String type
The type of action.
String targetGroupArn
The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward
and you want to route to a single target group. To route to one or more target groups, use
ForwardConfig instead.
AuthenticateOidcActionConfig authenticateOidcConfig
[HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify
only when Type is authenticate-oidc.
AuthenticateCognitoActionConfig authenticateCognitoConfig
[HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when Type
is authenticate-cognito.
Integer order
The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
RedirectActionConfig redirectConfig
[Application Load Balancer] Information for creating a redirect action. Specify only when Type is
redirect.
FixedResponseActionConfig fixedResponseConfig
[Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only
when Type is fixed-response.
ForwardActionConfig forwardConfig
Information for creating an action that distributes requests among one or more target groups. For Network Load
Balancers, you can specify a single target group. Specify only when Type is forward. If
you specify both ForwardConfig and TargetGroupArn, you can specify only one target
group using ForwardConfig and it must be the same target group specified in
TargetGroupArn.
String userPoolArn
The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
String userPoolClientId
The ID of the Amazon Cognito user pool client.
String userPoolDomain
The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
String sessionCookieName
The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
String scope
The set of user claims to be requested from the IdP. The default is openid.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
Long sessionTimeout
The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
Map<K,V> authenticationRequestExtraParams
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
String onUnauthenticatedRequest
The behavior if the user is not authenticated. The following are possible values:
deny - Return an HTTP 401 Unauthorized error.
allow - Allow the request to be forwarded to the target.
authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.
String issuer
The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
String authorizationEndpoint
The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
String tokenEndpoint
The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
String userInfoEndpoint
The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
String clientId
The OAuth 2.0 client identifier.
String clientSecret
The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule,
you can omit this parameter if you set UseExistingClientSecret to true.
String sessionCookieName
The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
String scope
The set of user claims to be requested from the IdP. The default is openid.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
Long sessionTimeout
The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
Map<K,V> authenticationRequestExtraParams
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
String onUnauthenticatedRequest
The behavior if the user is not authenticated. The following are possible values:
deny - Return an HTTP 401 Unauthorized error.
allow - Allow the request to be forwarded to the target.
authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.
Boolean useExistingClientSecret
Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
String zoneName
The name of the Availability Zone.
String subnetId
The ID of the subnet. You can specify one subnet per Availability Zone.
String outpostId
[Application Load Balancers on Outposts] The ID of the Outpost.
List<E> loadBalancerAddresses
[Network Load Balancers] If you need static IP addresses for your load balancer, you can specify one Elastic IP address per Availability Zone when you create an internal-facing load balancer. For internal load balancers, you can specify a private IP address from the IPv4 range of the subnet.
String certificateArn
The Amazon Resource Name (ARN) of the certificate.
Boolean isDefault
Indicates whether the certificate is the default certificate. Do not set this value when specifying a certificate as an input. This value is not included in the output when describing a listener, but is included when describing listener certificates.
String loadBalancerArn
The Amazon Resource Name (ARN) of the load balancer.
String protocol
The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
Integer port
The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
String sslPolicy
[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.
For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.
List<E> certificates
[HTTPS and TLS listeners] The default certificate for the listener. You must provide exactly one certificate. Set
CertificateArn to the certificate ARN but do not set IsDefault.
List<E> defaultActions
The actions for the default rule.
List<E> alpnPolicy
[TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) policy. You can specify one policy name. The following are the possible values:
HTTP1Only
HTTP2Only
HTTP2Optional
HTTP2Preferred
None
For more information, see ALPN policies in the Network Load Balancers Guide.
List<E> tags
The tags to assign to the listener.
String name
The name of the load balancer.
This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-".
List<E> subnets
The IDs of the public subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings.
[Application Load Balancers] You must specify subnets from at least two Availability Zones.
[Application Load Balancers on Outposts] You must specify one Outpost subnet.
[Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.
[Network Load Balancers] You can specify subnets from one or more Availability Zones.
[Gateway Load Balancers] You can specify subnets from one or more Availability Zones.
List<E> subnetMappings
The IDs of the public subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings.
[Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets.
[Application Load Balancers on Outposts] You must specify one Outpost subnet.
[Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.
[Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet.
[Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You cannot specify Elastic IP addresses for your subnets.
List<E> securityGroups
[Application Load Balancers] The IDs of the security groups for the load balancer.
String scheme
The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet.
The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer.
The default is an Internet-facing load balancer.
You cannot specify a scheme for a Gateway Load Balancer.
List<E> tags
The tags to assign to the load balancer.
String type
The type of load balancer. The default is application.
String ipAddressType
The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4
(for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
String customerOwnedIpv4Pool
[Application Load Balancers on Outposts] The ID of the customer-owned address pool (CoIP pool).
String listenerArn
The Amazon Resource Name (ARN) of the listener.
List<E> conditions
The conditions.
Integer priority
The rule priority. A listener can't have multiple rules with the same priority.
List<E> actions
The actions.
List<E> tags
The tags to assign to the rule.
String name
The name of the target group.
This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.
String protocol
The protocol to use for routing traffic to the targets. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, or TCP_UDP. For Gateway Load Balancers, the supported protocol is GENEVE. A TCP_UDP listener must be associated with a TCP_UDP target group. If the target is a Lambda function, this parameter does not apply.
String protocolVersion
[HTTP/HTTPS protocol] The protocol version. Specify GRPC to send requests to targets using gRPC.
Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which
sends requests to targets using HTTP/1.1.
Integer port
The port on which the targets receive traffic. This port is used unless you specify a port override when registering the target. If the target is a Lambda function, this parameter does not apply. If the protocol is GENEVE, the supported port is 6081.
String vpcId
The identifier of the virtual private cloud (VPC). If the target is a Lambda function, this parameter does not apply. Otherwise, this parameter is required.
String healthCheckProtocol
The protocol the load balancer uses when performing health checks on targets. For Application Load Balancers, the default is HTTP. For Network Load Balancers and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported for health checks if the protocol of the target group is HTTP or HTTPS. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks.
String healthCheckPort
The port the load balancer uses when performing health checks on targets. If the protocol is HTTP, HTTPS, TCP,
TLS, UDP, or TCP_UDP, the default is traffic-port, which is the port on which each target receives
traffic from the load balancer. If the protocol is GENEVE, the default is port 80.
Boolean healthCheckEnabled
Indicates whether health checks are enabled. If the target type is lambda, health checks are
disabled by default but can be enabled. If the target type is instance, ip, or
alb, health checks are always enabled and cannot be disabled.
String healthCheckPath
[HTTP/HTTPS health checks] The destination for health checks on the targets.
[HTTP1 or HTTP2 protocol version] The ping path. The default is /.
[GRPC protocol version] The path of a custom health check method with the format /package.service/method. The default is /Amazon Web Services.ALB/healthcheck.
Integer healthCheckIntervalSeconds
The approximate amount of time, in seconds, between health checks of an individual target. If the target group
protocol is TCP, TLS, UDP, or TCP_UDP, the supported values are 10 and 30 seconds. If the target group protocol
is HTTP or HTTPS, the default is 30 seconds. If the target group protocol is GENEVE, the default is 10 seconds.
If the target type is lambda, the default is 35 seconds.
Integer healthCheckTimeoutSeconds
The amount of time, in seconds, during which no response from a target means a failed health check. For target
groups with a protocol of HTTP, HTTPS, or GENEVE, the default is 5 seconds. For target groups with a protocol of
TCP or TLS, this value must be 6 seconds for HTTP health checks and 10 seconds for TCP and HTTPS health checks.
If the target type is lambda, the default is 30 seconds.
Integer healthyThresholdCount
The number of consecutive health checks successes required before considering an unhealthy target healthy. For
target groups with a protocol of HTTP or HTTPS, the default is 5. For target groups with a protocol of TCP, TLS,
or GENEVE, the default is 3. If the target type is lambda, the default is 5.
Integer unhealthyThresholdCount
The number of consecutive health check failures required before considering a target unhealthy. If the target
group protocol is HTTP or HTTPS, the default is 2. If the target group protocol is TCP or TLS, this value must be
the same as the healthy threshold count. If the target group protocol is GENEVE, the default is 3. If the target
type is lambda, the default is 2.
Matcher matcher
[HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for a successful response from a target.
String targetType
The type of target that you must specify when registering targets with this target group. You can't specify targets for a target group using more than one target type.
instance - Register targets by instance ID. This is the default value.
ip - Register targets by IP address. You can specify IP addresses from the subnets of the virtual
private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and
the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.
lambda - Register a single Lambda function as a target.
alb - Register a single Application Load Balancer as a target.
List<E> tags
The tags to assign to the target group.
String ipAddressType
The type of IP address used for this target group. The possible values are ipv4 and
ipv6. This is an optional parameter. If not specified, the IP address type defaults to
ipv4.
String listenerArn
The Amazon Resource Name (ARN) of the listener.
String loadBalancerArn
The Amazon Resource Name (ARN) of the load balancer.
String ruleArn
The Amazon Resource Name (ARN) of the rule.
String targetGroupArn
The Amazon Resource Name (ARN) of the target group.
String loadBalancerArn
The Amazon Resource Name (ARN) of the load balancer.
List<E> listenerArns
The Amazon Resource Names (ARN) of the listeners.
String marker
The marker for the next set of results. (You received this marker from a previous call.)
Integer pageSize
The maximum number of results to return with this call.
String loadBalancerArn
The Amazon Resource Name (ARN) of the load balancer.
List<E> loadBalancerArns
The Amazon Resource Names (ARN) of the load balancers. You can specify up to 20 load balancers in a single call.
List<E> names
The names of the load balancers.
String marker
The marker for the next set of results. (You received this marker from a previous call.)
Integer pageSize
The maximum number of results to return with this call.
String listenerArn
The Amazon Resource Name (ARN) of the listener.
List<E> ruleArns
The Amazon Resource Names (ARN) of the rules.
String marker
The marker for the next set of results. (You received this marker from a previous call.)
Integer pageSize
The maximum number of results to return with this call.
List<E> names
The names of the policies.
String marker
The marker for the next set of results. (You received this marker from a previous call.)
Integer pageSize
The maximum number of results to return with this call.
String loadBalancerType
The type of load balancer. The default lists the SSL policies for all load balancers.
String targetGroupArn
The Amazon Resource Name (ARN) of the target group.
String loadBalancerArn
The Amazon Resource Name (ARN) of the load balancer.
List<E> targetGroupArns
The Amazon Resource Names (ARN) of the target groups.
List<E> names
The names of the target groups.
String marker
The marker for the next set of results. (You received this marker from a previous call.)
Integer pageSize
The maximum number of results to return with this call.
List<E> targetGroups
One or more target groups. For Network Load Balancers, you can specify a single target group.
TargetGroupStickinessConfig targetGroupStickinessConfig
The target group stickiness for the rule.
List<E> values
One or more host names. The maximum size of each name is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).
If you specify multiple strings, the condition is satisfied if one of the strings matches the host name.
String httpHeaderName
The name of the HTTP header field. The maximum size is 40 characters. The header name is case insensitive. The allowed characters are specified by RFC 7230. Wildcards are not supported.
You can't use an HTTP header condition to specify the host header. Use HostHeaderConditionConfig to specify a host header condition.
List<E> values
One or more strings to compare against the value of the HTTP header. The maximum size of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).
If the same header appears multiple times in the request, we search them in order until a match is found.
If you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string.
List<E> values
The name of the request method. The maximum size is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.
If you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached.
String name
The name of the limit. The possible values are:
application-load-balancers
condition-values-per-alb-rule
condition-wildcards-per-alb-rule
gateway-load-balancers
gateway-load-balancers-per-vpc
geneve-target-groups
listeners-per-application-load-balancer
listeners-per-network-load-balancer
network-load-balancers
rules-per-application-load-balancer
target-groups
target-groups-per-action-on-application-load-balancer
target-groups-per-action-on-network-load-balancer
target-groups-per-application-load-balancer
targets-per-application-load-balancer
targets-per-availability-zone-per-gateway-load-balancer
targets-per-availability-zone-per-network-load-balancer
targets-per-network-load-balancer
String max
The maximum value of the limit.
String listenerArn
The Amazon Resource Name (ARN) of the listener.
String loadBalancerArn
The Amazon Resource Name (ARN) of the load balancer.
Integer port
The port on which the load balancer is listening.
String protocol
The protocol for connections from clients to the load balancer.
List<E> certificates
[HTTPS or TLS listener] The default certificate for the listener.
String sslPolicy
[HTTPS or TLS listener] The security policy that defines which protocols and ciphers are supported.
List<E> defaultActions
The default actions for the listener.
List<E> alpnPolicy
[TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
String loadBalancerArn
The Amazon Resource Name (ARN) of the load balancer.
String dNSName
The public DNS name of the load balancer.
String canonicalHostedZoneId
The ID of the Amazon Route 53 hosted zone associated with the load balancer.
Date createdTime
The date and time the load balancer was created.
String loadBalancerName
The name of the load balancer.
String scheme
The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet.
The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer.
String vpcId
The ID of the VPC for the load balancer.
LoadBalancerState state
The state of the load balancer.
String type
The type of load balancer.
List<E> availabilityZones
The subnets for the load balancer.
List<E> securityGroups
The IDs of the security groups for the load balancer.
String ipAddressType
The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4
(for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses).
String customerOwnedIpv4Pool
[Application Load Balancers on Outposts] The ID of the customer-owned address pool.
String ipAddress
The static IP address.
String allocationId
[Network Load Balancers] The allocation ID of the Elastic IP address for an internal-facing load balancer.
String privateIPv4Address
[Network Load Balancers] The private IPv4 address for an internal load balancer.
String iPv6Address
[Network Load Balancers] The IPv6 address.
String key
The name of the attribute.
The following attribute is supported by all load balancers:
deletion_protection.enabled - Indicates whether deletion protection is enabled. The value is
true or false. The default is false.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
access_logs.s3.enabled - Indicates whether access logs are enabled. The value is true
or false. The default is false.
access_logs.s3.bucket - The name of the S3 bucket for the access logs. This attribute is required if
access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy
that grants Elastic Load Balancing permissions to write to the bucket.
access_logs.s3.prefix - The prefix for the location in the S3 bucket for the access logs.
ipv6.deny-all-igw-traffic - Blocks internet gateway (IGW) access to the load balancer. It is set to
false for internet-facing load balancers and true for internal load balancers,
preventing unintended access to your internal load balancer through an internet gateway.
The following attributes are supported by only Application Load Balancers:
idle_timeout.timeout_seconds - The idle timeout value, in seconds. The valid range is 1-4000
seconds. The default is 60 seconds.
routing.http.desync_mitigation_mode - Determines how the load balancer handles requests that might
pose a security risk to your application. The possible values are monitor, defensive,
and strictest. The default is defensive.
routing.http.drop_invalid_header_fields.enabled - Indicates whether HTTP headers with invalid header
fields are removed by the load balancer (true) or routed to targets (false). The
default is false.
routing.http.x_amzn_tls_version_and_cipher_suite.enabled - Indicates whether the two headers (
x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the
negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The
x-amzn-tls-version header has information about the TLS protocol version negotiated with the client,
and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the
client. Both headers are in OpenSSL format. The possible values for the attribute are true and
false. The default is false.
routing.http.xff_client_port.enabled - Indicates whether the X-Forwarded-For header
should preserve the source port that the client used to connect to the load balancer. The possible values are
true and false. The default is false.
routing.http2.enabled - Indicates whether HTTP/2 is enabled. The possible values are
true and false. The default is true. Elastic Load Balancing requires that
message header names contain only alphanumeric characters and hyphens.
waf.fail_open.enabled - Indicates whether to allow a WAF-enabled load balancer to route requests to
targets if it is unable to forward the request to Amazon Web Services WAF. The possible values are
true and false. The default is false.
The following attribute is supported by Network Load Balancers and Gateway Load Balancers:
load_balancing.cross_zone.enabled - Indicates whether cross-zone load balancing is enabled. The
possible values are true and false. The default is false.
String value
The value of the attribute.
String code
The state code. The initial state of the load balancer is provisioning. After the load balancer is
fully set up and ready to route traffic, its state is active. If load balancer is routing traffic
but does not have the resources it needs to scale, its state isactive_impaired. If the load balancer
could not be set up, its state is failed.
String reason
A description of the state.
String httpCode
For Application Load Balancers, you can specify values between 200 and 499, and the default value is 200. You can specify multiple values (for example, "200,202") or a range of values (for example, "200-299").
For Network Load Balancers and Gateway Load Balancers, this must be "200–399".
Note that when using shorthand syntax, some values such as commas need to be escaped.
String grpcCode
You can specify values between 0 and 99. You can specify multiple values (for example, "0,1") or a range of values (for example, "0-5"). The default value is 12.
String listenerArn
The Amazon Resource Name (ARN) of the listener.
Integer port
The port for connections from clients to the load balancer. You cannot specify a port for a Gateway Load Balancer.
String protocol
The protocol for connections from clients to the load balancer. Application Load Balancers support the HTTP and HTTPS protocols. Network Load Balancers support the TCP, TLS, UDP, and TCP_UDP protocols. You can’t change the protocol to UDP or TCP_UDP if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
String sslPolicy
[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.
For more information, see Security policies in the Application Load Balancers Guide or Security policies in the Network Load Balancers Guide.
List<E> certificates
[HTTPS and TLS listeners] The default certificate for the listener. You must provide exactly one certificate. Set
CertificateArn to the certificate ARN but do not set IsDefault.
List<E> defaultActions
The actions for the default rule.
List<E> alpnPolicy
[TLS listeners] The name of the Application-Layer Protocol Negotiation (ALPN) policy. You can specify one policy name. The following are the possible values:
HTTP1Only
HTTP2Only
HTTP2Optional
HTTP2Preferred
None
For more information, see ALPN policies in the Network Load Balancers Guide.
String targetGroupArn
The Amazon Resource Name (ARN) of the target group.
String healthCheckProtocol
The protocol the load balancer uses when performing health checks on targets. For Application Load Balancers, the default is HTTP. For Network Load Balancers and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported for health checks if the protocol of the target group is HTTP or HTTPS. It is supported for health checks only if the protocol of the target group is TCP, TLS, UDP, or TCP_UDP. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks.
With Network Load Balancers, you can't modify this setting.
String healthCheckPort
The port the load balancer uses when performing health checks on targets.
String healthCheckPath
[HTTP/HTTPS health checks] The destination for health checks on the targets.
[HTTP1 or HTTP2 protocol version] The ping path. The default is /.
[GRPC protocol version] The path of a custom health check method with the format /package.service/method. The default is /Amazon Web Services.ALB/healthcheck.
Boolean healthCheckEnabled
Indicates whether health checks are enabled.
Integer healthCheckIntervalSeconds
The approximate amount of time, in seconds, between health checks of an individual target. For TCP health checks, the supported values are 10 or 30 seconds.
With Network Load Balancers, you can't modify this setting.
Integer healthCheckTimeoutSeconds
[HTTP/HTTPS health checks] The amount of time, in seconds, during which no response means a failed health check.
With Network Load Balancers, you can't modify this setting.
Integer healthyThresholdCount
The number of consecutive health checks successes required before considering an unhealthy target healthy.
Integer unhealthyThresholdCount
The number of consecutive health check failures required before considering the target unhealthy. For target groups with a protocol of TCP or TLS, this value must be the same as the healthy threshold count.
Matcher matcher
[HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for a successful response from a target.
With Network Load Balancers, you can't modify this setting.
List<E> values
One or more path patterns to compare against the request URL. The maximum size of each string is 128 characters. The comparison is case sensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).
If you specify multiple strings, the condition is satisfied if one of them matches the request URL. The path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use QueryStringConditionConfig.
List<E> values
One or more key/value pairs or values to find in the query string. The maximum size of each string is 128
characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or
more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query
string, you must escape these characters in Values using a '\' character.
If you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string.
String protocol
The protocol. You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
String port
The port. You can specify a value from 1 to 65535 or #{port}.
String host
The hostname. This component is not percent-encoded. The hostname can contain #{host}.
String path
The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
String query
The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
String statusCode
The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
String ruleArn
The Amazon Resource Name (ARN) of the rule.
String priority
The priority.
List<E> conditions
The conditions. Each rule can include zero or one of the following conditions: http-request-method,
host-header, path-pattern, and source-ip, and zero or more of the
following conditions: http-header and query-string.
List<E> actions
The actions. Each rule must include exactly one of the following types of actions: forward,
redirect, or fixed-response, and it must be the last action to be performed.
Boolean isDefault
Indicates whether this is the default rule.
String field
The field in the HTTP request. The following are the possible values:
http-header
http-request-method
host-header
path-pattern
query-string
source-ip
List<E> values
The condition value. Specify only when Field is host-header or
path-pattern. Alternatively, to specify multiple host names or multiple path patterns, use
HostHeaderConfig or PathPatternConfig.
If Field is host-header and you are not using HostHeaderConfig, you can
specify a single host name (for example, my.example.com) in Values. A host name is case insensitive,
can be up to 128 characters in length, and can contain any of the following characters.
A-Z, a-z, 0-9
- .
* (matches 0 or more characters)
? (matches exactly 1 character)
If Field is path-pattern and you are not using PathPatternConfig, you can
specify a single path pattern (for example, /img/*) in Values. A path pattern is case-sensitive, can
be up to 128 characters in length, and can contain any of the following characters.
A-Z, a-z, 0-9
_ - . $ / ~ " ' @ : +
& (using &)
* (matches 0 or more characters)
? (matches exactly 1 character)
HostHeaderConditionConfig hostHeaderConfig
Information for a host header condition. Specify only when Field is host-header.
PathPatternConditionConfig pathPatternConfig
Information for a path pattern condition. Specify only when Field is path-pattern.
HttpHeaderConditionConfig httpHeaderConfig
Information for an HTTP header condition. Specify only when Field is http-header.
QueryStringConditionConfig queryStringConfig
Information for a query string condition. Specify only when Field is query-string.
HttpRequestMethodConditionConfig httpRequestMethodConfig
Information for an HTTP method condition. Specify only when Field is
http-request-method.
SourceIpConditionConfig sourceIpConfig
Information for a source IP condition. Specify only when Field is source-ip.
String loadBalancerArn
The Amazon Resource Name (ARN) of the load balancer.
String ipAddressType
The IP address type. The possible values are ipv4 (for IPv4 addresses) and dualstack
(for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP
listener.
String ipAddressType
The IP address type.
String loadBalancerArn
The Amazon Resource Name (ARN) of the load balancer.
List<E> subnets
The IDs of the public subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings.
[Application Load Balancers] You must specify subnets from at least two Availability Zones.
[Application Load Balancers on Outposts] You must specify one Outpost subnet.
[Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.
[Network Load Balancers] You can specify subnets from one or more Availability Zones.
List<E> subnetMappings
The IDs of the public subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings.
[Application Load Balancers] You must specify subnets from at least two Availability Zones. You cannot specify Elastic IP addresses for your subnets.
[Application Load Balancers on Outposts] You must specify one Outpost subnet.
[Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.
[Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet.
String ipAddressType
[Network Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values
are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t
specify dualstack for a load balancer with a UDP or TCP_UDP listener. .
List<E> values
One or more source IP addresses, in CIDR format. You can use both IPv4 and IPv6 addresses. Wildcards are not supported.
If you specify multiple addresses, the condition is satisfied if the source IP address of the request matches one of the CIDR blocks. This condition is not satisfied by the addresses in the X-Forwarded-For header. To search for addresses in the X-Forwarded-For header, use HttpHeaderConditionConfig.
String subnetId
The ID of the subnet.
String allocationId
[Network Load Balancers] The allocation ID of the Elastic IP address for an internet-facing load balancer.
String privateIPv4Address
[Network Load Balancers] The private IPv4 address for an internal load balancer.
String iPv6Address
[Network Load Balancers] The IPv6 address.
String id
The ID of the target. If the target type of the target group is instance, specify an instance ID. If
the target type is ip, specify an IP address. If the target type is lambda, specify the
ARN of the Lambda function. If the target type is alb, specify the ARN of the Application Load
Balancer target.
Integer port
The port on which the target is listening. If the target group protocol is GENEVE, the supported port is 6081. If
the target type is alb, the targeted Application Load Balancer must have at least one listener whose
port matches the target group port. Not used if the target is a Lambda function.
String availabilityZone
An Availability Zone or all. This determines whether the target receives traffic from the load
balancer nodes in the specified Availability Zone or from all enabled Availability Zones for the load balancer.
This parameter is not supported if the target type of the target group is instance or
alb.
If the target type is ip and the IP address is in a subnet of the VPC for the target group, the
Availability Zone is automatically detected and this parameter is optional. If the IP address is outside the VPC,
this parameter is required.
With an Application Load Balancer, if the target type is ip and the IP address is outside the VPC
for the target group, the only supported value is all.
If the target type is lambda, this parameter is optional and the only supported value is
all.
String targetGroupArn
The Amazon Resource Name (ARN) of the target group.
String targetGroupName
The name of the target group.
String protocol
The protocol to use for routing traffic to the targets.
Integer port
The port on which the targets are listening. Not used if the target is a Lambda function.
String vpcId
The ID of the VPC for the targets.
String healthCheckProtocol
The protocol to use to connect with the target. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks.
String healthCheckPort
The port to use to connect with the target.
Boolean healthCheckEnabled
Indicates whether health checks are enabled.
Integer healthCheckIntervalSeconds
The approximate amount of time, in seconds, between health checks of an individual target.
Integer healthCheckTimeoutSeconds
The amount of time, in seconds, during which no response means a failed health check.
Integer healthyThresholdCount
The number of consecutive health checks successes required before considering an unhealthy target healthy.
Integer unhealthyThresholdCount
The number of consecutive health check failures required before considering the target unhealthy.
String healthCheckPath
The destination for health checks on the targets.
Matcher matcher
The HTTP or gRPC codes to use when checking for a successful response from a target.
List<E> loadBalancerArns
The Amazon Resource Names (ARN) of the load balancers that route traffic to this target group.
String targetType
The type of target that you must specify when registering targets with this target group. The possible values are
instance (register targets by instance ID), ip (register targets by IP address),
lambda (register a single Lambda function as a target), or alb (register a single
Application Load Balancer as a target).
String protocolVersion
[HTTP/HTTPS protocol] The protocol version. The possible values are GRPC, HTTP1, and
HTTP2.
String ipAddressType
The type of IP address used for this target group. The possible values are ipv4 and
ipv6. This is an optional parameter. If not specified, the IP address type defaults to
ipv4.
String key
The name of the attribute.
The following attribute is supported by all load balancers:
deregistration_delay.timeout_seconds - The amount of time, in seconds, for Elastic Load Balancing to
wait before changing the state of a deregistering target from draining to unused. The
range is 0-3600 seconds. The default value is 300 seconds. If the target is a Lambda function, this attribute is
not supported.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
stickiness.enabled - Indicates whether sticky sessions are enabled. The value is true
or false. The default is false.
stickiness.type - The type of sticky sessions. The possible values are lb_cookie and
app_cookie for Application Load Balancers or source_ip for Network Load Balancers.
The following attributes are supported only if the load balancer is an Application Load Balancer and the target is an instance or an IP address:
load_balancing.algorithm.type - The load balancing algorithm determines how the load balancer
selects targets when routing requests. The value is round_robin or
least_outstanding_requests. The default is round_robin.
slow_start.duration_seconds - The time period, in seconds, during which a newly registered target
receives an increasing share of the traffic to the target group. After this time period ends, the target receives
its full share of traffic. The range is 30-900 seconds (15 minutes). The default is 0 seconds (disabled).
stickiness.app_cookie.cookie_name - Indicates the name of the application-based cookie. Names that
start with the following prefixes are not allowed: AWSALB, AWSALBAPP, and
AWSALBTG; they're reserved for use by the load balancer.
stickiness.app_cookie.duration_seconds - The time period, in seconds, during which requests from a
client should be routed to the same target. After this time period expires, the application-based cookie is
considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).
stickiness.lb_cookie.duration_seconds - The time period, in seconds, during which requests from a
client should be routed to the same target. After this time period expires, the load balancer-generated cookie is
considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).
The following attribute is supported only if the load balancer is an Application Load Balancer and the target is a Lambda function:
lambda.multi_value_headers.enabled - Indicates whether the request and response headers that are
exchanged between the load balancer and the Lambda function include arrays of values or strings. The value is
true or false. The default is false. If the value is false
and the request contains a duplicate header field name or query parameter key, the load balancer uses the last
value sent by the client.
The following attributes are supported only by Network Load Balancers:
deregistration_delay.connection_termination.enabled - Indicates whether the load balancer terminates
connections at the end of the deregistration timeout. The value is true or false. The
default is false.
preserve_client_ip.enabled - Indicates whether client IP preservation is enabled. The value is
true or false. The default is disabled if the target group type is IP address and the
target group protocol is TCP or TLS. Otherwise, the default is enabled. Client IP preservation cannot be disabled
for UDP and TCP_UDP target groups.
proxy_protocol_v2.enabled - Indicates whether Proxy Protocol version 2 is enabled. The value is
true or false. The default is false.
String value
The value of the attribute.
String state
The state of the target.
String reason
The reason code.
If the target state is healthy, a reason code is not provided.
If the target state is initial, the reason code can be one of the following values:
Elb.RegistrationInProgress - The target is in the process of being registered with the load
balancer.
Elb.InitialHealthChecking - The load balancer is still sending the target the minimum number of
health checks required to determine its health status.
If the target state is unhealthy, the reason code can be one of the following values:
Target.ResponseCodeMismatch - The health checks did not return an expected HTTP code. Applies only
to Application Load Balancers and Gateway Load Balancers.
Target.Timeout - The health check requests timed out. Applies only to Application Load Balancers and
Gateway Load Balancers.
Target.FailedHealthChecks - The load balancer received an error while establishing a connection to
the target or the target response was malformed.
Elb.InternalError - The health checks failed due to an internal error. Applies only to Application
Load Balancers.
If the target state is unused, the reason code can be one of the following values:
Target.NotRegistered - The target is not registered with the target group.
Target.NotInUse - The target group is not used by any load balancer or the target is in an
Availability Zone that is not enabled for its load balancer.
Target.InvalidState - The target is in the stopped or terminated state.
Target.IpUnusable - The target IP address is reserved for use by a load balancer.
If the target state is draining, the reason code can be the following value:
Target.DeregistrationInProgress - The target is in the process of being deregistered and the
deregistration delay period has not expired.
If the target state is unavailable, the reason code can be the following value:
Target.HealthCheckDisabled - Health checks are disabled for the target group. Applies only to
Application Load Balancers.
Elb.InternalError - Target health is unavailable due to an internal error. Applies only to Network
Load Balancers.
String description
A description of the target health that provides additional details. If the state is healthy, a
description is not provided.
TargetDescription target
The description of the target.
String healthCheckPort
The port to use to connect with the target.
TargetHealth targetHealth
The health information for the target.
Copyright © 2022. All rights reserved.