aws::network-load-balancer-listener

Example

aws::network-load-balancer-listener listener-example
    port: "80"
    protocol: "TCP"
    nlb: $(aws::network-load-balancer nlb-example | load-balancer)

    default-action
        target-group-arn: $(aws::load-balancer-target-group target-group-example | target-group-arn)
        type: "forward"
    end
end

Attributes

Attribute Description
certificate list subresource

List of certificates associated with the listener.

arn
ARN of the certificate. (Required)
is-default
Determines if the certificate is default.
default-certificate The default certificate ARN associated with the listener. Required with HTTPS protocol.
port Connection port between client and the load balancer. (Required)
protocol Connection protocol between client and the load balancer. (Required)
ssl-policy Security policy that defines supported protocols and ciphers.
default-action subresource

The default action associated with the listener. (Required)

authenticate-cognito-action subresource

Authentication through user pools supported by Amazon Cognito. Cannot be set if any of authenticate-oidc-action, fixed-response-action, forward-action or redirect-action is set.

extra-params map
Up to 10 query parameters to include in the redirect request to the authorization endpoint.
on-unauthenticated-request

The behavior if the use is not authenticated.

Defaults to authenticate.

scope
The set of user claims to be request from th IdP. Defaults to openid.
session-cookie-name
The name of the cookie used to maintain session information. Defaults to AWSELBAuthSessionCookie.
session-timeout
The maximum duration of the authentication session. Defaults to 604800 seconds.
user-pool-arn
The arn of the cognito user pool associated with the action.
user-pool-client
The cognito user pool client resource associated with the action.
user-pool-domain
The user pool domain resource associated with the user pool.
authenticate-oidc-action subresource

Authentication through provider that is OpenID Connect (OIDC) compliant. Cannot be set if any of authenticate-cognito-action, fixed-response-action, forward-action or redirect-action is set.

extra-params map
Up to 10 query parameters to include in the redirect request to the authorization endpoint.
authorization-endpoint
The authorization endpoint of the IdP.
client-id
The OAuth 2.0 client identifier.
client-secret
The OAuth 2.0 client secret. Required if creating a rule.
issuer
The OIDC issuer identifier of the IdP.
on-unauthenticated-request

The behavior if the use is not authenticated.

Defaults to authenticate.

scope
The set of user claims to be request from th IdP. Defaults to openid.
session-cookie-name
The name of the cookie used to maintain session information. Defaults to AWSELBAuthSessionCookie.
session-timeout
The maximum duration of the authentication session. Defaults to 604800 seconds.
token-endpoint
The token endpoint of the IdP.
user-info-endpoint
The user token endpoint of the IdP.
forward-action subresource

Action to support multiple ALB Target groups. If both this field and {@link TargetGroupResource}

are defined, they must match and only will support a single target. This field should be used when forward weights should be used. Cannot be set if any of authenticate-cognito-action, authenticate-oidc-action, fixed-response-action or redirect-action is set.

target-group-weight list subresource

The list of target groups and their associated weight for forwarding.

target-group
The target group to which requests are forwarded
weight

The weight of the ratio of requests forwarded to the given target group.

The ratio is this weight / total weights from all target groups configured

target-group-stickiness subresource

The configuration to determine if subsequent requests should stay with the same target group.

enabled
When set to true, the requests will be directed to the same target group
duration
The amount of time for which requests should be directed to the same target group
fixed-response-action subresource

Used to specify a custom response for an action. Cannot be set if any of authenticate-cognito-action, authenticate-oidc-action, forward-action or redirect-action is set.

content-type
The content type.
message-body
The message.
status-code
The status code.
order
The order in which the action should take place.
redirect-action subresource

Redirect requests from one URL to another. Cannot be set if any of authenticate-cognito-action, authenticate-oidc-action, fixed-response-action or forward-action is set.

host
The hostname.
path
The absolute path starting with “/”.
port
The port.
protocol
The protocol.
query
The query parameters.
status-code
The HTTP redirect code.
validate list
Actions can only have a single type configured.
nlb The nlb that the listener is attached to. (Required)

Outputs

Attribute Description
arn The arn of the listener.