AWS ELB

Set blue-green deployment strategy

Configure a blue-green deployment for the application load balancer using the given strategy. This modifies the default actions of the given listener. When stickiness is enabled, requests routed to a target group remain in the same group for the duration you specify.

Inputs

Field

Type

Description

region [required]

enum

default: us-east-1

listenerARN [required]

string

The Amazon Resource Name (ARN) of the load balancer listener.

blueTargetARN [required]

string

The Amazon Resource Name (ARN) of the blue target environment.

greenTargetARN [required]

string

The Amazon Resource Name (ARN) of the green target environment.

greenWeight

number

The percentage of traffic routed to the green environment. The default value is 0, meaning that the blue environment carries the full production traffic by default. The blue target weight is implicitly inferred.

enableStickiness

boolean

Enable target group stickiness. Defaults to False. For more information see the TargetGroupStickinessConfig type documentation.

stickinessDuration

number

The time period during which requests from a client are routed to the same target group.

Outputs

Expand All

Field

Type

Description

listener

object

ListenerArn

string

The Amazon Resource Name (ARN) of the listener.

LoadBalancerArn

string

The Amazon Resource Name (ARN) of the load balancer.

Port

number

The port on which the load balancer is listening.

Protocol

string

The protocol for connections from clients to the load balancer.

Certificates

[object]

[HTTPS or TLS listener] The default certificate for the listener.

CertificateArn

string

The Amazon Resource Name (ARN) of the certificate.

IsDefault

boolean

Indicates whether the certificate is the default certificate. Do not set this value when specifying a certificate as an input. This value is not included in the output when describing a listener, but is included when describing listener certificates.

SslPolicy

string

[HTTPS or TLS listener] The security policy that defines which protocols and ciphers are supported.

DefaultActions

[object]

The default actions for the listener.

Type [required]

string

The type of action.

TargetGroupArn

string

The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.

AuthenticateOidcConfig

object

[HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when Type is authenticate-oidc.

Issuer [required]

string

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

AuthorizationEndpoint [required]

string

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

TokenEndpoint [required]

string

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

UserInfoEndpoint [required]

string

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

ClientId [required]

string

The OAuth 2.0 client identifier.

ClientSecret

string

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

SessionCookieName

string

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

Scope

string

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

SessionTimeout

number

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

AuthenticationRequestExtraParams

object

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

OnUnauthenticatedRequest

string

The behavior if the user is not authenticated. The following are possible values:
deny - Return an HTTP 401 Unauthorized error.
allow - Allow the request to be forwarded to the target.
authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.

UseExistingClientSecret

boolean

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

AuthenticateCognitoConfig

object

[HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type is authenticate-cognito.

UserPoolArn [required]

string

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.

UserPoolClientId [required]

string

The ID of the Amazon Cognito user pool client.

UserPoolDomain [required]

string

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.

SessionCookieName

string

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

Scope

string

The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

SessionTimeout

number

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

AuthenticationRequestExtraParams

object

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

OnUnauthenticatedRequest

string

The behavior if the user is not authenticated. The following are possible values:
deny - Return an HTTP 401 Unauthorized error.
allow - Allow the request to be forwarded to the target.
authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.

Order

number

The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.

RedirectConfig

object

[Application Load Balancer] Information for creating a redirect action. Specify only when Type is redirect.

Protocol

string

The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.

Port

string

The port. You can specify a value from 1 to 65535 or #{port}.

Host

string

The hostname. This component is not percent-encoded. The hostname can contain #{host}.

Path

string

The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.

Query

string

The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.

StatusCode [required]

string

The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).

FixedResponseConfig

object

[Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when Type is fixed-response.

MessageBody

string

The message.

StatusCode [required]

string

The HTTP response code (2XX, 4XX, or 5XX).

ContentType

string

The content type. Valid Values: text/plain, text/css, text/html, application/javascript, application/json.

ForwardConfig

object

Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.

TargetGroups

[object]

One or more target groups. For Network Load Balancers, you can specify a single target group.

TargetGroupArn

string

The Amazon Resource Name (ARN) of the target group.

Weight

number

The weight. The range is 0 to 999.

TargetGroupStickinessConfig

object

The target group stickiness for the rule.

Enabled

boolean

Indicates whether target group stickiness is enabled.

DurationSeconds

number

The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).

AlpnPolicy

[string]

[TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.