

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

UserInfoEndpoint string

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

AuthenticationRequestExtraParams map[string]string

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

ClientSecret string

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

OnUnauthenticatedRequest string

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

Scope string

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

SessionCookieName string

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

SessionTimeout string

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

UseExistingClientSecret bool

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

authorizationEndpoint String

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

clientId String

The OAuth 2.0 client identifier.

issuer String

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

tokenEndpoint String

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

userInfoEndpoint String

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticationRequestExtraParams Map<String,String>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

clientSecret String

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

onUnauthenticatedRequest String

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope String

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

sessionCookieName String

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

sessionTimeout String

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

useExistingClientSecret Boolean

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

authorizationEndpoint string

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

clientId string

The OAuth 2.0 client identifier.

issuer string

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

tokenEndpoint string

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

userInfoEndpoint string

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticationRequestExtraParams {[key: string]: string}

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

clientSecret string

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

onUnauthenticatedRequest string

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope string

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

sessionCookieName string

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

sessionTimeout string

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

useExistingClientSecret boolean

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

authorization_endpoint str

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

client_id str

The OAuth 2.0 client identifier.

issuer str

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

token_endpoint str

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

user_info_endpoint str

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authentication_request_extra_params Mapping[str, str]

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

client_secret str

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

on_unauthenticated_request str

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope str

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

session_cookie_name str

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

session_timeout str

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

use_existing_client_secret bool

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

authorizationEndpoint String

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

clientId String

The OAuth 2.0 client identifier.

issuer String

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

tokenEndpoint String

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

userInfoEndpoint String

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticationRequestExtraParams Map<String>

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

clientSecret String

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

onUnauthenticatedRequest String

The behavior if the user is not authenticated. The following are possible values:

deny```` - Return an HTTP 401 Unauthorized error.
allow```` - Allow the request to be forwarded to the target.
authenticate```` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope String

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

sessionCookieName String

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

sessionTimeout String

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

useExistingClientSecret Boolean

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

ListenerCertificate
, ListenerCertificateArgs

CertificateArn string: The Amazon Resource Name (ARN) of the certificate.

CertificateArn string: The Amazon Resource Name (ARN) of the certificate.

certificateArn String: The Amazon Resource Name (ARN) of the certificate.

certificateArn string: The Amazon Resource Name (ARN) of the certificate.

certificate_arn str: The Amazon Resource Name (ARN) of the certificate.

certificateArn String: The Amazon Resource Name (ARN) of the certificate.

ListenerFixedResponseConfig
, ListenerFixedResponseConfigArgs

StatusCode string: The HTTP response code (2XX, 4XX, or 5XX).
ContentType string: The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
MessageBody string: The message.

StatusCode string: The HTTP response code (2XX, 4XX, or 5XX).
ContentType string: The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
MessageBody string: The message.

statusCode String: The HTTP response code (2XX, 4XX, or 5XX).
contentType String: The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
messageBody String: The message.

statusCode string: The HTTP response code (2XX, 4XX, or 5XX).
contentType string: The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
messageBody string: The message.

status_code str: The HTTP response code (2XX, 4XX, or 5XX).
content_type str: The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
message_body str: The message.

statusCode String: The HTTP response code (2XX, 4XX, or 5XX).
contentType String: The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
messageBody String: The message.

ListenerForwardConfig
, ListenerForwardConfigArgs

TargetGroupStickinessConfig Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerTargetGroupStickinessConfig: Information about the target group stickiness for a rule.
TargetGroups List<Pulumi.AwsNative.ElasticLoadBalancingV2.Inputs.ListenerTargetGroupTuple>: Information about how traffic will be distributed between multiple target groups in a forward rule.

TargetGroupStickinessConfig ListenerTargetGroupStickinessConfig: Information about the target group stickiness for a rule.
TargetGroups []ListenerTargetGroupTuple: Information about how traffic will be distributed between multiple target groups in a forward rule.

targetGroupStickinessConfig ListenerTargetGroupStickinessConfig: Information about the target group stickiness for a rule.
targetGroups List<ListenerTargetGroupTuple>: Information about how traffic will be distributed between multiple target groups in a forward rule.

targetGroupStickinessConfig ListenerTargetGroupStickinessConfig: Information about the target group stickiness for a rule.
targetGroups ListenerTargetGroupTuple[]: Information about how traffic will be distributed between multiple target groups in a forward rule.

target_group_stickiness_config ListenerTargetGroupStickinessConfig: Information about the target group stickiness for a rule.
target_groups Sequence[ListenerTargetGroupTuple]: Information about how traffic will be distributed between multiple target groups in a forward rule.

targetGroupStickinessConfig Property Map: Information about the target group stickiness for a rule.
targetGroups List<Property Map>: Information about how traffic will be distributed between multiple target groups in a forward rule.

ListenerMutualAuthentication
, ListenerMutualAuthenticationArgs

AdvertiseTrustStoreCaNames string: Indicates whether trust store CA certificate names are advertised.
IgnoreClientCertificateExpiry bool: Indicates whether expired client certificates are ignored.
Mode string: The client certificate handling method. Options are off, passthrough or verify. The default value is off.
TrustStoreArn string: The Amazon Resource Name (ARN) of the trust store.

AdvertiseTrustStoreCaNames string: Indicates whether trust store CA certificate names are advertised.
IgnoreClientCertificateExpiry bool: Indicates whether expired client certificates are ignored.
Mode string: The client certificate handling method. Options are off, passthrough or verify. The default value is off.
TrustStoreArn string: The Amazon Resource Name (ARN) of the trust store.

advertiseTrustStoreCaNames String: Indicates whether trust store CA certificate names are advertised.
ignoreClientCertificateExpiry Boolean: Indicates whether expired client certificates are ignored.
mode String: The client certificate handling method. Options are off, passthrough or verify. The default value is off.
trustStoreArn String: The Amazon Resource Name (ARN) of the trust store.

advertiseTrustStoreCaNames string: Indicates whether trust store CA certificate names are advertised.
ignoreClientCertificateExpiry boolean: Indicates whether expired client certificates are ignored.
mode string: The client certificate handling method. Options are off, passthrough or verify. The default value is off.
trustStoreArn string: The Amazon Resource Name (ARN) of the trust store.

advertise_trust_store_ca_names str: Indicates whether trust store CA certificate names are advertised.
ignore_client_certificate_expiry bool: Indicates whether expired client certificates are ignored.
mode str: The client certificate handling method. Options are off, passthrough or verify. The default value is off.
trust_store_arn str: The Amazon Resource Name (ARN) of the trust store.

advertiseTrustStoreCaNames String: Indicates whether trust store CA certificate names are advertised.
ignoreClientCertificateExpiry Boolean: Indicates whether expired client certificates are ignored.
mode String: The client certificate handling method. Options are off, passthrough or verify. The default value is off.
trustStoreArn String: The Amazon Resource Name (ARN) of the trust store.

ListenerRedirectConfig
, ListenerRedirectConfigArgs

StatusCode string: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
Host string: The hostname. This component is not percent-encoded. The hostname can contain #{host}.
Path string: The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
Port string: The port. You can specify a value from 1 to 65535 or #{port}.
Protocol string: The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.
Query string: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.

StatusCode string: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
Host string: The hostname. This component is not percent-encoded. The hostname can contain #{host}.
Path string: The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
Port string: The port. You can specify a value from 1 to 65535 or #{port}.
Protocol string: The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.
Query string: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.

statusCode String: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
host String: The hostname. This component is not percent-encoded. The hostname can contain #{host}.
path String: The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
port String: The port. You can specify a value from 1 to 65535 or #{port}.
protocol String: The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.
query String: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.

statusCode string: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
host string: The hostname. This component is not percent-encoded. The hostname can contain #{host}.
path string: The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
port string: The port. You can specify a value from 1 to 65535 or #{port}.
protocol string: The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.
query string: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.

status_code str: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
host str: The hostname. This component is not percent-encoded. The hostname can contain #{host}.
path str: The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
port str: The port. You can specify a value from 1 to 65535 or #{port}.
protocol str: The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.
query str: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.

statusCode String: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
host String: The hostname. This component is not percent-encoded. The hostname can contain #{host}.
path String: The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
port String: The port. You can specify a value from 1 to 65535 or #{port}.
protocol String: The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.
query String: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.

ListenerTargetGroupStickinessConfig
, ListenerTargetGroupStickinessConfigArgs

DurationSeconds int: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
Enabled bool: Indicates whether target group stickiness is enabled.

DurationSeconds int: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
Enabled bool: Indicates whether target group stickiness is enabled.

durationSeconds Integer: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
enabled Boolean: Indicates whether target group stickiness is enabled.

durationSeconds number: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
enabled boolean: Indicates whether target group stickiness is enabled.

duration_seconds int: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
enabled bool: Indicates whether target group stickiness is enabled.

durationSeconds Number: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
enabled Boolean: Indicates whether target group stickiness is enabled.

ListenerTargetGroupTuple
, ListenerTargetGroupTupleArgs

TargetGroupArn string: The Amazon Resource Name (ARN) of the target group.
Weight int: The weight. The range is 0 to 999.

TargetGroupArn string: The Amazon Resource Name (ARN) of the target group.
Weight int: The weight. The range is 0 to 999.

targetGroupArn String: The Amazon Resource Name (ARN) of the target group.
weight Integer: The weight. The range is 0 to 999.

targetGroupArn string: The Amazon Resource Name (ARN) of the target group.
weight number: The weight. The range is 0 to 999.

target_group_arn str: The Amazon Resource Name (ARN) of the target group.
weight int: The weight. The range is 0 to 999.

targetGroupArn String: The Amazon Resource Name (ARN) of the target group.
weight Number: The weight. The range is 0 to 999.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

pulumi/pulumi-aws-native

aws-native.elasticloadbalancingv2.Listener

On this page

On this page

Create Listener Resource

Constructor syntax

Parameters

Listener Resource Properties

Inputs

Outputs

Supporting Types

ListenerAction
, ListenerActionArgs

ListenerAttribute
, ListenerAttributeArgs

ListenerAuthenticateCognitoConfig
, ListenerAuthenticateCognitoConfigArgs

ListenerAuthenticateOidcConfig
, ListenerAuthenticateOidcConfigArgs

ListenerCertificate
, ListenerCertificateArgs

ListenerFixedResponseConfig
, ListenerFixedResponseConfigArgs

ListenerForwardConfig
, ListenerForwardConfigArgs

ListenerMutualAuthentication
, ListenerMutualAuthenticationArgs

ListenerRedirectConfig
, ListenerRedirectConfigArgs

ListenerTargetGroupStickinessConfig
, ListenerTargetGroupStickinessConfigArgs

ListenerTargetGroupTuple
, ListenerTargetGroupTupleArgs

Package Details

On this page

On this page

aws-native.elasticloadbalancingv2.Listener

On this page

On this page

Create Listener Resource

Constructor syntax

Parameters

Listener Resource Properties

Inputs

Outputs

Supporting Types

ListenerAction, ListenerActionArgs

ListenerAttribute, ListenerAttributeArgs

ListenerAuthenticateCognitoConfig, ListenerAuthenticateCognitoConfigArgs

ListenerAuthenticateOidcConfig, ListenerAuthenticateOidcConfigArgs

ListenerCertificate, ListenerCertificateArgs

ListenerFixedResponseConfig, ListenerFixedResponseConfigArgs

ListenerForwardConfig, ListenerForwardConfigArgs

ListenerMutualAuthentication, ListenerMutualAuthenticationArgs

ListenerRedirectConfig, ListenerRedirectConfigArgs

ListenerTargetGroupStickinessConfig, ListenerTargetGroupStickinessConfigArgs

ListenerTargetGroupTuple, ListenerTargetGroupTupleArgs

Package Details

On this page

On this page

ListenerAction
, ListenerActionArgs

ListenerAttribute
, ListenerAttributeArgs

ListenerAuthenticateCognitoConfig
, ListenerAuthenticateCognitoConfigArgs

ListenerAuthenticateOidcConfig
, ListenerAuthenticateOidcConfigArgs

ListenerCertificate
, ListenerCertificateArgs

ListenerFixedResponseConfig
, ListenerFixedResponseConfigArgs

ListenerForwardConfig
, ListenerForwardConfigArgs

ListenerMutualAuthentication
, ListenerMutualAuthenticationArgs

ListenerRedirectConfig
, ListenerRedirectConfigArgs

ListenerTargetGroupStickinessConfig
, ListenerTargetGroupStickinessConfigArgs

ListenerTargetGroupTuple
, ListenerTargetGroupTupleArgs