aws-cdk-lib

import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * Specifies a listener for an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer. * * @cloudformationResource AWS::ElasticLoadBalancingV2::Listener * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html */ export declare class CfnListener extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnListener from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnListener; /** * The Amazon Resource Name (ARN) of the listener. * * @cloudformationAttribute ListenerArn */ readonly attrListenerArn: string; /** * [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy. */ alpnPolicy?: Array<string>; /** * The default SSL server certificate for a secure listener. */ certificates?: Array<CfnListener.CertificateProperty | cdk.IResolvable> | cdk.IResolvable; /** * The actions for the default rule. You cannot define a condition for a default rule. */ defaultActions: Array<CfnListener.ActionProperty | cdk.IResolvable> | cdk.IResolvable; /** * The listener attributes. */ listenerAttributes?: Array<cdk.IResolvable | CfnListener.ListenerAttributeProperty> | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the load balancer. */ loadBalancerArn: string; /** * The mutual authentication configuration information. */ mutualAuthentication?: cdk.IResolvable | CfnListener.MutualAuthenticationProperty; /** * The port on which the load balancer is listening. */ port?: number; /** * The protocol for connections from clients to the load balancer. */ protocol?: string; /** * [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. */ sslPolicy?: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnListenerProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnListener { /** * Specifies an action for a listener rule. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html */ interface ActionProperty { /** * [HTTPS listeners] Information for using Amazon Cognito to authenticate users. * * Specify only when `Type` is `authenticate-cognito` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-authenticatecognitoconfig */ readonly authenticateCognitoConfig?: CfnListener.AuthenticateCognitoConfigProperty | cdk.IResolvable; /** * [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). * * Specify only when `Type` is `authenticate-oidc` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-authenticateoidcconfig */ readonly authenticateOidcConfig?: CfnListener.AuthenticateOidcConfigProperty | cdk.IResolvable; /** * [Application Load Balancer] Information for creating an action that returns a custom HTTP response. * * Specify only when `Type` is `fixed-response` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-fixedresponseconfig */ readonly fixedResponseConfig?: CfnListener.FixedResponseConfigProperty | cdk.IResolvable; /** * Information for creating an action that distributes requests among one or more target groups. * * For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-forwardconfig */ readonly forwardConfig?: CfnListener.ForwardConfigProperty | cdk.IResolvable; /** * The order for the action. * * This value is required for rules with multiple actions. The action with the lowest value for order is performed first. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-order */ readonly order?: number; /** * [Application Load Balancer] Information for creating a redirect action. * * Specify only when `Type` is `redirect` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-redirectconfig */ readonly redirectConfig?: cdk.IResolvable | CfnListener.RedirectConfigProperty; /** * The Amazon Resource Name (ARN) of the target group. * * Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-targetgrouparn */ readonly targetGroupArn?: string; /** * The type of action. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-type */ readonly type: string; } /** * Specifies information required when returning a custom HTTP response. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-fixedresponseconfig.html */ interface FixedResponseConfigProperty { /** * The content type. * * Valid Values: text/plain | text/css | text/html | application/javascript | application/json * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-fixedresponseconfig.html#cfn-elasticloadbalancingv2-listener-fixedresponseconfig-contenttype */ readonly contentType?: string; /** * The message. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-fixedresponseconfig.html#cfn-elasticloadbalancingv2-listener-fixedresponseconfig-messagebody */ readonly messageBody?: string; /** * The HTTP response code (2XX, 4XX, or 5XX). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-fixedresponseconfig.html#cfn-elasticloadbalancingv2-listener-fixedresponseconfig-statuscode */ readonly statusCode: string; } /** * Specifies information required when integrating with Amazon Cognito to authenticate users. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html */ interface AuthenticateCognitoConfigProperty { /** * The query parameters (up to 10) to include in the redirect request to the authorization endpoint. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-authenticationrequestextraparams */ readonly authenticationRequestExtraParams?: cdk.IResolvable | Record<string, string>; /** * The behavior if the user is not authenticated. The following are possible values:. * * - deny `` - Return an HTTP 401 Unauthorized error. * - allow `` - Allow the request to be forwarded to the target. * - authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-onunauthenticatedrequest */ readonly onUnauthenticatedRequest?: string; /** * The set of user claims to be requested from the IdP. The default is `openid` . * * To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-scope */ readonly scope?: string; /** * The name of the cookie used to maintain session information. * * The default is AWSELBAuthSessionCookie. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-sessioncookiename */ readonly sessionCookieName?: string; /** * The maximum duration of the authentication session, in seconds. * * The default is 604800 seconds (7 days). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-sessiontimeout */ readonly sessionTimeout?: string; /** * The Amazon Resource Name (ARN) of the Amazon Cognito user pool. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-userpoolarn */ readonly userPoolArn: string; /** * The ID of the Amazon Cognito user pool client. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-userpoolclientid */ readonly userPoolClientId: string; /** * The domain prefix or fully-qualified domain name of the Amazon Cognito user pool. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-userpooldomain */ readonly userPoolDomain: string; } /** * Information about a redirect action. * * A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values. * * You can reuse URI components using the following reserved keywords: * * - #{protocol} * - #{host} * - #{port} * - #{path} (the leading "/" is removed) * - #{query} * * For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz". * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html */ interface RedirectConfigProperty { /** * The hostname. * * This component is not percent-encoded. The hostname can contain #{host}. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-host */ readonly host?: string; /** * The absolute path, starting with the leading "/". * * This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-path */ readonly path?: string; /** * The port. * * You can specify a value from 1 to 65535 or #{port}. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-port */ readonly port?: string; /** * The protocol. * * You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-protocol */ readonly protocol?: string; /** * The query parameters, URL-encoded when necessary, but not percent-encoded. * * Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-query */ readonly query?: string; /** * The HTTP redirect code. * * The redirect is either permanent (HTTP 301) or temporary (HTTP 302). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-statuscode */ readonly statusCode: string; } /** * Information for creating an action that distributes requests among one or more target groups. * * For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-forwardconfig.html */ interface ForwardConfigProperty { /** * Information about how traffic will be distributed between multiple target groups in a forward rule. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-forwardconfig.html#cfn-elasticloadbalancingv2-listener-forwardconfig-targetgroups */ readonly targetGroups?: Array<cdk.IResolvable | CfnListener.TargetGroupTupleProperty> | cdk.IResolvable; /** * Information about the target group stickiness for a rule. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-forwardconfig.html#cfn-elasticloadbalancingv2-listener-forwardconfig-targetgroupstickinessconfig */ readonly targetGroupStickinessConfig?: cdk.IResolvable | CfnListener.TargetGroupStickinessConfigProperty; } /** * Information about the target group stickiness for a rule. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgroupstickinessconfig.html */ interface TargetGroupStickinessConfigProperty { /** * The time period, in seconds, during which requests from a client should be routed to the same target group. * * The range is 1-604800 seconds (7 days). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgroupstickinessconfig.html#cfn-elasticloadbalancingv2-listener-targetgroupstickinessconfig-durationseconds */ readonly durationSeconds?: number; /** * Indicates whether target group stickiness is enabled. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgroupstickinessconfig.html#cfn-elasticloadbalancingv2-listener-targetgroupstickinessconfig-enabled */ readonly enabled?: boolean | cdk.IResolvable; } /** * Information about how traffic will be distributed between multiple target groups in a forward rule. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgrouptuple.html */ interface TargetGroupTupleProperty { /** * The Amazon Resource Name (ARN) of the target group. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgrouptuple.html#cfn-elasticloadbalancingv2-listener-targetgrouptuple-targetgrouparn */ readonly targetGroupArn?: string; /** * The weight. * * The range is 0 to 999. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgrouptuple.html#cfn-elasticloadbalancingv2-listener-targetgrouptuple-weight */ readonly weight?: number; } /** * Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html */ interface AuthenticateOidcConfigProperty { /** * The query parameters (up to 10) to include in the redirect request to the authorization endpoint. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-authenticationrequestextraparams */ readonly authenticationRequestExtraParams?: cdk.IResolvable | Record<string, string>; /** * The authorization endpoint of the IdP. * * This must be a full URL, including the HTTPS protocol, the domain, and the path. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-authorizationendpoint */ readonly authorizationEndpoint: string; /** * The OAuth 2.0 client identifier. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-clientid */ readonly clientId: string; /** * The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set `UseExistingClientSecret` to true. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-clientsecret */ readonly clientSecret?: string; /** * The OIDC issuer identifier of the IdP. * * This must be a full URL, including the HTTPS protocol, the domain, and the path. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-issuer */ readonly issuer: string; /** * The behavior if the user is not authenticated. The following are possible values:. * * - deny `` - Return an HTTP 401 Unauthorized error. * - allow `` - Allow the request to be forwarded to the target. * - authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-onunauthenticatedrequest */ readonly onUnauthenticatedRequest?: string; /** * The set of user claims to be requested from the IdP. The default is `openid` . * * To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-scope */ readonly scope?: string; /** * The name of the cookie used to maintain session information. * * The default is AWSELBAuthSessionCookie. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-sessioncookiename */ readonly sessionCookieName?: string; /** * The maximum duration of the authentication session, in seconds. * * The default is 604800 seconds (7 days). * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-sessiontimeout */ readonly sessionTimeout?: string; /** * The token endpoint of the IdP. * * This must be a full URL, including the HTTPS protocol, the domain, and the path. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-tokenendpoint */ readonly tokenEndpoint: string; /** * Indicates whether to use the existing client secret when modifying a rule. * * If you are creating a rule, you can omit this parameter or set it to false. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-useexistingclientsecret */ readonly useExistingClientSecret?: boolean | cdk.IResolvable; /** * The user info endpoint of the IdP. * * This must be a full URL, including the HTTPS protocol, the domain, and the path. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-userinfoendpoint */ readonly userInfoEndpoint: string; } /** * Specifies an SSL server certificate to use as the default certificate for a secure listener. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.html */ interface CertificateProperty { /** * The Amazon Resource Name (ARN) of the certificate. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.html#cfn-elasticloadbalancingv2-listener-certificate-certificatearn */ readonly certificateArn?: string; } /** * The mutual authentication configuration information. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html */ interface MutualAuthenticationProperty { /** * Indicates whether trust store CA certificate names are advertised. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-advertisetruststorecanames */ readonly advertiseTrustStoreCaNames?: string; /** * Indicates whether expired client certificates are ignored. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-ignoreclientcertificateexpiry */ readonly ignoreClientCertificateExpiry?: boolean | cdk.IResolvable; /** * The client certificate handling method. * * Options are `off` , `passthrough` or `verify` . The default value is `off` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-mode */ readonly mode?: string; /** * The Amazon Resource Name (ARN) of the trust store. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-truststorearn */ readonly trustStoreArn?: string; } /** * Information about a listener attribute. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html */ interface ListenerAttributeProperty { /** * The name of the attribute. * * The following attribute is supported by Network Load Balancers, and Gateway Load Balancers. * * - `tcp.idle_timeout.seconds` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds. * * The following attributes are only supported by Application Load Balancers. * * - `routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Serial-Number* HTTP request header. * - `routing.http.request.x_amzn_mtls_clientcert_issuer.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Issuer* HTTP request header. * - `routing.http.request.x_amzn_mtls_clientcert_subject.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Subject* HTTP request header. * - `routing.http.request.x_amzn_mtls_clientcert_validity.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Validity* HTTP request header. * - `routing.http.request.x_amzn_mtls_clientcert_leaf.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Leaf* HTTP request header. * - `routing.http.request.x_amzn_mtls_clientcert.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert* HTTP request header. * - `routing.http.request.x_amzn_tls_version.header_name` - Enables you to modify the header name of the *X-Amzn-Tls-Version* HTTP request header. * - `routing.http.request.x_amzn_tls_cipher_suite.header_name` - Enables you to modify the header name of the *X-Amzn-Tls-Cipher-Suite* HTTP request header. * - `routing.http.response.server.enabled` - Enables you to allow or remove the HTTP response server header. * - `routing.http.response.strict_transport_security.header_value` - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. * - `routing.http.response.access_control_allow_origin.header_value` - Specifies which origins are allowed to access the server. * - `routing.http.response.access_control_allow_methods.header_value` - Returns which HTTP methods are allowed when accessing the server from a different origin. * - `routing.http.response.access_control_allow_headers.header_value` - Specifies which headers can be used during the request. * - `routing.http.response.access_control_allow_credentials.header_value` - Indicates whether the browser should include credentials such as cookies or authentication when making requests. * - `routing.http.response.access_control_expose_headers.header_value` - Returns which headers the browser can expose to the requesting client. * - `routing.http.response.access_control_max_age.header_value` - Specifies how long the results of a preflight request can be cached, in seconds. * - `routing.http.response.content_security_policy.header_value` - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. * - `routing.http.response.x_content_type_options.header_value` - Indicates whether the MIME types advertised in the *Content-Type* headers should be followed and not be changed. * - `routing.http.response.x_frame_options.header_value` - Indicates whether the browser is allowed to render a page in a *frame* , *iframe* , *embed* or *object* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html#cfn-elasticloadbalancingv2-listener-listenerattribute-key */ readonly key?: string; /** * The value of the attribute. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html#cfn-elasticloadbalancingv2-listener-listenerattribute-value */ readonly value?: string; } } /** * Properties for defining a `CfnListener` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html */ export interface CfnListenerProps { /** * [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-alpnpolicy */ readonly alpnPolicy?: Array<string>; /** * The default SSL server certificate for a secure listener. * * You must provide exactly one certificate if the listener protocol is HTTPS or TLS. * * To create a certificate list for a secure listener, use [AWS::ElasticLoadBalancingV2::ListenerCertificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-certificates */ readonly certificates?: Array<CfnListener.CertificateProperty | cdk.IResolvable> | cdk.IResolvable; /** * The actions for the default rule. You cannot define a condition for a default rule. * * To create additional rules for an Application Load Balancer, use [AWS::ElasticLoadBalancingV2::ListenerRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html) . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-defaultactions */ readonly defaultActions: Array<CfnListener.ActionProperty | cdk.IResolvable> | cdk.IResolvable; /** * The listener attributes. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-listenerattributes */ readonly listenerAttributes?: Array<cdk.IResolvable | CfnListener.ListenerAttributeProperty> | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the load balancer. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-loadbalancerarn */ readonly loadBalancerArn: string; /** * The mutual authentication configuration information. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-mutualauthentication */ readonly mutualAuthentication?: cdk.IResolvable | CfnListener.MutualAuthenticationProperty; /** * The port on which the load balancer is listening. * * You can't specify a port for a Gateway Load Balancer. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-port */ readonly port?: number; /** * The protocol for connections from clients to the load balancer. * * For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-protocol */ readonly protocol?: string; /** * [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. * * Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. * * For more information, see [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) in the *Application Load Balancers Guide* and [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) in the *Network Load Balancers Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-sslpolicy */ readonly sslPolicy?: string; } /** * Specifies an SSL server certificate to add to the certificate list for an HTTPS or TLS listener. * * @cloudformationResource AWS::ElasticLoadBalancingV2::ListenerCertificate * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html */ export declare class CfnListenerCertificate extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnListenerCertificate from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnListenerCertificate; /** * @cloudformationAttribute Id */ readonly attrId: string; /** * The certificate. */ certificates: Array<CfnListenerCertificate.CertificateProperty | cdk.IResolvable> | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the listener. */ listenerArn: string; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnListenerCertificateProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnListenerCertificate { /** * Specifies an SSL server certificate for the certificate list of a secure listener. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenercertificate-certificate.html */ interface CertificateProperty { /** * The Amazon Resource Name (ARN) of the certificate. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenercertificate-certificate.html#cfn-elasticloadbalancingv2-listenercertificate-certificate-certificatearn */ readonly certificateArn?: string; } } /** * Properties for defining a `CfnListenerCertificate` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html */ export interface CfnListenerCertificateProps { /** * The certificate. * * You can specify one certificate per resource. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html#cfn-elasticloadbalancingv2-listenercertificate-certificates */ readonly certificates: Array<CfnListenerCertificate.CertificateProperty | cdk.IResolvable> | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the listener. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html#cfn-elasticloadbalancingv2-listenercertificate-listenerarn */ readonly listenerArn: string; } /** * Specifies a listener rule. * * The listener must be associated with an Application Load Balancer. Each rule consists of a priority, one or more actions, and one or more conditions. * * For more information, see [Quotas for your Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html) in the *User Guide for Application Load Balancers* . * * @cloudformationResource AWS::ElasticLoadBalancingV2::ListenerRule * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html */ export declare class CfnListenerRule extends cdk.CfnResource implements cdk.IInspectable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnListenerRule from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnListenerRule; /** * Indicates whether this is the default rule. * * @cloudformationAttribute IsDefault */ readonly attrIsDefault: cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the rule. * * @cloudformationAttribute RuleArn */ readonly attrRuleArn: string; /** * The actions. */ actions: Array<CfnListenerRule.ActionProperty | cdk.IResolvable> | cdk.IResolvable; /** * The conditions. */ conditions: Array<cdk.IResolvable | CfnListenerRule.RuleConditionProperty> | cdk.IResolvable; /** * The Amazon Resource Name (ARN) of the listener. */ listenerArn?: string; /** * The rule priority. A listener can't have multiple rules with the same priority. */ priority: number; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnListenerRuleProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnListenerRule { /** * Specifies an action for a listener rule. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html */ interface ActionProperty { /** * [HTTPS listeners] Information for using Amazon Cognito to authenticate users. * * Specify only when `Type` is `authenticate-cognito` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-authenticatecognitoconfig */ readonly authenticateCognitoConfig?: CfnListenerRule.AuthenticateCognitoConfigProperty | cdk.IResolvable; /** * [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). * * Specify only when `Type` is `authenticate-oidc` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-authenticateoidcconfig */ readonly authenticateOidcConfig?: CfnListenerRule.AuthenticateOidcConfigProperty | cdk.IResolvable; /** * [Application Load Balancer] Information for creating an action that returns a custom HTTP response. * * Specify only when `Type` is `fixed-response` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-fixedresponseconfig */ readonly fixedResponseConfig?: CfnListenerRule.FixedResponseConfigProperty | cdk.IResolvable; /** * Information for creating an action that distributes requests among one or more target groups. * * For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-forwardconfig */ readonly forwardConfig?: CfnListenerRule.ForwardConfigProperty | cdk.IResolvable; /** * The order for the action. * * This value is required for rules with multiple actions. The action with the lowest value for order is performed first. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-order */ readonly order?: number; /** * [Application Load Balancer] Information for creating a redirect action. * * Specify only when `Type` is `redirect` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-redirectconfig */ readonly redirectConfig?: cdk.IResolvable | CfnListenerRule.RedirectConfigProperty; /** * The Amazon Resource Name (ARN) of the target group. * * Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-targetgrouparn */ readonly targetGroupArn?: string; /** * The type of action. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-type */ readonly type: string; } /** * Specifies information required when returning a custom HTTP response. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-fixedresponseconfig.html */ interface FixedResponseConfigProperty { /** * The content type. * * Valid Values: text/plain | text/css | text/html | application/javascript | application/json * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/