@pulumi/aws

import * as outputs from "../types/output"; export interface GetAvailabilityZoneFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetAvailabilityZonesFilter { /** * Name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html). */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export interface GetRegionsFilter { /** * Name of the filter field. Valid values can be found in the [describe-regions AWS CLI Reference][1]. */ name: string; /** * Set of values that are accepted for the given filter field. Results will be selected if any given value matches. */ values: string[]; } export declare namespace accessanalyzer { interface AnalyzerConfiguration { /** * Specifies the configuration of an internal access analyzer for an AWS organization or account. This configuration determines how the analyzer evaluates access within your AWS environment. See `internalAccess` Block for details. */ internalAccess?: outputs.accessanalyzer.AnalyzerConfigurationInternalAccess; /** * Specifies the configuration of an unused access analyzer for an AWS organization or account. See `unusedAccess` Block for details. */ unusedAccess?: outputs.accessanalyzer.AnalyzerConfigurationUnusedAccess; } interface AnalyzerConfigurationInternalAccess { /** * Information about analysis rules for the internal access analyzer. These rules determine which resources and access patterns will be analyzed. See `analysisRule` Block for Internal Access Analyzer for details. */ analysisRule?: outputs.accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRule; } interface AnalyzerConfigurationInternalAccessAnalysisRule { /** * List of rules for the internal access analyzer containing criteria to include in analysis. Only resources that meet the rule criteria will generate findings. See `inclusion` Block for details. */ inclusions?: outputs.accessanalyzer.AnalyzerConfigurationInternalAccessAnalysisRuleInclusion[]; } interface AnalyzerConfigurationInternalAccessAnalysisRuleInclusion { /** * List of AWS account IDs to apply to the internal access analysis rule criteria. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. */ accountIds?: string[]; /** * List of resource ARNs to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources that match these ARNs. */ resourceArns?: string[]; /** * List of resource types to apply to the internal access analysis rule criteria. The analyzer will only generate findings for resources of these types. Refer to [InternalAccessAnalysisRuleCriteria](https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_InternalAccessAnalysisRuleCriteria.html) in the AWS IAM Access Analyzer API Reference for valid values. */ resourceTypes?: string[]; } interface AnalyzerConfigurationUnusedAccess { /** * Information about analysis rules for the analyzer. Analysis rules determine which entities will generate findings based on the criteria you define when you create the rule. See `analysisRule` Block for Unused Access Analyzer for details. */ analysisRule?: outputs.accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRule; /** * Specified access age in days for which to generate findings for unused access. */ unusedAccessAge?: number; } interface AnalyzerConfigurationUnusedAccessAnalysisRule { /** * List of rules for the analyzer containing criteria to exclude from analysis. Entities that meet the rule criteria will not generate findings. See `exclusion` Block for details. */ exclusions?: outputs.accessanalyzer.AnalyzerConfigurationUnusedAccessAnalysisRuleExclusion[]; } interface AnalyzerConfigurationUnusedAccessAnalysisRuleExclusion { /** * List of AWS account IDs to apply to the analysis rule criteria. The accounts cannot include the organization analyzer owner account. Account IDs can only be applied to the analysis rule criteria for organization-level analyzers. */ accountIds?: string[]; /** * List of key-value pairs for resource tags to exclude from the analysis. */ resourceTags?: { [key: string]: string; }[]; } interface ArchiveRuleFilter { /** * Contains comparator. */ contains: string[]; /** * Filter criteria. */ criteria: string; /** * Equals comparator. */ eqs: string[]; /** * Boolean comparator. */ exists: string; /** * Not Equals comparator. */ neqs: string[]; } } export declare namespace acm { interface CertificateDomainValidationOption { /** * Fully qualified domain name (FQDN) in the certificate. */ domainName: string; /** * The name of the DNS record to create to validate the certificate */ resourceRecordName: string; /** * The type of DNS record to create */ resourceRecordType: string; /** * The value the DNS record needs to have */ resourceRecordValue: string; } interface CertificateOptions { /** * Whether certificate details should be added to a certificate transparency log. Valid values are `ENABLED` or `DISABLED`. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details. */ certificateTransparencyLoggingPreference?: string; /** * Whether the certificate can be exported. Valid values are `ENABLED` or `DISABLED` (default). **Note** Issuing an exportable certificate is subject to additional charges. See [AWS Certificate Manager pricing](https://aws.amazon.com/certificate-manager/pricing/) for more details. */ export: string; } interface CertificateRenewalSummary { /** * The status of ACM's managed renewal of the certificate */ renewalStatus: string; /** * The reason that a renewal request was unsuccessful or is pending */ renewalStatusReason: string; updatedAt: string; } interface CertificateValidationOption { /** * Fully qualified domain name (FQDN) in the certificate. */ domainName: string; /** * Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the `domainName` value or a superdomain of the `domainName` value. For example, if you request a certificate for `"testing.example.com"`, you can specify `"example.com"` for this value. */ validationDomain: string; } } export declare namespace acmpca { interface CertificateAuthorityCertificateAuthorityConfiguration { /** * Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html). */ keyAlgorithm: string; /** * Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html). */ signingAlgorithm: string; /** * Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified. */ subject: outputs.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubject; } interface CertificateAuthorityCertificateAuthorityConfigurationSubject { /** * Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length. */ commonName?: string; /** * Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length. */ country?: string; /** * Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length. */ distinguishedNameQualifier?: string; /** * Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length. */ generationQualifier?: string; /** * First name. Must be less than or equal to 16 characters in length. */ givenName?: string; /** * Concatenation that typically contains the first letter of the `givenName`, the first letter of the middle name if one exists, and the first letter of the `surname`. Must be less than or equal to 5 characters in length. */ initials?: string; /** * Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length. */ locality?: string; /** * Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length. */ organization?: string; /** * Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length. */ organizationalUnit?: string; /** * Typically a shortened version of a longer `givenName`. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length. */ pseudonym?: string; /** * State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length. */ state?: string; /** * Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length. */ surname?: string; /** * Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length. */ title?: string; } interface CertificateAuthorityRevocationConfiguration { /** * Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below. */ crlConfiguration?: outputs.acmpca.CertificateAuthorityRevocationConfigurationCrlConfiguration; /** * Nested argument containing configuration of * the custom OCSP responder endpoint. Defined below. */ ocspConfiguration?: outputs.acmpca.CertificateAuthorityRevocationConfigurationOcspConfiguration; } interface CertificateAuthorityRevocationConfigurationCrlConfiguration { /** * Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length. */ customCname?: string; /** * Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`. */ enabled?: boolean; /** * Number of days until a certificate expires. Must be between 1 and 5000. */ expirationInDays?: number; /** * Name of the S3 bucket that contains the CRL. If you do not provide a value for the `customCname` argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length. */ s3BucketName?: string; /** * Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to `PUBLIC_READ`. */ s3ObjectAcl: string; } interface CertificateAuthorityRevocationConfigurationOcspConfiguration { /** * Boolean value that specifies whether a custom OCSP responder is enabled. */ enabled: boolean; /** * CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://". */ ocspCustomCname?: string; } interface CertificateValidity { /** * Determines how `value` is interpreted. Valid values: `DAYS`, `MONTHS`, `YEARS`, `ABSOLUTE`, `END_DATE`. */ type: string; /** * If `type` is `DAYS`, `MONTHS`, or `YEARS`, the relative time until the certificate expires. If `type` is `ABSOLUTE`, the date in seconds since the Unix epoch. If `type` is `END_DATE`, the date in RFC 3339 format. */ value: string; } interface GetCertificateAuthorityRevocationConfiguration { /** * Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. */ crlConfigurations: outputs.acmpca.GetCertificateAuthorityRevocationConfigurationCrlConfiguration[]; ocspConfigurations: outputs.acmpca.GetCertificateAuthorityRevocationConfigurationOcspConfiguration[]; } interface GetCertificateAuthorityRevocationConfigurationCrlConfiguration { /** * Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. */ customCname: string; /** * Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. */ enabled: boolean; /** * Number of days until a certificate expires. */ expirationInDays: number; /** * Name of the S3 bucket that contains the CRL. */ s3BucketName: string; /** * Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket. */ s3ObjectAcl: string; } interface GetCertificateAuthorityRevocationConfigurationOcspConfiguration { /** * Boolean value that specifies whether a custom OCSP responder is enabled. */ enabled: boolean; /** * A CNAME specifying a customized OCSP domain. */ ocspCustomCname: string; } } export declare namespace alb { interface GetListenerDefaultAction { authenticateCognitos: outputs.alb.GetListenerDefaultActionAuthenticateCognito[]; authenticateOidcs: outputs.alb.GetListenerDefaultActionAuthenticateOidc[]; fixedResponses: outputs.alb.GetListenerDefaultActionFixedResponse[]; forwards: outputs.alb.GetListenerDefaultActionForward[]; order: number; redirects: outputs.alb.GetListenerDefaultActionRedirect[]; targetGroupArn: string; type: string; } interface GetListenerDefaultActionAuthenticateCognito { authenticationRequestExtraParams: { [key: string]: string; }; onUnauthenticatedRequest: string; scope: string; sessionCookieName: string; sessionTimeout: number; userPoolArn: string; userPoolClientId: string; userPoolDomain: string; } interface GetListenerDefaultActionAuthenticateOidc { authenticationRequestExtraParams: { [key: string]: string; }; authorizationEndpoint: string; clientId: string; clientSecret: string; issuer: string; onUnauthenticatedRequest: string; scope: string; sessionCookieName: string; sessionTimeout: number; tokenEndpoint: string; userInfoEndpoint: string; } interface GetListenerDefaultActionFixedResponse { contentType: string; messageBody: string; statusCode: string; } interface GetListenerDefaultActionForward { stickinesses: outputs.alb.GetListenerDefaultActionForwardStickiness[]; targetGroups: outputs.alb.GetListenerDefaultActionForwardTargetGroup[]; } interface GetListenerDefaultActionForwardStickiness { duration: number; enabled: boolean; } interface GetListenerDefaultActionForwardTargetGroup { /** * ARN of the listener. Required if `loadBalancerArn` and `port` is not set. */ arn: string; weight: number; } interface GetListenerDefaultActionRedirect { host: string; path: string; /** * Port of the listener. Required if `arn` is not set. */ port: string; protocol: string; query: string; statusCode: string; } interface GetListenerMutualAuthentication { advertiseTrustStoreCaNames: string; ignoreClientCertificateExpiry: boolean; mode: string; trustStoreArn: string; } interface GetLoadBalancerAccessLogs { bucket: string; enabled: boolean; prefix: string; } interface GetLoadBalancerConnectionLog { bucket: string; enabled: boolean; prefix: string; } interface GetLoadBalancerIpamPool { ipv4IpamPoolId: string; } interface GetLoadBalancerSubnetMapping { allocationId: string; ipv6Address: string; outpostId: string; privateIpv4Address: string; subnetId: string; } interface GetTargetGroupHealthCheck { enabled: boolean; healthyThreshold: number; interval: number; matcher: string; path: string; port: string; protocol: string; timeout: number; unhealthyThreshold: number; } interface GetTargetGroupStickiness { cookieDuration: number; cookieName: string; enabled: boolean; type: string; } interface ListenerDefaultAction { /** * Configuration block for using Amazon Cognito to authenticate users. Specify only when `type` is `authenticate-cognito`. See below. */ authenticateCognito?: outputs.alb.ListenerDefaultActionAuthenticateCognito; /** * Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `type` is `authenticate-oidc`. See below. */ authenticateOidc?: outputs.alb.ListenerDefaultActionAuthenticateOidc; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: outputs.alb.ListenerDefaultActionFixedResponse; /** * Configuration block for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. See below. */ forward?: outputs.alb.ListenerDefaultActionForward; /** * Order for the action. The action with the lowest value for order is performed first. Valid values are between `1` and `50000`. Defaults to the position in the list of actions. */ order: number; /** * Configuration block for creating a redirect action. Required if `type` is `redirect`. See below. */ redirect?: outputs.alb.ListenerDefaultActionRedirect; /** * ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead. Can be specified with `forward` but ARNs must match. */ targetGroupArn?: string; /** * Type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`. * * The following arguments are optional: */ type: string; } interface ListenerDefaultActionAuthenticateCognito { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. See below. */ authenticationRequestExtraParams?: { [key: string]: string; }; /** * Behavior if the user is not authenticated. Valid values are `deny`, `allow` and `authenticate`. */ onUnauthenticatedRequest: string; /** * Set of user claims to be requested from the IdP. */ scope: string; /** * Name of the cookie used to maintain session information. */ sessionCookieName: string; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout: number; /** * ARN of the Cognito user pool. */ userPoolArn: string; /** * ID of the Cognito user pool client. */ userPoolClientId: string; /** * Domain prefix or fully-qualified domain name of the Cognito user pool. * * The following arguments are optional: */ userPoolDomain: string; } interface ListenerDefaultActionAuthenticateOidc { /** * Query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: { [key: string]: string; }; /** * Authorization endpoint of the IdP. */ authorizationEndpoint: string; /** * OAuth 2.0 client identifier. */ clientId: string; /** * OAuth 2.0 client secret. */ clientSecret: string; /** * OIDC issuer identifier of the IdP. */ issuer: string; /** * Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest: string; /** * Set of user claims to be requested from the IdP. */ scope: string; /** * Name of the cookie used to maintain session information. */ sessionCookieName: string; /** * Maximum duration of the authentication session, in seconds. */ sessionTimeout: number; /** * Token endpoint of the IdP. */ tokenEndpoint: string; /** * User info endpoint of the IdP. * * The following arguments are optional: */ userInfoEndpoint: string; } interface ListenerDefaultActionFixedResponse { /** * Content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. * * The following arguments are optional: */ contentType: string; /** * Message body. */ messageBody?: string; /** * HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode: string; } interface ListenerDefaultActionForward { /** * Configuration block for target group stickiness for the rule. See below. */ stickiness?: outputs.alb.ListenerDefaultActionForwardStickiness; /** * Set of 1-5 target group blocks. See below. * * The following arguments are optional: */ targetGroups: outputs.alb.ListenerDefaultActionForwardTargetGroup[]; } interface ListenerDefaultActionForwardStickiness { /** * Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). * * The following arguments are optional: */ duration: number; /** * Whether target group stickiness is enabled. Default is `false`. */ enabled?: boolean; } interface ListenerDefaultActionForwardTargetGroup { /** * ARN of the target group. * * The following arguments are optional: */ arn: string; /** * Weight. The range is 0 to 999. */ weight?: number; } interface ListenerDefaultActionRedirect { /** * Hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: string; /** * Absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: string; /** * Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: string; /** * Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: string; /** * Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: string; /** * HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). * * The following arguments are optional: */ statusCode: string; } interface ListenerMutualAuthentication { /** * Valid values are `off` and `on`. */ advertiseTrustStoreCaNames: string; /** * Whether client certificate expiry is ignored. * Default is `false`. */ ignoreClientCertificateExpiry?: boolean; /** * Valid values are `off`, `passthrough`, and `verify`. */ mode: string; /** * ARN of the elbv2 Trust Store. */ trustStoreArn?: string; } interface ListenerRuleAction { /** * Information for creating an authenticate action using Cognito. Required if `type` is `authenticate-cognito`. */ authenticateCognito?: outputs.alb.ListenerRuleActionAuthenticateCognito; /** * Information for creating an authenticate action using OIDC. Required if `type` is `authenticate-oidc`. */ authenticateOidc?: outputs.alb.ListenerRuleActionAuthenticateOidc; /** * Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`. */ fixedResponse?: outputs.alb.ListenerRuleActionFixedResponse; /** * Configuration block for creating an action that distributes requests among one or more target groups. * Specify only if `type` is `forward`. * Cannot be specified with `targetGroupArn`. */ forward?: outputs.alb.ListenerRuleActionForward; /** * Order for the action. * The action with the lowest value for order is performed first. * Valid values are between `1` and `50000`. * Defaults to the position in the list of actions. */ order: number; /** * Information for creating a redirect action. Required if `type` is `redirect`. */ redirect?: outputs.alb.ListenerRuleActionRedirect; /** * ARN of the Target Group to which to route traffic. * Specify only if `type` is `forward` and you want to route to a single target group. * To route to one or more target groups, use a `forward` block instead. * Cannot be specified with `forward`. */ targetGroupArn?: string; /** * The type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`. */ type: string; } interface ListenerRuleActionAuthenticateCognito { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: { [key: string]: string; }; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest: string; /** * The set of user claims to be requested from the IdP. */ scope?: string; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: string; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: number; /** * The ARN of the Cognito user pool. */ userPoolArn: string; /** * The ID of the Cognito user pool client. */ userPoolClientId: string; /** * The domain prefix or fully-qualified domain name of the Cognito user pool. */ userPoolDomain: string; } interface ListenerRuleActionAuthenticateOidc { /** * The query parameters to include in the redirect request to the authorization endpoint. Max: 10. */ authenticationRequestExtraParams?: { [key: string]: string; }; /** * The authorization endpoint of the IdP. */ authorizationEndpoint: string; /** * The OAuth 2.0 client identifier. */ clientId: string; /** * The OAuth 2.0 client secret. */ clientSecret: string; /** * The OIDC issuer identifier of the IdP. */ issuer: string; /** * The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate` */ onUnauthenticatedRequest: string; /** * The set of user claims to be requested from the IdP. */ scope?: string; /** * The name of the cookie used to maintain session information. */ sessionCookieName?: string; /** * The maximum duration of the authentication session, in seconds. */ sessionTimeout?: number; /** * The token endpoint of the IdP. */ tokenEndpoint: string; /** * The user info endpoint of the IdP. */ userInfoEndpoint: string; } interface ListenerRuleActionFixedResponse { /** * The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`. */ contentType: string; /** * The message body. */ messageBody?: string; /** * The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`. */ statusCode: string; } interface ListenerRuleActionForward { /** * The target group stickiness for the rule. */ stickiness?: outputs.alb.ListenerRuleActionForwardStickiness; /** * One or more target group blocks. */ targetGroups: outputs.alb.ListenerRuleActionForwardTargetGroup[]; } interface ListenerRuleActionForwardStickiness { /** * The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). */ duration: number; /** * Indicates whether target group stickiness is enabled. */ enabled?: boolean; } interface ListenerRuleActionForwardTargetGroup { /** * The Amazon Resource Name (ARN) of the target group. */ arn: string; /** * The weight. The range is 0 to 999. */ weight?: number; } interface ListenerRuleActionRedirect { /** * The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`. */ host?: string; /** * The absolute path, starting with the leading "/". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`. */ path?: string; /** * The port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`. */ port?: string; /** * The protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`. */ protocol?: string; /** * The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading "?". Defaults to `#{query}`. */ query?: string; /** * The HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`). */ statusCode: string; } interface ListenerRuleCondition { /** * Host header patterns to match. Host Header block fields documented below. */ hostHeader?: outputs.alb.ListenerRuleConditionHostHeader; /** * HTTP headers to match. HTTP Header block fields documented below. */ httpHeader?: outputs.alb.ListenerRuleConditionHttpHeader; /** * Contains a single `values` item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (\_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached. */ httpRequestMethod?: outputs.alb.ListenerRuleConditionHttpRequestMethod; /** * Path patterns to match against the request URL. Path Pattern block fields documented below. */ pathPattern?: outputs.alb.ListenerRuleConditionPathPattern; /** * Query strings to match. Query String block fields documented below. */ queryStrings?: outputs.alb.ListenerRuleConditionQueryString[]; /** * Contains a single `values` item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the `X-Forwarded-For` header, use `httpHeader` condition instead. * * > **NOTE::** Exactly one of `hostHeader`, `httpHeader`, `httpRequestMethod`, `pathPattern`, `queryString` or `sourceIp` must be set per condition. */ sourceIp?: outputs.alb.ListenerRuleConditionSourceIp; } interface ListenerRuleConditionHostHeader { /** * List of regular expressions to compare against the host header. The maximum length of each string is 128 characters. Conflicts with `values`. */ regexValues?: string[]; /** * List of host header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case-insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Conflicts with `regexValues`. */ values?: string[]; } interface ListenerRuleConditionHttpHeader { /** * Name of HTTP header to search. The maximum size is 40 characters. Comparison is case-insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a `host-header` condition instead. */ httpHeaderName: string; /** * List of regular expression to compare against the HTTP header. The maximum length of each string is 128 characters. Conflicts with `values`. */ regexValues?: string[]; /** * List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case-insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string. Conflicts with `regexValues`. */ values?: string[]; } interface ListenerRuleConditionHttpRequestMethod { values: string[]; } interface ListenerRuleConditionPathPattern { /** * List of regular expressions to compare against the request URL. The maximum length of each string is 128 characters. Conflicts with `values`. */ regexValues?: string[]; /** * List of path patterns to compare against the request URL. Maximum size of each pattern is 128 characters. Comparison is case-sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a `queryString` condition. Conflicts with `regexValues`. */ values?: string[]; } interface ListenerRuleConditionQueryString { /** * Query string key pattern to match. */ key?: string; /** * Query string value pattern to match. */ value: string; } interface ListenerRuleConditionSourceIp { values: string[]; } interface ListenerRuleTransform { /** * Configuration block for host header rewrite. Required if `type` is `host-header-rewrite`. See Host Header Rewrite Config Blocks below. */ hostHeaderRewriteConfig?: outputs.alb.ListenerRuleTransformHostHeaderRewriteConfig; /** * Type of transform. Valid values are `host-header-rewrite` and `url-rewrite`. */ type: string; /** * Configuration block for URL rewrite. Required if `type` is `url-rewrite`. See URL Rewrite Config Blocks below. */ urlRewriteConfig?: outputs.alb.ListenerRuleTransformUrlRewriteConfig; } interface ListenerRuleTransformHostHeaderRewriteConfig { /** * Block for host header rewrite configuration. Only one block is accepted. See Rewrite Blocks below. */ rewrite?: outputs.alb.ListenerRuleTransformHostHeaderRewriteConfigRewrite; } interface ListenerRuleTransformHostHeaderRewriteConfigRewrite { /** * Regular expression to match in the input string. Length constraints: Between 1 and 1024 characters. */ regex: string; /** * Replacement string to use when rewriting the matched input. Capture groups in the regular expression (for example, `$1` and `$2`) can be specified. Length constraints: Between 0 and 1024 characters. */ replace: string; } interface ListenerRuleTransformUrlRewriteConfig { /** * Block for URL rewrite configuration. Only one block is accepted. See Rewrite Blocks below. */ rewrite?: outputs.alb.ListenerRuleTransformUrlRewriteConfigRewrite; } interface ListenerRuleTransformUrlRewriteConfigRewrite { /** * Regular expression to match in the input string. Length constraints: Between 1 and 1024 characters. */ regex: string; /** * Replacement string to use when rewriting the matched input. Capture groups in the regular expression (for example, `$1` and `$2`) can be specified. Length constraints: Between 0 and 1024 characters. */ replace: string; } interface LoadBalancerAccessLogs { /** * S3 bucket name to store the logs in. */ bucket: string; /** * Boolean to enable / disable `accessLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: boolean; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: string; } interface LoadBalancerConnectionLogs { /** * S3 bucket name to store the logs in. */ bucket: string; /** * Boolean to enable / disable `connectionLogs`. Defaults to `false`, even when `bucket` is specified. */ enabled?: boolean; /** * S3 bucket prefix. Logs are stored in the root if not configured. */ prefix?: string; } interface LoadBalancerIpamPools { /** * The ID of the IPv4 IPAM pool. */ ipv4IpamPoolId: string; } interface LoadBalancerMinimumLoadBalancerCapacity { /** * The number of capacity units. */ capacityUnits: number; } interface LoadBalancerSubnetMapping { /** * Allocation ID of the Elastic IP address for an internet-facing load balancer. */ allocationId?: string; /** * IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers. */ ipv6Address?: string; outpostId: string; /** * Private IPv4 address for an internal load balancer. */ privateIpv4Address?: string; /** * ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone. */ subnetId: string; } interface TargetGroupHealthCheck { /** * Whether health checks are enabled. Defaults to `true`. */ enabled?: boolean; /** * Number of consecutive health check successes required before considering a target healthy. The range is 2-10. Defaults to 3. */ healthyThreshold?: number; /** * Approximate amount of time, in seconds, between health checks of an individual target. The range is 5-300. For `lambda` target groups, it needs to be greater than the timeout of the underlying `lambda`. Defaults to 30. */ interval?: number; /** * The HTTP or gRPC codes to use when checking for a successful response from a target. * The `health_check.protocol` must be one of `HTTP` or `HTTPS` or the `targetType` must be `lambda`. * Values can be comma-separated individual values (e.g., "200,202") or a range of values (e.g., "200-299"). * * For gRPC-based target groups (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is `GRPC`), values can be between `0` and `99`. The default is `12`. * * When used with an Application Load Balancer (i.e., the `protocol` is one of `HTTP` or `HTTPS` and the `protocolVersion` is not `GRPC`), values can be between `200` and `499`. The default is `200`. * * When used with a Network Load Balancer (i.e., the `protocol` is one of `TCP`, `TCP_UDP`, `UDP`, or `TLS`), values can be between `200` and `599`. The default is `200-399`. * * When the `targetType` is `lambda`, values can be between `200` and `499`. The default is `200`. */ matcher: string; /** * Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS. * * For HTTP and HTTPS health checks, the default is `/`. * * For gRPC health checks, the default is `/AWS.ALB/healthcheck`. */ path: string; /** * The port the load balancer uses when performing health checks on targets. * Valid values are either `traffic-port`, to use the same port as the target group, or a valid port number between `1` and `65536`. * Default is `traffic-port`. */ port?: string; /** * Protocol the load balancer uses when performing health checks on targets. * Must be one of `TCP`, `HTTP`, or `HTTPS`. * The `TCP` protocol is not supported for health checks if the protocol of the target group is `HTTP` or `HTTPS`. * Default is `HTTP`. * Cannot be specified when the `targetType` is `lambda`. */ protocol?: string; /** * Amount of time, in seconds, during which no response from a target means a failed health check. The range is 2–120 seconds. For target groups with a protocol of HTTP, the default is 6 seconds. For target groups with a protocol of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a protocol of GENEVE, the default is 5 seconds. If the target type is lambda, the default is 30 seconds. */ timeout: number; /** * Number of consecutive health check failures required before considering a target unhealthy. The range is 2-10. Defaults to 3. */ unhealthyThreshold?: number; } interface TargetGroupStickiness { /** * Only used when the type is `lbCookie`. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds). */ cookieDuration?: number; /** * Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is `appCookie`. */ cookieName?: string; /** * Boolean to enable / disable `stickiness`. Default is `true`. */ enabled?: boolean; /** * The type of sticky sessions. The only current possible values are `lbCookie`, `appCookie` for ALBs, `sourceIp` for NLBs, and `sourceIpDestIp`, `sourceIpDestIpProto` for GWLBs. */ type: string; } interface TargetGroupTargetFailover { /** * Indicates how the GWLB handles existing flows when a target is deregistered. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onUnhealthy`. Default: `noRebalance`. */ onDeregistration: string; /** * Indicates how the GWLB handles existing flows when a target is unhealthy. Possible values are `rebalance` and `noRebalance`. Must match the attribute value set for `onDeregistration`. Default: `noRebalance`. */ onUnhealthy: string; } interface TargetGroupTargetGroupHealth { /** * Block to configure DNS Failover requirements. See DNS Failover below for details on attributes. */ dnsFailover?: outputs.alb.TargetGroupTargetGroupHealthDnsFailover; /** * Block to configure Unhealthy State Routing requirements. See Unhealthy State Routing below for details on attributes. */ unhealthyStateRouting?: outputs.alb.TargetGroupTargetGroupHealthUnhealthyStateRouting; } interface TargetGroupTargetGroupHealthDnsFailover { /** * The minimum number of targets that must be healthy. If the number of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are `off` or an integer from `1` to the maximum number of targets. The default is `off`. */ minimumHealthyTargetsCount?: string; /** * The minimum percentage of targets that must be healthy. If the percentage of healthy targ