aws_elbv2_load_balancer

account_id

Type: STRING

attributes

Type: UNORDERED_LIST_STRUCT
Provider name: Attributes
Description: Information about the load balancer attributes.

  • key
    Type: STRING
    Provider name: Key
    Description: The name of the attribute. The following attributes are supported by all load balancers:
    • deletion_protection.enabled - Indicates whether deletion protection is enabled. The value is true or false. The default is false.
    • load_balancing.cross_zone.enabled - Indicates whether cross-zone load balancing is enabled. The possible values are true and false. The default for Network Load Balancers and Gateway Load Balancers is false. The default for Application Load Balancers is true, and cannot be changed.
    The following attributes are supported by both Application Load Balancers and Network Load Balancers:
    • access_logs.s3.enabled - Indicates whether access logs are enabled. The value is true or false. The default is false.
    • access_logs.s3.bucket - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
    • access_logs.s3.prefix - The prefix for the location in the S3 bucket for the access logs.
    • ipv6.deny_all_igw_traffic - Blocks internet gateway (IGW) access to the load balancer. It is set to false for internet-facing load balancers and true for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.
    The following attributes are supported by only Application Load Balancers:
    • idle_timeout.timeout_seconds - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.
    • routing.http.desync_mitigation_mode - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are monitor, defensive, and strictest. The default is defensive.
    • routing.http.drop_invalid_header_fields.enabled - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). The default is false.
    • routing.http.preserve_host_header.enabled - Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. The possible values are true and false. The default is false.
    • routing.http.x_amzn_tls_version_and_cipher_suite.enabled - Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are true and false. The default is false.
    • routing.http.xff_client_port.enabled - Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. The possible values are true and false. The default is false.
    • routing.http.xff_header_processing.mode - Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are append, preserve, and remove. The default is append.
      • If the value is append, the Application Load Balancer adds the client IP address (of the last hop) to the X-Forwarded-For header in the HTTP request before it sends it to targets.
      • If the value is preserve the Application Load Balancer preserves the X-Forwarded-For header in the HTTP request, and sends it to targets without any change.
      • If the value is remove, the Application Load Balancer removes the X-Forwarded-For header in the HTTP request before it sends it to targets.
    • routing.http2.enabled - Indicates whether HTTP/2 is enabled. The possible values are true and false. The default is true. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.
    • waf.fail_open.enabled - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values are true and false. The default is false.
    The following attributes are supported by only Network Load Balancers:
    • dns_record.client_routing_policy - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are availability_zone_affinity with 100 percent zonal affinity, partial_availability_zone_affinity with 85 percent zonal affinity, and any_availability_zone with 0 percent zonal affinity.
  • value
    Type: STRING
    Provider name: Value
    Description: The value of the attribute.

availability_zones

Type: UNORDERED_LIST_STRUCT
Provider name: AvailabilityZones
Description: The subnets for the load balancer.

  • load_balancer_addresses
    Type: UNORDERED_LIST_STRUCT
    Provider name: LoadBalancerAddresses
    Description: [Network Load Balancers] If you need static IP addresses for your load balancer, you can specify one Elastic IP address per Availability Zone when you create an internal-facing load balancer. For internal load balancers, you can specify a private IP address from the IPv4 range of the subnet.
    • allocation_id
      Type: STRING
      Provider name: AllocationId
      Description: [Network Load Balancers] The allocation ID of the Elastic IP address for an internal-facing load balancer.
    • i_pv6_address
      Type: STRING
      Provider name: IPv6Address
      Description: [Network Load Balancers] The IPv6 address.
    • ip_address
      Type: STRING
      Provider name: IpAddress
      Description: The static IP address.
    • private_ipv4_address
      Type: STRING
      Provider name: PrivateIPv4Address
      Description: [Network Load Balancers] The private IPv4 address for an internal load balancer.
  • outpost_id
    Type: STRING
    Provider name: OutpostId
    Description: [Application Load Balancers on Outposts] The ID of the Outpost.
  • subnet_id
    Type: STRING
    Provider name: SubnetId
    Description: The ID of the subnet. You can specify one subnet per Availability Zone.
  • zone_name
    Type: STRING
    Provider name: ZoneName
    Description: The name of the Availability Zone.

canonical_hosted_zone_id

Type: STRING
Provider name: CanonicalHostedZoneId
Description: The ID of the Amazon Route 53 hosted zone associated with the load balancer.

created_time

Type: TIMESTAMP
Provider name: CreatedTime
Description: The date and time the load balancer was created.

customer_owned_ipv4_pool

Type: STRING
Provider name: CustomerOwnedIpv4Pool
Description: [Application Load Balancers on Outposts] The ID of the customer-owned address pool.

dns_name

Type: STRING
Provider name: DNSName
Description: The public DNS name of the load balancer.

Type: STRING
Provider name: EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic
Description: Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink.

ip_address_type

Type: STRING
Provider name: IpAddressType
Description: The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).

listeners

Type: UNORDERED_LIST_STRUCT
Provider name: Listeners
Description: Information about the listeners.

  • alpn_policy
    Type: UNORDERED_LIST_STRING
    Provider name: AlpnPolicy
    Description: [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
  • certificates
    Type: UNORDERED_LIST_STRUCT
    Provider name: Certificates
    Description: [HTTPS or TLS listener] The default certificate for the listener.
    • certificate_arn
      Type: STRING
      Provider name: CertificateArn
      Description: The Amazon Resource Name (ARN) of the certificate.
    • is_default
      Type: BOOLEAN
      Provider name: IsDefault
      Description: Indicates whether the certificate is the default certificate. Do not set this value when specifying a certificate as an input. This value is not included in the output when describing a listener, but is included when describing listener certificates.
  • default_actions
    Type: UNORDERED_LIST_STRUCT
    Provider name: DefaultActions
    Description: The default actions for the listener.
    • authenticate_cognito_config
      Type: STRUCT
      Provider name: AuthenticateCognitoConfig
      Description: [HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.
      • authentication_request_extra_params
        Type: MAP_STRING_STRING
        Provider name: AuthenticationRequestExtraParams
        Description: The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
      • on_unauthenticated_request
        Type: STRING
        Provider name: OnUnauthenticatedRequest
        Description: The behavior if the user is not authenticated. The following are possible values:
        • deny - Return an HTTP 401 Unauthorized error.
        • allow - Allow the request to be forwarded to the target.
        • authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.
      • scope
        Type: STRING
        Provider name: Scope
        Description: The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
      • session_cookie_name
        Type: STRING
        Provider name: SessionCookieName
        Description: The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
      • session_timeout
        Type: INT64
        Provider name: SessionTimeout
        Description: The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
      • user_pool_arn
        Type: STRING
        Provider name: UserPoolArn
        Description: The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
      • user_pool_client_id
        Type: STRING
        Provider name: UserPoolClientId
        Description: The ID of the Amazon Cognito user pool client.
      • user_pool_domain
        Type: STRING
        Provider name: UserPoolDomain
        Description: The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
    • authenticate_oidc_config
      Type: STRUCT
      Provider name: AuthenticateOidcConfig
      Description: [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.
      • authentication_request_extra_params
        Type: MAP_STRING_STRING
        Provider name: AuthenticationRequestExtraParams
        Description: The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
      • authorization_endpoint
        Type: STRING
        Provider name: AuthorizationEndpoint
        Description: The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
      • client_id
        Type: STRING
        Provider name: ClientId
        Description: The OAuth 2.0 client identifier.
      • client_secret
        Type: STRING
        Provider name: ClientSecret
        Description: The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
      • issuer
        Type: STRING
        Provider name: Issuer
        Description: The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
      • on_unauthenticated_request
        Type: STRING
        Provider name: OnUnauthenticatedRequest
        Description: The behavior if the user is not authenticated. The following are possible values:
        • deny - Return an HTTP 401 Unauthorized error.
        • allow - Allow the request to be forwarded to the target.
        • authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.
      • scope
        Type: STRING
        Provider name: Scope
        Description: The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
      • session_cookie_name
        Type: STRING
        Provider name: SessionCookieName
        Description: The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
      • session_timeout
        Type: INT64
        Provider name: SessionTimeout
        Description: The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
      • token_endpoint
        Type: STRING
        Provider name: TokenEndpoint
        Description: The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
      • use_existing_client_secret
        Type: BOOLEAN
        Provider name: UseExistingClientSecret
        Description: Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
      • user_info_endpoint
        Type: STRING
        Provider name: UserInfoEndpoint
        Description: The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
    • fixed_response_config
      Type: STRUCT
      Provider name: FixedResponseConfig
      Description: [Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.
      • content_type
        Type: STRING
        Provider name: ContentType
        Description: The content type. Valid Values: text/plain | text/css | text/html | application/javascript | application/json
      • message_body
        Type: STRING
        Provider name: MessageBody
        Description: The message.
      • status_code
        Type: STRING
        Provider name: StatusCode
        Description: The HTTP response code (2XX, 4XX, or 5XX).
    • forward_config
      Type: STRUCT
      Provider name: ForwardConfig
      Description: Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
      • target_group_stickiness_config
        Type: STRUCT
        Provider name: TargetGroupStickinessConfig
        Description: The target group stickiness for the rule.
        • duration_seconds
          Type: INT32
          Provider name: DurationSeconds
          Description: The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).
        • enabled
          Type: BOOLEAN
          Provider name: Enabled
          Description: Indicates whether target group stickiness is enabled.
      • target_groups
        Type: UNORDERED_LIST_STRUCT
        Provider name: TargetGroups
        Description: The target groups. For Network Load Balancers, you can specify a single target group.
        • target_group_arn
          Type: STRING
          Provider name: TargetGroupArn
          Description: The Amazon Resource Name (ARN) of the target group.
        • weight
          Type: INT32
          Provider name: Weight
          Description: The weight. The range is 0 to 999.
    • order
      Type: INT32
      Provider name: Order
      Description: The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
    • redirect_config
      Type: STRUCT
      Provider name: RedirectConfig
      Description: [Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.
      • host
        Type: STRING
        Provider name: Host
        Description: The hostname. This component is not percent-encoded. The hostname can contain #{host}.
      • path
        Type: STRING
        Provider name: Path
        Description: The absolute path, starting with the leading “/”. This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
      • port
        Type: STRING
        Provider name: Port
        Description: The port. You can specify a value from 1 to 65535 or #{port}.
      • protocol
        Type: STRING
        Provider name: Protocol
        Description: The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
      • query
        Type: STRING
        Provider name: Query
        Description: The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading “?”, as it is automatically added. You can specify any of the reserved keywords.
      • status_code
        Type: STRING
        Provider name: StatusCode
        Description: The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
    • target_group_arn
      Type: STRING
      Provider name: TargetGroupArn
      Description: The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.
    • type
      Type: STRING
      Provider name: Type
      Description: The type of action.
  • listener_arn
    Type: STRING
    Provider name: ListenerArn
    Description: The Amazon Resource Name (ARN) of the listener.
  • load_balancer_arn
    Type: STRING
    Provider name: LoadBalancerArn
    Description: The Amazon Resource Name (ARN) of the load balancer.
  • port
    Type: INT32
    Provider name: Port
    Description: The port on which the load balancer is listening.
  • protocol
    Type: STRING
    Provider name: Protocol
    Description: The protocol for connections from clients to the load balancer.
  • ssl_policy
    Type: STRING
    Provider name: SslPolicy
    Description: [HTTPS or TLS listener] The security policy that defines which protocols and ciphers are supported.

load_balancer_arn

Type: STRING
Provider name: LoadBalancerArn
Description: The Amazon Resource Name (ARN) of the load balancer.

load_balancer_name

Type: STRING
Provider name: LoadBalancerName
Description: The name of the load balancer.

scheme

Type: STRING
Provider name: Scheme
Description: The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer.

security_groups

Type: UNORDERED_LIST_STRING
Provider name: SecurityGroups
Description: The IDs of the security groups for the load balancer.

state

Type: STRUCT
Provider name: State
Description: The state of the load balancer.

  • code
    Type: STRING
    Provider name: Code
    Description: The state code. The initial state of the load balancer is provisioning. After the load balancer is fully set up and ready to route traffic, its state is active. If load balancer is routing traffic but does not have the resources it needs to scale, its state isactive_impaired. If the load balancer could not be set up, its state is failed.
  • reason
    Type: STRING
    Provider name: Reason
    Description: A description of the state.

tags

Type: UNORDERED_LIST_STRING

type

Type: STRING
Provider name: Type
Description: The type of load balancer.

vpc_id

Type: STRING
Provider name: VpcId
Description: The ID of the VPC for the load balancer.