awselasticloadbalancingv2

package
v2.173.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 14, 2024 License: Apache-2.0 Imports: 12 Imported by: 23

README

Amazon Elastic Load Balancing V2 Construct Library

The aws-cdk-lib/aws-elasticloadbalancingv2 package provides constructs for configuring application and network load balancers.

For more information, see the AWS documentation for Application Load Balancers and Network Load Balancers.

Defining an Application Load Balancer

You define an application load balancer by creating an instance of ApplicationLoadBalancer, adding a Listener to the load balancer and adding Targets to the Listener:

import "github.com/aws/aws-cdk-go/awscdk"
var asg autoScalingGroup
var vpc vpc


// Create the load balancer in a VPC. 'internetFacing' is 'false'
// by default, which creates an internal load balancer.
lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
})

// Add a listener and open up the load balancer's security group
// to the world.
listener := lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(80),

	// 'open: true' is the default, you can leave it out if you want. Set it
	// to 'false' and use `listener.connections` if you want to be selective
	// about who can access the load balancer.
	Open: jsii.Boolean(true),
})

// Create an AutoScaling group and add it as a load balancing
// target to the listener.
listener.AddTargets(jsii.String("ApplicationFleet"), &AddApplicationTargetsProps{
	Port: jsii.Number(8080),
	Targets: []iApplicationLoadBalancerTarget{
		asg,
	},
})

The security groups of the load balancer and the target are automatically updated to allow the network traffic.

One (or more) security groups can be associated with the load balancer; if a security group isn't provided, one will be automatically created.

var vpc vpc


securityGroup1 := ec2.NewSecurityGroup(this, jsii.String("SecurityGroup1"), &SecurityGroupProps{
	Vpc: Vpc,
})
lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
	SecurityGroup: securityGroup1,
})

securityGroup2 := ec2.NewSecurityGroup(this, jsii.String("SecurityGroup2"), &SecurityGroupProps{
	Vpc: Vpc,
})
lb.AddSecurityGroup(securityGroup2)
Conditions

It's possible to route traffic to targets based on conditions in the incoming HTTP request. For example, the following will route requests to the indicated AutoScalingGroup only if the requested host in the request is either for example.com/ok or example.com/path:

var listener applicationListener
var asg autoScalingGroup


listener.AddTargets(jsii.String("Example.Com Fleet"), &AddApplicationTargetsProps{
	Priority: jsii.Number(10),
	Conditions: []listenerCondition{
		elbv2.*listenerCondition_HostHeaders([]*string{
			jsii.String("example.com"),
		}),
		elbv2.*listenerCondition_PathPatterns([]*string{
			jsii.String("/ok"),
			jsii.String("/path"),
		}),
	},
	Port: jsii.Number(8080),
	Targets: []iApplicationLoadBalancerTarget{
		asg,
	},
})

A target with a condition contains either pathPatterns or hostHeader, or both. If both are specified, both conditions must be met for the requests to be routed to the given target. priority is a required field when you add targets with conditions. The lowest number wins.

Every listener must have at least one target without conditions, which is where all requests that didn't match any of the conditions will be sent.

Convenience methods and more complex Actions

Routing traffic from a Load Balancer to a Target involves the following steps:

  • Create a Target Group, register the Target into the Target Group
  • Add an Action to the Listener which forwards traffic to the Target Group.

A new listener can be added to the Load Balancer by calling addListener(). Listeners that have been added to the load balancer can be listed using the listeners property. Note that the listeners property will throw an Error for imported or looked up Load Balancers.

Various methods on the Listener take care of this work for you to a greater or lesser extent:

  • addTargets() performs both steps: automatically creates a Target Group and the required Action.
  • addTargetGroups() gives you more control: you create the Target Group (or Target Groups) yourself and the method creates Action that routes traffic to the Target Groups.
  • addAction() gives you full control: you supply the Action and wire it up to the Target Groups yourself (or access one of the other ELB routing features).

Using addAction() gives you access to some of the features of an Elastic Load Balancer that the other two convenience methods don't:

  • Routing stickiness: use ListenerAction.forward() and supply a stickinessDuration to make sure requests are routed to the same target group for a given duration.
  • Weighted Target Groups: use ListenerAction.weightedForward() to give different weights to different target groups.
  • Fixed Responses: use ListenerAction.fixedResponse() to serve a static response (ALB only).
  • Redirects: use ListenerAction.redirect() to serve an HTTP redirect response (ALB only).
  • Authentication: use ListenerAction.authenticateOidc() to perform OpenID authentication before serving a request (see the aws-cdk-lib/aws-elasticloadbalancingv2-actions package for direct authentication integration with Cognito) (ALB only).

Here's an example of serving a fixed response at the /ok URL:

var listener applicationListener


listener.AddAction(jsii.String("Fixed"), &AddApplicationActionProps{
	Priority: jsii.Number(10),
	Conditions: []listenerCondition{
		elbv2.*listenerCondition_PathPatterns([]*string{
			jsii.String("/ok"),
		}),
	},
	Action: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("OK"),
	}),
})

Here's an example of using OIDC authentication before forwarding to a TargetGroup:

var listener applicationListener
var myTargetGroup applicationTargetGroup


listener.AddAction(jsii.String("DefaultAction"), &AddApplicationActionProps{
	Action: elbv2.ListenerAction_AuthenticateOidc(&AuthenticateOidcOptions{
		AuthorizationEndpoint: jsii.String("https://example.com/openid"),
		// Other OIDC properties here
		ClientId: jsii.String("..."),
		ClientSecret: awscdk.SecretValue_SecretsManager(jsii.String("...")),
		Issuer: jsii.String("..."),
		TokenEndpoint: jsii.String("..."),
		UserInfoEndpoint: jsii.String("..."),

		// Next
		Next: elbv2.ListenerAction_Forward([]iApplicationTargetGroup{
			myTargetGroup,
		}),
	}),
})

If you just want to redirect all incoming traffic on one port to another port, you can use the following code:

var lb applicationLoadBalancer


lb.AddRedirect(&ApplicationLoadBalancerRedirectConfig{
	SourceProtocol: elbv2.ApplicationProtocol_HTTPS,
	SourcePort: jsii.Number(8443),
	TargetProtocol: elbv2.ApplicationProtocol_HTTP,
	TargetPort: jsii.Number(8080),
})

If you do not provide any options for this method, it redirects HTTP port 80 to HTTPS port 443.

By default all ingress traffic will be allowed on the source port. If you want to be more selective with your ingress rules then set open: false and use the listener's connections object to selectively grant access to the listener.

Note: The path parameter must start with a /.

Application Load Balancer attributes

You can modify attributes of Application Load Balancers:

var vpc vpc


lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),

	// Whether HTTP/2 is enabled
	Http2Enabled: jsii.Boolean(false),

	// The idle timeout value, in seconds
	IdleTimeout: awscdk.Duration_Seconds(jsii.Number(1000)),

	// Whether HTTP headers with header fields thatare not valid
	// are removed by the load balancer (true), or routed to targets
	DropInvalidHeaderFields: jsii.Boolean(true),

	// How the load balancer handles requests that might
	// pose a security risk to your application
	DesyncMitigationMode: elbv2.DesyncMitigationMode_DEFENSIVE,

	// The type of IP addresses to use.
	IpAddressType: elbv2.IpAddressType_IPV4,

	// The duration of client keep-alive connections
	ClientKeepAlive: awscdk.Duration_*Seconds(jsii.Number(500)),

	// Whether cross-zone load balancing is enabled.
	CrossZoneEnabled: jsii.Boolean(true),

	// Whether the load balancer blocks traffic through the Internet Gateway (IGW).
	DenyAllIgwTraffic: jsii.Boolean(false),

	// Whether to preserve host header in the request to the target
	PreserveHostHeader: jsii.Boolean(true),

	// Whether to add the TLS information header to the request
	XAmznTlsVersionAndCipherSuiteHeaders: jsii.Boolean(true),

	// Whether the X-Forwarded-For header should preserve the source port
	PreserveXffClientPort: jsii.Boolean(true),

	// The processing mode for X-Forwarded-For headers
	XffHeaderProcessingMode: elbv2.XffHeaderProcessingMode_APPEND,

	// Whether to allow a load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
	WafFailOpen: jsii.Boolean(true),
})

For more information, see Load balancer attributes

Setting up Access Log Bucket on Application Load Balancer

The only server-side encryption option that's supported is Amazon S3-managed keys (SSE-S3). For more information Documentation: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-access-logging.html

var vpc vpc


bucket := s3.NewBucket(this, jsii.String("ALBAccessLogsBucket"), &BucketProps{
	Encryption: s3.BucketEncryption_S3_MANAGED,
})

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
})
lb.LogAccessLogs(bucket)
Setting up Connection Log Bucket on Application Load Balancer

Like access log bucket, the only server-side encryption option that's supported is Amazon S3-managed keys (SSE-S3). For more information Documentation: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/enable-connection-logging.html

var vpc vpc


bucket := s3.NewBucket(this, jsii.String("ALBConnectionLogsBucket"), &BucketProps{
	Encryption: s3.BucketEncryption_S3_MANAGED,
})

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
})
lb.LogConnectionLogs(bucket)
Dualstack Application Load Balancer

You can create a dualstack Network Load Balancer using the ipAddressType property:

var vpc vpc


lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	IpAddressType: elbv2.IpAddressType_DUAL_STACK,
})

By setting DUAL_STACK_WITHOUT_PUBLIC_IPV4, you can provision load balancers without public IPv4s

var vpc vpc


lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	IpAddressType: elbv2.IpAddressType_DUAL_STACK_WITHOUT_PUBLIC_IPV4,
})

Defining a Network Load Balancer

Network Load Balancers are defined in a similar way to Application Load Balancers:

var vpc vpc
var asg autoScalingGroup
var sg1 iSecurityGroup
var sg2 iSecurityGroup


// Create the load balancer in a VPC. 'internetFacing' is 'false'
// by default, which creates an internal load balancer.
lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
	SecurityGroups: []*iSecurityGroup{
		sg1,
	},
})
lb.AddSecurityGroup(sg2)

// Add a listener on a particular port.
listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(443),
})

// Add targets on a particular port.
listener.AddTargets(jsii.String("AppFleet"), &AddNetworkTargetsProps{
	Port: jsii.Number(443),
	Targets: []iNetworkLoadBalancerTarget{
		asg,
	},
})

You can indicate whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink. The evaluation is enabled by default.

var vpc vpc


nlb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: jsii.Boolean(true),
})

One thing to keep in mind is that network load balancers do not have security groups, and no automatic security group configuration is done for you. You will have to configure the security groups of the target yourself to allow traffic by clients and/or load balancer instances, depending on your target types. See Target Groups for your Network Load Balancers and Register targets with your Target Group for more information.

Dualstack Network Load Balancer

You can create a dualstack Network Load Balancer using the ipAddressType property:

var vpc vpc


lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	IpAddressType: elbv2.IpAddressType_DUAL_STACK,
})

You can configure whether to use an IPv6 prefix from each subnet for source NAT by setting enablePrefixForIpv6SourceNat to true. This must be enabled if you want to create a dualstack Network Load Balancer with a listener that uses UDP protocol.

var vpc vpc


lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	IpAddressType: elbv2.IpAddressType_DUAL_STACK,
	EnablePrefixForIpv6SourceNat: jsii.Boolean(true),
})

listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(1229),
	Protocol: elbv2.Protocol_UDP,
})
Network Load Balancer attributes

You can modify attributes of Network Load Balancers:

var vpc vpc


lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	// Whether deletion protection is enabled.
	DeletionProtection: jsii.Boolean(true),

	// Whether cross-zone load balancing is enabled.
	CrossZoneEnabled: jsii.Boolean(true),

	// Whether the load balancer blocks traffic through the Internet Gateway (IGW).
	DenyAllIgwTraffic: jsii.Boolean(false),

	// Indicates how traffic is distributed among the load balancer Availability Zones.
	ClientRoutingPolicy: elbv2.ClientRoutingPolicy_AVAILABILITY_ZONE_AFFINITY,

	// Indicates whether zonal shift is enabled.
	ZonalShift: jsii.Boolean(true),
})
Network Load Balancer Listener attributes

You can modify attributes of Network Load Balancer Listener:

var lb networkLoadBalancer
var group networkTargetGroup


listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(80),
	DefaultAction: elbv2.NetworkListenerAction_Forward([]iNetworkTargetGroup{
		group,
	}),

	// The tcp idle timeout value. The valid range is 60-6000 seconds. The default is 350 seconds.
	TcpIdleTimeout: awscdk.Duration_Seconds(jsii.Number(100)),
})
Network Load Balancer and EC2 IConnectable interface

Network Load Balancer implements EC2 IConnectable and exposes connections property. EC2 Connections allows manage the allowed network connections for constructs with Security Groups. This class makes it easy to allow network connections to and from security groups, and between security groups individually. One thing to keep in mind is that network load balancers do not have security groups, and no automatic security group configuration is done for you. You will have to configure the security groups of the target yourself to allow traffic by clients and/or load balancer instances, depending on your target types.

var vpc vpc
var sg1 iSecurityGroup
var sg2 iSecurityGroup


lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
	SecurityGroups: []*iSecurityGroup{
		sg1,
	},
})
lb.AddSecurityGroup(sg2)
lb.Connections.AllowFromAnyIpv4(ec2.Port_Tcp(jsii.Number(80)))

Targets and Target Groups

Application and Network Load Balancers organize load balancing targets in Target Groups. If you add your balancing targets (such as AutoScalingGroups, ECS services or individual instances) to your listener directly, the appropriate TargetGroup will be automatically created for you.

If you need more control over the Target Groups created, create an instance of ApplicationTargetGroup or NetworkTargetGroup, add the members you desire, and add it to the listener by calling addTargetGroups instead of addTargets.

addTargets() will always return the Target Group it just created for you:

var listener networkListener
var asg1 autoScalingGroup
var asg2 autoScalingGroup


group := listener.AddTargets(jsii.String("AppFleet"), &AddNetworkTargetsProps{
	Port: jsii.Number(443),
	Targets: []iNetworkLoadBalancerTarget{
		asg1,
	},
})

group.AddTarget(asg2)
Sticky sessions for your Application Load Balancer

By default, an Application Load Balancer routes each request independently to a registered target based on the chosen load-balancing algorithm. However, you can use the sticky session feature (also known as session affinity) to enable the load balancer to bind a user's session to a specific target. This ensures that all requests from the user during the session are sent to the same target. This feature is useful for servers that maintain state information in order to provide a continuous experience to clients. To use sticky sessions, the client must support cookies.

Application Load Balancers support both duration-based cookies (lb_cookie) and application-based cookies (app_cookie). The key to managing sticky sessions is determining how long your load balancer should consistently route the user's request to the same target. Sticky sessions are enabled at the target group level. You can use a combination of duration-based stickiness, application-based stickiness, and no stickiness across all of your target groups.

var vpc vpc


// Target group with duration-based stickiness with load-balancer generated cookie
tg1 := elbv2.NewApplicationTargetGroup(this, jsii.String("TG1"), &ApplicationTargetGroupProps{
	TargetType: elbv2.TargetType_INSTANCE,
	Port: jsii.Number(80),
	StickinessCookieDuration: awscdk.Duration_Minutes(jsii.Number(5)),
	Vpc: Vpc,
})

// Target group with application-based stickiness
tg2 := elbv2.NewApplicationTargetGroup(this, jsii.String("TG2"), &ApplicationTargetGroupProps{
	TargetType: elbv2.TargetType_INSTANCE,
	Port: jsii.Number(80),
	StickinessCookieDuration: awscdk.Duration_*Minutes(jsii.Number(5)),
	StickinessCookieName: jsii.String("MyDeliciousCookie"),
	Vpc: Vpc,
})
Slow start mode for your Application Load Balancer

By default, a target starts to receive its full share of requests as soon as it is registered with a target group and passes an initial health check. Using slow start mode gives targets time to warm up before the load balancer sends them a full share of requests.

After you enable slow start for a target group, its targets enter slow start mode when they are considered healthy by the target group. A target in slow start mode exits slow start mode when the configured slow start duration period elapses or the target becomes unhealthy. The load balancer linearly increases the number of requests that it can send to a target in slow start mode. After a healthy target exits slow start mode, the load balancer can send it a full share of requests.

The allowed range is 30-900 seconds (15 minutes). The default is 0 seconds (disabled).

var vpc vpc


// Target group with slow start mode enabled
tg := elbv2.NewApplicationTargetGroup(this, jsii.String("TG"), &ApplicationTargetGroupProps{
	TargetType: elbv2.TargetType_INSTANCE,
	SlowStart: awscdk.Duration_Seconds(jsii.Number(60)),
	Port: jsii.Number(80),
	Vpc: Vpc,
})

For more information see: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html#application-based-stickiness

Setting the target group protocol version

By default, Application Load Balancers send requests to targets using HTTP/1.1. You can use the protocol version to send requests to targets using HTTP/2 or gRPC.

var vpc vpc


tg := elbv2.NewApplicationTargetGroup(this, jsii.String("TG"), &ApplicationTargetGroupProps{
	TargetType: elbv2.TargetType_IP,
	Port: jsii.Number(50051),
	Protocol: elbv2.ApplicationProtocol_HTTP,
	ProtocolVersion: elbv2.ApplicationProtocolVersion_GRPC,
	HealthCheck: &HealthCheck{
		Enabled: jsii.Boolean(true),
		HealthyGrpcCodes: jsii.String("0-99"),
	},
	Vpc: Vpc,
})
Weighted random routing algorithms and automatic target weights for your Application Load Balancer

You can use the weighted_random routing algorithms by setting the loadBalancingAlgorithmType property.

When using this algorithm, Automatic Target Weights (ATW) anomaly mitigation can be used by setting enableAnomalyMitigation to true.

Also you can't use this algorithm with slow start mode.

For more information, see Routing algorithms and Automatic Target Weights (ATW).

var vpc vpc


tg := elbv2.NewApplicationTargetGroup(this, jsii.String("TargetGroup"), &ApplicationTargetGroupProps{
	Vpc: Vpc,
	LoadBalancingAlgorithmType: elbv2.TargetGroupLoadBalancingAlgorithmType_WEIGHTED_RANDOM,
	EnableAnomalyMitigation: jsii.Boolean(true),
})
Target Group level cross-zone load balancing setting for Application Load Balancers and Network Load Balancers

You can set cross-zone load balancing setting at the target group level by setting crossZone property.

If not specified, it will use the load balancer's configuration.

For more infomation, see How Elastic Load Balancing works.

var vpc vpc


targetGroup := elbv2.NewApplicationTargetGroup(this, jsii.String("TargetGroup"), &ApplicationTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,

	// Whether cross zone load balancing is enabled.
	CrossZoneEnabled: jsii.Boolean(true),
})
IP Address Type for Target Groups

You can set the IP address type for the target group by setting the ipAddressType property for both Application and Network target groups.

If you set the ipAddressType property to IPV6, the VPC for the target group must have an associated IPv6 CIDR block.

For more information, see IP address type for Network Load Balancers and Application Load Balancers.

var vpc vpc


ipv4ApplicationTargetGroup := elbv2.NewApplicationTargetGroup(this, jsii.String("IPv4ApplicationTargetGroup"), &ApplicationTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV4,
})

ipv6ApplicationTargetGroup := elbv2.NewApplicationTargetGroup(this, jsii.String("Ipv6ApplicationTargetGroup"), &ApplicationTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV6,
})

ipv4NetworkTargetGroup := elbv2.NewNetworkTargetGroup(this, jsii.String("IPv4NetworkTargetGroup"), &NetworkTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV4,
})

ipv6NetworkTargetGroup := elbv2.NewNetworkTargetGroup(this, jsii.String("Ipv6NetworkTargetGroup"), &NetworkTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV6,
})

Using Lambda Targets

To use a Lambda Function as a target, use the integration class in the aws-cdk-lib/aws-elasticloadbalancingv2-targets package:

import lambda "github.com/aws/aws-cdk-go/awscdk"
import targets "github.com/aws/aws-cdk-go/awscdk"

var lambdaFunction function
var lb applicationLoadBalancer


listener := lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(80),
})
listener.AddTargets(jsii.String("Targets"), &AddApplicationTargetsProps{
	Targets: []iApplicationLoadBalancerTarget{
		targets.NewLambdaTarget(lambdaFunction),
	},

	// For Lambda Targets, you need to explicitly enable health checks if you
	// want them.
	HealthCheck: &HealthCheck{
		Enabled: jsii.Boolean(true),
	},
})

Only a single Lambda function can be added to a single listener rule.

Using Application Load Balancer Targets

To use a single application load balancer as a target for the network load balancer, use the integration class in the aws-cdk-lib/aws-elasticloadbalancingv2-targets package:

import targets "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import patterns "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc


task := ecs.NewFargateTaskDefinition(this, jsii.String("Task"), &FargateTaskDefinitionProps{
	Cpu: jsii.Number(256),
	MemoryLimitMiB: jsii.Number(512),
})
task.AddContainer(jsii.String("nginx"), &ContainerDefinitionOptions{
	Image: ecs.ContainerImage_FromRegistry(jsii.String("public.ecr.aws/nginx/nginx:latest")),
	PortMappings: []portMapping{
		&portMapping{
			ContainerPort: jsii.Number(80),
		},
	},
})

svc := patterns.NewApplicationLoadBalancedFargateService(this, jsii.String("Service"), &ApplicationLoadBalancedFargateServiceProps{
	Vpc: Vpc,
	TaskDefinition: task,
	PublicLoadBalancer: jsii.Boolean(false),
})

nlb := elbv2.NewNetworkLoadBalancer(this, jsii.String("Nlb"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	CrossZoneEnabled: jsii.Boolean(true),
	InternetFacing: jsii.Boolean(true),
})

listener := nlb.AddListener(jsii.String("listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(80),
})

listener.AddTargets(jsii.String("Targets"), &AddNetworkTargetsProps{
	Targets: []iNetworkLoadBalancerTarget{
		targets.NewAlbListenerTarget(svc.Listener),
	},
	Port: jsii.Number(80),
})

awscdk.NewCfnOutput(this, jsii.String("NlbEndpoint"), &CfnOutputProps{
	Value: fmt.Sprintf("http://%v", nlb.LoadBalancerDnsName),
})

Only the network load balancer is allowed to add the application load balancer as the target.

Configuring Health Checks

Health checks are configured upon creation of a target group:

var listener applicationListener
var asg autoScalingGroup


listener.AddTargets(jsii.String("AppFleet"), &AddApplicationTargetsProps{
	Port: jsii.Number(8080),
	Targets: []iApplicationLoadBalancerTarget{
		asg,
	},
	HealthCheck: &HealthCheck{
		Path: jsii.String("/ping"),
		Interval: awscdk.Duration_Minutes(jsii.Number(1)),
	},
})

The health check can also be configured after creation by calling configureHealthCheck() on the created object.

No attempts are made to configure security groups for the port you're configuring a health check for, but if the health check is on the same port you're routing traffic to, the security group already allows the traffic. If not, you will have to configure the security groups appropriately:

var lb applicationLoadBalancer
var listener applicationListener
var asg autoScalingGroup


listener.AddTargets(jsii.String("AppFleet"), &AddApplicationTargetsProps{
	Port: jsii.Number(8080),
	Targets: []iApplicationLoadBalancerTarget{
		asg,
	},
	HealthCheck: &HealthCheck{
		Port: jsii.String("8088"),
	},
})

asg.connections.AllowFrom(lb, ec2.Port_Tcp(jsii.Number(8088)))

Using a Load Balancer from a different Stack

If you want to put your Load Balancer and the Targets it is load balancing to in different stacks, you may not be able to use the convenience methods loadBalancer.addListener() and listener.addTargets().

The reason is that these methods will create resources in the same Stack as the object they're called on, which may lead to cyclic references between stacks. Instead, you will have to create an ApplicationListener in the target stack, or an empty TargetGroup in the load balancer stack that you attach your service to.

For an example of the alternatives while load balancing to an ECS service, see the ecs/cross-stack-load-balancer example.

Protocol for Load Balancer Targets

Constructs that want to be a load balancer target should implement IApplicationLoadBalancerTarget and/or INetworkLoadBalancerTarget, and provide an implementation for the function attachToXxxTargetGroup(), which can call functions on the load balancer and should return metadata about the load balancing target:

type myTarget struct {
}

func (this *myTarget) attachToApplicationTargetGroup(targetGroup applicationTargetGroup) loadBalancerTargetProps {
	// If we need to add security group rules
	// targetGroup.registerConnectable(...);
	return &loadBalancerTargetProps{
		TargetType: elbv2.TargetType_IP,
		TargetJson: map[string]interface{}{
			"id": jsii.String("1.2.3.4"),
			"port": jsii.Number(8080),
		},
	}
}

targetType should be one of Instance or Ip. If the target can be directly added to the target group, targetJson should contain the id of the target (either instance ID or IP address depending on the type) and optionally a port or availabilityZone override.

Application load balancer targets can call registerConnectable() on the target group to register themselves for addition to the load balancer's security group rules.

If your load balancer target requires that the TargetGroup has been associated with a LoadBalancer before registration can happen (such as is the case for ECS Services for example), take a resource dependency on targetGroup.loadBalancerAttached as follows:

var resource resource
var targetGroup applicationTargetGroup


// Make sure that the listener has been created, and so the TargetGroup
// has been associated with the LoadBalancer, before 'resource' is created.

constructs.Node_Of(resource).AddDependency(targetGroup.loadBalancerAttached)

Looking up Load Balancers and Listeners

You may look up load balancers and load balancer listeners by using one of the following lookup methods:

  • ApplicationLoadBalancer.fromlookup(options) - Look up an application load balancer.
  • ApplicationListener.fromLookup(options) - Look up an application load balancer listener.
  • NetworkLoadBalancer.fromLookup(options) - Look up a network load balancer.
  • NetworkListener.fromLookup(options) - Look up a network load balancer listener.
Load Balancer lookup options

You may look up a load balancer by ARN or by associated tags. When you look a load balancer up by ARN, that load balancer will be returned unless CDK detects that the load balancer is of the wrong type. When you look up a load balancer by tags, CDK will return the load balancer matching all specified tags. If more than one load balancer matches, CDK will throw an error requesting that you provide more specific criteria.

Look up a Application Load Balancer by ARN

loadBalancer := elbv2.ApplicationLoadBalancer_FromLookup(this, jsii.String("ALB"), &ApplicationLoadBalancerLookupOptions{
	LoadBalancerArn: jsii.String("arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/app/my-load-balancer/1234567890123456"),
})

Look up an Application Load Balancer by tags

loadBalancer := elbv2.ApplicationLoadBalancer_FromLookup(this, jsii.String("ALB"), &ApplicationLoadBalancerLookupOptions{
	LoadBalancerTags: map[string]*string{
		// Finds a load balancer matching all tags.
		"some": jsii.String("tag"),
		"someother": jsii.String("tag"),
	},
})

Load Balancer Listener lookup options

You may look up a load balancer listener by the following criteria:

  • Associated load balancer ARN
  • Associated load balancer tags
  • Listener ARN
  • Listener port
  • Listener protocol

The lookup method will return the matching listener. If more than one listener matches, CDK will throw an error requesting that you specify additional criteria.

Look up a Listener by associated Load Balancer, Port, and Protocol

listener := elbv2.ApplicationListener_FromLookup(this, jsii.String("ALBListener"), &ApplicationListenerLookupOptions{
	LoadBalancerArn: jsii.String("arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/app/my-load-balancer/1234567890123456"),
	ListenerProtocol: elbv2.ApplicationProtocol_HTTPS,
	ListenerPort: jsii.Number(443),
})

Look up a Listener by associated Load Balancer Tag, Port, and Protocol

listener := elbv2.ApplicationListener_FromLookup(this, jsii.String("ALBListener"), &ApplicationListenerLookupOptions{
	LoadBalancerTags: map[string]*string{
		"Cluster": jsii.String("MyClusterName"),
	},
	ListenerProtocol: elbv2.ApplicationProtocol_HTTPS,
	ListenerPort: jsii.Number(443),
})

Look up a Network Listener by associated Load Balancer Tag, Port, and Protocol

listener := elbv2.NetworkListener_FromLookup(this, jsii.String("ALBListener"), &NetworkListenerLookupOptions{
	LoadBalancerTags: map[string]*string{
		"Cluster": jsii.String("MyClusterName"),
	},
	ListenerProtocol: elbv2.Protocol_TCP,
	ListenerPort: jsii.Number(12345),
})

Metrics

You may create metrics for Load Balancers and Target Groups through the metrics attribute:

Load Balancer:

var alb iApplicationLoadBalancer


albMetrics := alb.Metrics
metricConnectionCount := albMetrics.ActiveConnectionCount()

Target Group:

var targetGroup iApplicationTargetGroup


targetGroupMetrics := targetGroup.Metrics
metricHealthyHostCount := targetGroupMetrics.HealthyHostCount()

Metrics are also available to imported resources:

var stack stack


targetGroup := elbv2.ApplicationTargetGroup_FromTargetGroupAttributes(this, jsii.String("MyTargetGroup"), &TargetGroupAttributes{
	TargetGroupArn: awscdk.Fn_ImportValue(jsii.String("TargetGroupArn")),
	LoadBalancerArns: awscdk.Fn_*ImportValue(jsii.String("LoadBalancerArn")),
})

targetGroupMetrics := targetGroup.Metrics

Notice that TargetGroups must be imported by supplying the Load Balancer too, otherwise accessing the metrics will throw an error:

var stack stack

targetGroup := elbv2.ApplicationTargetGroup_FromTargetGroupAttributes(this, jsii.String("MyTargetGroup"), &TargetGroupAttributes{
	TargetGroupArn: awscdk.Fn_ImportValue(jsii.String("TargetGroupArn")),
})

targetGroupMetrics := targetGroup.Metrics

logicalIds on ExternalApplicationListener.addTargetGroups() and .addAction()

By default, the addTargetGroups() method does not follow the standard behavior of adding a Rule suffix to the logicalId of the ListenerRule it creates. If you are deploying new ListenerRules using addTargetGroups() the recommendation is to set the removeRuleSuffixFromLogicalId: false property. If you have ListenerRules deployed using the legacy behavior of addTargetGroups(), which you need to switch over to being managed by the addAction() method, then you will need to enable the removeRuleSuffixFromLogicalId: true property in the addAction() method.

ListenerRules have a unique priority for a given Listener. Because the priority must be unique, CloudFormation will always fail when creating a new ListenerRule to replace the existing one, unless you change the priority as well as the logicalId.

Configuring Mutual authentication with TLS in Application Load Balancer

You can configure Mutual authentication with TLS (mTLS) for Application Load Balancer.

To set mTLS, you must create an instance of TrustStore and set it to ApplicationListener.

For more information, see Mutual authentication with TLS in Application Load Balancer

import acm "github.com/aws/aws-cdk-go/awscdk"

var certificate certificate
var lb applicationLoadBalancer
var bucket bucket


trustStore := elbv2.NewTrustStore(this, jsii.String("Store"), &TrustStoreProps{
	Bucket: Bucket,
	Key: jsii.String("rootCA_cert.pem"),
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Protocol: elbv2.ApplicationProtocol_HTTPS,
	Certificates: []iListenerCertificate{
		certificate,
	},
	// mTLS settings
	MutualAuthentication: &MutualAuthentication{
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		MutualAuthenticationMode: elbv2.MutualAuthenticationMode_VERIFY,
		TrustStore: *TrustStore,
	},
	DefaultAction: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("Success mTLS"),
	}),
})

Optionally, you can create a certificate revocation list for a trust store by creating an instance of TrustStoreRevocation.

var trustStore trustStore
var bucket bucket


elbv2.NewTrustStoreRevocation(this, jsii.String("Revocation"), &TrustStoreRevocationProps{
	TrustStore: TrustStore,
	RevocationContents: []revocationContent{
		&revocationContent{
			RevocationType: elbv2.RevocationType_CRL,
			Bucket: *Bucket,
			Key: jsii.String("crl.pem"),
		},
	},
})

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplicationListenerCertificate_IsConstruct

func ApplicationListenerCertificate_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ApplicationListenerRule_IsConstruct

func ApplicationListenerRule_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ApplicationListener_IsConstruct

func ApplicationListener_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ApplicationListener_IsOwnedResource added in v2.32.0

func ApplicationListener_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func ApplicationListener_IsResource

func ApplicationListener_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func ApplicationLoadBalancer_IsConstruct

func ApplicationLoadBalancer_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func ApplicationLoadBalancer_IsOwnedResource added in v2.32.0

func ApplicationLoadBalancer_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func ApplicationLoadBalancer_IsResource

func ApplicationLoadBalancer_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func ApplicationTargetGroup_IsConstruct

func ApplicationTargetGroup_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func BaseListener_IsConstruct

func BaseListener_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func BaseListener_IsOwnedResource added in v2.32.0

func BaseListener_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func BaseListener_IsResource

func BaseListener_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func BaseLoadBalancer_IsConstruct

func BaseLoadBalancer_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func BaseLoadBalancer_IsOwnedResource added in v2.32.0

func BaseLoadBalancer_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func BaseLoadBalancer_IsResource

func BaseLoadBalancer_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func CfnListenerCertificate_CFN_RESOURCE_TYPE_NAME

func CfnListenerCertificate_CFN_RESOURCE_TYPE_NAME() *string

func CfnListenerCertificate_IsCfnElement

func CfnListenerCertificate_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnListenerCertificate_IsCfnResource

func CfnListenerCertificate_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnListenerCertificate_IsConstruct

func CfnListenerCertificate_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnListenerRule_CFN_RESOURCE_TYPE_NAME

func CfnListenerRule_CFN_RESOURCE_TYPE_NAME() *string

func CfnListenerRule_IsCfnElement

func CfnListenerRule_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnListenerRule_IsCfnResource

func CfnListenerRule_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnListenerRule_IsConstruct

func CfnListenerRule_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnListener_CFN_RESOURCE_TYPE_NAME

func CfnListener_CFN_RESOURCE_TYPE_NAME() *string

func CfnListener_IsCfnElement

func CfnListener_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnListener_IsCfnResource

func CfnListener_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnListener_IsConstruct

func CfnListener_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnLoadBalancer_CFN_RESOURCE_TYPE_NAME

func CfnLoadBalancer_CFN_RESOURCE_TYPE_NAME() *string

func CfnLoadBalancer_IsCfnElement

func CfnLoadBalancer_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnLoadBalancer_IsCfnResource

func CfnLoadBalancer_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnLoadBalancer_IsConstruct

func CfnLoadBalancer_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnTargetGroup_CFN_RESOURCE_TYPE_NAME

func CfnTargetGroup_CFN_RESOURCE_TYPE_NAME() *string

func CfnTargetGroup_IsCfnElement

func CfnTargetGroup_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnTargetGroup_IsCfnResource

func CfnTargetGroup_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnTargetGroup_IsConstruct

func CfnTargetGroup_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnTrustStoreRevocation_CFN_RESOURCE_TYPE_NAME added in v2.112.0

func CfnTrustStoreRevocation_CFN_RESOURCE_TYPE_NAME() *string

func CfnTrustStoreRevocation_IsCfnElement added in v2.112.0

func CfnTrustStoreRevocation_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnTrustStoreRevocation_IsCfnResource added in v2.112.0

func CfnTrustStoreRevocation_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnTrustStoreRevocation_IsConstruct added in v2.112.0

func CfnTrustStoreRevocation_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func CfnTrustStore_CFN_RESOURCE_TYPE_NAME added in v2.112.0

func CfnTrustStore_CFN_RESOURCE_TYPE_NAME() *string

func CfnTrustStore_IsCfnElement added in v2.112.0

func CfnTrustStore_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element.

func CfnTrustStore_IsCfnResource added in v2.112.0

func CfnTrustStore_IsCfnResource(x interface{}) *bool

Check whether the given object is a CfnResource.

func CfnTrustStore_IsConstruct added in v2.112.0

func CfnTrustStore_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func NetworkListener_IsConstruct

func NetworkListener_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func NetworkListener_IsOwnedResource added in v2.32.0

func NetworkListener_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func NetworkListener_IsResource

func NetworkListener_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func NetworkLoadBalancer_IsConstruct

func NetworkLoadBalancer_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func NetworkLoadBalancer_IsOwnedResource added in v2.32.0

func NetworkLoadBalancer_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func NetworkLoadBalancer_IsResource

func NetworkLoadBalancer_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func NetworkTargetGroup_IsConstruct

func NetworkTargetGroup_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func NewApplicationListenerCertificate_Override

func NewApplicationListenerCertificate_Override(a ApplicationListenerCertificate, scope constructs.Construct, id *string, props *ApplicationListenerCertificateProps)

func NewApplicationListenerRule_Override

func NewApplicationListenerRule_Override(a ApplicationListenerRule, scope constructs.Construct, id *string, props *ApplicationListenerRuleProps)

func NewApplicationListener_Override

func NewApplicationListener_Override(a ApplicationListener, scope constructs.Construct, id *string, props *ApplicationListenerProps)

func NewApplicationLoadBalancer_Override

func NewApplicationLoadBalancer_Override(a ApplicationLoadBalancer, scope constructs.Construct, id *string, props *ApplicationLoadBalancerProps)

func NewApplicationTargetGroup_Override

func NewApplicationTargetGroup_Override(a ApplicationTargetGroup, scope constructs.Construct, id *string, props *ApplicationTargetGroupProps)

func NewBaseListener_Override

func NewBaseListener_Override(b BaseListener, scope constructs.Construct, id *string, additionalProps interface{})

func NewBaseLoadBalancer_Override

func NewBaseLoadBalancer_Override(b BaseLoadBalancer, scope constructs.Construct, id *string, baseProps *BaseLoadBalancerProps, additionalProps interface{})

func NewCfnListenerCertificate_Override

func NewCfnListenerCertificate_Override(c CfnListenerCertificate, scope constructs.Construct, id *string, props *CfnListenerCertificateProps)

func NewCfnListenerRule_Override

func NewCfnListenerRule_Override(c CfnListenerRule, scope constructs.Construct, id *string, props *CfnListenerRuleProps)

func NewCfnListener_Override

func NewCfnListener_Override(c CfnListener, scope constructs.Construct, id *string, props *CfnListenerProps)

func NewCfnLoadBalancer_Override

func NewCfnLoadBalancer_Override(c CfnLoadBalancer, scope constructs.Construct, id *string, props *CfnLoadBalancerProps)

func NewCfnTargetGroup_Override

func NewCfnTargetGroup_Override(c CfnTargetGroup, scope constructs.Construct, id *string, props *CfnTargetGroupProps)

func NewCfnTrustStoreRevocation_Override added in v2.112.0

func NewCfnTrustStoreRevocation_Override(c CfnTrustStoreRevocation, scope constructs.Construct, id *string, props *CfnTrustStoreRevocationProps)

func NewCfnTrustStore_Override added in v2.112.0

func NewCfnTrustStore_Override(c CfnTrustStore, scope constructs.Construct, id *string, props *CfnTrustStoreProps)

func NewListenerAction_Override

func NewListenerAction_Override(l ListenerAction, defaultActionJson *CfnListener_ActionProperty, next ListenerAction)

Create an instance of ListenerAction.

The default class should be good enough for most cases and should be created by using one of the static factory functions, but allow overriding to make sure we allow flexibility for the future.

func NewListenerCertificate_Override

func NewListenerCertificate_Override(l ListenerCertificate, certificateArn *string)

func NewListenerCondition_Override

func NewListenerCondition_Override(l ListenerCondition)

func NewNetworkListenerAction_Override

func NewNetworkListenerAction_Override(n NetworkListenerAction, defaultActionJson *CfnListener_ActionProperty, next NetworkListenerAction)

Create an instance of NetworkListenerAction.

The default class should be good enough for most cases and should be created by using one of the static factory functions, but allow overriding to make sure we allow flexibility for the future.

func NewNetworkListener_Override

func NewNetworkListener_Override(n NetworkListener, scope constructs.Construct, id *string, props *NetworkListenerProps)

func NewNetworkLoadBalancer_Override

func NewNetworkLoadBalancer_Override(n NetworkLoadBalancer, scope constructs.Construct, id *string, props *NetworkLoadBalancerProps)

func NewNetworkTargetGroup_Override

func NewNetworkTargetGroup_Override(n NetworkTargetGroup, scope constructs.Construct, id *string, props *NetworkTargetGroupProps)

func NewTargetGroupBase_Override

func NewTargetGroupBase_Override(t TargetGroupBase, scope constructs.Construct, id *string, baseProps *BaseTargetGroupProps, additionalProps interface{})

func NewTrustStoreRevocation_Override added in v2.154.0

func NewTrustStoreRevocation_Override(t TrustStoreRevocation, scope constructs.Construct, id *string, props *TrustStoreRevocationProps)

func NewTrustStore_Override added in v2.154.0

func NewTrustStore_Override(t TrustStore, scope constructs.Construct, id *string, props *TrustStoreProps)

func TargetGroupBase_IsConstruct

func TargetGroupBase_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func TrustStoreRevocation_IsConstruct added in v2.154.0

func TrustStoreRevocation_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func TrustStoreRevocation_IsOwnedResource added in v2.154.0

func TrustStoreRevocation_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func TrustStoreRevocation_IsResource added in v2.154.0

func TrustStoreRevocation_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

func TrustStore_IsConstruct added in v2.154.0

func TrustStore_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Use this method instead of `instanceof` to properly detect `Construct` instances, even when the construct library is symlinked.

Explanation: in JavaScript, multiple copies of the `constructs` library on disk are seen as independent, completely different libraries. As a consequence, the class `Construct` in each copy of the `constructs` library is seen as a different class, and an instance of one class will not test as `instanceof` the other class. `npm install` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the `constructs` library can be accidentally installed, and `instanceof` will behave unpredictably. It is safest to avoid using `instanceof`, and using this type-testing method instead.

Returns: true if `x` is an object created from a class which extends `Construct`.

func TrustStore_IsOwnedResource added in v2.154.0

func TrustStore_IsOwnedResource(construct constructs.IConstruct) *bool

Returns true if the construct was created by CDK, and false otherwise.

func TrustStore_IsResource added in v2.154.0

func TrustStore_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource.

Types

type AddApplicationActionProps

type AddApplicationActionProps struct {
	// Rule applies if matches the conditions.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
	//
	// Default: - No conditions.
	//
	Conditions *[]ListenerCondition `field:"optional" json:"conditions" yaml:"conditions"`
	// Priority of this target group.
	//
	// The rule with the lowest priority will be used for every request.
	// If priority is not given, these target groups will be added as
	// defaults, and must not have conditions.
	//
	// Priorities must be unique.
	// Default: Target groups are used as defaults.
	//
	Priority *float64 `field:"optional" json:"priority" yaml:"priority"`
	// Action to perform.
	Action ListenerAction `field:"required" json:"action" yaml:"action"`
	// `ListenerRule`s have a `Rule` suffix on their logicalId by default. This allows you to remove that suffix.
	//
	// Legacy behavior of the `addTargetGroups()` convenience method did not include the `Rule` suffix on the logicalId of the generated `ListenerRule`.
	// At some point, increasing complexity of requirements can require users to switch from the `addTargetGroups()` method
	// to the `addAction()` method.
	// When migrating `ListenerRule`s deployed by a legacy version of `addTargetGroups()`,
	// you will need to enable this flag to avoid changing the logicalId of your resource.
	// Otherwise Cfn will attempt to replace the `ListenerRule` and fail.
	// Default: - use standard logicalId with the `Rule` suffix.
	//
	RemoveSuffix *bool `field:"optional" json:"removeSuffix" yaml:"removeSuffix"`
}

Properties for adding a new action to a listener.

Example:

var listener applicationListener

listener.AddAction(jsii.String("Fixed"), &AddApplicationActionProps{
	Priority: jsii.Number(10),
	Conditions: []listenerCondition{
		elbv2.*listenerCondition_PathPatterns([]*string{
			jsii.String("/ok"),
		}),
	},
	Action: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("OK"),
	}),
})

type AddApplicationTargetGroupsProps

type AddApplicationTargetGroupsProps struct {
	// Rule applies if matches the conditions.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
	//
	// Default: - No conditions.
	//
	Conditions *[]ListenerCondition `field:"optional" json:"conditions" yaml:"conditions"`
	// Priority of this target group.
	//
	// The rule with the lowest priority will be used for every request.
	// If priority is not given, these target groups will be added as
	// defaults, and must not have conditions.
	//
	// Priorities must be unique.
	// Default: Target groups are used as defaults.
	//
	Priority *float64 `field:"optional" json:"priority" yaml:"priority"`
	// Target groups to forward requests to.
	TargetGroups *[]IApplicationTargetGroup `field:"required" json:"targetGroups" yaml:"targetGroups"`
}

Properties for adding a new target group to a listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var applicationTargetGroup applicationTargetGroup
var listenerCondition listenerCondition

addApplicationTargetGroupsProps := &AddApplicationTargetGroupsProps{
	TargetGroups: []iApplicationTargetGroup{
		applicationTargetGroup,
	},

	// the properties below are optional
	Conditions: []*listenerCondition{
		listenerCondition,
	},
	Priority: jsii.Number(123),
}

type AddApplicationTargetsProps

type AddApplicationTargetsProps struct {
	// Rule applies if matches the conditions.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
	//
	// Default: - No conditions.
	//
	Conditions *[]ListenerCondition `field:"optional" json:"conditions" yaml:"conditions"`
	// Priority of this target group.
	//
	// The rule with the lowest priority will be used for every request.
	// If priority is not given, these target groups will be added as
	// defaults, and must not have conditions.
	//
	// Priorities must be unique.
	// Default: Target groups are used as defaults.
	//
	Priority *float64 `field:"optional" json:"priority" yaml:"priority"`
	// The amount of time for Elastic Load Balancing to wait before deregistering a target.
	//
	// The range is 0-3600 seconds.
	// Default: Duration.minutes(5)
	//
	DeregistrationDelay awscdk.Duration `field:"optional" json:"deregistrationDelay" yaml:"deregistrationDelay"`
	// Indicates whether anomaly mitigation is enabled.
	//
	// Only available when `loadBalancingAlgorithmType` is `TargetGroupLoadBalancingAlgorithmType.WEIGHTED_RANDOM`
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#automatic-target-weights
	//
	// Default: false.
	//
	EnableAnomalyMitigation *bool `field:"optional" json:"enableAnomalyMitigation" yaml:"enableAnomalyMitigation"`
	// Health check configuration.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#aws-resource-elasticloadbalancingv2-targetgroup-properties
	//
	// Default: - The default value for each property in this configuration varies depending on the target.
	//
	HealthCheck *HealthCheck `field:"optional" json:"healthCheck" yaml:"healthCheck"`
	// The load balancing algorithm to select targets for routing requests.
	// Default: round_robin.
	//
	LoadBalancingAlgorithmType TargetGroupLoadBalancingAlgorithmType `field:"optional" json:"loadBalancingAlgorithmType" yaml:"loadBalancingAlgorithmType"`
	// The port on which the listener listens for requests.
	// Default: Determined from protocol if known.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// The protocol to use.
	// Default: Determined from port if known.
	//
	Protocol ApplicationProtocol `field:"optional" json:"protocol" yaml:"protocol"`
	// The protocol version to use.
	// Default: ApplicationProtocolVersion.HTTP1
	//
	ProtocolVersion ApplicationProtocolVersion `field:"optional" json:"protocolVersion" yaml:"protocolVersion"`
	// The time period during which the load balancer sends a newly registered target a linearly increasing share of the traffic to the target group.
	//
	// The range is 30-900 seconds (15 minutes).
	// Default: 0.
	//
	SlowStart awscdk.Duration `field:"optional" json:"slowStart" yaml:"slowStart"`
	// The stickiness cookie expiration period.
	//
	// Setting this value enables load balancer stickiness.
	//
	// After this period, the cookie is considered stale. The minimum value is
	// 1 second and the maximum value is 7 days (604800 seconds).
	// Default: Stickiness disabled.
	//
	StickinessCookieDuration awscdk.Duration `field:"optional" json:"stickinessCookieDuration" yaml:"stickinessCookieDuration"`
	// The name of an application-based stickiness cookie.
	//
	// Names that start with the following prefixes are not allowed: AWSALB, AWSALBAPP,
	// and AWSALBTG; they're reserved for use by the load balancer.
	//
	// Note: `stickinessCookieName` parameter depends on the presence of `stickinessCookieDuration` parameter.
	// If `stickinessCookieDuration` is not set, `stickinessCookieName` will be omitted.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html
	//
	// Default: - If `stickinessCookieDuration` is set, a load-balancer generated cookie is used. Otherwise, no stickiness is defined.
	//
	StickinessCookieName *string `field:"optional" json:"stickinessCookieName" yaml:"stickinessCookieName"`
	// The name of the target group.
	//
	// This name must be unique per region per account, can have a maximum of
	// 32 characters, must contain only alphanumeric characters or hyphens, and
	// must not begin or end with a hyphen.
	// Default: Automatically generated.
	//
	TargetGroupName *string `field:"optional" json:"targetGroupName" yaml:"targetGroupName"`
	// The targets to add to this target group.
	//
	// Can be `Instance`, `IPAddress`, or any self-registering load balancing
	// target. All target must be of the same type.
	Targets *[]IApplicationLoadBalancerTarget `field:"optional" json:"targets" yaml:"targets"`
}

Properties for adding new targets to a listener.

Example:

import "github.com/aws/aws-cdk-go/awscdk"
var asg autoScalingGroup
var vpc vpc

// Create the load balancer in a VPC. 'internetFacing' is 'false'
// by default, which creates an internal load balancer.
lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
})

// Add a listener and open up the load balancer's security group
// to the world.
listener := lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(80),

	// 'open: true' is the default, you can leave it out if you want. Set it
	// to 'false' and use `listener.connections` if you want to be selective
	// about who can access the load balancer.
	Open: jsii.Boolean(true),
})

// Create an AutoScaling group and add it as a load balancing
// target to the listener.
listener.AddTargets(jsii.String("ApplicationFleet"), &AddApplicationTargetsProps{
	Port: jsii.Number(8080),
	Targets: []iApplicationLoadBalancerTarget{
		asg,
	},
})

type AddNetworkActionProps

type AddNetworkActionProps struct {
	// Action to perform.
	Action NetworkListenerAction `field:"required" json:"action" yaml:"action"`
}

Properties for adding a new action to a listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var networkListenerAction networkListenerAction

addNetworkActionProps := &AddNetworkActionProps{
	Action: networkListenerAction,
}

type AddNetworkTargetsProps

type AddNetworkTargetsProps struct {
	// The port on which the target receives traffic.
	// Default: Determined from protocol if known.
	//
	Port *float64 `field:"required" json:"port" yaml:"port"`
	// The amount of time for Elastic Load Balancing to wait before deregistering a target.
	//
	// The range is 0-3600 seconds.
	// Default: Duration.minutes(5)
	//
	DeregistrationDelay awscdk.Duration `field:"optional" json:"deregistrationDelay" yaml:"deregistrationDelay"`
	// Health check configuration.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#aws-resource-elasticloadbalancingv2-targetgroup-properties
	//
	// Default: - The default value for each property in this configuration varies depending on the target.
	//
	HealthCheck *HealthCheck `field:"optional" json:"healthCheck" yaml:"healthCheck"`
	// Indicates whether client IP preservation is enabled.
	// Default: false if the target group type is IP address and the
	// target group protocol is TCP or TLS. Otherwise, true.
	//
	PreserveClientIp *bool `field:"optional" json:"preserveClientIp" yaml:"preserveClientIp"`
	// Protocol for target group, expects TCP, TLS, UDP, or TCP_UDP.
	// Default: - inherits the protocol of the listener.
	//
	Protocol Protocol `field:"optional" json:"protocol" yaml:"protocol"`
	// Indicates whether Proxy Protocol version 2 is enabled.
	// Default: false.
	//
	ProxyProtocolV2 *bool `field:"optional" json:"proxyProtocolV2" yaml:"proxyProtocolV2"`
	// The name of the target group.
	//
	// This name must be unique per region per account, can have a maximum of
	// 32 characters, must contain only alphanumeric characters or hyphens, and
	// must not begin or end with a hyphen.
	// Default: Automatically generated.
	//
	TargetGroupName *string `field:"optional" json:"targetGroupName" yaml:"targetGroupName"`
	// The targets to add to this target group.
	//
	// Can be `Instance`, `IPAddress`, or any self-registering load balancing
	// target. If you use either `Instance` or `IPAddress` as targets, all
	// target must be of the same type.
	Targets *[]INetworkLoadBalancerTarget `field:"optional" json:"targets" yaml:"targets"`
}

Properties for adding new network targets to a listener.

Example:

var vpc vpc
var asg autoScalingGroup
var sg1 iSecurityGroup
var sg2 iSecurityGroup

// Create the load balancer in a VPC. 'internetFacing' is 'false'
// by default, which creates an internal load balancer.
lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
	SecurityGroups: []*iSecurityGroup{
		sg1,
	},
})
lb.AddSecurityGroup(sg2)

// Add a listener on a particular port.
listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(443),
})

// Add targets on a particular port.
listener.AddTargets(jsii.String("AppFleet"), &AddNetworkTargetsProps{
	Port: jsii.Number(443),
	Targets: []iNetworkLoadBalancerTarget{
		asg,
	},
})

type AddRuleProps

type AddRuleProps struct {
	// Rule applies if matches the conditions.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
	//
	// Default: - No conditions.
	//
	Conditions *[]ListenerCondition `field:"optional" json:"conditions" yaml:"conditions"`
	// Priority of this target group.
	//
	// The rule with the lowest priority will be used for every request.
	// If priority is not given, these target groups will be added as
	// defaults, and must not have conditions.
	//
	// Priorities must be unique.
	// Default: Target groups are used as defaults.
	//
	Priority *float64 `field:"optional" json:"priority" yaml:"priority"`
}

Properties for adding a conditional load balancing rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var listenerCondition listenerCondition

addRuleProps := &AddRuleProps{
	Conditions: []*listenerCondition{
		listenerCondition,
	},
	Priority: jsii.Number(123),
}

type AlpnPolicy

type AlpnPolicy string

Application-Layer Protocol Negotiation Policies for network load balancers.

Which protocols should be used over a secure connection.

const (
	// Negotiate only HTTP/1.*. The ALPN preference list is http/1.1, http/1.0.
	AlpnPolicy_HTTP1_ONLY AlpnPolicy = "HTTP1_ONLY"
	// Negotiate only HTTP/2.
	//
	// The ALPN preference list is h2.
	AlpnPolicy_HTTP2_ONLY AlpnPolicy = "HTTP2_ONLY"
	// Prefer HTTP/1.* over HTTP/2 (which can be useful for HTTP/2 testing). The ALPN preference list is http/1.1, http/1.0, h2.
	AlpnPolicy_HTTP2_OPTIONAL AlpnPolicy = "HTTP2_OPTIONAL"
	// Prefer HTTP/2 over HTTP/1.*. The ALPN preference list is h2, http/1.1, http/1.0.
	AlpnPolicy_HTTP2_PREFERRED AlpnPolicy = "HTTP2_PREFERRED"
	// Do not negotiate ALPN.
	AlpnPolicy_NONE AlpnPolicy = "NONE"
)

type ApplicationListener

type ApplicationListener interface {
	BaseListener
	IApplicationListener
	// Manage connections to this ApplicationListener.
	Connections() awsec2.Connections
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// ARN of the listener.
	ListenerArn() *string
	// Load balancer this listener is associated with.
	LoadBalancer() IApplicationLoadBalancer
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The port of the listener.
	Port() *float64
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Perform the given default action on incoming requests.
	//
	// This allows full control of the default action of the load balancer,
	// including Action chaining, fixed responses and redirect responses. See
	// the `ListenerAction` class for all options.
	//
	// It's possible to add routing conditions to the Action added in this way.
	// At least one Action must be added without conditions (which becomes the
	// default Action).
	AddAction(id *string, props *AddApplicationActionProps)
	// Add one or more certificates to this listener.
	//
	// After the first certificate, this creates ApplicationListenerCertificates
	// resources since cloudformation requires the certificates array on the
	// listener resource to have a length of 1.
	AddCertificates(id *string, certificates *[]IListenerCertificate)
	// Load balance incoming requests to the given target groups.
	//
	// All target groups will be load balanced to with equal weight and without
	// stickiness. For a more complex configuration than that, use `addAction()`.
	//
	// It's possible to add routing conditions to the TargetGroups added in this
	// way. At least one TargetGroup must be added without conditions (which will
	// become the default Action for this listener).
	AddTargetGroups(id *string, props *AddApplicationTargetGroupsProps)
	// Load balance incoming requests to the given load balancing targets.
	//
	// This method implicitly creates an ApplicationTargetGroup for the targets
	// involved, and a 'forward' action to route traffic to the given TargetGroup.
	//
	// If you want more control over the precise setup, create the TargetGroup
	// and use `addAction` yourself.
	//
	// It's possible to add conditions to the targets added in this way. At least
	// one set of targets must be added without conditions.
	//
	// Returns: The newly created target group.
	AddTargets(id *string, props *AddApplicationTargetsProps) ApplicationTargetGroup
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Register that a connectable that has been added to this load balancer.
	//
	// Don't call this directly. It is called by ApplicationTargetGroup.
	RegisterConnectable(connectable awsec2.IConnectable, portRange awsec2.Port)
	// Remove an attribute from the listener.
	RemoveAttribute(key *string)
	// Set a non-standard attribute on the listener.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html
	//
	SetAttribute(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
	// Validate this listener.
	ValidateListener() *[]*string
}

Define an ApplicationListener.

Example:

import "github.com/aws/aws-cdk-go/awscdk"
var asg autoScalingGroup
var vpc vpc

// Create the load balancer in a VPC. 'internetFacing' is 'false'
// by default, which creates an internal load balancer.
lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
})

// Add a listener and open up the load balancer's security group
// to the world.
listener := lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(80),

	// 'open: true' is the default, you can leave it out if you want. Set it
	// to 'false' and use `listener.connections` if you want to be selective
	// about who can access the load balancer.
	Open: jsii.Boolean(true),
})

// Create an AutoScaling group and add it as a load balancing
// target to the listener.
listener.AddTargets(jsii.String("ApplicationFleet"), &AddApplicationTargetsProps{
	Port: jsii.Number(8080),
	Targets: []iApplicationLoadBalancerTarget{
		asg,
	},
})

func NewApplicationListener

func NewApplicationListener(scope constructs.Construct, id *string, props *ApplicationListenerProps) ApplicationListener

type ApplicationListenerAttributes

type ApplicationListenerAttributes struct {
	// ARN of the listener.
	ListenerArn *string `field:"required" json:"listenerArn" yaml:"listenerArn"`
	// Security group of the load balancer this listener is associated with.
	SecurityGroup awsec2.ISecurityGroup `field:"required" json:"securityGroup" yaml:"securityGroup"`
	// The default port on which this listener is listening.
	DefaultPort *float64 `field:"optional" json:"defaultPort" yaml:"defaultPort"`
}

Properties to reference an existing listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var securityGroup securityGroup

applicationListenerAttributes := &ApplicationListenerAttributes{
	ListenerArn: jsii.String("listenerArn"),
	SecurityGroup: securityGroup,

	// the properties below are optional
	DefaultPort: jsii.Number(123),
}

type ApplicationListenerCertificate

type ApplicationListenerCertificate interface {
	constructs.Construct
	// The tree node.
	Node() constructs.Node
	// Returns a string representation of this construct.
	ToString() *string
}

Add certificates to a listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var applicationListener applicationListener
var listenerCertificate listenerCertificate

applicationListenerCertificate := awscdk.Aws_elasticloadbalancingv2.NewApplicationListenerCertificate(this, jsii.String("MyApplicationListenerCertificate"), &ApplicationListenerCertificateProps{
	Listener: applicationListener,

	// the properties below are optional
	Certificates: []iListenerCertificate{
		listenerCertificate,
	},
})

func NewApplicationListenerCertificate

func NewApplicationListenerCertificate(scope constructs.Construct, id *string, props *ApplicationListenerCertificateProps) ApplicationListenerCertificate

type ApplicationListenerCertificateProps

type ApplicationListenerCertificateProps struct {
	// The listener to attach the rule to.
	Listener IApplicationListener `field:"required" json:"listener" yaml:"listener"`
	// Certificates to attach.
	//
	// Duplicates are not allowed.
	// Default: - One of 'certificates' and 'certificateArns' is required.
	//
	Certificates *[]IListenerCertificate `field:"optional" json:"certificates" yaml:"certificates"`
}

Properties for adding a set of certificates to a listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var applicationListener applicationListener
var listenerCertificate listenerCertificate

applicationListenerCertificateProps := &ApplicationListenerCertificateProps{
	Listener: applicationListener,

	// the properties below are optional
	Certificates: []iListenerCertificate{
		listenerCertificate,
	},
}

type ApplicationListenerLookupOptions

type ApplicationListenerLookupOptions struct {
	// Filter listeners by listener port.
	// Default: - does not filter by listener port.
	//
	ListenerPort *float64 `field:"optional" json:"listenerPort" yaml:"listenerPort"`
	// Filter listeners by associated load balancer arn.
	// Default: - does not filter by load balancer arn.
	//
	LoadBalancerArn *string `field:"optional" json:"loadBalancerArn" yaml:"loadBalancerArn"`
	// Filter listeners by associated load balancer tags.
	// Default: - does not filter by load balancer tags.
	//
	LoadBalancerTags *map[string]*string `field:"optional" json:"loadBalancerTags" yaml:"loadBalancerTags"`
	// ARN of the listener to look up.
	// Default: - does not filter by listener arn.
	//
	ListenerArn *string `field:"optional" json:"listenerArn" yaml:"listenerArn"`
	// Filter listeners by listener protocol.
	// Default: - does not filter by listener protocol.
	//
	ListenerProtocol ApplicationProtocol `field:"optional" json:"listenerProtocol" yaml:"listenerProtocol"`
}

Options for ApplicationListener lookup.

Example:

listener := elbv2.ApplicationListener_FromLookup(this, jsii.String("ALBListener"), &ApplicationListenerLookupOptions{
	LoadBalancerArn: jsii.String("arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/app/my-load-balancer/1234567890123456"),
	ListenerProtocol: elbv2.ApplicationProtocol_HTTPS,
	ListenerPort: jsii.Number(443),
})

type ApplicationListenerProps

type ApplicationListenerProps struct {
	// Certificate list of ACM cert ARNs.
	//
	// You must provide exactly one certificate if the listener protocol is HTTPS or TLS.
	// Default: - No certificates.
	//
	Certificates *[]IListenerCertificate `field:"optional" json:"certificates" yaml:"certificates"`
	// Default action to take for requests to this listener.
	//
	// This allows full control of the default action of the load balancer,
	// including Action chaining, fixed responses and redirect responses.
	//
	// See the `ListenerAction` class for all options.
	//
	// Cannot be specified together with `defaultTargetGroups`.
	// Default: - None.
	//
	DefaultAction ListenerAction `field:"optional" json:"defaultAction" yaml:"defaultAction"`
	// Default target groups to load balance to.
	//
	// All target groups will be load balanced to with equal weight and without
	// stickiness. For a more complex configuration than that, use
	// either `defaultAction` or `addAction()`.
	//
	// Cannot be specified together with `defaultAction`.
	// Default: - None.
	//
	DefaultTargetGroups *[]IApplicationTargetGroup `field:"optional" json:"defaultTargetGroups" yaml:"defaultTargetGroups"`
	// The mutual authentication configuration information.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html
	//
	// Default: - No mutual authentication configuration.
	//
	MutualAuthentication *MutualAuthentication `field:"optional" json:"mutualAuthentication" yaml:"mutualAuthentication"`
	// Allow anyone to connect to the load balancer on the listener port.
	//
	// If this is specified, the load balancer will be opened up to anyone who can reach it.
	// For internal load balancers this is anyone in the same VPC. For public load
	// balancers, this is anyone on the internet.
	//
	// If you want to be more selective about who can access this load
	// balancer, set this to `false` and use the listener's `connections`
	// object to selectively grant access to the load balancer on the listener port.
	// Default: true.
	//
	Open *bool `field:"optional" json:"open" yaml:"open"`
	// The port on which the listener listens for requests.
	// Default: - Determined from protocol if known.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// The protocol to use.
	// Default: - Determined from port if known.
	//
	Protocol ApplicationProtocol `field:"optional" json:"protocol" yaml:"protocol"`
	// The security policy that defines which ciphers and protocols are supported.
	// Default: - The current predefined security policy.
	//
	SslPolicy SslPolicy `field:"optional" json:"sslPolicy" yaml:"sslPolicy"`
	// The load balancer to attach this listener to.
	LoadBalancer IApplicationLoadBalancer `field:"required" json:"loadBalancer" yaml:"loadBalancer"`
}

Properties for defining a standalone ApplicationListener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var applicationLoadBalancer applicationLoadBalancer
var applicationTargetGroup applicationTargetGroup
var listenerAction listenerAction
var listenerCertificate listenerCertificate
var trustStore trustStore

applicationListenerProps := &ApplicationListenerProps{
	LoadBalancer: applicationLoadBalancer,

	// the properties below are optional
	Certificates: []iListenerCertificate{
		listenerCertificate,
	},
	DefaultAction: listenerAction,
	DefaultTargetGroups: []iApplicationTargetGroup{
		applicationTargetGroup,
	},
	MutualAuthentication: &MutualAuthentication{
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		MutualAuthenticationMode: awscdk.Aws_elasticloadbalancingv2.MutualAuthenticationMode_OFF,
		TrustStore: trustStore,
	},
	Open: jsii.Boolean(false),
	Port: jsii.Number(123),
	Protocol: awscdk.*Aws_elasticloadbalancingv2.ApplicationProtocol_HTTP,
	SslPolicy: awscdk.*Aws_elasticloadbalancingv2.SslPolicy_RECOMMENDED_TLS,
}

type ApplicationListenerRule

type ApplicationListenerRule interface {
	constructs.Construct
	// The ARN of this rule.
	ListenerRuleArn() *string
	// The tree node.
	Node() constructs.Node
	// Add a non-standard condition to this rule.
	AddCondition(condition ListenerCondition)
	// Configure the action to perform for this rule.
	ConfigureAction(action ListenerAction)
	// Returns a string representation of this construct.
	ToString() *string
}

Define a new listener rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var applicationListener applicationListener
var applicationTargetGroup applicationTargetGroup
var listenerAction listenerAction
var listenerCondition listenerCondition

applicationListenerRule := awscdk.Aws_elasticloadbalancingv2.NewApplicationListenerRule(this, jsii.String("MyApplicationListenerRule"), &ApplicationListenerRuleProps{
	Listener: applicationListener,
	Priority: jsii.Number(123),

	// the properties below are optional
	Action: listenerAction,
	Conditions: []*listenerCondition{
		listenerCondition,
	},
	TargetGroups: []iApplicationTargetGroup{
		applicationTargetGroup,
	},
})

func NewApplicationListenerRule

func NewApplicationListenerRule(scope constructs.Construct, id *string, props *ApplicationListenerRuleProps) ApplicationListenerRule

type ApplicationListenerRuleProps

type ApplicationListenerRuleProps struct {
	// Priority of the rule.
	//
	// The rule with the lowest priority will be used for every request.
	//
	// Priorities must be unique.
	Priority *float64 `field:"required" json:"priority" yaml:"priority"`
	// Action to perform when requests are received.
	//
	// Only one of `action`, `fixedResponse`, `redirectResponse` or `targetGroups` can be specified.
	// Default: - No action.
	//
	Action ListenerAction `field:"optional" json:"action" yaml:"action"`
	// Rule applies if matches the conditions.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
	//
	// Default: - No conditions.
	//
	Conditions *[]ListenerCondition `field:"optional" json:"conditions" yaml:"conditions"`
	// Target groups to forward requests to.
	//
	// Only one of `action`, `fixedResponse`, `redirectResponse` or `targetGroups` can be specified.
	//
	// Implies a `forward` action.
	// Default: - No target groups.
	//
	TargetGroups *[]IApplicationTargetGroup `field:"optional" json:"targetGroups" yaml:"targetGroups"`
	// The listener to attach the rule to.
	Listener IApplicationListener `field:"required" json:"listener" yaml:"listener"`
}

Properties for defining a listener rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var applicationListener applicationListener
var applicationTargetGroup applicationTargetGroup
var listenerAction listenerAction
var listenerCondition listenerCondition

applicationListenerRuleProps := &ApplicationListenerRuleProps{
	Listener: applicationListener,
	Priority: jsii.Number(123),

	// the properties below are optional
	Action: listenerAction,
	Conditions: []*listenerCondition{
		listenerCondition,
	},
	TargetGroups: []iApplicationTargetGroup{
		applicationTargetGroup,
	},
}

type ApplicationLoadBalancer

type ApplicationLoadBalancer interface {
	BaseLoadBalancer
	IApplicationLoadBalancer
	// The network connections associated with this resource.
	Connections() awsec2.Connections
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The IP Address Type for this load balancer.
	IpAddressType() IpAddressType
	// A list of listeners that have been added to the load balancer.
	//
	// This list is only valid for owned constructs.
	Listeners() *[]ApplicationListener
	// The ARN of this load balancer.
	//
	// Example value: `arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-internal-load-balancer/50dc6c495c0c9188`.
	LoadBalancerArn() *string
	// The canonical hosted zone ID of this load balancer.
	//
	// Example value: `Z2P70J7EXAMPLE`.
	LoadBalancerCanonicalHostedZoneId() *string
	// The DNS name of this load balancer.
	//
	// Example value: `my-load-balancer-424835706.us-west-2.elb.amazonaws.com`
	LoadBalancerDnsName() *string
	// The full name of this load balancer.
	//
	// Example value: `app/my-load-balancer/50dc6c495c0c9188`.
	LoadBalancerFullName() *string
	// The name of this load balancer.
	//
	// Example value: `my-load-balancer`.
	LoadBalancerName() *string
	LoadBalancerSecurityGroups() *[]*string
	// All metrics available for this load balancer.
	Metrics() IApplicationLoadBalancerMetrics
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// The VPC this load balancer has been created in.
	//
	// This property is always defined (not `null` or `undefined`) for sub-classes of `BaseLoadBalancer`.
	Vpc() awsec2.IVpc
	// Add a new listener to this load balancer.
	AddListener(id *string, props *BaseApplicationListenerProps) ApplicationListener
	// Add a redirection listener to this load balancer.
	AddRedirect(props *ApplicationLoadBalancerRedirectConfig) ApplicationListener
	// Add a security group to this load balancer.
	AddSecurityGroup(securityGroup awsec2.ISecurityGroup)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Enable access logging for this load balancer.
	//
	// A region must be specified on the stack containing the load balancer; you cannot enable logging on
	// environment-agnostic stacks. See https://docs.aws.amazon.com/cdk/latest/guide/environments.html
	LogAccessLogs(bucket awss3.IBucket, prefix *string)
	// Enable connection logging for this load balancer.
	//
	// A region must be specified on the stack containing the load balancer; you cannot enable logging on
	// environment-agnostic stacks.
	// See: https://docs.aws.amazon.com/cdk/latest/guide/environments.html
	//
	LogConnectionLogs(bucket awss3.IBucket, prefix *string)
	// Return the given named metric for this Application Load Balancer.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.custom“ instead
	Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.activeConnectionCount“ instead
	MetricActiveConnectionCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of TLS connections initiated by the client that did not establish a session with the load balancer.
	//
	// Possible causes include a
	// mismatch of ciphers or protocols.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.clientTlsNegotiationErrorCount“ instead
	MetricClientTlsNegotiationErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of load balancer capacity units (LCU) used by your load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.consumedLCUs“ instead
	MetricConsumedLCUs(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of user authentications that could not be completed.
	//
	// Because an authenticate action was misconfigured, the load balancer
	// couldn't establish a connection with the IdP, or the load balancer
	// couldn't complete the authentication flow due to an internal error.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.elbAuthError“ instead
	MetricElbAuthError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of user authentications that could not be completed because the IdP denied access to the user or an authorization code was used more than once.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.elbAuthFailure“ instead
	MetricElbAuthFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The time elapsed, in milliseconds, to query the IdP for the ID token and user info.
	//
	// If one or more of these operations fail, this is the time to failure.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.elbAuthLatency“ instead
	MetricElbAuthLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of authenticate actions that were successful.
	//
	// This metric is incremented at the end of the authentication workflow,
	// after the load balancer has retrieved the user claims from the IdP.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.elbAuthSuccess“ instead
	MetricElbAuthSuccess(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of HTTP 3xx/4xx/5xx codes that originate from the load balancer.
	//
	// This does not include any response codes generated by the targets.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.httpCodeElb“ instead
	MetricHttpCodeElb(code HttpCodeElb, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of HTTP 2xx/3xx/4xx/5xx response codes generated by all targets in the load balancer.
	//
	// This does not include any response codes generated by the load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.httpCodeTarget“ instead
	MetricHttpCodeTarget(code HttpCodeTarget, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of fixed-response actions that were successful.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.httpFixedResponseCount“ instead
	MetricHttpFixedResponseCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of redirect actions that were successful.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.httpRedirectCount“ instead
	MetricHttpRedirectCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of redirect actions that couldn't be completed because the URL in the response location header is larger than 8K.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.httpRedirectUrlLimitExceededCount“ instead
	MetricHttpRedirectUrlLimitExceededCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of bytes processed by the load balancer over IPv6.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.ipv6ProcessedBytes“ instead
	MetricIpv6ProcessedBytes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of IPv6 requests received by the load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.ipv6RequestCount“ instead
	MetricIpv6RequestCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of new TCP connections established from clients to the load balancer and from the load balancer to targets.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.newConnectionCount“ instead
	MetricNewConnectionCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of bytes processed by the load balancer over IPv4 and IPv6.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.processedBytes“ instead
	MetricProcessedBytes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of connections that were rejected because the load balancer had reached its maximum number of connections.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.rejectedConnectionCount“ instead
	MetricRejectedConnectionCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of requests processed over IPv4 and IPv6.
	//
	// This count includes only the requests with a response generated by a target of the load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.requestCount“ instead
	MetricRequestCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of rules processed by the load balancer given a request rate averaged over an hour.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.ruleEvaluations“ instead
	MetricRuleEvaluations(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of connections that were not successfully established between the load balancer and target.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.targetConnectionErrorCount“ instead
	MetricTargetConnectionErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The time elapsed, in seconds, after the request leaves the load balancer until a response from the target is received.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.targetResponseTime“ instead
	MetricTargetResponseTime(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of TLS connections initiated by the load balancer that did not establish a session with the target.
	//
	// Possible causes include a mismatch of ciphers or protocols.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationLoadBalancer.metrics.targetTLSNegotiationErrorCount“ instead
	MetricTargetTLSNegotiationErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Remove an attribute from the load balancer.
	RemoveAttribute(key *string)
	ResourcePolicyPrincipal() awsiam.IPrincipal
	// Set a non-standard attribute on the load balancer.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes
	//
	SetAttribute(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
	ValidateLoadBalancer() *[]*string
}

Define an Application Load Balancer.

Example:

import "github.com/aws/aws-cdk-go/awscdk"
var asg autoScalingGroup
var vpc vpc

// Create the load balancer in a VPC. 'internetFacing' is 'false'
// by default, which creates an internal load balancer.
lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
})

// Add a listener and open up the load balancer's security group
// to the world.
listener := lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(80),

	// 'open: true' is the default, you can leave it out if you want. Set it
	// to 'false' and use `listener.connections` if you want to be selective
	// about who can access the load balancer.
	Open: jsii.Boolean(true),
})

// Create an AutoScaling group and add it as a load balancing
// target to the listener.
listener.AddTargets(jsii.String("ApplicationFleet"), &AddApplicationTargetsProps{
	Port: jsii.Number(8080),
	Targets: []iApplicationLoadBalancerTarget{
		asg,
	},
})

func NewApplicationLoadBalancer

func NewApplicationLoadBalancer(scope constructs.Construct, id *string, props *ApplicationLoadBalancerProps) ApplicationLoadBalancer

type ApplicationLoadBalancerAttributes

type ApplicationLoadBalancerAttributes struct {
	// ARN of the load balancer.
	LoadBalancerArn *string `field:"required" json:"loadBalancerArn" yaml:"loadBalancerArn"`
	// ID of the load balancer's security group.
	SecurityGroupId *string `field:"required" json:"securityGroupId" yaml:"securityGroupId"`
	// The canonical hosted zone ID of this load balancer.
	// Default: - When not provided, LB cannot be used as Route53 Alias target.
	//
	LoadBalancerCanonicalHostedZoneId *string `field:"optional" json:"loadBalancerCanonicalHostedZoneId" yaml:"loadBalancerCanonicalHostedZoneId"`
	// The DNS name of this load balancer.
	// Default: - When not provided, LB cannot be used as Route53 Alias target.
	//
	LoadBalancerDnsName *string `field:"optional" json:"loadBalancerDnsName" yaml:"loadBalancerDnsName"`
	// Whether the security group allows all outbound traffic or not.
	//
	// Unless set to `false`, no egress rules will be added to the security group.
	// Default: true.
	//
	SecurityGroupAllowsAllOutbound *bool `field:"optional" json:"securityGroupAllowsAllOutbound" yaml:"securityGroupAllowsAllOutbound"`
	// The VPC this load balancer has been created in, if available.
	// Default: - If the Load Balancer was imported and a VPC was not specified,
	// the VPC is not available.
	//
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Properties to reference an existing load balancer.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc

applicationLoadBalancerAttributes := &ApplicationLoadBalancerAttributes{
	LoadBalancerArn: jsii.String("loadBalancerArn"),
	SecurityGroupId: jsii.String("securityGroupId"),

	// the properties below are optional
	LoadBalancerCanonicalHostedZoneId: jsii.String("loadBalancerCanonicalHostedZoneId"),
	LoadBalancerDnsName: jsii.String("loadBalancerDnsName"),
	SecurityGroupAllowsAllOutbound: jsii.Boolean(false),
	Vpc: vpc,
}

type ApplicationLoadBalancerLookupOptions

type ApplicationLoadBalancerLookupOptions struct {
	// Find by load balancer's ARN.
	// Default: - does not search by load balancer arn.
	//
	LoadBalancerArn *string `field:"optional" json:"loadBalancerArn" yaml:"loadBalancerArn"`
	// Match load balancer tags.
	// Default: - does not match load balancers by tags.
	//
	LoadBalancerTags *map[string]*string `field:"optional" json:"loadBalancerTags" yaml:"loadBalancerTags"`
}

Options for looking up an ApplicationLoadBalancer.

Example:

loadBalancer := elbv2.ApplicationLoadBalancer_FromLookup(this, jsii.String("ALB"), &ApplicationLoadBalancerLookupOptions{
	LoadBalancerArn: jsii.String("arn:aws:elasticloadbalancing:us-east-2:123456789012:loadbalancer/app/my-load-balancer/1234567890123456"),
})

type ApplicationLoadBalancerProps

type ApplicationLoadBalancerProps struct {
	// The VPC network to place the load balancer in.
	Vpc awsec2.IVpc `field:"required" json:"vpc" yaml:"vpc"`
	// Indicates whether cross-zone load balancing is enabled.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.html
	//
	// Default: - false for Network Load Balancers and true for Application Load Balancers.
	// This can not be `false` for Application Load Balancers.
	//
	CrossZoneEnabled *bool `field:"optional" json:"crossZoneEnabled" yaml:"crossZoneEnabled"`
	// Indicates whether deletion protection is enabled.
	// Default: false.
	//
	DeletionProtection *bool `field:"optional" json:"deletionProtection" yaml:"deletionProtection"`
	// Indicates whether the load balancer blocks traffic through the Internet Gateway (IGW).
	// Default: - false for internet-facing load balancers and true for internal load balancers.
	//
	DenyAllIgwTraffic *bool `field:"optional" json:"denyAllIgwTraffic" yaml:"denyAllIgwTraffic"`
	// Whether the load balancer has an internet-routable address.
	// Default: false.
	//
	InternetFacing *bool `field:"optional" json:"internetFacing" yaml:"internetFacing"`
	// Name of the load balancer.
	// Default: - Automatically generated name.
	//
	LoadBalancerName *string `field:"optional" json:"loadBalancerName" yaml:"loadBalancerName"`
	// Which subnets place the load balancer in.
	// Default: - the Vpc default strategy.
	//
	VpcSubnets *awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
	// The client keep alive duration.
	//
	// The valid range is 60 to 604800 seconds (1 minute to 7 days).
	// Default: - Duration.seconds(3600)
	//
	ClientKeepAlive awscdk.Duration `field:"optional" json:"clientKeepAlive" yaml:"clientKeepAlive"`
	// Determines how the load balancer handles requests that might pose a security risk to your application.
	// Default: DesyncMitigationMode.DEFENSIVE
	//
	DesyncMitigationMode DesyncMitigationMode `field:"optional" json:"desyncMitigationMode" yaml:"desyncMitigationMode"`
	// Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false).
	// Default: false.
	//
	DropInvalidHeaderFields *bool `field:"optional" json:"dropInvalidHeaderFields" yaml:"dropInvalidHeaderFields"`
	// Indicates whether HTTP/2 is enabled.
	// Default: true.
	//
	Http2Enabled *bool `field:"optional" json:"http2Enabled" yaml:"http2Enabled"`
	// The load balancer idle timeout, in seconds.
	// Default: 60.
	//
	IdleTimeout awscdk.Duration `field:"optional" json:"idleTimeout" yaml:"idleTimeout"`
	// The type of IP addresses to use.
	// Default: IpAddressType.IPV4
	//
	IpAddressType IpAddressType `field:"optional" json:"ipAddressType" yaml:"ipAddressType"`
	// Indicates whether the Application Load Balancer should preserve the host header in the HTTP request and send it to the target without any change.
	// Default: false.
	//
	PreserveHostHeader *bool `field:"optional" json:"preserveHostHeader" yaml:"preserveHostHeader"`
	// Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer.
	// Default: false.
	//
	PreserveXffClientPort *bool `field:"optional" json:"preserveXffClientPort" yaml:"preserveXffClientPort"`
	// Security group to associate with this load balancer.
	// Default: A security group is created.
	//
	SecurityGroup awsec2.ISecurityGroup `field:"optional" json:"securityGroup" yaml:"securityGroup"`
	// Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
	// Default: false.
	//
	WafFailOpen *bool `field:"optional" json:"wafFailOpen" yaml:"wafFailOpen"`
	// Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target.
	//
	// The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client,
	// and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client.
	//
	// Both headers are in OpenSSL format.
	// Default: false.
	//
	XAmznTlsVersionAndCipherSuiteHeaders *bool `field:"optional" json:"xAmznTlsVersionAndCipherSuiteHeaders" yaml:"xAmznTlsVersionAndCipherSuiteHeaders"`
	// Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target.
	// Default: XffHeaderProcessingMode.APPEND
	//
	XffHeaderProcessingMode XffHeaderProcessingMode `field:"optional" json:"xffHeaderProcessingMode" yaml:"xffHeaderProcessingMode"`
}

Properties for defining an Application Load Balancer.

Example:

import "github.com/aws/aws-cdk-go/awscdk"
var asg autoScalingGroup
var vpc vpc

// Create the load balancer in a VPC. 'internetFacing' is 'false'
// by default, which creates an internal load balancer.
lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
})

// Add a listener and open up the load balancer's security group
// to the world.
listener := lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(80),

	// 'open: true' is the default, you can leave it out if you want. Set it
	// to 'false' and use `listener.connections` if you want to be selective
	// about who can access the load balancer.
	Open: jsii.Boolean(true),
})

// Create an AutoScaling group and add it as a load balancing
// target to the listener.
listener.AddTargets(jsii.String("ApplicationFleet"), &AddApplicationTargetsProps{
	Port: jsii.Number(8080),
	Targets: []iApplicationLoadBalancerTarget{
		asg,
	},
})

See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes

type ApplicationLoadBalancerRedirectConfig

type ApplicationLoadBalancerRedirectConfig struct {
	// Allow anyone to connect to this listener.
	//
	// If this is specified, the listener will be opened up to anyone who can reach it.
	// For internal load balancers this is anyone in the same VPC. For public load
	// balancers, this is anyone on the internet.
	//
	// If you want to be more selective about who can access this load
	// balancer, set this to `false` and use the listener's `connections`
	// object to selectively grant access to the listener.
	// Default: true.
	//
	Open *bool `field:"optional" json:"open" yaml:"open"`
	// The port number to listen to.
	// Default: 80.
	//
	SourcePort *float64 `field:"optional" json:"sourcePort" yaml:"sourcePort"`
	// The protocol of the listener being created.
	// Default: HTTP.
	//
	SourceProtocol ApplicationProtocol `field:"optional" json:"sourceProtocol" yaml:"sourceProtocol"`
	// The port number to redirect to.
	// Default: 443.
	//
	TargetPort *float64 `field:"optional" json:"targetPort" yaml:"targetPort"`
	// The protocol of the redirection target.
	// Default: HTTPS.
	//
	TargetProtocol ApplicationProtocol `field:"optional" json:"targetProtocol" yaml:"targetProtocol"`
}

Properties for a redirection config.

Example:

var lb applicationLoadBalancer

lb.AddRedirect(&ApplicationLoadBalancerRedirectConfig{
	SourceProtocol: elbv2.ApplicationProtocol_HTTPS,
	SourcePort: jsii.Number(8443),
	TargetProtocol: elbv2.ApplicationProtocol_HTTP,
	TargetPort: jsii.Number(8080),
})

type ApplicationProtocol

type ApplicationProtocol string

Load balancing protocol for application load balancers.

Example:

import acm "github.com/aws/aws-cdk-go/awscdk"

var certificate certificate
var lb applicationLoadBalancer
var bucket bucket

trustStore := elbv2.NewTrustStore(this, jsii.String("Store"), &TrustStoreProps{
	Bucket: Bucket,
	Key: jsii.String("rootCA_cert.pem"),
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Protocol: elbv2.ApplicationProtocol_HTTPS,
	Certificates: []iListenerCertificate{
		certificate,
	},
	// mTLS settings
	MutualAuthentication: &MutualAuthentication{
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		MutualAuthenticationMode: elbv2.MutualAuthenticationMode_VERIFY,
		TrustStore: *TrustStore,
	},
	DefaultAction: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("Success mTLS"),
	}),
})
const (
	// HTTP.
	ApplicationProtocol_HTTP ApplicationProtocol = "HTTP"
	// HTTPS.
	ApplicationProtocol_HTTPS ApplicationProtocol = "HTTPS"
)

type ApplicationProtocolVersion

type ApplicationProtocolVersion string

Load balancing protocol version for application load balancers.

Example:

var vpc vpc

tg := elbv2.NewApplicationTargetGroup(this, jsii.String("TG"), &ApplicationTargetGroupProps{
	TargetType: elbv2.TargetType_IP,
	Port: jsii.Number(50051),
	Protocol: elbv2.ApplicationProtocol_HTTP,
	ProtocolVersion: elbv2.ApplicationProtocolVersion_GRPC,
	HealthCheck: &HealthCheck{
		Enabled: jsii.Boolean(true),
		HealthyGrpcCodes: jsii.String("0-99"),
	},
	Vpc: Vpc,
})
const (
	// GRPC.
	ApplicationProtocolVersion_GRPC ApplicationProtocolVersion = "GRPC"
	// HTTP1.
	ApplicationProtocolVersion_HTTP1 ApplicationProtocolVersion = "HTTP1"
	// HTTP2.
	ApplicationProtocolVersion_HTTP2 ApplicationProtocolVersion = "HTTP2"
)

type ApplicationTargetGroup

type ApplicationTargetGroup interface {
	TargetGroupBase
	IApplicationTargetGroup
	// Default port configured for members of this target group.
	DefaultPort() *float64
	// Full name of first load balancer.
	FirstLoadBalancerFullName() *string
	// Health check for the members of this target group.
	HealthCheck() *HealthCheck
	SetHealthCheck(val *HealthCheck)
	// A token representing a list of ARNs of the load balancers that route traffic to this target group.
	LoadBalancerArns() *string
	// List of constructs that need to be depended on to ensure the TargetGroup is associated to a load balancer.
	LoadBalancerAttached() constructs.IDependable
	// Configurable dependable with all resources that lead to load balancer attachment.
	LoadBalancerAttachedDependencies() constructs.DependencyGroup
	// All metrics available for this target group.
	Metrics() IApplicationTargetGroupMetrics
	// The tree node.
	Node() constructs.Node
	// The ARN of the target group.
	TargetGroupArn() *string
	// The full name of the target group.
	TargetGroupFullName() *string
	// ARNs of load balancers load balancing to this TargetGroup.
	TargetGroupLoadBalancerArns() *[]*string
	// The name of the target group.
	TargetGroupName() *string
	// The types of the directly registered members of this target group.
	TargetType() TargetType
	SetTargetType(val TargetType)
	// Register the given load balancing target as part of this group.
	AddLoadBalancerTarget(props *LoadBalancerTargetProps)
	// Add a load balancing target to this target group.
	AddTarget(targets ...IApplicationLoadBalancerTarget)
	// Set/replace the target group's health check.
	ConfigureHealthCheck(healthCheck *HealthCheck)
	// Enable sticky routing via a cookie to members of this target group.
	//
	// Note: If the `cookieName` parameter is set, application-based stickiness will be applied,
	// otherwise it defaults to duration-based stickiness attributes (`lb_cookie`).
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html
	//
	EnableCookieStickiness(duration awscdk.Duration, cookieName *string)
	// Return the given named metric for this Application Load Balancer Target Group.
	//
	// Returns the metric for this target group from the point of view of the first
	// load balancer load balancing to it. If you have multiple load balancers load
	// sending traffic to the same target group, you will have to override the dimensions
	// on this metric.
	// Default: Average over 5 minutes.
	//
	Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of healthy hosts in the target group.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “ApplicationTargetGroup.metrics.healthyHostCount“ instead
	MetricHealthyHostCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of HTTP 2xx/3xx/4xx/5xx response codes generated by all targets in this target group.
	//
	// This does not include any response codes generated by the load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationTargetGroup.metrics.httpCodeTarget“ instead
	MetricHttpCodeTarget(code HttpCodeTarget, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of IPv6 requests received by the target group.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationTargetGroup.metrics.ipv6RequestCount“ instead
	MetricIpv6RequestCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of requests processed over IPv4 and IPv6.
	//
	// This count includes only the requests with a response generated by a target of the load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationTargetGroup.metrics.requestCount“ instead
	MetricRequestCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The average number of requests received by each target in a target group.
	//
	// The only valid statistic is Sum. Note that this represents the average not the sum.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use `ApplicationTargetGroup.metrics.requestCountPerTarget` instead
	MetricRequestCountPerTarget(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of connections that were not successfully established between the load balancer and target.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationTargetGroup.metrics.targetConnectionErrorCount“ instead
	MetricTargetConnectionErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The time elapsed, in seconds, after the request leaves the load balancer until a response from the target is received.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “ApplicationTargetGroup.metrics.targetResponseTime“ instead
	MetricTargetResponseTime(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of TLS connections initiated by the load balancer that did not establish a session with the target.
	//
	// Possible causes include a mismatch of ciphers or protocols.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “ApplicationTargetGroup.metrics.tlsNegotiationErrorCount“ instead
	MetricTargetTLSNegotiationErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of unhealthy hosts in the target group.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “ApplicationTargetGroup.metrics.unhealthyHostCount“ instead
	MetricUnhealthyHostCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Register a connectable as a member of this target group.
	//
	// Don't call this directly. It will be called by load balancing targets.
	RegisterConnectable(connectable awsec2.IConnectable, portRange awsec2.Port)
	// Register a listener that is load balancing to this target group.
	//
	// Don't call this directly. It will be called by listeners.
	RegisterListener(listener IApplicationListener, associatingConstruct constructs.IConstruct)
	// Set a non-standard attribute on the target group.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-attributes
	//
	SetAttribute(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
	ValidateHealthCheck() *[]*string
	ValidateTargetGroup() *[]*string
}

Define an Application Target Group.

Example:

var alb applicationLoadBalancer

listener := alb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(80),
})
targetGroup := listener.AddTargets(jsii.String("Fleet"), &AddApplicationTargetsProps{
	Port: jsii.Number(80),
})

deploymentGroup := codedeploy.NewServerDeploymentGroup(this, jsii.String("DeploymentGroup"), &ServerDeploymentGroupProps{
	LoadBalancer: codedeploy.LoadBalancer_Application(targetGroup),
})

func NewApplicationTargetGroup

func NewApplicationTargetGroup(scope constructs.Construct, id *string, props *ApplicationTargetGroupProps) ApplicationTargetGroup

type ApplicationTargetGroupProps

type ApplicationTargetGroupProps struct {
	// Indicates whether cross zone load balancing is enabled.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetgroupattribute.html
	//
	// Default: - use load balancer configuration.
	//
	CrossZoneEnabled *bool `field:"optional" json:"crossZoneEnabled" yaml:"crossZoneEnabled"`
	// The amount of time for Elastic Load Balancing to wait before deregistering a target.
	//
	// The range is 0-3600 seconds.
	// Default: 300.
	//
	DeregistrationDelay awscdk.Duration `field:"optional" json:"deregistrationDelay" yaml:"deregistrationDelay"`
	// Health check configuration.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#aws-resource-elasticloadbalancingv2-targetgroup-properties
	//
	// Default: - The default value for each property in this configuration varies depending on the target.
	//
	HealthCheck *HealthCheck `field:"optional" json:"healthCheck" yaml:"healthCheck"`
	// The type of IP addresses of the targets registered with the target group.
	// Default: undefined - ELB defaults to IPv4.
	//
	IpAddressType TargetGroupIpAddressType `field:"optional" json:"ipAddressType" yaml:"ipAddressType"`
	// The name of the target group.
	//
	// This name must be unique per region per account, can have a maximum of
	// 32 characters, must contain only alphanumeric characters or hyphens, and
	// must not begin or end with a hyphen.
	// Default: - Automatically generated.
	//
	TargetGroupName *string `field:"optional" json:"targetGroupName" yaml:"targetGroupName"`
	// The type of targets registered to this TargetGroup, either IP or Instance.
	//
	// All targets registered into the group must be of this type. If you
	// register targets to the TargetGroup in the CDK app, the TargetType is
	// determined automatically.
	// Default: - Determined automatically.
	//
	TargetType TargetType `field:"optional" json:"targetType" yaml:"targetType"`
	// The virtual private cloud (VPC).
	//
	// only if `TargetType` is `Ip` or `InstanceId`.
	// Default: - undefined.
	//
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
	// Indicates whether anomaly mitigation is enabled.
	//
	// Only available when `loadBalancingAlgorithmType` is `TargetGroupLoadBalancingAlgorithmType.WEIGHTED_RANDOM`
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#automatic-target-weights
	//
	// Default: false.
	//
	EnableAnomalyMitigation *bool `field:"optional" json:"enableAnomalyMitigation" yaml:"enableAnomalyMitigation"`
	// The load balancing algorithm to select targets for routing requests.
	// Default: TargetGroupLoadBalancingAlgorithmType.ROUND_ROBIN
	//
	LoadBalancingAlgorithmType TargetGroupLoadBalancingAlgorithmType `field:"optional" json:"loadBalancingAlgorithmType" yaml:"loadBalancingAlgorithmType"`
	// The port on which the target receives traffic.
	//
	// This is not applicable for Lambda targets.
	// Default: - Determined from protocol if known.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// The protocol used for communication with the target.
	//
	// This is not applicable for Lambda targets.
	// Default: - Determined from port if known.
	//
	Protocol ApplicationProtocol `field:"optional" json:"protocol" yaml:"protocol"`
	// The protocol version to use.
	// Default: ApplicationProtocolVersion.HTTP1
	//
	ProtocolVersion ApplicationProtocolVersion `field:"optional" json:"protocolVersion" yaml:"protocolVersion"`
	// The time period during which the load balancer sends a newly registered target a linearly increasing share of the traffic to the target group.
	//
	// The range is 30-900 seconds (15 minutes).
	// Default: 0.
	//
	SlowStart awscdk.Duration `field:"optional" json:"slowStart" yaml:"slowStart"`
	// The stickiness cookie expiration period.
	//
	// Setting this value enables load balancer stickiness.
	//
	// After this period, the cookie is considered stale. The minimum value is
	// 1 second and the maximum value is 7 days (604800 seconds).
	// Default: - Stickiness is disabled.
	//
	StickinessCookieDuration awscdk.Duration `field:"optional" json:"stickinessCookieDuration" yaml:"stickinessCookieDuration"`
	// The name of an application-based stickiness cookie.
	//
	// Names that start with the following prefixes are not allowed: AWSALB, AWSALBAPP,
	// and AWSALBTG; they're reserved for use by the load balancer.
	//
	// Note: `stickinessCookieName` parameter depends on the presence of `stickinessCookieDuration` parameter.
	// If `stickinessCookieDuration` is not set, `stickinessCookieName` will be omitted.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/sticky-sessions.html
	//
	// Default: - If `stickinessCookieDuration` is set, a load-balancer generated cookie is used. Otherwise, no stickiness is defined.
	//
	StickinessCookieName *string `field:"optional" json:"stickinessCookieName" yaml:"stickinessCookieName"`
	// The targets to add to this target group.
	//
	// Can be `Instance`, `IPAddress`, or any self-registering load balancing
	// target. If you use either `Instance` or `IPAddress` as targets, all
	// target must be of the same type.
	// Default: - No targets.
	//
	Targets *[]IApplicationLoadBalancerTarget `field:"optional" json:"targets" yaml:"targets"`
}

Properties for defining an Application Target Group.

Example:

var vpc vpc

tg := elbv2.NewApplicationTargetGroup(this, jsii.String("TG"), &ApplicationTargetGroupProps{
	TargetType: elbv2.TargetType_IP,
	Port: jsii.Number(50051),
	Protocol: elbv2.ApplicationProtocol_HTTP,
	ProtocolVersion: elbv2.ApplicationProtocolVersion_GRPC,
	HealthCheck: &HealthCheck{
		Enabled: jsii.Boolean(true),
		HealthyGrpcCodes: jsii.String("0-99"),
	},
	Vpc: Vpc,
})

type AuthenticateOidcOptions

type AuthenticateOidcOptions struct {
	// The authorization endpoint of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	AuthorizationEndpoint *string `field:"required" json:"authorizationEndpoint" yaml:"authorizationEndpoint"`
	// The OAuth 2.0 client identifier.
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The OAuth 2.0 client secret.
	ClientSecret awscdk.SecretValue `field:"required" json:"clientSecret" yaml:"clientSecret"`
	// The OIDC issuer identifier of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	Issuer *string `field:"required" json:"issuer" yaml:"issuer"`
	// What action to execute next.
	Next ListenerAction `field:"required" json:"next" yaml:"next"`
	// The token endpoint of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	TokenEndpoint *string `field:"required" json:"tokenEndpoint" yaml:"tokenEndpoint"`
	// The user info endpoint of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	UserInfoEndpoint *string `field:"required" json:"userInfoEndpoint" yaml:"userInfoEndpoint"`
	// Allow HTTPS outbound traffic to communicate with the IdP.
	//
	// Set this property to false if the IP address used for the IdP endpoint is identifiable
	// and you want to control outbound traffic.
	// Then allow HTTPS outbound traffic to the IdP's IP address using the listener's `connections` property.
	// See: https://repost.aws/knowledge-center/elb-configure-authentication-alb
	//
	// Default: true.
	//
	AllowHttpsOutbound *bool `field:"optional" json:"allowHttpsOutbound" yaml:"allowHttpsOutbound"`
	// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
	// Default: - No extra parameters.
	//
	AuthenticationRequestExtraParams *map[string]*string `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"`
	// The behavior if the user is not authenticated.
	// Default: UnauthenticatedAction.AUTHENTICATE
	//
	OnUnauthenticatedRequest UnauthenticatedAction `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"`
	// The set of user claims to be requested from the IdP.
	//
	// To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
	// Default: "openid".
	//
	Scope *string `field:"optional" json:"scope" yaml:"scope"`
	// The name of the cookie used to maintain session information.
	// Default: "AWSELBAuthSessionCookie".
	//
	SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"`
	// The maximum duration of the authentication session.
	// Default: Duration.days(7)
	//
	SessionTimeout awscdk.Duration `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"`
}

Options for `ListenerAction.authenciateOidc()`.

Example:

var listener applicationListener
var myTargetGroup applicationTargetGroup

listener.AddAction(jsii.String("DefaultAction"), &AddApplicationActionProps{
	Action: elbv2.ListenerAction_AuthenticateOidc(&AuthenticateOidcOptions{
		AuthorizationEndpoint: jsii.String("https://example.com/openid"),
		// Other OIDC properties here
		ClientId: jsii.String("..."),
		ClientSecret: awscdk.SecretValue_SecretsManager(jsii.String("...")),
		Issuer: jsii.String("..."),
		TokenEndpoint: jsii.String("..."),
		UserInfoEndpoint: jsii.String("..."),

		// Next
		Next: elbv2.ListenerAction_Forward([]iApplicationTargetGroup{
			myTargetGroup,
		}),
	}),
})

type BaseApplicationListenerProps

type BaseApplicationListenerProps struct {
	// Certificate list of ACM cert ARNs.
	//
	// You must provide exactly one certificate if the listener protocol is HTTPS or TLS.
	// Default: - No certificates.
	//
	Certificates *[]IListenerCertificate `field:"optional" json:"certificates" yaml:"certificates"`
	// Default action to take for requests to this listener.
	//
	// This allows full control of the default action of the load balancer,
	// including Action chaining, fixed responses and redirect responses.
	//
	// See the `ListenerAction` class for all options.
	//
	// Cannot be specified together with `defaultTargetGroups`.
	// Default: - None.
	//
	DefaultAction ListenerAction `field:"optional" json:"defaultAction" yaml:"defaultAction"`
	// Default target groups to load balance to.
	//
	// All target groups will be load balanced to with equal weight and without
	// stickiness. For a more complex configuration than that, use
	// either `defaultAction` or `addAction()`.
	//
	// Cannot be specified together with `defaultAction`.
	// Default: - None.
	//
	DefaultTargetGroups *[]IApplicationTargetGroup `field:"optional" json:"defaultTargetGroups" yaml:"defaultTargetGroups"`
	// The mutual authentication configuration information.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/mutual-authentication.html
	//
	// Default: - No mutual authentication configuration.
	//
	MutualAuthentication *MutualAuthentication `field:"optional" json:"mutualAuthentication" yaml:"mutualAuthentication"`
	// Allow anyone to connect to the load balancer on the listener port.
	//
	// If this is specified, the load balancer will be opened up to anyone who can reach it.
	// For internal load balancers this is anyone in the same VPC. For public load
	// balancers, this is anyone on the internet.
	//
	// If you want to be more selective about who can access this load
	// balancer, set this to `false` and use the listener's `connections`
	// object to selectively grant access to the load balancer on the listener port.
	// Default: true.
	//
	Open *bool `field:"optional" json:"open" yaml:"open"`
	// The port on which the listener listens for requests.
	// Default: - Determined from protocol if known.
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// The protocol to use.
	// Default: - Determined from port if known.
	//
	Protocol ApplicationProtocol `field:"optional" json:"protocol" yaml:"protocol"`
	// The security policy that defines which ciphers and protocols are supported.
	// Default: - The current predefined security policy.
	//
	SslPolicy SslPolicy `field:"optional" json:"sslPolicy" yaml:"sslPolicy"`
}

Basic properties for an ApplicationListener.

Example:

var cluster cluster
var taskDefinition taskDefinition
var vpc vpc

service := ecs.NewFargateService(this, jsii.String("Service"), &FargateServiceProps{
	Cluster: Cluster,
	TaskDefinition: TaskDefinition,
})

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
})
listener := lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(80),
})
service.RegisterLoadBalancerTargets(&EcsTarget{
	ContainerName: jsii.String("web"),
	ContainerPort: jsii.Number(80),
	NewTargetGroupId: jsii.String("ECS"),
	Listener: ecs.ListenerConfig_ApplicationListener(listener, &AddApplicationTargetsProps{
		Protocol: elbv2.ApplicationProtocol_HTTPS,
	}),
})

type BaseApplicationListenerRuleProps

type BaseApplicationListenerRuleProps struct {
	// Priority of the rule.
	//
	// The rule with the lowest priority will be used for every request.
	//
	// Priorities must be unique.
	Priority *float64 `field:"required" json:"priority" yaml:"priority"`
	// Action to perform when requests are received.
	//
	// Only one of `action`, `fixedResponse`, `redirectResponse` or `targetGroups` can be specified.
	// Default: - No action.
	//
	Action ListenerAction `field:"optional" json:"action" yaml:"action"`
	// Rule applies if matches the conditions.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html
	//
	// Default: - No conditions.
	//
	Conditions *[]ListenerCondition `field:"optional" json:"conditions" yaml:"conditions"`
	// Target groups to forward requests to.
	//
	// Only one of `action`, `fixedResponse`, `redirectResponse` or `targetGroups` can be specified.
	//
	// Implies a `forward` action.
	// Default: - No target groups.
	//
	TargetGroups *[]IApplicationTargetGroup `field:"optional" json:"targetGroups" yaml:"targetGroups"`
}

Basic properties for defining a rule on a listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var applicationTargetGroup applicationTargetGroup
var listenerAction listenerAction
var listenerCondition listenerCondition

baseApplicationListenerRuleProps := &BaseApplicationListenerRuleProps{
	Priority: jsii.Number(123),

	// the properties below are optional
	Action: listenerAction,
	Conditions: []*listenerCondition{
		listenerCondition,
	},
	TargetGroups: []iApplicationTargetGroup{
		applicationTargetGroup,
	},
}

type BaseListener

type BaseListener interface {
	awscdk.Resource
	IListener
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// ARN of the listener.
	ListenerArn() *string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Remove an attribute from the listener.
	RemoveAttribute(key *string)
	// Set a non-standard attribute on the listener.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html
	//
	SetAttribute(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
	// Validate this listener.
	ValidateListener() *[]*string
}

Base class for listeners.

type BaseListenerLookupOptions

type BaseListenerLookupOptions struct {
	// Filter listeners by listener port.
	// Default: - does not filter by listener port.
	//
	ListenerPort *float64 `field:"optional" json:"listenerPort" yaml:"listenerPort"`
	// Filter listeners by associated load balancer arn.
	// Default: - does not filter by load balancer arn.
	//
	LoadBalancerArn *string `field:"optional" json:"loadBalancerArn" yaml:"loadBalancerArn"`
	// Filter listeners by associated load balancer tags.
	// Default: - does not filter by load balancer tags.
	//
	LoadBalancerTags *map[string]*string `field:"optional" json:"loadBalancerTags" yaml:"loadBalancerTags"`
}

Options for listener lookup.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

baseListenerLookupOptions := &BaseListenerLookupOptions{
	ListenerPort: jsii.Number(123),
	LoadBalancerArn: jsii.String("loadBalancerArn"),
	LoadBalancerTags: map[string]*string{
		"loadBalancerTagsKey": jsii.String("loadBalancerTags"),
	},
}

type BaseLoadBalancer

type BaseLoadBalancer interface {
	awscdk.Resource
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The ARN of this load balancer.
	//
	// Example value: `arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-internal-load-balancer/50dc6c495c0c9188`.
	LoadBalancerArn() *string
	// The canonical hosted zone ID of this load balancer.
	//
	// Example value: `Z2P70J7EXAMPLE`.
	LoadBalancerCanonicalHostedZoneId() *string
	// The DNS name of this load balancer.
	//
	// Example value: `my-load-balancer-424835706.us-west-2.elb.amazonaws.com`
	LoadBalancerDnsName() *string
	// The full name of this load balancer.
	//
	// Example value: `app/my-load-balancer/50dc6c495c0c9188`.
	LoadBalancerFullName() *string
	// The name of this load balancer.
	//
	// Example value: `my-load-balancer`.
	LoadBalancerName() *string
	LoadBalancerSecurityGroups() *[]*string
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// The VPC this load balancer has been created in.
	//
	// This property is always defined (not `null` or `undefined`) for sub-classes of `BaseLoadBalancer`.
	Vpc() awsec2.IVpc
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Enable access logging for this load balancer.
	//
	// A region must be specified on the stack containing the load balancer; you cannot enable logging on
	// environment-agnostic stacks. See https://docs.aws.amazon.com/cdk/latest/guide/environments.html
	LogAccessLogs(bucket awss3.IBucket, prefix *string)
	// Remove an attribute from the load balancer.
	RemoveAttribute(key *string)
	ResourcePolicyPrincipal() awsiam.IPrincipal
	// Set a non-standard attribute on the load balancer.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes
	//
	SetAttribute(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
	ValidateLoadBalancer() *[]*string
}

Base class for both Application and Network Load Balancers.

type BaseLoadBalancerLookupOptions

type BaseLoadBalancerLookupOptions struct {
	// Find by load balancer's ARN.
	// Default: - does not search by load balancer arn.
	//
	LoadBalancerArn *string `field:"optional" json:"loadBalancerArn" yaml:"loadBalancerArn"`
	// Match load balancer tags.
	// Default: - does not match load balancers by tags.
	//
	LoadBalancerTags *map[string]*string `field:"optional" json:"loadBalancerTags" yaml:"loadBalancerTags"`
}

Options for looking up load balancers.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

baseLoadBalancerLookupOptions := &BaseLoadBalancerLookupOptions{
	LoadBalancerArn: jsii.String("loadBalancerArn"),
	LoadBalancerTags: map[string]*string{
		"loadBalancerTagsKey": jsii.String("loadBalancerTags"),
	},
}

type BaseLoadBalancerProps

type BaseLoadBalancerProps struct {
	// The VPC network to place the load balancer in.
	Vpc awsec2.IVpc `field:"required" json:"vpc" yaml:"vpc"`
	// Indicates whether cross-zone load balancing is enabled.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.html
	//
	// Default: - false for Network Load Balancers and true for Application Load Balancers.
	// This can not be `false` for Application Load Balancers.
	//
	CrossZoneEnabled *bool `field:"optional" json:"crossZoneEnabled" yaml:"crossZoneEnabled"`
	// Indicates whether deletion protection is enabled.
	// Default: false.
	//
	DeletionProtection *bool `field:"optional" json:"deletionProtection" yaml:"deletionProtection"`
	// Indicates whether the load balancer blocks traffic through the Internet Gateway (IGW).
	// Default: - false for internet-facing load balancers and true for internal load balancers.
	//
	DenyAllIgwTraffic *bool `field:"optional" json:"denyAllIgwTraffic" yaml:"denyAllIgwTraffic"`
	// Whether the load balancer has an internet-routable address.
	// Default: false.
	//
	InternetFacing *bool `field:"optional" json:"internetFacing" yaml:"internetFacing"`
	// Name of the load balancer.
	// Default: - Automatically generated name.
	//
	LoadBalancerName *string `field:"optional" json:"loadBalancerName" yaml:"loadBalancerName"`
	// Which subnets place the load balancer in.
	// Default: - the Vpc default strategy.
	//
	VpcSubnets *awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
}

Shared properties of both Application and Network Load Balancers.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var subnet subnet
var subnetFilter subnetFilter
var vpc vpc

baseLoadBalancerProps := &BaseLoadBalancerProps{
	Vpc: vpc,

	// the properties below are optional
	CrossZoneEnabled: jsii.Boolean(false),
	DeletionProtection: jsii.Boolean(false),
	DenyAllIgwTraffic: jsii.Boolean(false),
	InternetFacing: jsii.Boolean(false),
	LoadBalancerName: jsii.String("loadBalancerName"),
	VpcSubnets: &SubnetSelection{
		AvailabilityZones: []*string{
			jsii.String("availabilityZones"),
		},
		OnePerAz: jsii.Boolean(false),
		SubnetFilters: []*subnetFilter{
			subnetFilter,
		},
		SubnetGroupName: jsii.String("subnetGroupName"),
		Subnets: []iSubnet{
			subnet,
		},
		SubnetType: awscdk.Aws_ec2.SubnetType_PRIVATE_ISOLATED,
	},
}

type BaseNetworkListenerProps

type BaseNetworkListenerProps struct {
	// The port on which the listener listens for requests.
	Port *float64 `field:"required" json:"port" yaml:"port"`
	// Application-Layer Protocol Negotiation (ALPN) is a TLS extension that is sent on the initial TLS handshake hello messages.
	//
	// ALPN enables the application layer to negotiate which protocols should be used over a secure connection, such as HTTP/1 and HTTP/2.
	//
	// Can only be specified together with Protocol TLS.
	// Default: - None.
	//
	AlpnPolicy AlpnPolicy `field:"optional" json:"alpnPolicy" yaml:"alpnPolicy"`
	// Certificate list of ACM cert ARNs.
	//
	// You must provide exactly one certificate if the listener protocol is HTTPS or TLS.
	// Default: - No certificates.
	//
	Certificates *[]IListenerCertificate `field:"optional" json:"certificates" yaml:"certificates"`
	// Default action to take for requests to this listener.
	//
	// This allows full control of the default Action of the load balancer,
	// including weighted forwarding. See the `NetworkListenerAction` class for
	// all options.
	//
	// Cannot be specified together with `defaultTargetGroups`.
	// Default: - None.
	//
	DefaultAction NetworkListenerAction `field:"optional" json:"defaultAction" yaml:"defaultAction"`
	// Default target groups to load balance to.
	//
	// All target groups will be load balanced to with equal weight and without
	// stickiness. For a more complex configuration than that, use
	// either `defaultAction` or `addAction()`.
	//
	// Cannot be specified together with `defaultAction`.
	// Default: - None.
	//
	DefaultTargetGroups *[]INetworkTargetGroup `field:"optional" json:"defaultTargetGroups" yaml:"defaultTargetGroups"`
	// Protocol for listener, expects TCP, TLS, UDP, or TCP_UDP.
	// Default: - TLS if certificates are provided. TCP otherwise.
	//
	Protocol Protocol `field:"optional" json:"protocol" yaml:"protocol"`
	// SSL Policy.
	// Default: - Current predefined security policy.
	//
	SslPolicy SslPolicy `field:"optional" json:"sslPolicy" yaml:"sslPolicy"`
	// The load balancer TCP idle timeout.
	// Default: Duration.seconds(350)
	//
	TcpIdleTimeout awscdk.Duration `field:"optional" json:"tcpIdleTimeout" yaml:"tcpIdleTimeout"`
}

Basic properties for a Network Listener.

Example:

var vpc vpc
var asg autoScalingGroup
var sg1 iSecurityGroup
var sg2 iSecurityGroup

// Create the load balancer in a VPC. 'internetFacing' is 'false'
// by default, which creates an internal load balancer.
lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),
	SecurityGroups: []*iSecurityGroup{
		sg1,
	},
})
lb.AddSecurityGroup(sg2)

// Add a listener on a particular port.
listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(443),
})

// Add targets on a particular port.
listener.AddTargets(jsii.String("AppFleet"), &AddNetworkTargetsProps{
	Port: jsii.Number(443),
	Targets: []iNetworkLoadBalancerTarget{
		asg,
	},
})

type BaseTargetGroupProps

type BaseTargetGroupProps struct {
	// Indicates whether cross zone load balancing is enabled.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetgroupattribute.html
	//
	// Default: - use load balancer configuration.
	//
	CrossZoneEnabled *bool `field:"optional" json:"crossZoneEnabled" yaml:"crossZoneEnabled"`
	// The amount of time for Elastic Load Balancing to wait before deregistering a target.
	//
	// The range is 0-3600 seconds.
	// Default: 300.
	//
	DeregistrationDelay awscdk.Duration `field:"optional" json:"deregistrationDelay" yaml:"deregistrationDelay"`
	// Health check configuration.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#aws-resource-elasticloadbalancingv2-targetgroup-properties
	//
	// Default: - The default value for each property in this configuration varies depending on the target.
	//
	HealthCheck *HealthCheck `field:"optional" json:"healthCheck" yaml:"healthCheck"`
	// The type of IP addresses of the targets registered with the target group.
	// Default: undefined - ELB defaults to IPv4.
	//
	IpAddressType TargetGroupIpAddressType `field:"optional" json:"ipAddressType" yaml:"ipAddressType"`
	// The name of the target group.
	//
	// This name must be unique per region per account, can have a maximum of
	// 32 characters, must contain only alphanumeric characters or hyphens, and
	// must not begin or end with a hyphen.
	// Default: - Automatically generated.
	//
	TargetGroupName *string `field:"optional" json:"targetGroupName" yaml:"targetGroupName"`
	// The type of targets registered to this TargetGroup, either IP or Instance.
	//
	// All targets registered into the group must be of this type. If you
	// register targets to the TargetGroup in the CDK app, the TargetType is
	// determined automatically.
	// Default: - Determined automatically.
	//
	TargetType TargetType `field:"optional" json:"targetType" yaml:"targetType"`
	// The virtual private cloud (VPC).
	//
	// only if `TargetType` is `Ip` or `InstanceId`.
	// Default: - undefined.
	//
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Basic properties of both Application and Network Target Groups.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var vpc vpc

baseTargetGroupProps := &BaseTargetGroupProps{
	CrossZoneEnabled: jsii.Boolean(false),
	DeregistrationDelay: cdk.Duration_Minutes(jsii.Number(30)),
	HealthCheck: &HealthCheck{
		Enabled: jsii.Boolean(false),
		HealthyGrpcCodes: jsii.String("healthyGrpcCodes"),
		HealthyHttpCodes: jsii.String("healthyHttpCodes"),
		HealthyThresholdCount: jsii.Number(123),
		Interval: cdk.Duration_*Minutes(jsii.Number(30)),
		Path: jsii.String("path"),
		Port: jsii.String("port"),
		Protocol: awscdk.Aws_elasticloadbalancingv2.Protocol_HTTP,
		Timeout: cdk.Duration_*Minutes(jsii.Number(30)),
		UnhealthyThresholdCount: jsii.Number(123),
	},
	IpAddressType: awscdk.*Aws_elasticloadbalancingv2.TargetGroupIpAddressType_IPV4,
	TargetGroupName: jsii.String("targetGroupName"),
	TargetType: awscdk.*Aws_elasticloadbalancingv2.TargetType_INSTANCE,
	Vpc: vpc,
}

type CfnListener

type CfnListener interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
	AlpnPolicy() *[]*string
	SetAlpnPolicy(val *[]*string)
	// The Amazon Resource Name (ARN) of the listener.
	AttrListenerArn() *string
	// The default SSL server certificate for a secure listener.
	Certificates() interface{}
	SetCertificates(val interface{})
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The actions for the default rule.
	//
	// You cannot define a condition for a default rule.
	DefaultActions() interface{}
	SetDefaultActions(val interface{})
	// The listener attributes.
	ListenerAttributes() interface{}
	SetListenerAttributes(val interface{})
	// The Amazon Resource Name (ARN) of the load balancer.
	LoadBalancerArn() *string
	SetLoadBalancerArn(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The mutual authentication configuration information.
	MutualAuthentication() interface{}
	SetMutualAuthentication(val interface{})
	// The tree node.
	Node() constructs.Node
	// The port on which the load balancer is listening.
	Port() *float64
	SetPort(val *float64)
	// The protocol for connections from clients to the load balancer.
	Protocol() *string
	SetProtocol(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.
	SslPolicy() *string
	SetSslPolicy(val *string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Specifies a listener for an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnListener := awscdk.Aws_elasticloadbalancingv2.NewCfnListener(this, jsii.String("MyCfnListener"), &CfnListenerProps{
	DefaultActions: []interface{}{
		&ActionProperty{
			Type: jsii.String("type"),

			// the properties below are optional
			AuthenticateCognitoConfig: &AuthenticateCognitoConfigProperty{
				UserPoolArn: jsii.String("userPoolArn"),
				UserPoolClientId: jsii.String("userPoolClientId"),
				UserPoolDomain: jsii.String("userPoolDomain"),

				// the properties below are optional
				AuthenticationRequestExtraParams: map[string]*string{
					"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
				},
				OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
				Scope: jsii.String("scope"),
				SessionCookieName: jsii.String("sessionCookieName"),
				SessionTimeout: jsii.String("sessionTimeout"),
			},
			AuthenticateOidcConfig: &AuthenticateOidcConfigProperty{
				AuthorizationEndpoint: jsii.String("authorizationEndpoint"),
				ClientId: jsii.String("clientId"),
				Issuer: jsii.String("issuer"),
				TokenEndpoint: jsii.String("tokenEndpoint"),
				UserInfoEndpoint: jsii.String("userInfoEndpoint"),

				// the properties below are optional
				AuthenticationRequestExtraParams: map[string]*string{
					"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
				},
				ClientSecret: jsii.String("clientSecret"),
				OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
				Scope: jsii.String("scope"),
				SessionCookieName: jsii.String("sessionCookieName"),
				SessionTimeout: jsii.String("sessionTimeout"),
				UseExistingClientSecret: jsii.Boolean(false),
			},
			FixedResponseConfig: &FixedResponseConfigProperty{
				StatusCode: jsii.String("statusCode"),

				// the properties below are optional
				ContentType: jsii.String("contentType"),
				MessageBody: jsii.String("messageBody"),
			},
			ForwardConfig: &ForwardConfigProperty{
				TargetGroups: []interface{}{
					&TargetGroupTupleProperty{
						TargetGroupArn: jsii.String("targetGroupArn"),
						Weight: jsii.Number(123),
					},
				},
				TargetGroupStickinessConfig: &TargetGroupStickinessConfigProperty{
					DurationSeconds: jsii.Number(123),
					Enabled: jsii.Boolean(false),
				},
			},
			Order: jsii.Number(123),
			RedirectConfig: &RedirectConfigProperty{
				StatusCode: jsii.String("statusCode"),

				// the properties below are optional
				Host: jsii.String("host"),
				Path: jsii.String("path"),
				Port: jsii.String("port"),
				Protocol: jsii.String("protocol"),
				Query: jsii.String("query"),
			},
			TargetGroupArn: jsii.String("targetGroupArn"),
		},
	},
	LoadBalancerArn: jsii.String("loadBalancerArn"),

	// the properties below are optional
	AlpnPolicy: []*string{
		jsii.String("alpnPolicy"),
	},
	Certificates: []interface{}{
		&CertificateProperty{
			CertificateArn: jsii.String("certificateArn"),
		},
	},
	ListenerAttributes: []interface{}{
		&ListenerAttributeProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	MutualAuthentication: &MutualAuthenticationProperty{
		AdvertiseTrustStoreCaNames: jsii.String("advertiseTrustStoreCaNames"),
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		Mode: jsii.String("mode"),
		TrustStoreArn: jsii.String("trustStoreArn"),
	},
	Port: jsii.Number(123),
	Protocol: jsii.String("protocol"),
	SslPolicy: jsii.String("sslPolicy"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html

func NewCfnListener

func NewCfnListener(scope constructs.Construct, id *string, props *CfnListenerProps) CfnListener

type CfnListenerCertificate

type CfnListenerCertificate interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AttrId() *string
	// The certificate.
	Certificates() interface{}
	SetCertificates(val interface{})
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The Amazon Resource Name (ARN) of the listener.
	ListenerArn() *string
	SetListenerArn(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Specifies an SSL server certificate to add to the certificate list for an HTTPS or TLS listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnListenerCertificate := awscdk.Aws_elasticloadbalancingv2.NewCfnListenerCertificate(this, jsii.String("MyCfnListenerCertificate"), &CfnListenerCertificateProps{
	Certificates: []interface{}{
		&CertificateProperty{
			CertificateArn: jsii.String("certificateArn"),
		},
	},
	ListenerArn: jsii.String("listenerArn"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html

func NewCfnListenerCertificate

func NewCfnListenerCertificate(scope constructs.Construct, id *string, props *CfnListenerCertificateProps) CfnListenerCertificate

type CfnListenerCertificateProps

type CfnListenerCertificateProps struct {
	// The certificate.
	//
	// You can specify one certificate per resource.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html#cfn-elasticloadbalancingv2-listenercertificate-certificates
	//
	Certificates interface{} `field:"required" json:"certificates" yaml:"certificates"`
	// The Amazon Resource Name (ARN) of the listener.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html#cfn-elasticloadbalancingv2-listenercertificate-listenerarn
	//
	ListenerArn *string `field:"required" json:"listenerArn" yaml:"listenerArn"`
}

Properties for defining a `CfnListenerCertificate`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnListenerCertificateProps := &CfnListenerCertificateProps{
	Certificates: []interface{}{
		&CertificateProperty{
			CertificateArn: jsii.String("certificateArn"),
		},
	},
	ListenerArn: jsii.String("listenerArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html

type CfnListenerCertificate_CertificateProperty

type CfnListenerCertificate_CertificateProperty struct {
	// The Amazon Resource Name (ARN) of the certificate.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenercertificate-certificate.html#cfn-elasticloadbalancingv2-listenercertificate-certificate-certificatearn
	//
	CertificateArn *string `field:"optional" json:"certificateArn" yaml:"certificateArn"`
}

Specifies an SSL server certificate for the certificate list of a secure listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

certificateProperty := &CertificateProperty{
	CertificateArn: jsii.String("certificateArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenercertificate-certificate.html

type CfnListenerProps

type CfnListenerProps struct {
	// The actions for the default rule. You cannot define a condition for a default rule.
	//
	// To create additional rules for an Application Load Balancer, use [AWS::ElasticLoadBalancingV2::ListenerRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-defaultactions
	//
	DefaultActions interface{} `field:"required" json:"defaultActions" yaml:"defaultActions"`
	// The Amazon Resource Name (ARN) of the load balancer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-loadbalancerarn
	//
	LoadBalancerArn *string `field:"required" json:"loadBalancerArn" yaml:"loadBalancerArn"`
	// [TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-alpnpolicy
	//
	AlpnPolicy *[]*string `field:"optional" json:"alpnPolicy" yaml:"alpnPolicy"`
	// The default SSL server certificate for a secure listener.
	//
	// You must provide exactly one certificate if the listener protocol is HTTPS or TLS.
	//
	// To create a certificate list for a secure listener, use [AWS::ElasticLoadBalancingV2::ListenerCertificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html) .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-certificates
	//
	Certificates interface{} `field:"optional" json:"certificates" yaml:"certificates"`
	// The listener attributes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-listenerattributes
	//
	ListenerAttributes interface{} `field:"optional" json:"listenerAttributes" yaml:"listenerAttributes"`
	// The mutual authentication configuration information.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-mutualauthentication
	//
	MutualAuthentication interface{} `field:"optional" json:"mutualAuthentication" yaml:"mutualAuthentication"`
	// The port on which the load balancer is listening.
	//
	// You can't specify a port for a Gateway Load Balancer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-port
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// The protocol for connections from clients to the load balancer.
	//
	// For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-protocol
	//
	Protocol *string `field:"optional" json:"protocol" yaml:"protocol"`
	// [HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.
	//
	// Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic.
	//
	// For more information, see [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) in the *Application Load Balancers Guide* and [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) in the *Network Load Balancers Guide* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html#cfn-elasticloadbalancingv2-listener-sslpolicy
	//
	SslPolicy *string `field:"optional" json:"sslPolicy" yaml:"sslPolicy"`
}

Properties for defining a `CfnListener`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnListenerProps := &CfnListenerProps{
	DefaultActions: []interface{}{
		&ActionProperty{
			Type: jsii.String("type"),

			// the properties below are optional
			AuthenticateCognitoConfig: &AuthenticateCognitoConfigProperty{
				UserPoolArn: jsii.String("userPoolArn"),
				UserPoolClientId: jsii.String("userPoolClientId"),
				UserPoolDomain: jsii.String("userPoolDomain"),

				// the properties below are optional
				AuthenticationRequestExtraParams: map[string]*string{
					"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
				},
				OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
				Scope: jsii.String("scope"),
				SessionCookieName: jsii.String("sessionCookieName"),
				SessionTimeout: jsii.String("sessionTimeout"),
			},
			AuthenticateOidcConfig: &AuthenticateOidcConfigProperty{
				AuthorizationEndpoint: jsii.String("authorizationEndpoint"),
				ClientId: jsii.String("clientId"),
				Issuer: jsii.String("issuer"),
				TokenEndpoint: jsii.String("tokenEndpoint"),
				UserInfoEndpoint: jsii.String("userInfoEndpoint"),

				// the properties below are optional
				AuthenticationRequestExtraParams: map[string]*string{
					"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
				},
				ClientSecret: jsii.String("clientSecret"),
				OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
				Scope: jsii.String("scope"),
				SessionCookieName: jsii.String("sessionCookieName"),
				SessionTimeout: jsii.String("sessionTimeout"),
				UseExistingClientSecret: jsii.Boolean(false),
			},
			FixedResponseConfig: &FixedResponseConfigProperty{
				StatusCode: jsii.String("statusCode"),

				// the properties below are optional
				ContentType: jsii.String("contentType"),
				MessageBody: jsii.String("messageBody"),
			},
			ForwardConfig: &ForwardConfigProperty{
				TargetGroups: []interface{}{
					&TargetGroupTupleProperty{
						TargetGroupArn: jsii.String("targetGroupArn"),
						Weight: jsii.Number(123),
					},
				},
				TargetGroupStickinessConfig: &TargetGroupStickinessConfigProperty{
					DurationSeconds: jsii.Number(123),
					Enabled: jsii.Boolean(false),
				},
			},
			Order: jsii.Number(123),
			RedirectConfig: &RedirectConfigProperty{
				StatusCode: jsii.String("statusCode"),

				// the properties below are optional
				Host: jsii.String("host"),
				Path: jsii.String("path"),
				Port: jsii.String("port"),
				Protocol: jsii.String("protocol"),
				Query: jsii.String("query"),
			},
			TargetGroupArn: jsii.String("targetGroupArn"),
		},
	},
	LoadBalancerArn: jsii.String("loadBalancerArn"),

	// the properties below are optional
	AlpnPolicy: []*string{
		jsii.String("alpnPolicy"),
	},
	Certificates: []interface{}{
		&CertificateProperty{
			CertificateArn: jsii.String("certificateArn"),
		},
	},
	ListenerAttributes: []interface{}{
		&ListenerAttributeProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	MutualAuthentication: &MutualAuthenticationProperty{
		AdvertiseTrustStoreCaNames: jsii.String("advertiseTrustStoreCaNames"),
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		Mode: jsii.String("mode"),
		TrustStoreArn: jsii.String("trustStoreArn"),
	},
	Port: jsii.Number(123),
	Protocol: jsii.String("protocol"),
	SslPolicy: jsii.String("sslPolicy"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html

type CfnListenerRule

type CfnListenerRule interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The actions.
	Actions() interface{}
	SetActions(val interface{})
	// Indicates whether this is the default rule.
	AttrIsDefault() awscdk.IResolvable
	// The Amazon Resource Name (ARN) of the rule.
	AttrRuleArn() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// The conditions.
	Conditions() interface{}
	SetConditions(val interface{})
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The Amazon Resource Name (ARN) of the listener.
	ListenerArn() *string
	SetListenerArn(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// The rule priority.
	//
	// A listener can't have multiple rules with the same priority.
	Priority() *float64
	SetPriority(val *float64)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Specifies a listener rule.

The listener must be associated with an Application Load Balancer. Each rule consists of a priority, one or more actions, and one or more conditions.

For more information, see [Quotas for your Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-limits.html) in the *User Guide for Application Load Balancers* .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnListenerRule := awscdk.Aws_elasticloadbalancingv2.NewCfnListenerRule(this, jsii.String("MyCfnListenerRule"), &CfnListenerRuleProps{
	Actions: []interface{}{
		&ActionProperty{
			Type: jsii.String("type"),

			// the properties below are optional
			AuthenticateCognitoConfig: &AuthenticateCognitoConfigProperty{
				UserPoolArn: jsii.String("userPoolArn"),
				UserPoolClientId: jsii.String("userPoolClientId"),
				UserPoolDomain: jsii.String("userPoolDomain"),

				// the properties below are optional
				AuthenticationRequestExtraParams: map[string]*string{
					"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
				},
				OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
				Scope: jsii.String("scope"),
				SessionCookieName: jsii.String("sessionCookieName"),
				SessionTimeout: jsii.Number(123),
			},
			AuthenticateOidcConfig: &AuthenticateOidcConfigProperty{
				AuthorizationEndpoint: jsii.String("authorizationEndpoint"),
				ClientId: jsii.String("clientId"),
				Issuer: jsii.String("issuer"),
				TokenEndpoint: jsii.String("tokenEndpoint"),
				UserInfoEndpoint: jsii.String("userInfoEndpoint"),

				// the properties below are optional
				AuthenticationRequestExtraParams: map[string]*string{
					"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
				},
				ClientSecret: jsii.String("clientSecret"),
				OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
				Scope: jsii.String("scope"),
				SessionCookieName: jsii.String("sessionCookieName"),
				SessionTimeout: jsii.Number(123),
				UseExistingClientSecret: jsii.Boolean(false),
			},
			FixedResponseConfig: &FixedResponseConfigProperty{
				StatusCode: jsii.String("statusCode"),

				// the properties below are optional
				ContentType: jsii.String("contentType"),
				MessageBody: jsii.String("messageBody"),
			},
			ForwardConfig: &ForwardConfigProperty{
				TargetGroups: []interface{}{
					&TargetGroupTupleProperty{
						TargetGroupArn: jsii.String("targetGroupArn"),
						Weight: jsii.Number(123),
					},
				},
				TargetGroupStickinessConfig: &TargetGroupStickinessConfigProperty{
					DurationSeconds: jsii.Number(123),
					Enabled: jsii.Boolean(false),
				},
			},
			Order: jsii.Number(123),
			RedirectConfig: &RedirectConfigProperty{
				StatusCode: jsii.String("statusCode"),

				// the properties below are optional
				Host: jsii.String("host"),
				Path: jsii.String("path"),
				Port: jsii.String("port"),
				Protocol: jsii.String("protocol"),
				Query: jsii.String("query"),
			},
			TargetGroupArn: jsii.String("targetGroupArn"),
		},
	},
	Conditions: []interface{}{
		&RuleConditionProperty{
			Field: jsii.String("field"),
			HostHeaderConfig: &HostHeaderConfigProperty{
				Values: []*string{
					jsii.String("values"),
				},
			},
			HttpHeaderConfig: &HttpHeaderConfigProperty{
				HttpHeaderName: jsii.String("httpHeaderName"),
				Values: []*string{
					jsii.String("values"),
				},
			},
			HttpRequestMethodConfig: &HttpRequestMethodConfigProperty{
				Values: []*string{
					jsii.String("values"),
				},
			},
			PathPatternConfig: &PathPatternConfigProperty{
				Values: []*string{
					jsii.String("values"),
				},
			},
			QueryStringConfig: &QueryStringConfigProperty{
				Values: []interface{}{
					&QueryStringKeyValueProperty{
						Key: jsii.String("key"),
						Value: jsii.String("value"),
					},
				},
			},
			SourceIpConfig: &SourceIpConfigProperty{
				Values: []*string{
					jsii.String("values"),
				},
			},
			Values: []*string{
				jsii.String("values"),
			},
		},
	},
	Priority: jsii.Number(123),

	// the properties below are optional
	ListenerArn: jsii.String("listenerArn"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html

func NewCfnListenerRule

func NewCfnListenerRule(scope constructs.Construct, id *string, props *CfnListenerRuleProps) CfnListenerRule

type CfnListenerRuleProps

type CfnListenerRuleProps struct {
	// The actions.
	//
	// The rule must include exactly one of the following types of actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. If the rule is for an HTTPS listener, it can also optionally include an authentication action.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html#cfn-elasticloadbalancingv2-listenerrule-actions
	//
	Actions interface{} `field:"required" json:"actions" yaml:"actions"`
	// The conditions.
	//
	// The rule can optionally include up to one of each of the following conditions: `http-request-method` , `host-header` , `path-pattern` , and `source-ip` . A rule can also optionally include one or more of each of the following conditions: `http-header` and `query-string` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html#cfn-elasticloadbalancingv2-listenerrule-conditions
	//
	Conditions interface{} `field:"required" json:"conditions" yaml:"conditions"`
	// The rule priority. A listener can't have multiple rules with the same priority.
	//
	// If you try to reorder rules by updating their priorities, do not specify a new priority if an existing rule already uses this priority, as this can cause an error. If you need to reuse a priority with a different rule, you must remove it as a priority first, and then specify it in a subsequent update.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html#cfn-elasticloadbalancingv2-listenerrule-priority
	//
	Priority *float64 `field:"required" json:"priority" yaml:"priority"`
	// The Amazon Resource Name (ARN) of the listener.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html#cfn-elasticloadbalancingv2-listenerrule-listenerarn
	//
	ListenerArn *string `field:"optional" json:"listenerArn" yaml:"listenerArn"`
}

Properties for defining a `CfnListenerRule`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnListenerRuleProps := &CfnListenerRuleProps{
	Actions: []interface{}{
		&ActionProperty{
			Type: jsii.String("type"),

			// the properties below are optional
			AuthenticateCognitoConfig: &AuthenticateCognitoConfigProperty{
				UserPoolArn: jsii.String("userPoolArn"),
				UserPoolClientId: jsii.String("userPoolClientId"),
				UserPoolDomain: jsii.String("userPoolDomain"),

				// the properties below are optional
				AuthenticationRequestExtraParams: map[string]*string{
					"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
				},
				OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
				Scope: jsii.String("scope"),
				SessionCookieName: jsii.String("sessionCookieName"),
				SessionTimeout: jsii.Number(123),
			},
			AuthenticateOidcConfig: &AuthenticateOidcConfigProperty{
				AuthorizationEndpoint: jsii.String("authorizationEndpoint"),
				ClientId: jsii.String("clientId"),
				Issuer: jsii.String("issuer"),
				TokenEndpoint: jsii.String("tokenEndpoint"),
				UserInfoEndpoint: jsii.String("userInfoEndpoint"),

				// the properties below are optional
				AuthenticationRequestExtraParams: map[string]*string{
					"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
				},
				ClientSecret: jsii.String("clientSecret"),
				OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
				Scope: jsii.String("scope"),
				SessionCookieName: jsii.String("sessionCookieName"),
				SessionTimeout: jsii.Number(123),
				UseExistingClientSecret: jsii.Boolean(false),
			},
			FixedResponseConfig: &FixedResponseConfigProperty{
				StatusCode: jsii.String("statusCode"),

				// the properties below are optional
				ContentType: jsii.String("contentType"),
				MessageBody: jsii.String("messageBody"),
			},
			ForwardConfig: &ForwardConfigProperty{
				TargetGroups: []interface{}{
					&TargetGroupTupleProperty{
						TargetGroupArn: jsii.String("targetGroupArn"),
						Weight: jsii.Number(123),
					},
				},
				TargetGroupStickinessConfig: &TargetGroupStickinessConfigProperty{
					DurationSeconds: jsii.Number(123),
					Enabled: jsii.Boolean(false),
				},
			},
			Order: jsii.Number(123),
			RedirectConfig: &RedirectConfigProperty{
				StatusCode: jsii.String("statusCode"),

				// the properties below are optional
				Host: jsii.String("host"),
				Path: jsii.String("path"),
				Port: jsii.String("port"),
				Protocol: jsii.String("protocol"),
				Query: jsii.String("query"),
			},
			TargetGroupArn: jsii.String("targetGroupArn"),
		},
	},
	Conditions: []interface{}{
		&RuleConditionProperty{
			Field: jsii.String("field"),
			HostHeaderConfig: &HostHeaderConfigProperty{
				Values: []*string{
					jsii.String("values"),
				},
			},
			HttpHeaderConfig: &HttpHeaderConfigProperty{
				HttpHeaderName: jsii.String("httpHeaderName"),
				Values: []*string{
					jsii.String("values"),
				},
			},
			HttpRequestMethodConfig: &HttpRequestMethodConfigProperty{
				Values: []*string{
					jsii.String("values"),
				},
			},
			PathPatternConfig: &PathPatternConfigProperty{
				Values: []*string{
					jsii.String("values"),
				},
			},
			QueryStringConfig: &QueryStringConfigProperty{
				Values: []interface{}{
					&QueryStringKeyValueProperty{
						Key: jsii.String("key"),
						Value: jsii.String("value"),
					},
				},
			},
			SourceIpConfig: &SourceIpConfigProperty{
				Values: []*string{
					jsii.String("values"),
				},
			},
			Values: []*string{
				jsii.String("values"),
			},
		},
	},
	Priority: jsii.Number(123),

	// the properties below are optional
	ListenerArn: jsii.String("listenerArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html

type CfnListenerRule_ActionProperty

type CfnListenerRule_ActionProperty struct {
	// The type of action.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-type
	//
	Type *string `field:"required" json:"type" yaml:"type"`
	// [HTTPS listeners] Information for using Amazon Cognito to authenticate users.
	//
	// Specify only when `Type` is `authenticate-cognito` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-authenticatecognitoconfig
	//
	AuthenticateCognitoConfig interface{} `field:"optional" json:"authenticateCognitoConfig" yaml:"authenticateCognitoConfig"`
	// [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC).
	//
	// Specify only when `Type` is `authenticate-oidc` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-authenticateoidcconfig
	//
	AuthenticateOidcConfig interface{} `field:"optional" json:"authenticateOidcConfig" yaml:"authenticateOidcConfig"`
	// [Application Load Balancer] Information for creating an action that returns a custom HTTP response.
	//
	// Specify only when `Type` is `fixed-response` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-fixedresponseconfig
	//
	FixedResponseConfig interface{} `field:"optional" json:"fixedResponseConfig" yaml:"fixedResponseConfig"`
	// Information for creating an action that distributes requests among one or more target groups.
	//
	// For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-forwardconfig
	//
	ForwardConfig interface{} `field:"optional" json:"forwardConfig" yaml:"forwardConfig"`
	// The order for the action.
	//
	// This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-order
	//
	Order *float64 `field:"optional" json:"order" yaml:"order"`
	// [Application Load Balancer] Information for creating a redirect action.
	//
	// Specify only when `Type` is `redirect` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-redirectconfig
	//
	RedirectConfig interface{} `field:"optional" json:"redirectConfig" yaml:"redirectConfig"`
	// The Amazon Resource Name (ARN) of the target group.
	//
	// Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html#cfn-elasticloadbalancingv2-listenerrule-action-targetgrouparn
	//
	TargetGroupArn *string `field:"optional" json:"targetGroupArn" yaml:"targetGroupArn"`
}

Specifies an action for a listener rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

actionProperty := &ActionProperty{
	Type: jsii.String("type"),

	// the properties below are optional
	AuthenticateCognitoConfig: &AuthenticateCognitoConfigProperty{
		UserPoolArn: jsii.String("userPoolArn"),
		UserPoolClientId: jsii.String("userPoolClientId"),
		UserPoolDomain: jsii.String("userPoolDomain"),

		// the properties below are optional
		AuthenticationRequestExtraParams: map[string]*string{
			"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
		},
		OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
		Scope: jsii.String("scope"),
		SessionCookieName: jsii.String("sessionCookieName"),
		SessionTimeout: jsii.Number(123),
	},
	AuthenticateOidcConfig: &AuthenticateOidcConfigProperty{
		AuthorizationEndpoint: jsii.String("authorizationEndpoint"),
		ClientId: jsii.String("clientId"),
		Issuer: jsii.String("issuer"),
		TokenEndpoint: jsii.String("tokenEndpoint"),
		UserInfoEndpoint: jsii.String("userInfoEndpoint"),

		// the properties below are optional
		AuthenticationRequestExtraParams: map[string]*string{
			"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
		},
		ClientSecret: jsii.String("clientSecret"),
		OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
		Scope: jsii.String("scope"),
		SessionCookieName: jsii.String("sessionCookieName"),
		SessionTimeout: jsii.Number(123),
		UseExistingClientSecret: jsii.Boolean(false),
	},
	FixedResponseConfig: &FixedResponseConfigProperty{
		StatusCode: jsii.String("statusCode"),

		// the properties below are optional
		ContentType: jsii.String("contentType"),
		MessageBody: jsii.String("messageBody"),
	},
	ForwardConfig: &ForwardConfigProperty{
		TargetGroups: []interface{}{
			&TargetGroupTupleProperty{
				TargetGroupArn: jsii.String("targetGroupArn"),
				Weight: jsii.Number(123),
			},
		},
		TargetGroupStickinessConfig: &TargetGroupStickinessConfigProperty{
			DurationSeconds: jsii.Number(123),
			Enabled: jsii.Boolean(false),
		},
	},
	Order: jsii.Number(123),
	RedirectConfig: &RedirectConfigProperty{
		StatusCode: jsii.String("statusCode"),

		// the properties below are optional
		Host: jsii.String("host"),
		Path: jsii.String("path"),
		Port: jsii.String("port"),
		Protocol: jsii.String("protocol"),
		Query: jsii.String("query"),
	},
	TargetGroupArn: jsii.String("targetGroupArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-action.html

type CfnListenerRule_AuthenticateCognitoConfigProperty

type CfnListenerRule_AuthenticateCognitoConfigProperty struct {
	// The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig-userpoolarn
	//
	UserPoolArn *string `field:"required" json:"userPoolArn" yaml:"userPoolArn"`
	// The ID of the Amazon Cognito user pool client.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig-userpoolclientid
	//
	UserPoolClientId *string `field:"required" json:"userPoolClientId" yaml:"userPoolClientId"`
	// The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig-userpooldomain
	//
	UserPoolDomain *string `field:"required" json:"userPoolDomain" yaml:"userPoolDomain"`
	// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig-authenticationrequestextraparams
	//
	AuthenticationRequestExtraParams interface{} `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"`
	// The behavior if the user is not authenticated. The following are possible values:.
	//
	// - deny “ - Return an HTTP 401 Unauthorized error.
	// - allow “ - Allow the request to be forwarded to the target.
	// - authenticate “ - Redirect the request to the IdP authorization endpoint. This is the default value.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig-onunauthenticatedrequest
	//
	OnUnauthenticatedRequest *string `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"`
	// The set of user claims to be requested from the IdP. The default is `openid` .
	//
	// To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig-scope
	//
	Scope *string `field:"optional" json:"scope" yaml:"scope"`
	// The name of the cookie used to maintain session information.
	//
	// The default is AWSELBAuthSessionCookie.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig-sessioncookiename
	//
	SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"`
	// The maximum duration of the authentication session, in seconds.
	//
	// The default is 604800 seconds (7 days).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig-sessiontimeout
	//
	SessionTimeout *float64 `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"`
}

Specifies information required when integrating with Amazon Cognito to authenticate users.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

authenticateCognitoConfigProperty := &AuthenticateCognitoConfigProperty{
	UserPoolArn: jsii.String("userPoolArn"),
	UserPoolClientId: jsii.String("userPoolClientId"),
	UserPoolDomain: jsii.String("userPoolDomain"),

	// the properties below are optional
	AuthenticationRequestExtraParams: map[string]*string{
		"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
	},
	OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
	Scope: jsii.String("scope"),
	SessionCookieName: jsii.String("sessionCookieName"),
	SessionTimeout: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticatecognitoconfig.html

type CfnListenerRule_AuthenticateOidcConfigProperty

type CfnListenerRule_AuthenticateOidcConfigProperty struct {
	// The authorization endpoint of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-authorizationendpoint
	//
	AuthorizationEndpoint *string `field:"required" json:"authorizationEndpoint" yaml:"authorizationEndpoint"`
	// The OAuth 2.0 client identifier.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-clientid
	//
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The OIDC issuer identifier of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-issuer
	//
	Issuer *string `field:"required" json:"issuer" yaml:"issuer"`
	// The token endpoint of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-tokenendpoint
	//
	TokenEndpoint *string `field:"required" json:"tokenEndpoint" yaml:"tokenEndpoint"`
	// The user info endpoint of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-userinfoendpoint
	//
	UserInfoEndpoint *string `field:"required" json:"userInfoEndpoint" yaml:"userInfoEndpoint"`
	// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-authenticationrequestextraparams
	//
	AuthenticationRequestExtraParams interface{} `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"`
	// The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set `UseExistingClientSecret` to true.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-clientsecret
	//
	ClientSecret *string `field:"optional" json:"clientSecret" yaml:"clientSecret"`
	// The behavior if the user is not authenticated. The following are possible values:.
	//
	// - deny “ - Return an HTTP 401 Unauthorized error.
	// - allow “ - Allow the request to be forwarded to the target.
	// - authenticate “ - Redirect the request to the IdP authorization endpoint. This is the default value.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-onunauthenticatedrequest
	//
	OnUnauthenticatedRequest *string `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"`
	// The set of user claims to be requested from the IdP. The default is `openid` .
	//
	// To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-scope
	//
	Scope *string `field:"optional" json:"scope" yaml:"scope"`
	// The name of the cookie used to maintain session information.
	//
	// The default is AWSELBAuthSessionCookie.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-sessioncookiename
	//
	SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"`
	// The maximum duration of the authentication session, in seconds.
	//
	// The default is 604800 seconds (7 days).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-sessiontimeout
	//
	SessionTimeout *float64 `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"`
	// Indicates whether to use the existing client secret when modifying a rule.
	//
	// If you are creating a rule, you can omit this parameter or set it to false.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listenerrule-authenticateoidcconfig-useexistingclientsecret
	//
	UseExistingClientSecret interface{} `field:"optional" json:"useExistingClientSecret" yaml:"useExistingClientSecret"`
}

Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

authenticateOidcConfigProperty := &AuthenticateOidcConfigProperty{
	AuthorizationEndpoint: jsii.String("authorizationEndpoint"),
	ClientId: jsii.String("clientId"),
	Issuer: jsii.String("issuer"),
	TokenEndpoint: jsii.String("tokenEndpoint"),
	UserInfoEndpoint: jsii.String("userInfoEndpoint"),

	// the properties below are optional
	AuthenticationRequestExtraParams: map[string]*string{
		"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
	},
	ClientSecret: jsii.String("clientSecret"),
	OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
	Scope: jsii.String("scope"),
	SessionCookieName: jsii.String("sessionCookieName"),
	SessionTimeout: jsii.Number(123),
	UseExistingClientSecret: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html

type CfnListenerRule_FixedResponseConfigProperty

type CfnListenerRule_FixedResponseConfigProperty struct {
	// The HTTP response code (2XX, 4XX, or 5XX).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-fixedresponseconfig.html#cfn-elasticloadbalancingv2-listenerrule-fixedresponseconfig-statuscode
	//
	StatusCode *string `field:"required" json:"statusCode" yaml:"statusCode"`
	// The content type.
	//
	// Valid Values: text/plain | text/css | text/html | application/javascript | application/json.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-fixedresponseconfig.html#cfn-elasticloadbalancingv2-listenerrule-fixedresponseconfig-contenttype
	//
	ContentType *string `field:"optional" json:"contentType" yaml:"contentType"`
	// The message.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-fixedresponseconfig.html#cfn-elasticloadbalancingv2-listenerrule-fixedresponseconfig-messagebody
	//
	MessageBody *string `field:"optional" json:"messageBody" yaml:"messageBody"`
}

Specifies information required when returning a custom HTTP response.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

fixedResponseConfigProperty := &FixedResponseConfigProperty{
	StatusCode: jsii.String("statusCode"),

	// the properties below are optional
	ContentType: jsii.String("contentType"),
	MessageBody: jsii.String("messageBody"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-fixedresponseconfig.html

type CfnListenerRule_ForwardConfigProperty

type CfnListenerRule_ForwardConfigProperty struct {
	// Information about how traffic will be distributed between multiple target groups in a forward rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-forwardconfig.html#cfn-elasticloadbalancingv2-listenerrule-forwardconfig-targetgroups
	//
	TargetGroups interface{} `field:"optional" json:"targetGroups" yaml:"targetGroups"`
	// Information about the target group stickiness for a rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-forwardconfig.html#cfn-elasticloadbalancingv2-listenerrule-forwardconfig-targetgroupstickinessconfig
	//
	TargetGroupStickinessConfig interface{} `field:"optional" json:"targetGroupStickinessConfig" yaml:"targetGroupStickinessConfig"`
}

Information for creating an action that distributes requests among one or more target groups.

For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

forwardConfigProperty := &ForwardConfigProperty{
	TargetGroups: []interface{}{
		&TargetGroupTupleProperty{
			TargetGroupArn: jsii.String("targetGroupArn"),
			Weight: jsii.Number(123),
		},
	},
	TargetGroupStickinessConfig: &TargetGroupStickinessConfigProperty{
		DurationSeconds: jsii.Number(123),
		Enabled: jsii.Boolean(false),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-forwardconfig.html

type CfnListenerRule_HostHeaderConfigProperty

type CfnListenerRule_HostHeaderConfigProperty struct {
	// The host names.
	//
	// The maximum size of each name is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).
	//
	// If you specify multiple strings, the condition is satisfied if one of the strings matches the host name.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-hostheaderconfig.html#cfn-elasticloadbalancingv2-listenerrule-hostheaderconfig-values
	//
	Values *[]*string `field:"optional" json:"values" yaml:"values"`
}

Information about a host header condition.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

hostHeaderConfigProperty := &HostHeaderConfigProperty{
	Values: []*string{
		jsii.String("values"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-hostheaderconfig.html

type CfnListenerRule_HttpHeaderConfigProperty

type CfnListenerRule_HttpHeaderConfigProperty struct {
	// The name of the HTTP header field.
	//
	// The maximum size is 40 characters. The header name is case insensitive. The allowed characters are specified by RFC 7230. Wildcards are not supported.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-httpheaderconfig.html#cfn-elasticloadbalancingv2-listenerrule-httpheaderconfig-httpheadername
	//
	HttpHeaderName *string `field:"optional" json:"httpHeaderName" yaml:"httpHeaderName"`
	// The strings to compare against the value of the HTTP header.
	//
	// The maximum size of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).
	//
	// If the same header appears multiple times in the request, we search them in order until a match is found.
	//
	// If you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-httpheaderconfig.html#cfn-elasticloadbalancingv2-listenerrule-httpheaderconfig-values
	//
	Values *[]*string `field:"optional" json:"values" yaml:"values"`
}

Information about an HTTP header condition.

There is a set of standard HTTP header fields. You can also define custom HTTP header fields.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

httpHeaderConfigProperty := &HttpHeaderConfigProperty{
	HttpHeaderName: jsii.String("httpHeaderName"),
	Values: []*string{
		jsii.String("values"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-httpheaderconfig.html

type CfnListenerRule_HttpRequestMethodConfigProperty

type CfnListenerRule_HttpRequestMethodConfigProperty struct {
	// The name of the request method.
	//
	// The maximum size is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.
	//
	// If you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-httprequestmethodconfig.html#cfn-elasticloadbalancingv2-listenerrule-httprequestmethodconfig-values
	//
	Values *[]*string `field:"optional" json:"values" yaml:"values"`
}

Information about an HTTP method condition.

HTTP defines a set of request methods, also referred to as HTTP verbs. For more information, see the [HTTP Method Registry](https://docs.aws.amazon.com/https://www.iana.org/assignments/http-methods/http-methods.xhtml) . You can also define custom HTTP methods.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

httpRequestMethodConfigProperty := &HttpRequestMethodConfigProperty{
	Values: []*string{
		jsii.String("values"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-httprequestmethodconfig.html

type CfnListenerRule_PathPatternConfigProperty

type CfnListenerRule_PathPatternConfigProperty struct {
	// The path patterns to compare against the request URL.
	//
	// The maximum size of each string is 128 characters. The comparison is case sensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).
	//
	// If you specify multiple strings, the condition is satisfied if one of them matches the request URL. The path pattern is compared only to the path of the URL, not to its query string.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-pathpatternconfig.html#cfn-elasticloadbalancingv2-listenerrule-pathpatternconfig-values
	//
	Values *[]*string `field:"optional" json:"values" yaml:"values"`
}

Information about a path pattern condition.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

pathPatternConfigProperty := &PathPatternConfigProperty{
	Values: []*string{
		jsii.String("values"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-pathpatternconfig.html

type CfnListenerRule_QueryStringConfigProperty

type CfnListenerRule_QueryStringConfigProperty struct {
	// The key/value pairs or values to find in the query string.
	//
	// The maximum size of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in `Values` using a '\' character.
	//
	// If you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-querystringconfig.html#cfn-elasticloadbalancingv2-listenerrule-querystringconfig-values
	//
	Values interface{} `field:"optional" json:"values" yaml:"values"`
}

Information about a query string condition.

The query string component of a URI starts after the first '?' character and is terminated by either a '#' character or the end of the URI. A typical query string contains key/value pairs separated by '&' characters. The allowed characters are specified by RFC 3986. Any character can be percentage encoded.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

queryStringConfigProperty := &QueryStringConfigProperty{
	Values: []interface{}{
		&QueryStringKeyValueProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-querystringconfig.html

type CfnListenerRule_QueryStringKeyValueProperty

Information about a key/value pair.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

queryStringKeyValueProperty := &QueryStringKeyValueProperty{
	Key: jsii.String("key"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-querystringkeyvalue.html

type CfnListenerRule_RedirectConfigProperty

type CfnListenerRule_RedirectConfigProperty struct {
	// The HTTP redirect code.
	//
	// The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-redirectconfig.html#cfn-elasticloadbalancingv2-listenerrule-redirectconfig-statuscode
	//
	StatusCode *string `field:"required" json:"statusCode" yaml:"statusCode"`
	// The hostname.
	//
	// This component is not percent-encoded. The hostname can contain #{host}.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-redirectconfig.html#cfn-elasticloadbalancingv2-listenerrule-redirectconfig-host
	//
	Host *string `field:"optional" json:"host" yaml:"host"`
	// The absolute path, starting with the leading "/".
	//
	// This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-redirectconfig.html#cfn-elasticloadbalancingv2-listenerrule-redirectconfig-path
	//
	Path *string `field:"optional" json:"path" yaml:"path"`
	// The port.
	//
	// You can specify a value from 1 to 65535 or #{port}.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-redirectconfig.html#cfn-elasticloadbalancingv2-listenerrule-redirectconfig-port
	//
	Port *string `field:"optional" json:"port" yaml:"port"`
	// The protocol.
	//
	// You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-redirectconfig.html#cfn-elasticloadbalancingv2-listenerrule-redirectconfig-protocol
	//
	Protocol *string `field:"optional" json:"protocol" yaml:"protocol"`
	// The query parameters, URL-encoded when necessary, but not percent-encoded.
	//
	// Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-redirectconfig.html#cfn-elasticloadbalancingv2-listenerrule-redirectconfig-query
	//
	Query *string `field:"optional" json:"query" yaml:"query"`
}

Information about a redirect action.

A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values.

You can reuse URI components using the following reserved keywords:

- #{protocol} - #{host} - #{port} - #{path} (the leading "/" is removed) - #{query}

For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz".

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

redirectConfigProperty := &RedirectConfigProperty{
	StatusCode: jsii.String("statusCode"),

	// the properties below are optional
	Host: jsii.String("host"),
	Path: jsii.String("path"),
	Port: jsii.String("port"),
	Protocol: jsii.String("protocol"),
	Query: jsii.String("query"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-redirectconfig.html

type CfnListenerRule_RuleConditionProperty

type CfnListenerRule_RuleConditionProperty struct {
	// The field in the HTTP request. The following are the possible values:.
	//
	// - `http-header`
	// - `http-request-method`
	// - `host-header`
	// - `path-pattern`
	// - `query-string`
	// - `source-ip`.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-rulecondition.html#cfn-elasticloadbalancingv2-listenerrule-rulecondition-field
	//
	Field *string `field:"optional" json:"field" yaml:"field"`
	// Information for a host header condition.
	//
	// Specify only when `Field` is `host-header` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-rulecondition.html#cfn-elasticloadbalancingv2-listenerrule-rulecondition-hostheaderconfig
	//
	HostHeaderConfig interface{} `field:"optional" json:"hostHeaderConfig" yaml:"hostHeaderConfig"`
	// Information for an HTTP header condition.
	//
	// Specify only when `Field` is `http-header` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-rulecondition.html#cfn-elasticloadbalancingv2-listenerrule-rulecondition-httpheaderconfig
	//
	HttpHeaderConfig interface{} `field:"optional" json:"httpHeaderConfig" yaml:"httpHeaderConfig"`
	// Information for an HTTP method condition.
	//
	// Specify only when `Field` is `http-request-method` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-rulecondition.html#cfn-elasticloadbalancingv2-listenerrule-rulecondition-httprequestmethodconfig
	//
	HttpRequestMethodConfig interface{} `field:"optional" json:"httpRequestMethodConfig" yaml:"httpRequestMethodConfig"`
	// Information for a path pattern condition.
	//
	// Specify only when `Field` is `path-pattern` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-rulecondition.html#cfn-elasticloadbalancingv2-listenerrule-rulecondition-pathpatternconfig
	//
	PathPatternConfig interface{} `field:"optional" json:"pathPatternConfig" yaml:"pathPatternConfig"`
	// Information for a query string condition.
	//
	// Specify only when `Field` is `query-string` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-rulecondition.html#cfn-elasticloadbalancingv2-listenerrule-rulecondition-querystringconfig
	//
	QueryStringConfig interface{} `field:"optional" json:"queryStringConfig" yaml:"queryStringConfig"`
	// Information for a source IP condition.
	//
	// Specify only when `Field` is `source-ip` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-rulecondition.html#cfn-elasticloadbalancingv2-listenerrule-rulecondition-sourceipconfig
	//
	SourceIpConfig interface{} `field:"optional" json:"sourceIpConfig" yaml:"sourceIpConfig"`
	// The condition value.
	//
	// Specify only when `Field` is `host-header` or `path-pattern` . Alternatively, to specify multiple host names or multiple path patterns, use `HostHeaderConfig` or `PathPatternConfig` .
	//
	// If `Field` is `host-header` and you're not using `HostHeaderConfig` , you can specify a single host name (for example, my.example.com). A host name is case insensitive, can be up to 128 characters in length, and can contain any of the following characters.
	//
	// - A-Z, a-z, 0-9
	// - - .
	// - * (matches 0 or more characters)
	// - ? (matches exactly 1 character)
	//
	// If `Field` is `path-pattern` and you're not using `PathPatternConfig` , you can specify a single path pattern (for example, /img/*). A path pattern is case-sensitive, can be up to 128 characters in length, and can contain any of the following characters.
	//
	// - A-Z, a-z, 0-9
	// - _ - . $ / ~ " ' @ : +
	// - & (using &amp;)
	// - * (matches 0 or more characters)
	// - ? (matches exactly 1 character)
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-rulecondition.html#cfn-elasticloadbalancingv2-listenerrule-rulecondition-values
	//
	Values *[]*string `field:"optional" json:"values" yaml:"values"`
}

Specifies a condition for a listener rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

ruleConditionProperty := &RuleConditionProperty{
	Field: jsii.String("field"),
	HostHeaderConfig: &HostHeaderConfigProperty{
		Values: []*string{
			jsii.String("values"),
		},
	},
	HttpHeaderConfig: &HttpHeaderConfigProperty{
		HttpHeaderName: jsii.String("httpHeaderName"),
		Values: []*string{
			jsii.String("values"),
		},
	},
	HttpRequestMethodConfig: &HttpRequestMethodConfigProperty{
		Values: []*string{
			jsii.String("values"),
		},
	},
	PathPatternConfig: &PathPatternConfigProperty{
		Values: []*string{
			jsii.String("values"),
		},
	},
	QueryStringConfig: &QueryStringConfigProperty{
		Values: []interface{}{
			&QueryStringKeyValueProperty{
				Key: jsii.String("key"),
				Value: jsii.String("value"),
			},
		},
	},
	SourceIpConfig: &SourceIpConfigProperty{
		Values: []*string{
			jsii.String("values"),
		},
	},
	Values: []*string{
		jsii.String("values"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-rulecondition.html

type CfnListenerRule_SourceIpConfigProperty

type CfnListenerRule_SourceIpConfigProperty struct {
	// The source IP addresses, in CIDR format. You can use both IPv4 and IPv6 addresses. Wildcards are not supported.
	//
	// If you specify multiple addresses, the condition is satisfied if the source IP address of the request matches one of the CIDR blocks. This condition is not satisfied by the addresses in the X-Forwarded-For header.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-sourceipconfig.html#cfn-elasticloadbalancingv2-listenerrule-sourceipconfig-values
	//
	Values *[]*string `field:"optional" json:"values" yaml:"values"`
}

Information about a source IP condition.

You can use this condition to route based on the IP address of the source that connects to the load balancer. If a client is behind a proxy, this is the IP address of the proxy not the IP address of the client.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

sourceIpConfigProperty := &SourceIpConfigProperty{
	Values: []*string{
		jsii.String("values"),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-sourceipconfig.html

type CfnListenerRule_TargetGroupStickinessConfigProperty

type CfnListenerRule_TargetGroupStickinessConfigProperty struct {
	// The time period, in seconds, during which requests from a client should be routed to the same target group.
	//
	// The range is 1-604800 seconds (7 days).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-targetgroupstickinessconfig.html#cfn-elasticloadbalancingv2-listenerrule-targetgroupstickinessconfig-durationseconds
	//
	DurationSeconds *float64 `field:"optional" json:"durationSeconds" yaml:"durationSeconds"`
	// Indicates whether target group stickiness is enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-targetgroupstickinessconfig.html#cfn-elasticloadbalancingv2-listenerrule-targetgroupstickinessconfig-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
}

Information about the target group stickiness for a rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

targetGroupStickinessConfigProperty := &TargetGroupStickinessConfigProperty{
	DurationSeconds: jsii.Number(123),
	Enabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-targetgroupstickinessconfig.html

type CfnListenerRule_TargetGroupTupleProperty

type CfnListenerRule_TargetGroupTupleProperty struct {
	// The Amazon Resource Name (ARN) of the target group.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-targetgrouptuple.html#cfn-elasticloadbalancingv2-listenerrule-targetgrouptuple-targetgrouparn
	//
	TargetGroupArn *string `field:"optional" json:"targetGroupArn" yaml:"targetGroupArn"`
	// The weight.
	//
	// The range is 0 to 999.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-targetgrouptuple.html#cfn-elasticloadbalancingv2-listenerrule-targetgrouptuple-weight
	//
	Weight *float64 `field:"optional" json:"weight" yaml:"weight"`
}

Information about how traffic will be distributed between multiple target groups in a forward rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

targetGroupTupleProperty := &TargetGroupTupleProperty{
	TargetGroupArn: jsii.String("targetGroupArn"),
	Weight: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-targetgrouptuple.html

type CfnListener_ActionProperty

type CfnListener_ActionProperty struct {
	// The type of action.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-type
	//
	Type *string `field:"required" json:"type" yaml:"type"`
	// [HTTPS listeners] Information for using Amazon Cognito to authenticate users.
	//
	// Specify only when `Type` is `authenticate-cognito` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-authenticatecognitoconfig
	//
	AuthenticateCognitoConfig interface{} `field:"optional" json:"authenticateCognitoConfig" yaml:"authenticateCognitoConfig"`
	// [HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC).
	//
	// Specify only when `Type` is `authenticate-oidc` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-authenticateoidcconfig
	//
	AuthenticateOidcConfig interface{} `field:"optional" json:"authenticateOidcConfig" yaml:"authenticateOidcConfig"`
	// [Application Load Balancer] Information for creating an action that returns a custom HTTP response.
	//
	// Specify only when `Type` is `fixed-response` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-fixedresponseconfig
	//
	FixedResponseConfig interface{} `field:"optional" json:"fixedResponseConfig" yaml:"fixedResponseConfig"`
	// Information for creating an action that distributes requests among one or more target groups.
	//
	// For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-forwardconfig
	//
	ForwardConfig interface{} `field:"optional" json:"forwardConfig" yaml:"forwardConfig"`
	// The order for the action.
	//
	// This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-order
	//
	Order *float64 `field:"optional" json:"order" yaml:"order"`
	// [Application Load Balancer] Information for creating a redirect action.
	//
	// Specify only when `Type` is `redirect` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-redirectconfig
	//
	RedirectConfig interface{} `field:"optional" json:"redirectConfig" yaml:"redirectConfig"`
	// The Amazon Resource Name (ARN) of the target group.
	//
	// Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html#cfn-elasticloadbalancingv2-listener-action-targetgrouparn
	//
	TargetGroupArn *string `field:"optional" json:"targetGroupArn" yaml:"targetGroupArn"`
}

Specifies an action for a listener rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

actionProperty := &ActionProperty{
	Type: jsii.String("type"),

	// the properties below are optional
	AuthenticateCognitoConfig: &AuthenticateCognitoConfigProperty{
		UserPoolArn: jsii.String("userPoolArn"),
		UserPoolClientId: jsii.String("userPoolClientId"),
		UserPoolDomain: jsii.String("userPoolDomain"),

		// the properties below are optional
		AuthenticationRequestExtraParams: map[string]*string{
			"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
		},
		OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
		Scope: jsii.String("scope"),
		SessionCookieName: jsii.String("sessionCookieName"),
		SessionTimeout: jsii.String("sessionTimeout"),
	},
	AuthenticateOidcConfig: &AuthenticateOidcConfigProperty{
		AuthorizationEndpoint: jsii.String("authorizationEndpoint"),
		ClientId: jsii.String("clientId"),
		Issuer: jsii.String("issuer"),
		TokenEndpoint: jsii.String("tokenEndpoint"),
		UserInfoEndpoint: jsii.String("userInfoEndpoint"),

		// the properties below are optional
		AuthenticationRequestExtraParams: map[string]*string{
			"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
		},
		ClientSecret: jsii.String("clientSecret"),
		OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
		Scope: jsii.String("scope"),
		SessionCookieName: jsii.String("sessionCookieName"),
		SessionTimeout: jsii.String("sessionTimeout"),
		UseExistingClientSecret: jsii.Boolean(false),
	},
	FixedResponseConfig: &FixedResponseConfigProperty{
		StatusCode: jsii.String("statusCode"),

		// the properties below are optional
		ContentType: jsii.String("contentType"),
		MessageBody: jsii.String("messageBody"),
	},
	ForwardConfig: &ForwardConfigProperty{
		TargetGroups: []interface{}{
			&TargetGroupTupleProperty{
				TargetGroupArn: jsii.String("targetGroupArn"),
				Weight: jsii.Number(123),
			},
		},
		TargetGroupStickinessConfig: &TargetGroupStickinessConfigProperty{
			DurationSeconds: jsii.Number(123),
			Enabled: jsii.Boolean(false),
		},
	},
	Order: jsii.Number(123),
	RedirectConfig: &RedirectConfigProperty{
		StatusCode: jsii.String("statusCode"),

		// the properties below are optional
		Host: jsii.String("host"),
		Path: jsii.String("path"),
		Port: jsii.String("port"),
		Protocol: jsii.String("protocol"),
		Query: jsii.String("query"),
	},
	TargetGroupArn: jsii.String("targetGroupArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-action.html

type CfnListener_AuthenticateCognitoConfigProperty

type CfnListener_AuthenticateCognitoConfigProperty struct {
	// The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-userpoolarn
	//
	UserPoolArn *string `field:"required" json:"userPoolArn" yaml:"userPoolArn"`
	// The ID of the Amazon Cognito user pool client.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-userpoolclientid
	//
	UserPoolClientId *string `field:"required" json:"userPoolClientId" yaml:"userPoolClientId"`
	// The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-userpooldomain
	//
	UserPoolDomain *string `field:"required" json:"userPoolDomain" yaml:"userPoolDomain"`
	// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-authenticationrequestextraparams
	//
	AuthenticationRequestExtraParams interface{} `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"`
	// The behavior if the user is not authenticated. The following are possible values:.
	//
	// - deny “ - Return an HTTP 401 Unauthorized error.
	// - allow “ - Allow the request to be forwarded to the target.
	// - authenticate “ - Redirect the request to the IdP authorization endpoint. This is the default value.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-onunauthenticatedrequest
	//
	OnUnauthenticatedRequest *string `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"`
	// The set of user claims to be requested from the IdP. The default is `openid` .
	//
	// To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-scope
	//
	Scope *string `field:"optional" json:"scope" yaml:"scope"`
	// The name of the cookie used to maintain session information.
	//
	// The default is AWSELBAuthSessionCookie.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-sessioncookiename
	//
	SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"`
	// The maximum duration of the authentication session, in seconds.
	//
	// The default is 604800 seconds (7 days).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html#cfn-elasticloadbalancingv2-listener-authenticatecognitoconfig-sessiontimeout
	//
	SessionTimeout *string `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"`
}

Specifies information required when integrating with Amazon Cognito to authenticate users.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

authenticateCognitoConfigProperty := &AuthenticateCognitoConfigProperty{
	UserPoolArn: jsii.String("userPoolArn"),
	UserPoolClientId: jsii.String("userPoolClientId"),
	UserPoolDomain: jsii.String("userPoolDomain"),

	// the properties below are optional
	AuthenticationRequestExtraParams: map[string]*string{
		"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
	},
	OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
	Scope: jsii.String("scope"),
	SessionCookieName: jsii.String("sessionCookieName"),
	SessionTimeout: jsii.String("sessionTimeout"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticatecognitoconfig.html

type CfnListener_AuthenticateOidcConfigProperty

type CfnListener_AuthenticateOidcConfigProperty struct {
	// The authorization endpoint of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-authorizationendpoint
	//
	AuthorizationEndpoint *string `field:"required" json:"authorizationEndpoint" yaml:"authorizationEndpoint"`
	// The OAuth 2.0 client identifier.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-clientid
	//
	ClientId *string `field:"required" json:"clientId" yaml:"clientId"`
	// The OIDC issuer identifier of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-issuer
	//
	Issuer *string `field:"required" json:"issuer" yaml:"issuer"`
	// The token endpoint of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-tokenendpoint
	//
	TokenEndpoint *string `field:"required" json:"tokenEndpoint" yaml:"tokenEndpoint"`
	// The user info endpoint of the IdP.
	//
	// This must be a full URL, including the HTTPS protocol, the domain, and the path.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-userinfoendpoint
	//
	UserInfoEndpoint *string `field:"required" json:"userInfoEndpoint" yaml:"userInfoEndpoint"`
	// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-authenticationrequestextraparams
	//
	AuthenticationRequestExtraParams interface{} `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"`
	// The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set `UseExistingClientSecret` to true.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-clientsecret
	//
	ClientSecret *string `field:"optional" json:"clientSecret" yaml:"clientSecret"`
	// The behavior if the user is not authenticated. The following are possible values:.
	//
	// - deny “ - Return an HTTP 401 Unauthorized error.
	// - allow “ - Allow the request to be forwarded to the target.
	// - authenticate “ - Redirect the request to the IdP authorization endpoint. This is the default value.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-onunauthenticatedrequest
	//
	OnUnauthenticatedRequest *string `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"`
	// The set of user claims to be requested from the IdP. The default is `openid` .
	//
	// To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-scope
	//
	Scope *string `field:"optional" json:"scope" yaml:"scope"`
	// The name of the cookie used to maintain session information.
	//
	// The default is AWSELBAuthSessionCookie.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-sessioncookiename
	//
	SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"`
	// The maximum duration of the authentication session, in seconds.
	//
	// The default is 604800 seconds (7 days).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-sessiontimeout
	//
	SessionTimeout *string `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"`
	// Indicates whether to use the existing client secret when modifying a rule.
	//
	// If you are creating a rule, you can omit this parameter or set it to false.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html#cfn-elasticloadbalancingv2-listener-authenticateoidcconfig-useexistingclientsecret
	//
	UseExistingClientSecret interface{} `field:"optional" json:"useExistingClientSecret" yaml:"useExistingClientSecret"`
}

Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

authenticateOidcConfigProperty := &AuthenticateOidcConfigProperty{
	AuthorizationEndpoint: jsii.String("authorizationEndpoint"),
	ClientId: jsii.String("clientId"),
	Issuer: jsii.String("issuer"),
	TokenEndpoint: jsii.String("tokenEndpoint"),
	UserInfoEndpoint: jsii.String("userInfoEndpoint"),

	// the properties below are optional
	AuthenticationRequestExtraParams: map[string]*string{
		"authenticationRequestExtraParamsKey": jsii.String("authenticationRequestExtraParams"),
	},
	ClientSecret: jsii.String("clientSecret"),
	OnUnauthenticatedRequest: jsii.String("onUnauthenticatedRequest"),
	Scope: jsii.String("scope"),
	SessionCookieName: jsii.String("sessionCookieName"),
	SessionTimeout: jsii.String("sessionTimeout"),
	UseExistingClientSecret: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html

type CfnListener_CertificateProperty

type CfnListener_CertificateProperty struct {
	// The Amazon Resource Name (ARN) of the certificate.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.html#cfn-elasticloadbalancingv2-listener-certificate-certificatearn
	//
	CertificateArn *string `field:"optional" json:"certificateArn" yaml:"certificateArn"`
}

Specifies an SSL server certificate to use as the default certificate for a secure listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

certificateProperty := &CertificateProperty{
	CertificateArn: jsii.String("certificateArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-certificate.html

type CfnListener_FixedResponseConfigProperty

type CfnListener_FixedResponseConfigProperty struct {
	// The HTTP response code (2XX, 4XX, or 5XX).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-fixedresponseconfig.html#cfn-elasticloadbalancingv2-listener-fixedresponseconfig-statuscode
	//
	StatusCode *string `field:"required" json:"statusCode" yaml:"statusCode"`
	// The content type.
	//
	// Valid Values: text/plain | text/css | text/html | application/javascript | application/json.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-fixedresponseconfig.html#cfn-elasticloadbalancingv2-listener-fixedresponseconfig-contenttype
	//
	ContentType *string `field:"optional" json:"contentType" yaml:"contentType"`
	// The message.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-fixedresponseconfig.html#cfn-elasticloadbalancingv2-listener-fixedresponseconfig-messagebody
	//
	MessageBody *string `field:"optional" json:"messageBody" yaml:"messageBody"`
}

Specifies information required when returning a custom HTTP response.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

fixedResponseConfigProperty := &FixedResponseConfigProperty{
	StatusCode: jsii.String("statusCode"),

	// the properties below are optional
	ContentType: jsii.String("contentType"),
	MessageBody: jsii.String("messageBody"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-fixedresponseconfig.html

type CfnListener_ForwardConfigProperty

type CfnListener_ForwardConfigProperty struct {
	// Information about how traffic will be distributed between multiple target groups in a forward rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-forwardconfig.html#cfn-elasticloadbalancingv2-listener-forwardconfig-targetgroups
	//
	TargetGroups interface{} `field:"optional" json:"targetGroups" yaml:"targetGroups"`
	// Information about the target group stickiness for a rule.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-forwardconfig.html#cfn-elasticloadbalancingv2-listener-forwardconfig-targetgroupstickinessconfig
	//
	TargetGroupStickinessConfig interface{} `field:"optional" json:"targetGroupStickinessConfig" yaml:"targetGroupStickinessConfig"`
}

Information for creating an action that distributes requests among one or more target groups.

For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

forwardConfigProperty := &ForwardConfigProperty{
	TargetGroups: []interface{}{
		&TargetGroupTupleProperty{
			TargetGroupArn: jsii.String("targetGroupArn"),
			Weight: jsii.Number(123),
		},
	},
	TargetGroupStickinessConfig: &TargetGroupStickinessConfigProperty{
		DurationSeconds: jsii.Number(123),
		Enabled: jsii.Boolean(false),
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-forwardconfig.html

type CfnListener_ListenerAttributeProperty added in v2.159.0

type CfnListener_ListenerAttributeProperty struct {
	// The name of the attribute.
	//
	// The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.
	//
	// - `tcp.idle_timeout.seconds` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.
	//
	// The following attributes are only supported by Application Load Balancers.
	//
	// - `routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Serial-Number* HTTP request header.
	// - `routing.http.request.x_amzn_mtls_clientcert_issuer.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Issuer* HTTP request header.
	// - `routing.http.request.x_amzn_mtls_clientcert_subject.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Subject* HTTP request header.
	// - `routing.http.request.x_amzn_mtls_clientcert_validity.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Validity* HTTP request header.
	// - `routing.http.request.x_amzn_mtls_clientcert_leaf.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Leaf* HTTP request header.
	// - `routing.http.request.x_amzn_mtls_clientcert.header_name` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert* HTTP request header.
	// - `routing.http.request.x_amzn_tls_version.header_name` - Enables you to modify the header name of the *X-Amzn-Tls-Version* HTTP request header.
	// - `routing.http.request.x_amzn_tls_cipher_suite.header_name` - Enables you to modify the header name of the *X-Amzn-Tls-Cipher-Suite* HTTP request header.
	// - `routing.http.response.server.enabled` - Enables you to allow or remove the HTTP response server header.
	// - `routing.http.response.strict_transport_security.header_value` - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
	// - `routing.http.response.access_control_allow_origin.header_value` - Specifies which origins are allowed to access the server.
	// - `routing.http.response.access_control_allow_methods.header_value` - Returns which HTTP methods are allowed when accessing the server from a different origin.
	// - `routing.http.response.access_control_allow_headers.header_value` - Specifies which headers can be used during the request.
	// - `routing.http.response.access_control_allow_credentials.header_value` - Indicates whether the browser should include credentials such as cookies or authentication when making requests.
	// - `routing.http.response.access_control_expose_headers.header_value` - Returns which headers the browser can expose to the requesting client.
	// - `routing.http.response.access_control_max_age.header_value` - Specifies how long the results of a preflight request can be cached, in seconds.
	// - `routing.http.response.content_security_policy.header_value` - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.
	// - `routing.http.response.x_content_type_options.header_value` - Indicates whether the MIME types advertised in the *Content-Type* headers should be followed and not be changed.
	// - `routing.http.response.x_frame_options.header_value` - Indicates whether the browser is allowed to render a page in a *frame* , *iframe* , *embed* or *object* .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html#cfn-elasticloadbalancingv2-listener-listenerattribute-key
	//
	Key *string `field:"optional" json:"key" yaml:"key"`
	// The value of the attribute.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html#cfn-elasticloadbalancingv2-listener-listenerattribute-value
	//
	Value *string `field:"optional" json:"value" yaml:"value"`
}

Information about a listener attribute.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

listenerAttributeProperty := &ListenerAttributeProperty{
	Key: jsii.String("key"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html

type CfnListener_MutualAuthenticationProperty added in v2.112.0

type CfnListener_MutualAuthenticationProperty struct {
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-advertisetruststorecanames
	//
	AdvertiseTrustStoreCaNames *string `field:"optional" json:"advertiseTrustStoreCaNames" yaml:"advertiseTrustStoreCaNames"`
	// Indicates whether expired client certificates are ignored.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-ignoreclientcertificateexpiry
	//
	IgnoreClientCertificateExpiry interface{} `field:"optional" json:"ignoreClientCertificateExpiry" yaml:"ignoreClientCertificateExpiry"`
	// The client certificate handling method.
	//
	// Options are `off` , `passthrough` or `verify` . The default value is `off` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-mode
	//
	Mode *string `field:"optional" json:"mode" yaml:"mode"`
	// The Amazon Resource Name (ARN) of the trust store.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-truststorearn
	//
	TrustStoreArn *string `field:"optional" json:"trustStoreArn" yaml:"trustStoreArn"`
}

Specifies the configuration information for mutual authentication.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

mutualAuthenticationProperty := &MutualAuthenticationProperty{
	AdvertiseTrustStoreCaNames: jsii.String("advertiseTrustStoreCaNames"),
	IgnoreClientCertificateExpiry: jsii.Boolean(false),
	Mode: jsii.String("mode"),
	TrustStoreArn: jsii.String("trustStoreArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html

type CfnListener_RedirectConfigProperty

type CfnListener_RedirectConfigProperty struct {
	// The HTTP redirect code.
	//
	// The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-statuscode
	//
	StatusCode *string `field:"required" json:"statusCode" yaml:"statusCode"`
	// The hostname.
	//
	// This component is not percent-encoded. The hostname can contain #{host}.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-host
	//
	Host *string `field:"optional" json:"host" yaml:"host"`
	// The absolute path, starting with the leading "/".
	//
	// This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-path
	//
	Path *string `field:"optional" json:"path" yaml:"path"`
	// The port.
	//
	// You can specify a value from 1 to 65535 or #{port}.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-port
	//
	Port *string `field:"optional" json:"port" yaml:"port"`
	// The protocol.
	//
	// You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You can't redirect HTTPS to HTTP.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-protocol
	//
	Protocol *string `field:"optional" json:"protocol" yaml:"protocol"`
	// The query parameters, URL-encoded when necessary, but not percent-encoded.
	//
	// Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html#cfn-elasticloadbalancingv2-listener-redirectconfig-query
	//
	Query *string `field:"optional" json:"query" yaml:"query"`
}

Information about a redirect action.

A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values.

You can reuse URI components using the following reserved keywords:

- #{protocol} - #{host} - #{port} - #{path} (the leading "/" is removed) - #{query}

For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz".

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

redirectConfigProperty := &RedirectConfigProperty{
	StatusCode: jsii.String("statusCode"),

	// the properties below are optional
	Host: jsii.String("host"),
	Path: jsii.String("path"),
	Port: jsii.String("port"),
	Protocol: jsii.String("protocol"),
	Query: jsii.String("query"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-redirectconfig.html

type CfnListener_TargetGroupStickinessConfigProperty

type CfnListener_TargetGroupStickinessConfigProperty struct {
	// The time period, in seconds, during which requests from a client should be routed to the same target group.
	//
	// The range is 1-604800 seconds (7 days).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgroupstickinessconfig.html#cfn-elasticloadbalancingv2-listener-targetgroupstickinessconfig-durationseconds
	//
	DurationSeconds *float64 `field:"optional" json:"durationSeconds" yaml:"durationSeconds"`
	// Indicates whether target group stickiness is enabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgroupstickinessconfig.html#cfn-elasticloadbalancingv2-listener-targetgroupstickinessconfig-enabled
	//
	Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"`
}

Information about the target group stickiness for a rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

targetGroupStickinessConfigProperty := &TargetGroupStickinessConfigProperty{
	DurationSeconds: jsii.Number(123),
	Enabled: jsii.Boolean(false),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgroupstickinessconfig.html

type CfnListener_TargetGroupTupleProperty

type CfnListener_TargetGroupTupleProperty struct {
	// The Amazon Resource Name (ARN) of the target group.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgrouptuple.html#cfn-elasticloadbalancingv2-listener-targetgrouptuple-targetgrouparn
	//
	TargetGroupArn *string `field:"optional" json:"targetGroupArn" yaml:"targetGroupArn"`
	// The weight.
	//
	// The range is 0 to 999.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgrouptuple.html#cfn-elasticloadbalancingv2-listener-targetgrouptuple-weight
	//
	Weight *float64 `field:"optional" json:"weight" yaml:"weight"`
}

Information about how traffic will be distributed between multiple target groups in a forward rule.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

targetGroupTupleProperty := &TargetGroupTupleProperty{
	TargetGroupArn: jsii.String("targetGroupArn"),
	Weight: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-targetgrouptuple.html

type CfnLoadBalancer

type CfnLoadBalancer interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// The ID of the Amazon Route 53 hosted zone associated with the load balancer.
	//
	// For example, `Z2P70J7EXAMPLE` .
	AttrCanonicalHostedZoneId() *string
	// The DNS name for the load balancer.
	//
	// For example, `my-load-balancer-424835706.us-west-2.elb.amazonaws.com` .
	AttrDnsName() *string
	// The Amazon Resource Name (ARN) of the load balancer.
	AttrLoadBalancerArn() *string
	// The full name of the load balancer.
	//
	// For example, `app/my-load-balancer/50dc6c495c0c9188` .
	AttrLoadBalancerFullName() *string
	// The name of the load balancer.
	//
	// For example, `my-load-balancer` .
	AttrLoadBalancerName() *string
	// The IDs of the security groups for the load balancer.
	AttrSecurityGroups() *[]*string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// [Network Load Balancers with UDP listeners] Indicates whether to use an IPv6 prefix from each subnet for source NAT.
	EnablePrefixForIpv6SourceNat() *string
	SetEnablePrefixForIpv6SourceNat(val *string)
	// Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink .
	EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic() *string
	SetEnforceSecurityGroupInboundRulesOnPrivateLinkTraffic(val *string)
	// The IP address type.
	//
	// Internal load balancers must use `ipv4` .
	IpAddressType() *string
	SetIpAddressType(val *string)
	// The load balancer attributes.
	LoadBalancerAttributes() interface{}
	SetLoadBalancerAttributes(val interface{})
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The minimum capacity for a load balancer.
	MinimumLoadBalancerCapacity() interface{}
	SetMinimumLoadBalancerCapacity(val interface{})
	// The name of the load balancer.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The nodes of an Internet-facing load balancer have public IP addresses.
	Scheme() *string
	SetScheme(val *string)
	// [Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.
	SecurityGroups() *[]*string
	SetSecurityGroups(val *[]*string)
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// The IDs of the subnets.
	SubnetMappings() interface{}
	SetSubnetMappings(val interface{})
	// The IDs of the subnets.
	Subnets() *[]*string
	SetSubnets(val *[]*string)
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// The tags to assign to the load balancer.
	TagsRaw() *[]*awscdk.CfnTag
	SetTagsRaw(val *[]*awscdk.CfnTag)
	// The type of load balancer.
	Type() *string
	SetType(val *string)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Specifies an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnLoadBalancer := awscdk.Aws_elasticloadbalancingv2.NewCfnLoadBalancer(this, jsii.String("MyCfnLoadBalancer"), &CfnLoadBalancerProps{
	EnablePrefixForIpv6SourceNat: jsii.String("enablePrefixForIpv6SourceNat"),
	EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: jsii.String("enforceSecurityGroupInboundRulesOnPrivateLinkTraffic"),
	IpAddressType: jsii.String("ipAddressType"),
	LoadBalancerAttributes: []interface{}{
		&LoadBalancerAttributeProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	MinimumLoadBalancerCapacity: &MinimumLoadBalancerCapacityProperty{
		CapacityUnits: jsii.Number(123),
	},
	Name: jsii.String("name"),
	Scheme: jsii.String("scheme"),
	SecurityGroups: []*string{
		jsii.String("securityGroups"),
	},
	SubnetMappings: []interface{}{
		&SubnetMappingProperty{
			SubnetId: jsii.String("subnetId"),

			// the properties below are optional
			AllocationId: jsii.String("allocationId"),
			IPv6Address: jsii.String("iPv6Address"),
			PrivateIPv4Address: jsii.String("privateIPv4Address"),
			SourceNatIpv6Prefix: jsii.String("sourceNatIpv6Prefix"),
		},
	},
	Subnets: []*string{
		jsii.String("subnets"),
	},
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	Type: jsii.String("type"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html

func NewCfnLoadBalancer

func NewCfnLoadBalancer(scope constructs.Construct, id *string, props *CfnLoadBalancerProps) CfnLoadBalancer

type CfnLoadBalancerProps

type CfnLoadBalancerProps struct {
	// [Network Load Balancers with UDP listeners] Indicates whether to use an IPv6 prefix from each subnet for source NAT.
	//
	// The IP address type must be `dualstack` . The default value is `off` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-enableprefixforipv6sourcenat
	//
	EnablePrefixForIpv6SourceNat *string `field:"optional" json:"enablePrefixForIpv6SourceNat" yaml:"enablePrefixForIpv6SourceNat"`
	// Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-enforcesecuritygroupinboundrulesonprivatelinktraffic
	//
	EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic *string `` /* 136-byte string literal not displayed */
	// The IP address type. Internal load balancers must use `ipv4` .
	//
	// [Application Load Balancers] The possible values are `ipv4` (IPv4 addresses), `dualstack` (IPv4 and IPv6 addresses), and `dualstack-without-public-ipv4` (public IPv6 addresses and private IPv4 and IPv6 addresses).
	//
	// Application Load Balancer authentication supports IPv4 addresses only when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer can't complete the authentication process, resulting in HTTP 500 errors.
	//
	// [Network Load Balancers and Gateway Load Balancers] The possible values are `ipv4` (IPv4 addresses) and `dualstack` (IPv4 and IPv6 addresses).
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-ipaddresstype
	//
	IpAddressType *string `field:"optional" json:"ipAddressType" yaml:"ipAddressType"`
	// The load balancer attributes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattributes
	//
	LoadBalancerAttributes interface{} `field:"optional" json:"loadBalancerAttributes" yaml:"loadBalancerAttributes"`
	// The minimum capacity for a load balancer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity
	//
	MinimumLoadBalancerCapacity interface{} `field:"optional" json:"minimumLoadBalancerCapacity" yaml:"minimumLoadBalancerCapacity"`
	// The name of the load balancer.
	//
	// This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-".
	//
	// If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The nodes of an Internet-facing load balancer have public IP addresses.
	//
	// The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet.
	//
	// The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer.
	//
	// The default is an Internet-facing load balancer.
	//
	// You can't specify a scheme for a Gateway Load Balancer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-scheme
	//
	Scheme *string `field:"optional" json:"scheme" yaml:"scheme"`
	// [Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-securitygroups
	//
	SecurityGroups *[]*string `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// The IDs of the subnets.
	//
	// You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both.
	//
	// [Application Load Balancers] You must specify subnets from at least two Availability Zones. You can't specify Elastic IP addresses for your subnets.
	//
	// [Application Load Balancers on Outposts] You must specify one Outpost subnet.
	//
	// [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.
	//
	// [Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet.
	//
	// [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You can't specify Elastic IP addresses for your subnets.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-subnetmappings
	//
	SubnetMappings interface{} `field:"optional" json:"subnetMappings" yaml:"subnetMappings"`
	// The IDs of the subnets.
	//
	// You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. To specify an Elastic IP address, specify subnet mappings instead of subnets.
	//
	// [Application Load Balancers] You must specify subnets from at least two Availability Zones.
	//
	// [Application Load Balancers on Outposts] You must specify one Outpost subnet.
	//
	// [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones.
	//
	// [Network Load Balancers and Gateway Load Balancers] You can specify subnets from one or more Availability Zones.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-subnets
	//
	Subnets *[]*string `field:"optional" json:"subnets" yaml:"subnets"`
	// The tags to assign to the load balancer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
	// The type of load balancer.
	//
	// The default is `application` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-type
	//
	Type *string `field:"optional" json:"type" yaml:"type"`
}

Properties for defining a `CfnLoadBalancer`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnLoadBalancerProps := &CfnLoadBalancerProps{
	EnablePrefixForIpv6SourceNat: jsii.String("enablePrefixForIpv6SourceNat"),
	EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: jsii.String("enforceSecurityGroupInboundRulesOnPrivateLinkTraffic"),
	IpAddressType: jsii.String("ipAddressType"),
	LoadBalancerAttributes: []interface{}{
		&LoadBalancerAttributeProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	MinimumLoadBalancerCapacity: &MinimumLoadBalancerCapacityProperty{
		CapacityUnits: jsii.Number(123),
	},
	Name: jsii.String("name"),
	Scheme: jsii.String("scheme"),
	SecurityGroups: []*string{
		jsii.String("securityGroups"),
	},
	SubnetMappings: []interface{}{
		&SubnetMappingProperty{
			SubnetId: jsii.String("subnetId"),

			// the properties below are optional
			AllocationId: jsii.String("allocationId"),
			IPv6Address: jsii.String("iPv6Address"),
			PrivateIPv4Address: jsii.String("privateIPv4Address"),
			SourceNatIpv6Prefix: jsii.String("sourceNatIpv6Prefix"),
		},
	},
	Subnets: []*string{
		jsii.String("subnets"),
	},
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	Type: jsii.String("type"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html

type CfnLoadBalancer_LoadBalancerAttributeProperty

type CfnLoadBalancer_LoadBalancerAttributeProperty struct {
	// The name of the attribute.
	//
	// The following attributes are supported by all load balancers:
	//
	// - `deletion_protection.enabled` - Indicates whether deletion protection is enabled. The value is `true` or `false` . The default is `false` .
	// - `load_balancing.cross_zone.enabled` - Indicates whether cross-zone load balancing is enabled. The possible values are `true` and `false` . The default for Network Load Balancers and Gateway Load Balancers is `false` . The default for Application Load Balancers is `true` , and can't be changed.
	//
	// The following attributes are supported by both Application Load Balancers and Network Load Balancers:
	//
	// - `access_logs.s3.enabled` - Indicates whether access logs are enabled. The value is `true` or `false` . The default is `false` .
	// - `access_logs.s3.bucket` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
	// - `access_logs.s3.prefix` - The prefix for the location in the S3 bucket for the access logs.
	// - `ipv6.deny_all_igw_traffic` - Blocks internet gateway (IGW) access to the load balancer. It is set to `false` for internet-facing load balancers and `true` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.
	// - `zonal_shift.config.enabled` - Indicates whether zonal shift is enabled. The possible values are `true` and `false` . The default is `false` .
	//
	// The following attributes are supported by only Application Load Balancers:
	//
	// - `idle_timeout.timeout_seconds` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.
	// - `client_keep_alive.seconds` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
	// - `connection_logs.s3.enabled` - Indicates whether connection logs are enabled. The value is `true` or `false` . The default is `false` .
	// - `connection_logs.s3.bucket` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
	// - `connection_logs.s3.prefix` - The prefix for the location in the S3 bucket for the connection logs.
	// - `routing.http.desync_mitigation_mode` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are `monitor` , `defensive` , and `strictest` . The default is `defensive` .
	// - `routing.http.drop_invalid_header_fields.enabled` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer ( `true` ) or routed to targets ( `false` ). The default is `false` .
	// - `routing.http.preserve_host_header.enabled` - Indicates whether the Application Load Balancer should preserve the `Host` header in the HTTP request and send it to the target without any change. The possible values are `true` and `false` . The default is `false` .
	// - `routing.http.x_amzn_tls_version_and_cipher_suite.enabled` - Indicates whether the two headers ( `x-amzn-tls-version` and `x-amzn-tls-cipher-suite` ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The `x-amzn-tls-version` header has information about the TLS protocol version negotiated with the client, and the `x-amzn-tls-cipher-suite` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are `true` and `false` . The default is `false` .
	// - `routing.http.xff_client_port.enabled` - Indicates whether the `X-Forwarded-For` header should preserve the source port that the client used to connect to the load balancer. The possible values are `true` and `false` . The default is `false` .
	// - `routing.http.xff_header_processing.mode` - Enables you to modify, preserve, or remove the `X-Forwarded-For` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are `append` , `preserve` , and `remove` . The default is `append` .
	//
	// - If the value is `append` , the Application Load Balancer adds the client IP address (of the last hop) to the `X-Forwarded-For` header in the HTTP request before it sends it to targets.
	// - If the value is `preserve` the Application Load Balancer preserves the `X-Forwarded-For` header in the HTTP request, and sends it to targets without any change.
	// - If the value is `remove` , the Application Load Balancer removes the `X-Forwarded-For` header in the HTTP request before it sends it to targets.
	// - `routing.http2.enabled` - Indicates whether HTTP/2 is enabled. The possible values are `true` and `false` . The default is `true` . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.
	// - `waf.fail_open.enabled` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are `true` and `false` . The default is `false` .
	//
	// The following attributes are supported by only Network Load Balancers:
	//
	// - `dns_record.client_routing_policy` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are `availability_zone_affinity` with 100 percent zonal affinity, `partial_availability_zone_affinity` with 85 percent zonal affinity, and `any_availability_zone` with 0 percent zonal affinity.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.html#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattribute-key
	//
	Key *string `field:"optional" json:"key" yaml:"key"`
	// The value of the attribute.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.html#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattribute-value
	//
	Value *string `field:"optional" json:"value" yaml:"value"`
}

Specifies an attribute for an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

loadBalancerAttributeProperty := &LoadBalancerAttributeProperty{
	Key: jsii.String("key"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.html

type CfnLoadBalancer_MinimumLoadBalancerCapacityProperty added in v2.172.0

type CfnLoadBalancer_MinimumLoadBalancerCapacityProperty struct {
	// The number of capacity units.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity.html#cfn-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity-capacityunits
	//
	CapacityUnits *float64 `field:"required" json:"capacityUnits" yaml:"capacityUnits"`
}

The minimum capacity for a load balancer.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

minimumLoadBalancerCapacityProperty := &MinimumLoadBalancerCapacityProperty{
	CapacityUnits: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity.html

type CfnLoadBalancer_SubnetMappingProperty

type CfnLoadBalancer_SubnetMappingProperty struct {
	// The ID of the subnet.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-subnetmapping.html#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-subnetid
	//
	SubnetId *string `field:"required" json:"subnetId" yaml:"subnetId"`
	// [Network Load Balancers] The allocation ID of the Elastic IP address for an internet-facing load balancer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-subnetmapping.html#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-allocationid
	//
	AllocationId *string `field:"optional" json:"allocationId" yaml:"allocationId"`
	// [Network Load Balancers] The IPv6 address.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-subnetmapping.html#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-ipv6address
	//
	IPv6Address *string `field:"optional" json:"iPv6Address" yaml:"iPv6Address"`
	// [Network Load Balancers] The private IPv4 address for an internal load balancer.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-subnetmapping.html#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-privateipv4address
	//
	PrivateIPv4Address *string `field:"optional" json:"privateIPv4Address" yaml:"privateIPv4Address"`
	// [Network Load Balancers with UDP listeners] The IPv6 prefix to use for source NAT.
	//
	// Specify an IPv6 prefix (/80 netmask) from the subnet CIDR block or `auto_assigned` to use an IPv6 prefix selected at random from the subnet CIDR block.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-subnetmapping.html#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-sourcenatipv6prefix
	//
	SourceNatIpv6Prefix *string `field:"optional" json:"sourceNatIpv6Prefix" yaml:"sourceNatIpv6Prefix"`
}

Specifies a subnet for a load balancer.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

subnetMappingProperty := &SubnetMappingProperty{
	SubnetId: jsii.String("subnetId"),

	// the properties below are optional
	AllocationId: jsii.String("allocationId"),
	IPv6Address: jsii.String("iPv6Address"),
	PrivateIPv4Address: jsii.String("privateIPv4Address"),
	SourceNatIpv6Prefix: jsii.String("sourceNatIpv6Prefix"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-subnetmapping.html

type CfnTargetGroup

type CfnTargetGroup interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggable
	// The Amazon Resource Name (ARN) of the load balancer that routes traffic to this target group.
	AttrLoadBalancerArns() *[]*string
	// The Amazon Resource Name (ARN) of the target group.
	AttrTargetGroupArn() *string
	// The full name of the target group.
	//
	// For example, `targetgroup/my-target-group/cbf133c568e0d028` .
	AttrTargetGroupFullName() *string
	// The name of the target group.
	//
	// For example, `my-target-group` .
	AttrTargetGroupName() *string
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// Indicates whether health checks are enabled.
	HealthCheckEnabled() interface{}
	SetHealthCheckEnabled(val interface{})
	// The approximate amount of time, in seconds, between health checks of an individual target.
	HealthCheckIntervalSeconds() *float64
	SetHealthCheckIntervalSeconds(val *float64)
	// [HTTP/HTTPS health checks] The destination for health checks on the targets.
	HealthCheckPath() *string
	SetHealthCheckPath(val *string)
	// The port the load balancer uses when performing health checks on targets.
	HealthCheckPort() *string
	SetHealthCheckPort(val *string)
	// The protocol the load balancer uses when performing health checks on targets.
	HealthCheckProtocol() *string
	SetHealthCheckProtocol(val *string)
	// The amount of time, in seconds, during which no response from a target means a failed health check.
	HealthCheckTimeoutSeconds() *float64
	SetHealthCheckTimeoutSeconds(val *float64)
	// The number of consecutive health check successes required before considering a target healthy.
	HealthyThresholdCount() *float64
	SetHealthyThresholdCount(val *float64)
	// The IP address type.
	IpAddressType() *string
	SetIpAddressType(val *string)
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// [HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for a successful response from a target.
	Matcher() interface{}
	SetMatcher(val interface{})
	// The name of the target group.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// The port on which the targets receive traffic.
	Port() *float64
	SetPort(val *float64)
	// The protocol to use for routing traffic to the targets.
	Protocol() *string
	SetProtocol(val *string)
	// [HTTP/HTTPS protocol] The protocol version.
	ProtocolVersion() *string
	SetProtocolVersion(val *string)
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// Tag Manager which manages the tags for this resource.
	Tags() awscdk.TagManager
	// The tags.
	TagsRaw() *[]*awscdk.CfnTag
	SetTagsRaw(val *[]*awscdk.CfnTag)
	// The target group attributes.
	TargetGroupAttributes() interface{}
	SetTargetGroupAttributes(val interface{})
	// The targets.
	Targets() interface{}
	SetTargets(val interface{})
	// The type of target that you must specify when registering targets with this target group.
	TargetType() *string
	SetTargetType(val *string)
	// The number of consecutive health check failures required before considering a target unhealthy.
	UnhealthyThresholdCount() *float64
	SetUnhealthyThresholdCount(val *float64)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// The identifier of the virtual private cloud (VPC).
	VpcId() *string
	SetVpcId(val *string)
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Specifies a target group for an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer.

Before you register a Lambda function as a target, you must create a `AWS::Lambda::Permission` resource that grants the Elastic Load Balancing service principal permission to invoke the Lambda function.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnTargetGroup := awscdk.Aws_elasticloadbalancingv2.NewCfnTargetGroup(this, jsii.String("MyCfnTargetGroup"), &CfnTargetGroupProps{
	HealthCheckEnabled: jsii.Boolean(false),
	HealthCheckIntervalSeconds: jsii.Number(123),
	HealthCheckPath: jsii.String("healthCheckPath"),
	HealthCheckPort: jsii.String("healthCheckPort"),
	HealthCheckProtocol: jsii.String("healthCheckProtocol"),
	HealthCheckTimeoutSeconds: jsii.Number(123),
	HealthyThresholdCount: jsii.Number(123),
	IpAddressType: jsii.String("ipAddressType"),
	Matcher: &MatcherProperty{
		GrpcCode: jsii.String("grpcCode"),
		HttpCode: jsii.String("httpCode"),
	},
	Name: jsii.String("name"),
	Port: jsii.Number(123),
	Protocol: jsii.String("protocol"),
	ProtocolVersion: jsii.String("protocolVersion"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	TargetGroupAttributes: []interface{}{
		&TargetGroupAttributeProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	Targets: []interface{}{
		&TargetDescriptionProperty{
			Id: jsii.String("id"),

			// the properties below are optional
			AvailabilityZone: jsii.String("availabilityZone"),
			Port: jsii.Number(123),
		},
	},
	TargetType: jsii.String("targetType"),
	UnhealthyThresholdCount: jsii.Number(123),
	VpcId: jsii.String("vpcId"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html

func NewCfnTargetGroup

func NewCfnTargetGroup(scope constructs.Construct, id *string, props *CfnTargetGroupProps) CfnTargetGroup

type CfnTargetGroupProps

type CfnTargetGroupProps struct {
	// Indicates whether health checks are enabled.
	//
	// If the target type is `lambda` , health checks are disabled by default but can be enabled. If the target type is `instance` , `ip` , or `alb` , health checks are always enabled and can't be disabled.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthcheckenabled
	//
	HealthCheckEnabled interface{} `field:"optional" json:"healthCheckEnabled" yaml:"healthCheckEnabled"`
	// The approximate amount of time, in seconds, between health checks of an individual target.
	//
	// The range is 5-300. If the target group protocol is TCP, TLS, UDP, TCP_UDP, HTTP or HTTPS, the default is 30 seconds. If the target group protocol is GENEVE, the default is 10 seconds. If the target type is `lambda` , the default is 35 seconds.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthcheckintervalseconds
	//
	HealthCheckIntervalSeconds *float64 `field:"optional" json:"healthCheckIntervalSeconds" yaml:"healthCheckIntervalSeconds"`
	// [HTTP/HTTPS health checks] The destination for health checks on the targets.
	//
	// [HTTP1 or HTTP2 protocol version] The ping path. The default is /.
	//
	// [GRPC protocol version] The path of a custom health check method with the format /package.service/method. The default is / AWS .ALB/healthcheck.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthcheckpath
	//
	HealthCheckPath *string `field:"optional" json:"healthCheckPath" yaml:"healthCheckPath"`
	// The port the load balancer uses when performing health checks on targets.
	//
	// If the protocol is HTTP, HTTPS, TCP, TLS, UDP, or TCP_UDP, the default is `traffic-port` , which is the port on which each target receives traffic from the load balancer. If the protocol is GENEVE, the default is port 80.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthcheckport
	//
	HealthCheckPort *string `field:"optional" json:"healthCheckPort" yaml:"healthCheckPort"`
	// The protocol the load balancer uses when performing health checks on targets.
	//
	// For Application Load Balancers, the default is HTTP. For Network Load Balancers and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported for health checks if the protocol of the target group is HTTP or HTTPS. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthcheckprotocol
	//
	HealthCheckProtocol *string `field:"optional" json:"healthCheckProtocol" yaml:"healthCheckProtocol"`
	// The amount of time, in seconds, during which no response from a target means a failed health check.
	//
	// The range is 2–120 seconds. For target groups with a protocol of HTTP, the default is 6 seconds. For target groups with a protocol of TCP, TLS or HTTPS, the default is 10 seconds. For target groups with a protocol of GENEVE, the default is 5 seconds. If the target type is `lambda` , the default is 30 seconds.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthchecktimeoutseconds
	//
	HealthCheckTimeoutSeconds *float64 `field:"optional" json:"healthCheckTimeoutSeconds" yaml:"healthCheckTimeoutSeconds"`
	// The number of consecutive health check successes required before considering a target healthy.
	//
	// The range is 2-10. If the target group protocol is TCP, TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 5. For target groups with a protocol of GENEVE, the default is 5. If the target type is `lambda` , the default is 5.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-healthythresholdcount
	//
	HealthyThresholdCount *float64 `field:"optional" json:"healthyThresholdCount" yaml:"healthyThresholdCount"`
	// The IP address type.
	//
	// The default value is `ipv4` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-ipaddresstype
	//
	IpAddressType *string `field:"optional" json:"ipAddressType" yaml:"ipAddressType"`
	// [HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for a successful response from a target.
	//
	// For target groups with a protocol of TCP, TCP_UDP, UDP or TLS the range is 200-599. For target groups with a protocol of HTTP or HTTPS, the range is 200-499. For target groups with a protocol of GENEVE, the range is 200-399.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-matcher
	//
	Matcher interface{} `field:"optional" json:"matcher" yaml:"matcher"`
	// The name of the target group.
	//
	// This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The port on which the targets receive traffic.
	//
	// This port is used unless you specify a port override when registering the target. If the target is a Lambda function, this parameter does not apply. If the protocol is GENEVE, the supported port is 6081.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-port
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
	// The protocol to use for routing traffic to the targets.
	//
	// For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, or TCP_UDP. For Gateway Load Balancers, the supported protocol is GENEVE. A TCP_UDP listener must be associated with a TCP_UDP target group. If the target is a Lambda function, this parameter does not apply.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-protocol
	//
	Protocol *string `field:"optional" json:"protocol" yaml:"protocol"`
	// [HTTP/HTTPS protocol] The protocol version.
	//
	// The possible values are `GRPC` , `HTTP1` , and `HTTP2` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-protocolversion
	//
	ProtocolVersion *string `field:"optional" json:"protocolVersion" yaml:"protocolVersion"`
	// The tags.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
	// The target group attributes.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-targetgroupattributes
	//
	TargetGroupAttributes interface{} `field:"optional" json:"targetGroupAttributes" yaml:"targetGroupAttributes"`
	// The targets.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-targets
	//
	Targets interface{} `field:"optional" json:"targets" yaml:"targets"`
	// The type of target that you must specify when registering targets with this target group.
	//
	// You can't specify targets for a target group using more than one target type.
	//
	// - `instance` - Register targets by instance ID. This is the default value.
	// - `ip` - Register targets by IP address. You can specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.
	// - `lambda` - Register a single Lambda function as a target.
	// - `alb` - Register a single Application Load Balancer as a target.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-targettype
	//
	TargetType *string `field:"optional" json:"targetType" yaml:"targetType"`
	// The number of consecutive health check failures required before considering a target unhealthy.
	//
	// The range is 2-10. If the target group protocol is TCP, TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 2. For target groups with a protocol of GENEVE, the default is 2. If the target type is `lambda` , the default is 5.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-unhealthythresholdcount
	//
	UnhealthyThresholdCount *float64 `field:"optional" json:"unhealthyThresholdCount" yaml:"unhealthyThresholdCount"`
	// The identifier of the virtual private cloud (VPC).
	//
	// If the target is a Lambda function, this parameter does not apply. Otherwise, this parameter is required.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-vpcid
	//
	VpcId *string `field:"optional" json:"vpcId" yaml:"vpcId"`
}

Properties for defining a `CfnTargetGroup`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnTargetGroupProps := &CfnTargetGroupProps{
	HealthCheckEnabled: jsii.Boolean(false),
	HealthCheckIntervalSeconds: jsii.Number(123),
	HealthCheckPath: jsii.String("healthCheckPath"),
	HealthCheckPort: jsii.String("healthCheckPort"),
	HealthCheckProtocol: jsii.String("healthCheckProtocol"),
	HealthCheckTimeoutSeconds: jsii.Number(123),
	HealthyThresholdCount: jsii.Number(123),
	IpAddressType: jsii.String("ipAddressType"),
	Matcher: &MatcherProperty{
		GrpcCode: jsii.String("grpcCode"),
		HttpCode: jsii.String("httpCode"),
	},
	Name: jsii.String("name"),
	Port: jsii.Number(123),
	Protocol: jsii.String("protocol"),
	ProtocolVersion: jsii.String("protocolVersion"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	TargetGroupAttributes: []interface{}{
		&TargetGroupAttributeProperty{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
	Targets: []interface{}{
		&TargetDescriptionProperty{
			Id: jsii.String("id"),

			// the properties below are optional
			AvailabilityZone: jsii.String("availabilityZone"),
			Port: jsii.Number(123),
		},
	},
	TargetType: jsii.String("targetType"),
	UnhealthyThresholdCount: jsii.Number(123),
	VpcId: jsii.String("vpcId"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html

type CfnTargetGroup_MatcherProperty

type CfnTargetGroup_MatcherProperty struct {
	// You can specify values between 0 and 99.
	//
	// You can specify multiple values (for example, "0,1") or a range of values (for example, "0-5"). The default value is 12.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-matcher.html#cfn-elasticloadbalancingv2-targetgroup-matcher-grpccode
	//
	GrpcCode *string `field:"optional" json:"grpcCode" yaml:"grpcCode"`
	// For Application Load Balancers, you can specify values between 200 and 499, with the default value being 200.
	//
	// You can specify multiple values (for example, "200,202") or a range of values (for example, "200-299").
	//
	// For Network Load Balancers, you can specify values between 200 and 599, with the default value being 200-399. You can specify multiple values (for example, "200,202") or a range of values (for example, "200-299").
	//
	// For Gateway Load Balancers, this must be "200–399".
	//
	// Note that when using shorthand syntax, some values such as commas need to be escaped.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-matcher.html#cfn-elasticloadbalancingv2-targetgroup-matcher-httpcode
	//
	HttpCode *string `field:"optional" json:"httpCode" yaml:"httpCode"`
}

Specifies the HTTP codes that healthy targets must use when responding to an HTTP health check.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

matcherProperty := &MatcherProperty{
	GrpcCode: jsii.String("grpcCode"),
	HttpCode: jsii.String("httpCode"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-matcher.html

type CfnTargetGroup_TargetDescriptionProperty

type CfnTargetGroup_TargetDescriptionProperty struct {
	// The ID of the target.
	//
	// If the target type of the target group is `instance` , specify an instance ID. If the target type is `ip` , specify an IP address. If the target type is `lambda` , specify the ARN of the Lambda function. If the target type is `alb` , specify the ARN of the Application Load Balancer target.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetdescription.html#cfn-elasticloadbalancingv2-targetgroup-targetdescription-id
	//
	Id *string `field:"required" json:"id" yaml:"id"`
	// An Availability Zone or `all` .
	//
	// This determines whether the target receives traffic from the load balancer nodes in the specified Availability Zone or from all enabled Availability Zones for the load balancer.
	//
	// For Application Load Balancer target groups, the specified Availability Zone value is only applicable when cross-zone load balancing is off. Otherwise the parameter is ignored and treated as `all` .
	//
	// This parameter is not supported if the target type of the target group is `instance` or `alb` .
	//
	// If the target type is `ip` and the IP address is in a subnet of the VPC for the target group, the Availability Zone is automatically detected and this parameter is optional. If the IP address is outside the VPC, this parameter is required.
	//
	// For Application Load Balancer target groups with cross-zone load balancing off, if the target type is `ip` and the IP address is outside of the VPC for the target group, this should be an Availability Zone inside the VPC for the target group.
	//
	// If the target type is `lambda` , this parameter is optional and the only supported value is `all` .
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetdescription.html#cfn-elasticloadbalancingv2-targetgroup-targetdescription-availabilityzone
	//
	AvailabilityZone *string `field:"optional" json:"availabilityZone" yaml:"availabilityZone"`
	// The port on which the target is listening.
	//
	// If the target group protocol is GENEVE, the supported port is 6081. If the target type is `alb` , the targeted Application Load Balancer must have at least one listener whose port matches the target group port. This parameter is not used if the target is a Lambda function.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetdescription.html#cfn-elasticloadbalancingv2-targetgroup-targetdescription-port
	//
	Port *float64 `field:"optional" json:"port" yaml:"port"`
}

Specifies a target to add to a target group.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

targetDescriptionProperty := &TargetDescriptionProperty{
	Id: jsii.String("id"),

	// the properties below are optional
	AvailabilityZone: jsii.String("availabilityZone"),
	Port: jsii.Number(123),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetdescription.html

type CfnTargetGroup_TargetGroupAttributeProperty

type CfnTargetGroup_TargetGroupAttributeProperty struct {
	// The name of the attribute.
	//
	// The following attributes are supported by all load balancers:
	//
	// - `deregistration_delay.timeout_seconds` - The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from `draining` to `unused` . The range is 0-3600 seconds. The default value is 300 seconds. If the target is a Lambda function, this attribute is not supported.
	// - `stickiness.enabled` - Indicates whether target stickiness is enabled. The value is `true` or `false` . The default is `false` .
	// - `stickiness.type` - Indicates the type of stickiness. The possible values are:
	//
	// - `lb_cookie` and `app_cookie` for Application Load Balancers.
	// - `source_ip` for Network Load Balancers.
	// - `source_ip_dest_ip` and `source_ip_dest_ip_proto` for Gateway Load Balancers.
	//
	// The following attributes are supported by Application Load Balancers and Network Load Balancers:
	//
	// - `load_balancing.cross_zone.enabled` - Indicates whether cross zone load balancing is enabled. The value is `true` , `false` or `use_load_balancer_configuration` . The default is `use_load_balancer_configuration` .
	// - `target_group_health.dns_failover.minimum_healthy_targets.count` - The minimum number of targets that must be healthy. If the number of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are `off` or an integer from 1 to the maximum number of targets. The default is `off` .
	// - `target_group_health.dns_failover.minimum_healthy_targets.percentage` - The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, mark the zone as unhealthy in DNS, so that traffic is routed only to healthy zones. The possible values are `off` or an integer from 1 to 100. The default is `off` .
	// - `target_group_health.unhealthy_state_routing.minimum_healthy_targets.count` - The minimum number of targets that must be healthy. If the number of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are 1 to the maximum number of targets. The default is 1.
	// - `target_group_health.unhealthy_state_routing.minimum_healthy_targets.percentage` - The minimum percentage of targets that must be healthy. If the percentage of healthy targets is below this value, send traffic to all targets, including unhealthy targets. The possible values are `off` or an integer from 1 to 100. The default is `off` .
	//
	// The following attributes are supported only if the load balancer is an Application Load Balancer and the target is an instance or an IP address:
	//
	// - `load_balancing.algorithm.type` - The load balancing algorithm determines how the load balancer selects targets when routing requests. The value is `round_robin` , `least_outstanding_requests` , or `weighted_random` . The default is `round_robin` .
	// - `load_balancing.algorithm.anomaly_mitigation` - Only available when `load_balancing.algorithm.type` is `weighted_random` . Indicates whether anomaly mitigation is enabled. The value is `on` or `off` . The default is `off` .
	// - `slow_start.duration_seconds` - The time period, in seconds, during which a newly registered target receives an increasing share of the traffic to the target group. After this time period ends, the target receives its full share of traffic. The range is 30-900 seconds (15 minutes). The default is 0 seconds (disabled).
	// - `stickiness.app_cookie.cookie_name` - Indicates the name of the application-based cookie. Names that start with the following prefixes are not allowed: `AWSALB` , `AWSALBAPP` , and `AWSALBTG` ; they're reserved for use by the load balancer.
	// - `stickiness.app_cookie.duration_seconds` - The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the application-based cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).
	// - `stickiness.lb_cookie.duration_seconds` - The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).
	//
	// The following attribute is supported only if the load balancer is an Application Load Balancer and the target is a Lambda function:
	//
	// - `lambda.multi_value_headers.enabled` - Indicates whether the request and response headers that are exchanged between the load balancer and the Lambda function include arrays of values or strings. The value is `true` or `false` . The default is `false` . If the value is `false` and the request contains a duplicate header field name or query parameter key, the load balancer uses the last value sent by the client.
	//
	// The following attributes are supported only by Network Load Balancers:
	//
	// - `deregistration_delay.connection_termination.enabled` - Indicates whether the load balancer terminates connections at the end of the deregistration timeout. The value is `true` or `false` . For new UDP/TCP_UDP target groups the default is `true` . Otherwise, the default is `false` .
	// - `preserve_client_ip.enabled` - Indicates whether client IP preservation is enabled. The value is `true` or `false` . The default is disabled if the target group type is IP address and the target group protocol is TCP or TLS. Otherwise, the default is enabled. Client IP preservation can't be disabled for UDP and TCP_UDP target groups.
	// - `proxy_protocol_v2.enabled` - Indicates whether Proxy Protocol version 2 is enabled. The value is `true` or `false` . The default is `false` .
	// - `target_health_state.unhealthy.connection_termination.enabled` - Indicates whether the load balancer terminates connections to unhealthy targets. The value is `true` or `false` . The default is `true` .
	// - `target_health_state.unhealthy.draining_interval_seconds` - The amount of time for Elastic Load Balancing to wait before changing the state of an unhealthy target from `unhealthy.draining` to `unhealthy` . The range is 0-360000 seconds. The default value is 0 seconds.
	//
	// Note: This attribute can only be configured when `target_health_state.unhealthy.connection_termination.enabled` is `false` .
	//
	// The following attributes are supported only by Gateway Load Balancers:
	//
	// - `target_failover.on_deregistration` - Indicates how the Gateway Load Balancer handles existing flows when a target is deregistered. The possible values are `rebalance` and `no_rebalance` . The default is `no_rebalance` . The two attributes ( `target_failover.on_deregistration` and `target_failover.on_unhealthy` ) can't be set independently. The value you set for both attributes must be the same.
	// - `target_failover.on_unhealthy` - Indicates how the Gateway Load Balancer handles existing flows when a target is unhealthy. The possible values are `rebalance` and `no_rebalance` . The default is `no_rebalance` . The two attributes ( `target_failover.on_deregistration` and `target_failover.on_unhealthy` ) can't be set independently. The value you set for both attributes must be the same.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetgroupattribute.html#cfn-elasticloadbalancingv2-targetgroup-targetgroupattribute-key
	//
	Key *string `field:"optional" json:"key" yaml:"key"`
	// The value of the attribute.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetgroupattribute.html#cfn-elasticloadbalancingv2-targetgroup-targetgroupattribute-value
	//
	Value *string `field:"optional" json:"value" yaml:"value"`
}

Specifies a target group attribute.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

targetGroupAttributeProperty := &TargetGroupAttributeProperty{
	Key: jsii.String("key"),
	Value: jsii.String("value"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetgroupattribute.html

type CfnTrustStore added in v2.112.0

type CfnTrustStore interface {
	awscdk.CfnResource
	awscdk.IInspectable
	awscdk.ITaggableV2
	// The number of ca certificates in the trust store.
	AttrNumberOfCaCertificates() *float64
	// The current status of the trust store.
	AttrStatus() *string
	// The Amazon Resource Name (ARN) of the trust store.
	AttrTrustStoreArn() *string
	// The Amazon S3 bucket for the ca certificates bundle.
	CaCertificatesBundleS3Bucket() *string
	SetCaCertificatesBundleS3Bucket(val *string)
	// The Amazon S3 path for the ca certificates bundle.
	CaCertificatesBundleS3Key() *string
	SetCaCertificatesBundleS3Key(val *string)
	// The Amazon S3 object version for the ca certificates bundle.
	CaCertificatesBundleS3ObjectVersion() *string
	SetCaCertificatesBundleS3ObjectVersion(val *string)
	// Tag Manager which manages the tags for this resource.
	CdkTagManager() awscdk.TagManager
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The name of the trust store.
	Name() *string
	SetName(val *string)
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// The tags to assign to the trust store.
	Tags() *[]*awscdk.CfnTag
	SetTags(val *[]*awscdk.CfnTag)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Creates a trust store.

You must specify `CaCertificatesBundleS3Bucket` and `CaCertificatesBundleS3Key` .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnTrustStore := awscdk.Aws_elasticloadbalancingv2.NewCfnTrustStore(this, jsii.String("MyCfnTrustStore"), &CfnTrustStoreProps{
	CaCertificatesBundleS3Bucket: jsii.String("caCertificatesBundleS3Bucket"),
	CaCertificatesBundleS3Key: jsii.String("caCertificatesBundleS3Key"),
	CaCertificatesBundleS3ObjectVersion: jsii.String("caCertificatesBundleS3ObjectVersion"),
	Name: jsii.String("name"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststore.html

func NewCfnTrustStore added in v2.112.0

func NewCfnTrustStore(scope constructs.Construct, id *string, props *CfnTrustStoreProps) CfnTrustStore

type CfnTrustStoreProps added in v2.112.0

type CfnTrustStoreProps struct {
	// The Amazon S3 bucket for the ca certificates bundle.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststore.html#cfn-elasticloadbalancingv2-truststore-cacertificatesbundles3bucket
	//
	CaCertificatesBundleS3Bucket *string `field:"optional" json:"caCertificatesBundleS3Bucket" yaml:"caCertificatesBundleS3Bucket"`
	// The Amazon S3 path for the ca certificates bundle.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststore.html#cfn-elasticloadbalancingv2-truststore-cacertificatesbundles3key
	//
	CaCertificatesBundleS3Key *string `field:"optional" json:"caCertificatesBundleS3Key" yaml:"caCertificatesBundleS3Key"`
	// The Amazon S3 object version for the ca certificates bundle.
	//
	// If undefined the current version is used.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststore.html#cfn-elasticloadbalancingv2-truststore-cacertificatesbundles3objectversion
	//
	CaCertificatesBundleS3ObjectVersion *string `field:"optional" json:"caCertificatesBundleS3ObjectVersion" yaml:"caCertificatesBundleS3ObjectVersion"`
	// The name of the trust store.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststore.html#cfn-elasticloadbalancingv2-truststore-name
	//
	Name *string `field:"optional" json:"name" yaml:"name"`
	// The tags to assign to the trust store.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststore.html#cfn-elasticloadbalancingv2-truststore-tags
	//
	Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"`
}

Properties for defining a `CfnTrustStore`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnTrustStoreProps := &CfnTrustStoreProps{
	CaCertificatesBundleS3Bucket: jsii.String("caCertificatesBundleS3Bucket"),
	CaCertificatesBundleS3Key: jsii.String("caCertificatesBundleS3Key"),
	CaCertificatesBundleS3ObjectVersion: jsii.String("caCertificatesBundleS3ObjectVersion"),
	Name: jsii.String("name"),
	Tags: []cfnTag{
		&cfnTag{
			Key: jsii.String("key"),
			Value: jsii.String("value"),
		},
	},
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststore.html

type CfnTrustStoreRevocation added in v2.112.0

type CfnTrustStoreRevocation interface {
	awscdk.CfnResource
	awscdk.IInspectable
	// The revocation ID of the revocation file.
	AttrRevocationId() *float64
	// Information about the revocation file in the trust store.
	AttrTrustStoreRevocations() awscdk.IResolvable
	// Options for this resource, such as condition, update policy etc.
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	// AWS resource type.
	CfnResourceType() *string
	// Returns: the stack trace of the point where this Resource was created from, sourced
	// from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most
	// node +internal+ entries filtered.
	CreationStack() *[]*string
	// The logical ID for this CloudFormation stack element.
	//
	// The logical ID of the element
	// is calculated from the path of the resource node in the construct tree.
	//
	// To override this value, use `overrideLogicalId(newLogicalId)`.
	//
	// Returns: the logical ID as a stringified token. This value will only get
	// resolved during synthesis.
	LogicalId() *string
	// The tree node.
	Node() constructs.Node
	// Return a string that will be resolved to a CloudFormation `{ Ref }` for this element.
	//
	// If, by any chance, the intrinsic reference of a resource is not a string, you could
	// coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`.
	Ref() *string
	// The revocation file to add.
	RevocationContents() interface{}
	SetRevocationContents(val interface{})
	// The stack in which this element is defined.
	//
	// CfnElements must be defined within a stack scope (directly or indirectly).
	Stack() awscdk.Stack
	// The Amazon Resource Name (ARN) of the trust store.
	TrustStoreArn() *string
	SetTrustStoreArn(val *string)
	// Deprecated.
	// Deprecated: use `updatedProperties`
	//
	// Return properties modified after initiation
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperites() *map[string]interface{}
	// Return properties modified after initiation.
	//
	// Resources that expose mutable properties should override this function to
	// collect and return the properties object for this resource.
	UpdatedProperties() *map[string]interface{}
	// Syntactic sugar for `addOverride(path, undefined)`.
	AddDeletionOverride(path *string)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	//
	// This can be used for resources across stacks (or nested stack) boundaries
	// and the dependency will automatically be transferred to the relevant scope.
	AddDependency(target awscdk.CfnResource)
	// Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.
	// Deprecated: use addDependency.
	AddDependsOn(target awscdk.CfnResource)
	// Add a value to the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	AddMetadata(key *string, value interface{})
	// Adds an override to the synthesized CloudFormation resource.
	//
	// To add a
	// property override, either use `addPropertyOverride` or prefix `path` with
	// "Properties." (i.e. `Properties.TopicName`).
	//
	// If the override is nested, separate each nested level using a dot (.) in the path parameter.
	// If there is an array as part of the nesting, specify the index in the path.
	//
	// To include a literal `.` in the property name, prefix with a `\`. In most
	// programming languages you will need to write this as `"\\."` because the
	// `\` itself will need to be escaped.
	//
	// For example,
	// “`typescript
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']);
	// cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE');
	// “`
	// would add the overrides
	// “`json
	// "Properties": {
	//   "GlobalSecondaryIndexes": [
	//     {
	//       "Projection": {
	//         "NonKeyAttributes": [ "myattribute" ]
	//         ...
	//       }
	//       ...
	//     },
	//     {
	//       "ProjectionType": "INCLUDE"
	//       ...
	//     },
	//   ]
	//   ...
	// }
	// “`
	//
	// The `value` argument to `addOverride` will not be processed or translated
	// in any way. Pass raw JSON values in here with the correct capitalization
	// for CloudFormation. If you pass CDK classes or structs, they will be
	// rendered with lowercased key names, and CloudFormation will reject the
	// template.
	AddOverride(path *string, value interface{})
	// Adds an override that deletes the value of a property from the resource definition.
	AddPropertyDeletionOverride(propertyPath *string)
	// Adds an override to a resource property.
	//
	// Syntactic sugar for `addOverride("Properties.<...>", value)`.
	AddPropertyOverride(propertyPath *string, value interface{})
	// Sets the deletion policy of the resource based on the removal policy specified.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). In some
	// cases, a snapshot can be taken of the resource prior to deletion
	// (`RemovalPolicy.SNAPSHOT`). A list of resources that support this policy
	// can be found in the following link:.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-deletionpolicy.html#aws-attribute-deletionpolicy-options
	//
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	// Returns a token for an runtime attribute of this resource.
	//
	// Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility
	// in case there is no generated attribute.
	GetAtt(attributeName *string, typeHint awscdk.ResolutionTypeHint) awscdk.Reference
	// Retrieve a value value from the CloudFormation Resource Metadata.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html
	//
	// Note that this is a different set of metadata from CDK node metadata; this
	// metadata ends up in the stack template under the resource, whereas CDK
	// node metadata ends up in the Cloud Assembly.
	//
	GetMetadata(key *string) interface{}
	// Examines the CloudFormation resource and discloses attributes.
	Inspect(inspector awscdk.TreeInspector)
	// Retrieves an array of resources this resource depends on.
	//
	// This assembles dependencies on resources across stacks (including nested stacks)
	// automatically.
	ObtainDependencies() *[]interface{}
	// Get a shallow copy of dependencies between this resource and other resources in the same stack.
	ObtainResourceDependencies() *[]awscdk.CfnResource
	// Overrides the auto-generated logical ID with a specific ID.
	OverrideLogicalId(newLogicalId *string)
	// Indicates that this resource no longer depends on another resource.
	//
	// This can be used for resources across stacks (including nested stacks)
	// and the dependency will automatically be removed from the relevant scope.
	RemoveDependency(target awscdk.CfnResource)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	// Replaces one dependency with another.
	ReplaceDependency(target awscdk.CfnResource, newTarget awscdk.CfnResource)
	// Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template.
	//
	// Returns: `true` if the resource should be included or `false` is the resource
	// should be omitted.
	ShouldSynthesize() *bool
	// Returns a string representation of this construct.
	//
	// Returns: a string representation of this resource.
	ToString() *string
	ValidateProperties(_properties interface{})
}

Adds the specified revocation contents to the specified trust store.

You must specify `TrustStoreArn` .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnTrustStoreRevocation := awscdk.Aws_elasticloadbalancingv2.NewCfnTrustStoreRevocation(this, jsii.String("MyCfnTrustStoreRevocation"), &CfnTrustStoreRevocationProps{
	RevocationContents: []interface{}{
		&RevocationContentProperty{
			RevocationType: jsii.String("revocationType"),
			S3Bucket: jsii.String("s3Bucket"),
			S3Key: jsii.String("s3Key"),
			S3ObjectVersion: jsii.String("s3ObjectVersion"),
		},
	},
	TrustStoreArn: jsii.String("trustStoreArn"),
})

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststorerevocation.html

func NewCfnTrustStoreRevocation added in v2.112.0

func NewCfnTrustStoreRevocation(scope constructs.Construct, id *string, props *CfnTrustStoreRevocationProps) CfnTrustStoreRevocation

type CfnTrustStoreRevocationProps added in v2.112.0

type CfnTrustStoreRevocationProps struct {
	// The revocation file to add.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststorerevocation.html#cfn-elasticloadbalancingv2-truststorerevocation-revocationcontents
	//
	RevocationContents interface{} `field:"optional" json:"revocationContents" yaml:"revocationContents"`
	// The Amazon Resource Name (ARN) of the trust store.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststorerevocation.html#cfn-elasticloadbalancingv2-truststorerevocation-truststorearn
	//
	TrustStoreArn *string `field:"optional" json:"trustStoreArn" yaml:"trustStoreArn"`
}

Properties for defining a `CfnTrustStoreRevocation`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

cfnTrustStoreRevocationProps := &CfnTrustStoreRevocationProps{
	RevocationContents: []interface{}{
		&RevocationContentProperty{
			RevocationType: jsii.String("revocationType"),
			S3Bucket: jsii.String("s3Bucket"),
			S3Key: jsii.String("s3Key"),
			S3ObjectVersion: jsii.String("s3ObjectVersion"),
		},
	},
	TrustStoreArn: jsii.String("trustStoreArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-truststorerevocation.html

type CfnTrustStoreRevocation_RevocationContentProperty added in v2.112.0

Information about a revocation file.

You must specify `S3Bucket` and `S3Key` .

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

revocationContentProperty := &RevocationContentProperty{
	RevocationType: jsii.String("revocationType"),
	S3Bucket: jsii.String("s3Bucket"),
	S3Key: jsii.String("s3Key"),
	S3ObjectVersion: jsii.String("s3ObjectVersion"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-truststorerevocation-revocationcontent.html

type CfnTrustStoreRevocation_TrustStoreRevocationProperty added in v2.112.0

type CfnTrustStoreRevocation_TrustStoreRevocationProperty struct {
	// The number of revoked certificates.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-truststorerevocation-truststorerevocation.html#cfn-elasticloadbalancingv2-truststorerevocation-truststorerevocation-numberofrevokedentries
	//
	NumberOfRevokedEntries *float64 `field:"optional" json:"numberOfRevokedEntries" yaml:"numberOfRevokedEntries"`
	// The revocation ID of the revocation file.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-truststorerevocation-truststorerevocation.html#cfn-elasticloadbalancingv2-truststorerevocation-truststorerevocation-revocationid
	//
	RevocationId *string `field:"optional" json:"revocationId" yaml:"revocationId"`
	// The type of revocation file.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-truststorerevocation-truststorerevocation.html#cfn-elasticloadbalancingv2-truststorerevocation-truststorerevocation-revocationtype
	//
	RevocationType *string `field:"optional" json:"revocationType" yaml:"revocationType"`
	// The Amazon Resource Name (ARN) of the trust store.
	// See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-truststorerevocation-truststorerevocation.html#cfn-elasticloadbalancingv2-truststorerevocation-truststorerevocation-truststorearn
	//
	TrustStoreArn *string `field:"optional" json:"trustStoreArn" yaml:"trustStoreArn"`
}

Information about a revocation file in use by a trust store.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

trustStoreRevocationProperty := &TrustStoreRevocationProperty{
	NumberOfRevokedEntries: jsii.Number(123),
	RevocationId: jsii.String("revocationId"),
	RevocationType: jsii.String("revocationType"),
	TrustStoreArn: jsii.String("trustStoreArn"),
}

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-truststorerevocation-truststorerevocation.html

type ClientRoutingPolicy added in v2.134.0

type ClientRoutingPolicy string

Indicates how traffic is distributed among the load balancer Availability Zones.

Example:

var vpc vpc

lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	// Whether deletion protection is enabled.
	DeletionProtection: jsii.Boolean(true),

	// Whether cross-zone load balancing is enabled.
	CrossZoneEnabled: jsii.Boolean(true),

	// Whether the load balancer blocks traffic through the Internet Gateway (IGW).
	DenyAllIgwTraffic: jsii.Boolean(false),

	// Indicates how traffic is distributed among the load balancer Availability Zones.
	ClientRoutingPolicy: elbv2.ClientRoutingPolicy_AVAILABILITY_ZONE_AFFINITY,

	// Indicates whether zonal shift is enabled.
	ZonalShift: jsii.Boolean(true),
})

See: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#zonal-dns-affinity

const (
	// 100 percent zonal affinity.
	ClientRoutingPolicy_AVAILABILITY_ZONE_AFFINITY ClientRoutingPolicy = "AVAILABILITY_ZONE_AFFINITY"
	// 85 percent zonal affinity.
	ClientRoutingPolicy_PARTIAL_AVAILABILITY_ZONE_AFFINITY ClientRoutingPolicy = "PARTIAL_AVAILABILITY_ZONE_AFFINITY"
	// No zonal affinity.
	ClientRoutingPolicy_ANY_AVAILABILITY_ZONE ClientRoutingPolicy = "ANY_AVAILABILITY_ZONE"
)

type DesyncMitigationMode added in v2.54.0

type DesyncMitigationMode string

How the load balancer handles requests that might pose a security risk to your application.

Example:

var vpc vpc

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),

	// Whether HTTP/2 is enabled
	Http2Enabled: jsii.Boolean(false),

	// The idle timeout value, in seconds
	IdleTimeout: awscdk.Duration_Seconds(jsii.Number(1000)),

	// Whether HTTP headers with header fields thatare not valid
	// are removed by the load balancer (true), or routed to targets
	DropInvalidHeaderFields: jsii.Boolean(true),

	// How the load balancer handles requests that might
	// pose a security risk to your application
	DesyncMitigationMode: elbv2.DesyncMitigationMode_DEFENSIVE,

	// The type of IP addresses to use.
	IpAddressType: elbv2.IpAddressType_IPV4,

	// The duration of client keep-alive connections
	ClientKeepAlive: awscdk.Duration_*Seconds(jsii.Number(500)),

	// Whether cross-zone load balancing is enabled.
	CrossZoneEnabled: jsii.Boolean(true),

	// Whether the load balancer blocks traffic through the Internet Gateway (IGW).
	DenyAllIgwTraffic: jsii.Boolean(false),

	// Whether to preserve host header in the request to the target
	PreserveHostHeader: jsii.Boolean(true),

	// Whether to add the TLS information header to the request
	XAmznTlsVersionAndCipherSuiteHeaders: jsii.Boolean(true),

	// Whether the X-Forwarded-For header should preserve the source port
	PreserveXffClientPort: jsii.Boolean(true),

	// The processing mode for X-Forwarded-For headers
	XffHeaderProcessingMode: elbv2.XffHeaderProcessingMode_APPEND,

	// Whether to allow a load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
	WafFailOpen: jsii.Boolean(true),
})

See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#desync-mitigation-mode

const (
	// Allows all traffic.
	DesyncMitigationMode_MONITOR DesyncMitigationMode = "MONITOR"
	// Provides durable mitigation against HTTP desync while maintaining the availability of your application.
	DesyncMitigationMode_DEFENSIVE DesyncMitigationMode = "DEFENSIVE"
	// Receives only requests that comply with RFC 7230.
	DesyncMitigationMode_STRICTEST DesyncMitigationMode = "STRICTEST"
)

type FixedResponseOptions

type FixedResponseOptions struct {
	// Content Type of the response.
	//
	// Valid Values: text/plain | text/css | text/html | application/javascript | application/json.
	// Default: - Automatically determined.
	//
	ContentType *string `field:"optional" json:"contentType" yaml:"contentType"`
	// The response body.
	// Default: - No body.
	//
	MessageBody *string `field:"optional" json:"messageBody" yaml:"messageBody"`
}

Options for `ListenerAction.fixedResponse()`.

Example:

import acm "github.com/aws/aws-cdk-go/awscdk"

var certificate certificate
var lb applicationLoadBalancer
var bucket bucket

trustStore := elbv2.NewTrustStore(this, jsii.String("Store"), &TrustStoreProps{
	Bucket: Bucket,
	Key: jsii.String("rootCA_cert.pem"),
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Protocol: elbv2.ApplicationProtocol_HTTPS,
	Certificates: []iListenerCertificate{
		certificate,
	},
	// mTLS settings
	MutualAuthentication: &MutualAuthentication{
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		MutualAuthenticationMode: elbv2.MutualAuthenticationMode_VERIFY,
		TrustStore: *TrustStore,
	},
	DefaultAction: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("Success mTLS"),
	}),
})

type ForwardOptions

type ForwardOptions struct {
	// For how long clients should be directed to the same target group.
	//
	// Range between 1 second and 7 days.
	// Default: - No stickiness.
	//
	StickinessDuration awscdk.Duration `field:"optional" json:"stickinessDuration" yaml:"stickinessDuration"`
}

Options for `ListenerAction.forward()`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

forwardOptions := &ForwardOptions{
	StickinessDuration: cdk.Duration_Minutes(jsii.Number(30)),
}

type HealthCheck

type HealthCheck struct {
	// Indicates whether health checks are enabled.
	//
	// If the target type is lambda,
	// health checks are disabled by default but can be enabled. If the target type
	// is instance or ip, health checks are always enabled and cannot be disabled.
	// Default: - Determined automatically.
	//
	Enabled *bool `field:"optional" json:"enabled" yaml:"enabled"`
	// GRPC code to use when checking for a successful response from a target.
	//
	// You can specify values between 0 and 99. You can specify multiple values
	// (for example, "0,1") or a range of values (for example, "0-5").
	// Default: 12.
	//
	HealthyGrpcCodes *string `field:"optional" json:"healthyGrpcCodes" yaml:"healthyGrpcCodes"`
	// HTTP code to use when checking for a successful response from a target.
	//
	// For Application Load Balancers, you can specify values between 200 and
	// 499, and the default value is 200. You can specify multiple values (for
	// example, "200,202") or a range of values (for example, "200-299").
	HealthyHttpCodes *string `field:"optional" json:"healthyHttpCodes" yaml:"healthyHttpCodes"`
	// The number of consecutive health checks successes required before considering an unhealthy target healthy.
	//
	// For Application Load Balancers, the default is 5. For Network Load Balancers, the default is 3.
	// Default: - 5 for ALBs, 3 for NLBs.
	//
	HealthyThresholdCount *float64 `field:"optional" json:"healthyThresholdCount" yaml:"healthyThresholdCount"`
	// The approximate number of seconds between health checks for an individual target.
	//
	// Must be 5 to 300 seconds.
	// Default: - 10 seconds if protocol is `GENEVE`, 35 seconds if target type is `lambda`, else 30 seconds.
	//
	Interval awscdk.Duration `field:"optional" json:"interval" yaml:"interval"`
	// The ping path destination where Elastic Load Balancing sends health check requests.
	// Default: /.
	//
	Path *string `field:"optional" json:"path" yaml:"path"`
	// The port that the load balancer uses when performing health checks on the targets.
	// Default: 'traffic-port'.
	//
	Port *string `field:"optional" json:"port" yaml:"port"`
	// The protocol the load balancer uses when performing health checks on targets.
	//
	// The TCP protocol is supported for health checks only if the protocol of the target group is TCP, TLS, UDP, or TCP_UDP.
	// The TLS, UDP, and TCP_UDP protocols are not supported for health checks.
	// Default: - HTTP for ALBs, TCP for NLBs.
	//
	Protocol Protocol `field:"optional" json:"protocol" yaml:"protocol"`
	// The amount of time, in seconds, during which no response from a target means a failed health check.
	//
	// Must be 2 to 120 seconds.
	// Default: - 6 seconds if the protocol is HTTP, 5 seconds if protocol is `GENEVE`, 30 seconds if target type is `lambda`, 10 seconds for TCP, TLS, or HTTPS.
	//
	Timeout awscdk.Duration `field:"optional" json:"timeout" yaml:"timeout"`
	// The number of consecutive health check failures required before considering a target unhealthy.
	//
	// For Application Load Balancers, the default is 2. For Network Load
	// Balancers, the range is between 2-10 and can be set accordingly.
	// Default: 2.
	//
	UnhealthyThresholdCount *float64 `field:"optional" json:"unhealthyThresholdCount" yaml:"unhealthyThresholdCount"`
}

Properties for configuring a health check.

Example:

var cluster cluster

loadBalancedFargateService := ecsPatterns.NewApplicationLoadBalancedFargateService(this, jsii.String("Service"), &ApplicationLoadBalancedFargateServiceProps{
	Cluster: Cluster,
	MemoryLimitMiB: jsii.Number(1024),
	Cpu: jsii.Number(512),
	TaskImageOptions: &ApplicationLoadBalancedTaskImageOptions{
		Image: ecs.ContainerImage_FromRegistry(jsii.String("amazon/amazon-ecs-sample")),
		Command: []*string{
			jsii.String("command"),
		},
		EntryPoint: []*string{
			jsii.String("entry"),
			jsii.String("point"),
		},
	},
})

loadBalancedFargateService.TargetGroup.ConfigureHealthCheck(&HealthCheck{
	Path: jsii.String("/custom-health-path"),
})

type HttpCodeElb

type HttpCodeElb string

Count of HTTP status originating from the load balancer.

This count does not include any response codes generated by the targets.

const (
	// The number of HTTP 3XX redirection codes that originate from the load balancer.
	HttpCodeElb_ELB_3XX_COUNT HttpCodeElb = "ELB_3XX_COUNT"
	// The number of HTTP 4XX client error codes that originate from the load balancer.
	//
	// Client errors are generated when requests are malformed or incomplete.
	// These requests have not been received by the target. This count does not
	// include any response codes generated by the targets.
	HttpCodeElb_ELB_4XX_COUNT HttpCodeElb = "ELB_4XX_COUNT"
	// The number of HTTP 5XX server error codes that originate from the load balancer.
	HttpCodeElb_ELB_5XX_COUNT HttpCodeElb = "ELB_5XX_COUNT"
	// The number of HTTP 500 server error codes that originate from the load balancer.
	HttpCodeElb_ELB_500_COUNT HttpCodeElb = "ELB_500_COUNT"
	// The number of HTTP 502 server error codes that originate from the load balancer.
	HttpCodeElb_ELB_502_COUNT HttpCodeElb = "ELB_502_COUNT"
	// The number of HTTP 503 server error codes that originate from the load balancer.
	HttpCodeElb_ELB_503_COUNT HttpCodeElb = "ELB_503_COUNT"
	// The number of HTTP 504 server error codes that originate from the load balancer.
	HttpCodeElb_ELB_504_COUNT HttpCodeElb = "ELB_504_COUNT"
)

type HttpCodeTarget

type HttpCodeTarget string

Count of HTTP status originating from the targets.

Example:

import "github.com/aws/aws-cdk-go/awscdk"

var service fargateService
var blueTargetGroup applicationTargetGroup
var greenTargetGroup applicationTargetGroup
var listener iApplicationListener

// Alarm on the number of unhealthy ECS tasks in each target group
blueUnhealthyHosts := cloudwatch.NewAlarm(this, jsii.String("BlueUnhealthyHosts"), &AlarmProps{
	AlarmName: jsii.String(awscdk.stack_Of(this).stackName + "-Unhealthy-Hosts-Blue"),
	Metric: blueTargetGroup.MetricUnhealthyHostCount(),
	Threshold: jsii.Number(1),
	EvaluationPeriods: jsii.Number(2),
})

greenUnhealthyHosts := cloudwatch.NewAlarm(this, jsii.String("GreenUnhealthyHosts"), &AlarmProps{
	AlarmName: jsii.String(awscdk.stack_Of(this).stackName + "-Unhealthy-Hosts-Green"),
	Metric: greenTargetGroup.*MetricUnhealthyHostCount(),
	Threshold: jsii.Number(1),
	EvaluationPeriods: jsii.Number(2),
})

// Alarm on the number of HTTP 5xx responses returned by each target group
blueApiFailure := cloudwatch.NewAlarm(this, jsii.String("Blue5xx"), &AlarmProps{
	AlarmName: jsii.String(awscdk.stack_Of(this).stackName + "-Http-5xx-Blue"),
	Metric: blueTargetGroup.MetricHttpCodeTarget(elbv2.HttpCodeTarget_TARGET_5XX_COUNT, &MetricOptions{
		Period: awscdk.Duration_Minutes(jsii.Number(1)),
	}),
	Threshold: jsii.Number(1),
	EvaluationPeriods: jsii.Number(1),
})

greenApiFailure := cloudwatch.NewAlarm(this, jsii.String("Green5xx"), &AlarmProps{
	AlarmName: jsii.String(awscdk.stack_Of(this).stackName + "-Http-5xx-Green"),
	Metric: greenTargetGroup.*MetricHttpCodeTarget(elbv2.HttpCodeTarget_TARGET_5XX_COUNT, &MetricOptions{
		Period: awscdk.Duration_*Minutes(jsii.Number(1)),
	}),
	Threshold: jsii.Number(1),
	EvaluationPeriods: jsii.Number(1),
})

codedeploy.NewEcsDeploymentGroup(this, jsii.String("BlueGreenDG"), &EcsDeploymentGroupProps{
	// CodeDeploy will monitor these alarms during a deployment and automatically roll back
	Alarms: []iAlarm{
		blueUnhealthyHosts,
		greenUnhealthyHosts,
		blueApiFailure,
		greenApiFailure,
	},
	AutoRollback: &AutoRollbackConfig{
		// CodeDeploy will automatically roll back if a deployment is stopped
		StoppedDeployment: jsii.Boolean(true),
	},
	Service: Service,
	BlueGreenDeploymentConfig: &EcsBlueGreenDeploymentConfig{
		BlueTargetGroup: *BlueTargetGroup,
		GreenTargetGroup: *GreenTargetGroup,
		Listener: *Listener,
	},
	DeploymentConfig: codedeploy.EcsDeploymentConfig_CANARY_10PERCENT_5MINUTES(),
})
const (
	// The number of 2xx response codes from targets.
	HttpCodeTarget_TARGET_2XX_COUNT HttpCodeTarget = "TARGET_2XX_COUNT"
	// The number of 3xx response codes from targets.
	HttpCodeTarget_TARGET_3XX_COUNT HttpCodeTarget = "TARGET_3XX_COUNT"
	// The number of 4xx response codes from targets.
	HttpCodeTarget_TARGET_4XX_COUNT HttpCodeTarget = "TARGET_4XX_COUNT"
	// The number of 5xx response codes from targets.
	HttpCodeTarget_TARGET_5XX_COUNT HttpCodeTarget = "TARGET_5XX_COUNT"
)

type IApplicationListener

type IApplicationListener interface {
	awsec2.IConnectable
	IListener
	// Perform the given action on incoming requests.
	//
	// This allows full control of the default action of the load balancer,
	// including Action chaining, fixed responses and redirect responses. See
	// the `ListenerAction` class for all options.
	//
	// It's possible to add routing conditions to the Action added in this way.
	//
	// It is not possible to add a default action to an imported IApplicationListener.
	// In order to add actions to an imported IApplicationListener a `priority`
	// must be provided.
	AddAction(id *string, props *AddApplicationActionProps)
	// Add one or more certificates to this listener.
	AddCertificates(id *string, certificates *[]IListenerCertificate)
	// Load balance incoming requests to the given target groups.
	//
	// It's possible to add conditions to the TargetGroups added in this way.
	// At least one TargetGroup must be added without conditions.
	AddTargetGroups(id *string, props *AddApplicationTargetGroupsProps)
	// Load balance incoming requests to the given load balancing targets.
	//
	// This method implicitly creates an ApplicationTargetGroup for the targets
	// involved.
	//
	// It's possible to add conditions to the targets added in this way. At least
	// one set of targets must be added without conditions.
	//
	// Returns: The newly created target group.
	AddTargets(id *string, props *AddApplicationTargetsProps) ApplicationTargetGroup
	// Register that a connectable that has been added to this load balancer.
	//
	// Don't call this directly. It is called by ApplicationTargetGroup.
	RegisterConnectable(connectable awsec2.IConnectable, portRange awsec2.Port)
}

Properties to reference an existing listener.

func ApplicationListener_FromApplicationListenerAttributes

func ApplicationListener_FromApplicationListenerAttributes(scope constructs.Construct, id *string, attrs *ApplicationListenerAttributes) IApplicationListener

Import an existing listener.

func ApplicationListener_FromLookup

func ApplicationListener_FromLookup(scope constructs.Construct, id *string, options *ApplicationListenerLookupOptions) IApplicationListener

Look up an ApplicationListener.

type IApplicationLoadBalancer

type IApplicationLoadBalancer interface {
	awsec2.IConnectable
	ILoadBalancerV2
	// Add a new listener to this load balancer.
	AddListener(id *string, props *BaseApplicationListenerProps) ApplicationListener
	// The IP Address Type for this load balancer.
	// Default: IpAddressType.IPV4
	//
	IpAddressType() IpAddressType
	// A list of listeners that have been added to the load balancer.
	//
	// This list is only valid for owned constructs.
	Listeners() *[]ApplicationListener
	// The ARN of this load balancer.
	LoadBalancerArn() *string
	// All metrics available for this load balancer.
	Metrics() IApplicationLoadBalancerMetrics
	// The VPC this load balancer has been created in (if available).
	//
	// If this interface is the result of an import call to fromApplicationLoadBalancerAttributes,
	// the vpc attribute will be undefined unless specified in the optional properties of that method.
	Vpc() awsec2.IVpc
}

An application load balancer.

func ApplicationLoadBalancer_FromApplicationLoadBalancerAttributes

func ApplicationLoadBalancer_FromApplicationLoadBalancerAttributes(scope constructs.Construct, id *string, attrs *ApplicationLoadBalancerAttributes) IApplicationLoadBalancer

Import an existing Application Load Balancer.

func ApplicationLoadBalancer_FromLookup

func ApplicationLoadBalancer_FromLookup(scope constructs.Construct, id *string, options *ApplicationLoadBalancerLookupOptions) IApplicationLoadBalancer

Look up an application load balancer.

type IApplicationLoadBalancerMetrics added in v2.64.0

type IApplicationLoadBalancerMetrics interface {
	// The total number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets.
	// Default: Sum over 5 minutes.
	//
	ActiveConnectionCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of TLS connections initiated by the client that did not establish a session with the load balancer.
	//
	// Possible causes include a
	// mismatch of ciphers or protocols.
	// Default: Sum over 5 minutes.
	//
	ClientTlsNegotiationErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of load balancer capacity units (LCU) used by your load balancer.
	// Default: Sum over 5 minutes.
	//
	ConsumedLCUs(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Return the given named metric for this Application Load Balancer.
	// Default: Average over 5 minutes.
	//
	Custom(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of user authentications that could not be completed.
	//
	// Because an authenticate action was misconfigured, the load balancer
	// couldn't establish a connection with the IdP, or the load balancer
	// couldn't complete the authentication flow due to an internal error.
	// Default: Sum over 5 minutes.
	//
	ElbAuthError(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of user authentications that could not be completed because the IdP denied access to the user or an authorization code was used more than once.
	// Default: Sum over 5 minutes.
	//
	ElbAuthFailure(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The time elapsed, in milliseconds, to query the IdP for the ID token and user info.
	//
	// If one or more of these operations fail, this is the time to failure.
	// Default: Average over 5 minutes.
	//
	ElbAuthLatency(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of authenticate actions that were successful.
	//
	// This metric is incremented at the end of the authentication workflow,
	// after the load balancer has retrieved the user claims from the IdP.
	// Default: Sum over 5 minutes.
	//
	ElbAuthSuccess(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of HTTP 3xx/4xx/5xx codes that originate from the load balancer.
	//
	// This does not include any response codes generated by the targets.
	// Default: Sum over 5 minutes.
	//
	HttpCodeElb(code HttpCodeElb, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of HTTP 2xx/3xx/4xx/5xx response codes generated by all targets in the load balancer.
	//
	// This does not include any response codes generated by the load balancer.
	// Default: Sum over 5 minutes.
	//
	HttpCodeTarget(code HttpCodeTarget, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of fixed-response actions that were successful.
	// Default: Sum over 5 minutes.
	//
	HttpFixedResponseCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of redirect actions that were successful.
	// Default: Sum over 5 minutes.
	//
	HttpRedirectCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of redirect actions that couldn't be completed because the URL in the response location header is larger than 8K.
	// Default: Sum over 5 minutes.
	//
	HttpRedirectUrlLimitExceededCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of bytes processed by the load balancer over IPv6.
	// Default: Sum over 5 minutes.
	//
	Ipv6ProcessedBytes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of IPv6 requests received by the load balancer.
	// Default: Sum over 5 minutes.
	//
	Ipv6RequestCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of new TCP connections established from clients to the load balancer and from the load balancer to targets.
	// Default: Sum over 5 minutes.
	//
	NewConnectionCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of bytes processed by the load balancer over IPv4 and IPv6.
	// Default: Sum over 5 minutes.
	//
	ProcessedBytes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of connections that were rejected because the load balancer had reached its maximum number of connections.
	// Default: Sum over 5 minutes.
	//
	RejectedConnectionCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of requests processed over IPv4 and IPv6.
	//
	// This count includes only the requests with a response generated by a target of the load balancer.
	// Default: Sum over 5 minutes.
	//
	RequestCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of rules processed by the load balancer given a request rate averaged over an hour.
	// Default: Sum over 5 minutes.
	//
	RuleEvaluations(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of connections that were not successfully established between the load balancer and target.
	// Default: Sum over 5 minutes.
	//
	TargetConnectionErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The time elapsed, in seconds, after the request leaves the load balancer until a response from the target is received.
	// Default: Average over 5 minutes.
	//
	TargetResponseTime(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of TLS connections initiated by the load balancer that did not establish a session with the target.
	//
	// Possible causes include a mismatch of ciphers or protocols.
	// Default: Sum over 5 minutes.
	//
	TargetTLSNegotiationErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
}

Contains all metrics for an Application Load Balancer.

type IApplicationLoadBalancerTarget

type IApplicationLoadBalancerTarget interface {
	// Attach load-balanced target to a TargetGroup.
	//
	// May return JSON to directly add to the [Targets] list, or return undefined
	// if the target will register itself with the load balancer.
	AttachToApplicationTargetGroup(targetGroup IApplicationTargetGroup) *LoadBalancerTargetProps
}

Interface for constructs that can be targets of an application load balancer.

type IApplicationTargetGroup

type IApplicationTargetGroup interface {
	ITargetGroup
	// Add a load balancing target to this target group.
	AddTarget(targets ...IApplicationLoadBalancerTarget)
	// Register a connectable as a member of this target group.
	//
	// Don't call this directly. It will be called by load balancing targets.
	RegisterConnectable(connectable awsec2.IConnectable, portRange awsec2.Port)
	// Register a listener that is load balancing to this target group.
	//
	// Don't call this directly. It will be called by listeners.
	RegisterListener(listener IApplicationListener, associatingConstruct constructs.IConstruct)
	// All metrics available for this target group.
	Metrics() IApplicationTargetGroupMetrics
}

A Target Group for Application Load Balancers.

func ApplicationTargetGroup_FromTargetGroupAttributes

func ApplicationTargetGroup_FromTargetGroupAttributes(scope constructs.Construct, id *string, attrs *TargetGroupAttributes) IApplicationTargetGroup

Import an existing target group.

type IApplicationTargetGroupMetrics added in v2.65.0

type IApplicationTargetGroupMetrics interface {
	// Return the given named metric for this Network Target Group.
	// Default: Average over 5 minutes.
	//
	Custom(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of healthy hosts in the target group.
	// Default: Average over 5 minutes.
	//
	HealthyHostCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of HTTP 2xx/3xx/4xx/5xx response codes generated by all targets in this target group.
	//
	// This does not include any response codes generated by the load balancer.
	// Default: Sum over 5 minutes.
	//
	HttpCodeTarget(code HttpCodeTarget, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of IPv6 requests received by the target group.
	// Default: Sum over 5 minutes.
	//
	Ipv6RequestCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of requests processed over IPv4 and IPv6.
	//
	// This count includes only the requests with a response generated by a target of the load balancer.
	// Default: Sum over 5 minutes.
	//
	RequestCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The average number of requests received by each target in a target group.
	//
	// The only valid statistic is Sum. Note that this represents the average not the sum.
	// Default: Sum over 5 minutes.
	//
	RequestCountPerTarget(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of connections that were not successfully established between the load balancer and target.
	// Default: Sum over 5 minutes.
	//
	TargetConnectionErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The time elapsed, in seconds, after the request leaves the load balancer until a response from the target is received.
	// Default: Average over 5 minutes.
	//
	TargetResponseTime(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of TLS connections initiated by the load balancer that did not establish a session with the target.
	//
	// Possible causes include a mismatch of ciphers or protocols.
	// Default: Sum over 5 minutes.
	//
	TargetTLSNegotiationErrorCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of unhealthy hosts in the target group.
	// Default: Average over 5 minutes.
	//
	UnhealthyHostCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
}

Contains all metrics for a Target Group of a Application Load Balancer.

type IListener added in v2.50.0

type IListener interface {
	awscdk.IResource
	// ARN of the listener.
	ListenerArn() *string
}

Base interface for listeners.

type IListenerAction

type IListenerAction interface {
	// Render the listener default actions in this chain.
	RenderActions() *[]*CfnListener_ActionProperty
	// Render the listener rule actions in this chain.
	RenderRuleActions() *[]*CfnListenerRule_ActionProperty
}

Interface for listener actions.

type IListenerCertificate

type IListenerCertificate interface {
	// The ARN of the certificate to use.
	CertificateArn() *string
}

A certificate source for an ELBv2 listener.

type ILoadBalancerV2

type ILoadBalancerV2 interface {
	awscdk.IResource
	// The canonical hosted zone ID of this load balancer.
	//
	// Example value: `Z2P70J7EXAMPLE`.
	LoadBalancerCanonicalHostedZoneId() *string
	// The DNS name of this load balancer.
	//
	// Example value: `my-load-balancer-424835706.us-west-2.elb.amazonaws.com`
	LoadBalancerDnsName() *string
}

type INetworkListener

type INetworkListener interface {
	IListener
}

Properties to reference an existing listener.

func NetworkListener_FromLookup

func NetworkListener_FromLookup(scope constructs.Construct, id *string, options *NetworkListenerLookupOptions) INetworkListener

Looks up a network listener.

func NetworkListener_FromNetworkListenerArn

func NetworkListener_FromNetworkListenerArn(scope constructs.Construct, id *string, networkListenerArn *string) INetworkListener

Import an existing listener.

type INetworkLoadBalancer

type INetworkLoadBalancer interface {
	awsec2.IConnectable
	ILoadBalancerV2
	awsec2.IVpcEndpointServiceLoadBalancer
	// Add a listener to this load balancer.
	//
	// Returns: The newly created listener.
	AddListener(id *string, props *BaseNetworkListenerProps) NetworkListener
	// Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink.
	// Default: on.
	//
	EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic() *string
	// The type of IP addresses to use.
	// Default: IpAddressType.IPV4
	//
	IpAddressType() IpAddressType
	// All metrics available for this load balancer.
	Metrics() INetworkLoadBalancerMetrics
	// Security groups associated with this load balancer.
	SecurityGroups() *[]*string
	// The VPC this load balancer has been created in (if available).
	Vpc() awsec2.IVpc
}

A network load balancer.

func NetworkLoadBalancer_FromLookup

func NetworkLoadBalancer_FromLookup(scope constructs.Construct, id *string, options *NetworkLoadBalancerLookupOptions) INetworkLoadBalancer

Looks up the network load balancer.

func NetworkLoadBalancer_FromNetworkLoadBalancerAttributes

func NetworkLoadBalancer_FromNetworkLoadBalancerAttributes(scope constructs.Construct, id *string, attrs *NetworkLoadBalancerAttributes) INetworkLoadBalancer

type INetworkLoadBalancerMetrics added in v2.64.0

type INetworkLoadBalancerMetrics interface {
	// The total number of concurrent TCP flows (or connections) from clients to targets.
	//
	// This metric includes connections in the SYN_SENT and ESTABLISHED states.
	// TCP connections are not terminated at the load balancer, so a client
	// opening a TCP connection to a target counts as a single flow.
	// Default: Average over 5 minutes.
	//
	ActiveFlowCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of load balancer capacity units (LCU) used by your load balancer.
	// Default: Sum over 5 minutes.
	//
	ConsumedLCUs(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Return the given named metric for this Network Load Balancer.
	// Default: Average over 5 minutes.
	//
	Custom(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of new TCP flows (or connections) established from clients to targets in the time period.
	// Default: Sum over 5 minutes.
	//
	NewFlowCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of bytes processed by the load balancer, including TCP/IP headers.
	// Default: Sum over 5 minutes.
	//
	ProcessedBytes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of reset (RST) packets sent from a client to a target.
	//
	// These resets are generated by the client and forwarded by the load balancer.
	// Default: Sum over 5 minutes.
	//
	TcpClientResetCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of reset (RST) packets generated by the load balancer.
	// Default: Sum over 5 minutes.
	//
	TcpElbResetCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of reset (RST) packets sent from a target to a client.
	//
	// These resets are generated by the target and forwarded by the load balancer.
	// Default: Sum over 5 minutes.
	//
	TcpTargetResetCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
}

Contains all metrics for a Network Load Balancer.

type INetworkLoadBalancerTarget

type INetworkLoadBalancerTarget interface {
	// Attach load-balanced target to a TargetGroup.
	//
	// May return JSON to directly add to the [Targets] list, or return undefined
	// if the target will register itself with the load balancer.
	AttachToNetworkTargetGroup(targetGroup INetworkTargetGroup) *LoadBalancerTargetProps
}

Interface for constructs that can be targets of an network load balancer.

type INetworkTargetGroup

type INetworkTargetGroup interface {
	ITargetGroup
	// Add a load balancing target to this target group.
	AddTarget(targets ...INetworkLoadBalancerTarget)
	// Register a listener that is load balancing to this target group.
	//
	// Don't call this directly. It will be called by listeners.
	RegisterListener(listener INetworkListener)
	// All metrics available for this target group.
	Metrics() INetworkTargetGroupMetrics
}

A network target group.

func NetworkTargetGroup_FromTargetGroupAttributes

func NetworkTargetGroup_FromTargetGroupAttributes(scope constructs.Construct, id *string, attrs *TargetGroupAttributes) INetworkTargetGroup

Import an existing target group.

type INetworkTargetGroupMetrics added in v2.65.0

type INetworkTargetGroupMetrics interface {
	// Return the given named metric for this Network Target Group.
	// Default: Average over 5 minutes.
	//
	Custom(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of targets that are considered healthy.
	// Default: Average over 5 minutes.
	//
	HealthyHostCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of targets that are considered unhealthy.
	// Default: Average over 5 minutes.
	//
	UnHealthyHostCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
}

Contains all metrics for a Target Group of a Network Load Balancer.

type ITargetGroup

type ITargetGroup interface {
	constructs.IConstruct
	// A token representing a list of ARNs of the load balancers that route traffic to this target group.
	LoadBalancerArns() *string
	// Return an object to depend on the listeners added to this target group.
	LoadBalancerAttached() constructs.IDependable
	// ARN of the target group.
	TargetGroupArn() *string
	// The name of the target group.
	TargetGroupName() *string
}

A target group.

type ITrustStore added in v2.154.0

type ITrustStore interface {
	awscdk.IResource
	// The ARN of the trust store.
	TrustStoreArn() *string
	// The name of the trust store.
	TrustStoreName() *string
}

Represents a Trust Store.

func TrustStore_FromTrustStoreArn added in v2.154.0

func TrustStore_FromTrustStoreArn(scope constructs.Construct, id *string, trustStoreArn *string) ITrustStore

Import from ARN.

type IpAddressType

type IpAddressType string

What kind of addresses to allocate to the load balancer.

Example:

var vpc vpc

lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	IpAddressType: elbv2.IpAddressType_DUAL_STACK,
	EnablePrefixForIpv6SourceNat: jsii.Boolean(true),
})

listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(1229),
	Protocol: elbv2.Protocol_UDP,
})
const (
	// Allocate IPv4 addresses.
	IpAddressType_IPV4 IpAddressType = "IPV4"
	// Allocate both IPv4 and IPv6 addresses.
	IpAddressType_DUAL_STACK IpAddressType = "DUAL_STACK"
	// IPv6 only public addresses, with private IPv4 and IPv6 addresses.
	IpAddressType_DUAL_STACK_WITHOUT_PUBLIC_IPV4 IpAddressType = "DUAL_STACK_WITHOUT_PUBLIC_IPV4"
)

type ListenerAction

type ListenerAction interface {
	IListenerAction
	Next() ListenerAction
	// Sets the Action for the `ListenerRule`.
	//
	// This method is required to set a dedicated Action to a `ListenerRule`
	// when the Action for the `CfnListener` and the Action for the `CfnListenerRule`
	// have different structures. (e.g. `AuthenticateOidcConfig`)
	AddRuleAction(actionJson *CfnListenerRule_ActionProperty)
	// Called when the action is being used in a listener.
	Bind(scope constructs.Construct, listener IApplicationListener, associatingConstruct constructs.IConstruct)
	// Render the listener default actions in this chain.
	RenderActions() *[]*CfnListener_ActionProperty
	// Render the listener rule actions in this chain.
	RenderRuleActions() *[]*CfnListenerRule_ActionProperty
	// Renumber the "order" fields in the actions array.
	//
	// We don't number for 0 or 1 elements, but otherwise number them 1...#actions
	// so ELB knows about the right order.
	//
	// Do this in `ListenerAction` instead of in `Listener` so that we give
	// users the opportunity to override by subclassing and overriding `renderActions`.
	Renumber(actions *[]*CfnListener_ActionProperty) *[]*CfnListener_ActionProperty
}

What to do when a client makes a request to a listener.

Some actions can be combined with other ones (specifically, you can perform authentication before serving the request).

Multiple actions form a linked chain; the chain must always terminate in a *(weighted)forward*, *fixedResponse* or *redirect* action.

If an action supports chaining, the next action can be indicated by passing it in the `next` property.

(Called `ListenerAction` instead of the more strictly correct `ListenerAction` because this is the class most users interact with, and we want to make it not too visually overwhelming).

Example:

import acm "github.com/aws/aws-cdk-go/awscdk"

var certificate certificate
var lb applicationLoadBalancer
var bucket bucket

trustStore := elbv2.NewTrustStore(this, jsii.String("Store"), &TrustStoreProps{
	Bucket: Bucket,
	Key: jsii.String("rootCA_cert.pem"),
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Protocol: elbv2.ApplicationProtocol_HTTPS,
	Certificates: []iListenerCertificate{
		certificate,
	},
	// mTLS settings
	MutualAuthentication: &MutualAuthentication{
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		MutualAuthenticationMode: elbv2.MutualAuthenticationMode_VERIFY,
		TrustStore: *TrustStore,
	},
	DefaultAction: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("Success mTLS"),
	}),
})

func ListenerAction_AuthenticateOidc

func ListenerAction_AuthenticateOidc(options *AuthenticateOidcOptions) ListenerAction

Authenticate using an identity provider (IdP) that is compliant with OpenID Connect (OIDC). See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/listener-authenticate-users.html#oidc-requirements

func ListenerAction_Redirect

func ListenerAction_Redirect(options *RedirectOptions) ListenerAction

Redirect to a different URI.

A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values.

You can reuse URI components using the following reserved keywords:

- `#{protocol}` - `#{host}` - `#{port}` - `#{path}` (the leading "/" is removed) - `#{query}`

For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz". See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#redirect-actions

func ListenerAction_WeightedForward

func ListenerAction_WeightedForward(targetGroups *[]*WeightedTargetGroup, options *ForwardOptions) ListenerAction

Forward to one or more Target Groups which are weighted differently. See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#forward-actions

func NewListenerAction

func NewListenerAction(defaultActionJson *CfnListener_ActionProperty, next ListenerAction) ListenerAction

Create an instance of ListenerAction.

The default class should be good enough for most cases and should be created by using one of the static factory functions, but allow overriding to make sure we allow flexibility for the future.

type ListenerCertificate

type ListenerCertificate interface {
	IListenerCertificate
	// The ARN of the certificate to use.
	CertificateArn() *string
}

A certificate source for an ELBv2 listener.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

listenerCertificate := awscdk.Aws_elasticloadbalancingv2.ListenerCertificate_FromArn(jsii.String("certificateArn"))

func ListenerCertificate_FromArn

func ListenerCertificate_FromArn(certificateArn *string) ListenerCertificate

Use any certificate, identified by its ARN, as a listener certificate.

func ListenerCertificate_FromCertificateManager

func ListenerCertificate_FromCertificateManager(acmCertificate awscertificatemanager.ICertificate) ListenerCertificate

Use an ACM certificate as a listener certificate.

func NewListenerCertificate

func NewListenerCertificate(certificateArn *string) ListenerCertificate

type ListenerCondition

type ListenerCondition interface {
	// Render the raw Cfn listener rule condition object.
	RenderRawCondition() interface{}
}

ListenerCondition providers definition.

Example:

var listener applicationListener
var asg autoScalingGroup

listener.AddTargets(jsii.String("Example.Com Fleet"), &AddApplicationTargetsProps{
	Priority: jsii.Number(10),
	Conditions: []listenerCondition{
		elbv2.*listenerCondition_HostHeaders([]*string{
			jsii.String("example.com"),
		}),
		elbv2.*listenerCondition_PathPatterns([]*string{
			jsii.String("/ok"),
			jsii.String("/path"),
		}),
	},
	Port: jsii.Number(8080),
	Targets: []iApplicationLoadBalancerTarget{
		asg,
	},
})

func ListenerCondition_HostHeaders

func ListenerCondition_HostHeaders(values *[]*string) ListenerCondition

Create a host-header listener rule condition.

func ListenerCondition_HttpHeader

func ListenerCondition_HttpHeader(name *string, values *[]*string) ListenerCondition

Create a http-header listener rule condition.

func ListenerCondition_HttpRequestMethods

func ListenerCondition_HttpRequestMethods(values *[]*string) ListenerCondition

Create a http-request-method listener rule condition.

func ListenerCondition_PathPatterns

func ListenerCondition_PathPatterns(values *[]*string) ListenerCondition

Create a path-pattern listener rule condition.

func ListenerCondition_QueryStrings

func ListenerCondition_QueryStrings(values *[]*QueryStringCondition) ListenerCondition

Create a query-string listener rule condition.

func ListenerCondition_SourceIps

func ListenerCondition_SourceIps(values *[]*string) ListenerCondition

Create a source-ip listener rule condition.

type LoadBalancerTargetProps

type LoadBalancerTargetProps struct {
	// What kind of target this is.
	TargetType TargetType `field:"required" json:"targetType" yaml:"targetType"`
	// JSON representing the target's direct addition to the TargetGroup list.
	//
	// May be omitted if the target is going to register itself later.
	TargetJson interface{} `field:"optional" json:"targetJson" yaml:"targetJson"`
}

Result of attaching a target to load balancer.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var targetJson interface{}

loadBalancerTargetProps := &LoadBalancerTargetProps{
	TargetType: awscdk.Aws_elasticloadbalancingv2.TargetType_INSTANCE,

	// the properties below are optional
	TargetJson: targetJson,
}

type MutualAuthentication added in v2.154.0

type MutualAuthentication struct {
	// Indicates whether expired client certificates are ignored.
	//
	// Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH
	// Default: false.
	//
	IgnoreClientCertificateExpiry *bool `field:"optional" json:"ignoreClientCertificateExpiry" yaml:"ignoreClientCertificateExpiry"`
	// The client certificate handling method.
	// Default: MutualAuthenticationMode.OFF
	//
	MutualAuthenticationMode MutualAuthenticationMode `field:"optional" json:"mutualAuthenticationMode" yaml:"mutualAuthenticationMode"`
	// The trust store.
	//
	// Cannot be used with MutualAuthenticationMode.OFF or MutualAuthenticationMode.PASS_THROUGH
	// Default: - no trust store.
	//
	TrustStore ITrustStore `field:"optional" json:"trustStore" yaml:"trustStore"`
}

The mutual authentication configuration information.

Example:

import acm "github.com/aws/aws-cdk-go/awscdk"

var certificate certificate
var lb applicationLoadBalancer
var bucket bucket

trustStore := elbv2.NewTrustStore(this, jsii.String("Store"), &TrustStoreProps{
	Bucket: Bucket,
	Key: jsii.String("rootCA_cert.pem"),
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Protocol: elbv2.ApplicationProtocol_HTTPS,
	Certificates: []iListenerCertificate{
		certificate,
	},
	// mTLS settings
	MutualAuthentication: &MutualAuthentication{
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		MutualAuthenticationMode: elbv2.MutualAuthenticationMode_VERIFY,
		TrustStore: *TrustStore,
	},
	DefaultAction: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("Success mTLS"),
	}),
})

type MutualAuthenticationMode added in v2.154.0

type MutualAuthenticationMode string

The client certificate handling method.

Example:

import acm "github.com/aws/aws-cdk-go/awscdk"

var certificate certificate
var lb applicationLoadBalancer
var bucket bucket

trustStore := elbv2.NewTrustStore(this, jsii.String("Store"), &TrustStoreProps{
	Bucket: Bucket,
	Key: jsii.String("rootCA_cert.pem"),
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Protocol: elbv2.ApplicationProtocol_HTTPS,
	Certificates: []iListenerCertificate{
		certificate,
	},
	// mTLS settings
	MutualAuthentication: &MutualAuthentication{
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		MutualAuthenticationMode: elbv2.MutualAuthenticationMode_VERIFY,
		TrustStore: *TrustStore,
	},
	DefaultAction: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("Success mTLS"),
	}),
})
const (
	// Off.
	MutualAuthenticationMode_OFF MutualAuthenticationMode = "OFF"
	// Application Load Balancer sends the whole client certificate chain to the target using HTTP headers.
	MutualAuthenticationMode_PASS_THROUGH MutualAuthenticationMode = "PASS_THROUGH"
	// Application Load Balancer performs X.509 client certificate authentication for clients when a load balancer negotiates TLS connections.
	MutualAuthenticationMode_VERIFY MutualAuthenticationMode = "VERIFY"
)

type NetworkForwardOptions

type NetworkForwardOptions struct {
	// For how long clients should be directed to the same target group.
	//
	// Range between 1 second and 7 days.
	// Default: - No stickiness.
	//
	StickinessDuration awscdk.Duration `field:"optional" json:"stickinessDuration" yaml:"stickinessDuration"`
}

Options for `NetworkListenerAction.forward()`.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

networkForwardOptions := &NetworkForwardOptions{
	StickinessDuration: cdk.Duration_Minutes(jsii.Number(30)),
}

type NetworkListener

type NetworkListener interface {
	BaseListener
	INetworkListener
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// ARN of the listener.
	ListenerArn() *string
	// The load balancer this listener is attached to.
	LoadBalancer() INetworkLoadBalancer
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Perform the given Action on incoming requests.
	//
	// This allows full control of the default Action of the load balancer,
	// including weighted forwarding. See the `NetworkListenerAction` class for
	// all options.
	AddAction(_id *string, props *AddNetworkActionProps)
	// Add one or more certificates to this listener.
	//
	// After the first certificate, this creates NetworkListenerCertificates
	// resources since cloudformation requires the certificates array on the
	// listener resource to have a length of 1.
	AddCertificates(id *string, certificates *[]IListenerCertificate)
	// Load balance incoming requests to the given target groups.
	//
	// All target groups will be load balanced to with equal weight and without
	// stickiness. For a more complex configuration than that, use `addAction()`.
	AddTargetGroups(_id *string, targetGroups ...INetworkTargetGroup)
	// Load balance incoming requests to the given load balancing targets.
	//
	// This method implicitly creates a NetworkTargetGroup for the targets
	// involved, and a 'forward' action to route traffic to the given TargetGroup.
	//
	// If you want more control over the precise setup, create the TargetGroup
	// and use `addAction` yourself.
	//
	// It's possible to add conditions to the targets added in this way. At least
	// one set of targets must be added without conditions.
	//
	// Returns: The newly created target group.
	AddTargets(id *string, props *AddNetworkTargetsProps) NetworkTargetGroup
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Remove an attribute from the listener.
	RemoveAttribute(key *string)
	// Set a non-standard attribute on the listener.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html
	//
	SetAttribute(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
	// Validate this listener.
	ValidateListener() *[]*string
}

Define a Network Listener.

Example:

import "github.com/aws/aws-cdk-go/awscdk"

vpc := ec2.NewVpc(this, jsii.String("VPC"))
lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("lb"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
})
listener := lb.AddListener(jsii.String("listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(80),
})
listener.AddTargets(jsii.String("target"), &AddNetworkTargetsProps{
	Port: jsii.Number(80),
})

httpEndpoint := apigwv2.NewHttpApi(this, jsii.String("HttpProxyPrivateApi"), &HttpApiProps{
	DefaultIntegration: awscdk.NewHttpNlbIntegration(jsii.String("DefaultIntegration"), listener),
})

func NewNetworkListener

func NewNetworkListener(scope constructs.Construct, id *string, props *NetworkListenerProps) NetworkListener

type NetworkListenerAction

type NetworkListenerAction interface {
	IListenerAction
	Next() NetworkListenerAction
	// Called when the action is being used in a listener.
	Bind(scope constructs.Construct, listener INetworkListener)
	// Render the listener default actions in this chain.
	RenderActions() *[]*CfnListener_ActionProperty
	// Render the listener rule actions in this chain.
	RenderRuleActions() *[]*CfnListenerRule_ActionProperty
	// Renumber the "order" fields in the actions array.
	//
	// We don't number for 0 or 1 elements, but otherwise number them 1...#actions
	// so ELB knows about the right order.
	//
	// Do this in `NetworkListenerAction` instead of in `Listener` so that we give
	// users the opportunity to override by subclassing and overriding `renderActions`.
	Renumber(actions *[]*CfnListener_ActionProperty) *[]*CfnListener_ActionProperty
}

What to do when a client makes a request to a listener.

Some actions can be combined with other ones (specifically, you can perform authentication before serving the request).

Multiple actions form a linked chain; the chain must always terminate in a *(weighted)forward*, *fixedResponse* or *redirect* action.

If an action supports chaining, the next action can be indicated by passing it in the `next` property.

Example:

var lb networkLoadBalancer
var group networkTargetGroup

listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(80),
	DefaultAction: elbv2.NetworkListenerAction_Forward([]iNetworkTargetGroup{
		group,
	}),

	// The tcp idle timeout value. The valid range is 60-6000 seconds. The default is 350 seconds.
	TcpIdleTimeout: awscdk.Duration_Seconds(jsii.Number(100)),
})

func NetworkListenerAction_Forward

func NetworkListenerAction_Forward(targetGroups *[]INetworkTargetGroup, options *NetworkForwardOptions) NetworkListenerAction

Forward to one or more Target Groups.

func NetworkListenerAction_WeightedForward

func NetworkListenerAction_WeightedForward(targetGroups *[]*NetworkWeightedTargetGroup, options *NetworkForwardOptions) NetworkListenerAction

Forward to one or more Target Groups which are weighted differently.

func NewNetworkListenerAction

func NewNetworkListenerAction(defaultActionJson *CfnListener_ActionProperty, next NetworkListenerAction) NetworkListenerAction

Create an instance of NetworkListenerAction.

The default class should be good enough for most cases and should be created by using one of the static factory functions, but allow overriding to make sure we allow flexibility for the future.

type NetworkListenerLookupOptions

type NetworkListenerLookupOptions struct {
	// Filter listeners by listener port.
	// Default: - does not filter by listener port.
	//
	ListenerPort *float64 `field:"optional" json:"listenerPort" yaml:"listenerPort"`
	// Filter listeners by associated load balancer arn.
	// Default: - does not filter by load balancer arn.
	//
	LoadBalancerArn *string `field:"optional" json:"loadBalancerArn" yaml:"loadBalancerArn"`
	// Filter listeners by associated load balancer tags.
	// Default: - does not filter by load balancer tags.
	//
	LoadBalancerTags *map[string]*string `field:"optional" json:"loadBalancerTags" yaml:"loadBalancerTags"`
	// Protocol of the listener port.
	// Default: - listener is not filtered by protocol.
	//
	ListenerProtocol Protocol `field:"optional" json:"listenerProtocol" yaml:"listenerProtocol"`
}

Options for looking up a network listener.

Example:

listener := elbv2.NetworkListener_FromLookup(this, jsii.String("ALBListener"), &NetworkListenerLookupOptions{
	LoadBalancerTags: map[string]*string{
		"Cluster": jsii.String("MyClusterName"),
	},
	ListenerProtocol: elbv2.Protocol_TCP,
	ListenerPort: jsii.Number(12345),
})

type NetworkListenerProps

type NetworkListenerProps struct {
	// The port on which the listener listens for requests.
	Port *float64 `field:"required" json:"port" yaml:"port"`
	// Application-Layer Protocol Negotiation (ALPN) is a TLS extension that is sent on the initial TLS handshake hello messages.
	//
	// ALPN enables the application layer to negotiate which protocols should be used over a secure connection, such as HTTP/1 and HTTP/2.
	//
	// Can only be specified together with Protocol TLS.
	// Default: - None.
	//
	AlpnPolicy AlpnPolicy `field:"optional" json:"alpnPolicy" yaml:"alpnPolicy"`
	// Certificate list of ACM cert ARNs.
	//
	// You must provide exactly one certificate if the listener protocol is HTTPS or TLS.
	// Default: - No certificates.
	//
	Certificates *[]IListenerCertificate `field:"optional" json:"certificates" yaml:"certificates"`
	// Default action to take for requests to this listener.
	//
	// This allows full control of the default Action of the load balancer,
	// including weighted forwarding. See the `NetworkListenerAction` class for
	// all options.
	//
	// Cannot be specified together with `defaultTargetGroups`.
	// Default: - None.
	//
	DefaultAction NetworkListenerAction `field:"optional" json:"defaultAction" yaml:"defaultAction"`
	// Default target groups to load balance to.
	//
	// All target groups will be load balanced to with equal weight and without
	// stickiness. For a more complex configuration than that, use
	// either `defaultAction` or `addAction()`.
	//
	// Cannot be specified together with `defaultAction`.
	// Default: - None.
	//
	DefaultTargetGroups *[]INetworkTargetGroup `field:"optional" json:"defaultTargetGroups" yaml:"defaultTargetGroups"`
	// Protocol for listener, expects TCP, TLS, UDP, or TCP_UDP.
	// Default: - TLS if certificates are provided. TCP otherwise.
	//
	Protocol Protocol `field:"optional" json:"protocol" yaml:"protocol"`
	// SSL Policy.
	// Default: - Current predefined security policy.
	//
	SslPolicy SslPolicy `field:"optional" json:"sslPolicy" yaml:"sslPolicy"`
	// The load balancer TCP idle timeout.
	// Default: Duration.seconds(350)
	//
	TcpIdleTimeout awscdk.Duration `field:"optional" json:"tcpIdleTimeout" yaml:"tcpIdleTimeout"`
	// The load balancer to attach this listener to.
	LoadBalancer INetworkLoadBalancer `field:"required" json:"loadBalancer" yaml:"loadBalancer"`
}

Properties for a Network Listener attached to a Load Balancer.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import cdk "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var listenerCertificate listenerCertificate
var networkListenerAction networkListenerAction
var networkLoadBalancer networkLoadBalancer
var networkTargetGroup networkTargetGroup

networkListenerProps := &NetworkListenerProps{
	LoadBalancer: networkLoadBalancer,
	Port: jsii.Number(123),

	// the properties below are optional
	AlpnPolicy: awscdk.Aws_elasticloadbalancingv2.AlpnPolicy_HTTP1_ONLY,
	Certificates: []iListenerCertificate{
		listenerCertificate,
	},
	DefaultAction: networkListenerAction,
	DefaultTargetGroups: []iNetworkTargetGroup{
		networkTargetGroup,
	},
	Protocol: awscdk.*Aws_elasticloadbalancingv2.Protocol_HTTP,
	SslPolicy: awscdk.*Aws_elasticloadbalancingv2.SslPolicy_RECOMMENDED_TLS,
	TcpIdleTimeout: cdk.Duration_Minutes(jsii.Number(30)),
}

type NetworkLoadBalancer

type NetworkLoadBalancer interface {
	BaseLoadBalancer
	INetworkLoadBalancer
	// The network connections associated with this resource.
	Connections() awsec2.Connections
	// Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink.
	EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic() *string
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The type of IP addresses to use.
	IpAddressType() IpAddressType
	// The ARN of this load balancer.
	//
	// Example value: `arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-internal-load-balancer/50dc6c495c0c9188`.
	LoadBalancerArn() *string
	// The canonical hosted zone ID of this load balancer.
	//
	// Example value: `Z2P70J7EXAMPLE`.
	LoadBalancerCanonicalHostedZoneId() *string
	// The DNS name of this load balancer.
	//
	// Example value: `my-load-balancer-424835706.us-west-2.elb.amazonaws.com`
	LoadBalancerDnsName() *string
	// The full name of this load balancer.
	//
	// Example value: `app/my-load-balancer/50dc6c495c0c9188`.
	LoadBalancerFullName() *string
	// The name of this load balancer.
	//
	// Example value: `my-load-balancer`.
	LoadBalancerName() *string
	LoadBalancerSecurityGroups() *[]*string
	// All metrics available for this load balancer.
	Metrics() INetworkLoadBalancerMetrics
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// After the implementation of `IConnectable` (see https://github.com/aws/aws-cdk/pull/28494), the default value for `securityGroups` is set by the `ec2.Connections` constructor to an empty array. To keep backward compatibility (`securityGroups` is `undefined` if the related property is not specified) a getter has been added.
	SecurityGroups() *[]*string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// The VPC this load balancer has been created in.
	//
	// This property is always defined (not `null` or `undefined`) for sub-classes of `BaseLoadBalancer`.
	Vpc() awsec2.IVpc
	// Add a listener to this load balancer.
	//
	// Returns: The newly created listener.
	AddListener(id *string, props *BaseNetworkListenerProps) NetworkListener
	// Add a security group to this load balancer.
	AddSecurityGroup(securityGroup awsec2.ISecurityGroup)
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Enable access logging for this load balancer.
	//
	// A region must be specified on the stack containing the load balancer; you cannot enable logging on
	// environment-agnostic stacks. See https://docs.aws.amazon.com/cdk/latest/guide/environments.html
	LogAccessLogs(bucket awss3.IBucket, prefix *string)
	// Return the given named metric for this Network Load Balancer.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “NetworkLoadBalancer.metrics.custom“ instead
	Metric(metricName *string, props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of concurrent TCP flows (or connections) from clients to targets.
	//
	// This metric includes connections in the SYN_SENT and ESTABLISHED states.
	// TCP connections are not terminated at the load balancer, so a client
	// opening a TCP connection to a target counts as a single flow.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “NetworkLoadBalancer.metrics.activeFlowCount“ instead
	MetricActiveFlowCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of load balancer capacity units (LCU) used by your load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “NetworkLoadBalancer.metrics.activeFlowCount“ instead
	MetricConsumedLCUs(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of new TCP flows (or connections) established from clients to targets in the time period.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “NetworkLoadBalancer.metrics.newFlowCount“ instead
	MetricNewFlowCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of bytes processed by the load balancer, including TCP/IP headers.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “NetworkLoadBalancer.metrics.processedBytes“ instead
	MetricProcessedBytes(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of reset (RST) packets sent from a client to a target.
	//
	// These resets are generated by the client and forwarded by the load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “NetworkLoadBalancer.metrics.tcpClientResetCount“ instead
	MetricTcpClientResetCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of reset (RST) packets generated by the load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “NetworkLoadBalancer.metrics.tcpElbResetCount“ instead
	MetricTcpElbResetCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The total number of reset (RST) packets sent from a target to a client.
	//
	// These resets are generated by the target and forwarded by the load balancer.
	// Default: Sum over 5 minutes.
	//
	// Deprecated: Use “NetworkLoadBalancer.metrics.tcpTargetResetCount“ instead
	MetricTcpTargetResetCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Remove an attribute from the load balancer.
	RemoveAttribute(key *string)
	ResourcePolicyPrincipal() awsiam.IPrincipal
	// Set a non-standard attribute on the load balancer.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes
	//
	SetAttribute(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
	ValidateLoadBalancer() *[]*string
}

Define a new network load balancer.

Example:

var vpc vpc

lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	IpAddressType: elbv2.IpAddressType_DUAL_STACK,
	EnablePrefixForIpv6SourceNat: jsii.Boolean(true),
})

listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(1229),
	Protocol: elbv2.Protocol_UDP,
})

func NewNetworkLoadBalancer

func NewNetworkLoadBalancer(scope constructs.Construct, id *string, props *NetworkLoadBalancerProps) NetworkLoadBalancer

type NetworkLoadBalancerAttributes

type NetworkLoadBalancerAttributes struct {
	// ARN of the load balancer.
	LoadBalancerArn *string `field:"required" json:"loadBalancerArn" yaml:"loadBalancerArn"`
	// The canonical hosted zone ID of this load balancer.
	// Default: - When not provided, LB cannot be used as Route53 Alias target.
	//
	LoadBalancerCanonicalHostedZoneId *string `field:"optional" json:"loadBalancerCanonicalHostedZoneId" yaml:"loadBalancerCanonicalHostedZoneId"`
	// The DNS name of this load balancer.
	// Default: - When not provided, LB cannot be used as Route53 Alias target.
	//
	LoadBalancerDnsName *string `field:"optional" json:"loadBalancerDnsName" yaml:"loadBalancerDnsName"`
	// Security groups to associate with this load balancer.
	// Default: - No security groups associated with the load balancer.
	//
	LoadBalancerSecurityGroups *[]*string `field:"optional" json:"loadBalancerSecurityGroups" yaml:"loadBalancerSecurityGroups"`
	// The VPC to associate with the load balancer.
	// Default: - When not provided, listeners cannot be created on imported load
	// balancers.
	//
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
}

Properties to reference an existing load balancer.

Example:

// Create an Accelerator
accelerator := globalaccelerator.NewAccelerator(this, jsii.String("Accelerator"))

// Create a Listener
listener := accelerator.AddListener(jsii.String("Listener"), &ListenerOptions{
	PortRanges: []portRange{
		&portRange{
			FromPort: jsii.Number(80),
		},
		&portRange{
			FromPort: jsii.Number(443),
		},
	},
})

// Import the Load Balancers
nlb1 := elbv2.NetworkLoadBalancer_FromNetworkLoadBalancerAttributes(this, jsii.String("NLB1"), &NetworkLoadBalancerAttributes{
	LoadBalancerArn: jsii.String("arn:aws:elasticloadbalancing:us-west-2:111111111111:loadbalancer/app/my-load-balancer1/e16bef66805b"),
})
nlb2 := elbv2.NetworkLoadBalancer_FromNetworkLoadBalancerAttributes(this, jsii.String("NLB2"), &NetworkLoadBalancerAttributes{
	LoadBalancerArn: jsii.String("arn:aws:elasticloadbalancing:ap-south-1:111111111111:loadbalancer/app/my-load-balancer2/5513dc2ea8a1"),
})

// Add one EndpointGroup for each Region we are targeting
listener.AddEndpointGroup(jsii.String("Group1"), &EndpointGroupOptions{
	Endpoints: []iEndpoint{
		ga_endpoints.NewNetworkLoadBalancerEndpoint(nlb1),
	},
})
listener.AddEndpointGroup(jsii.String("Group2"), &EndpointGroupOptions{
	// Imported load balancers automatically calculate their Region from the ARN.
	// If you are load balancing to other resources, you must also pass a `region`
	// parameter here.
	Endpoints: []*iEndpoint{
		ga_endpoints.NewNetworkLoadBalancerEndpoint(nlb2),
	},
})

type NetworkLoadBalancerLookupOptions

type NetworkLoadBalancerLookupOptions struct {
	// Find by load balancer's ARN.
	// Default: - does not search by load balancer arn.
	//
	LoadBalancerArn *string `field:"optional" json:"loadBalancerArn" yaml:"loadBalancerArn"`
	// Match load balancer tags.
	// Default: - does not match load balancers by tags.
	//
	LoadBalancerTags *map[string]*string `field:"optional" json:"loadBalancerTags" yaml:"loadBalancerTags"`
}

Options for looking up an NetworkLoadBalancer.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

networkLoadBalancerLookupOptions := &NetworkLoadBalancerLookupOptions{
	LoadBalancerArn: jsii.String("loadBalancerArn"),
	LoadBalancerTags: map[string]*string{
		"loadBalancerTagsKey": jsii.String("loadBalancerTags"),
	},
}

type NetworkLoadBalancerProps

type NetworkLoadBalancerProps struct {
	// The VPC network to place the load balancer in.
	Vpc awsec2.IVpc `field:"required" json:"vpc" yaml:"vpc"`
	// Indicates whether cross-zone load balancing is enabled.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.html
	//
	// Default: - false for Network Load Balancers and true for Application Load Balancers.
	// This can not be `false` for Application Load Balancers.
	//
	CrossZoneEnabled *bool `field:"optional" json:"crossZoneEnabled" yaml:"crossZoneEnabled"`
	// Indicates whether deletion protection is enabled.
	// Default: false.
	//
	DeletionProtection *bool `field:"optional" json:"deletionProtection" yaml:"deletionProtection"`
	// Indicates whether the load balancer blocks traffic through the Internet Gateway (IGW).
	// Default: - false for internet-facing load balancers and true for internal load balancers.
	//
	DenyAllIgwTraffic *bool `field:"optional" json:"denyAllIgwTraffic" yaml:"denyAllIgwTraffic"`
	// Whether the load balancer has an internet-routable address.
	// Default: false.
	//
	InternetFacing *bool `field:"optional" json:"internetFacing" yaml:"internetFacing"`
	// Name of the load balancer.
	// Default: - Automatically generated name.
	//
	LoadBalancerName *string `field:"optional" json:"loadBalancerName" yaml:"loadBalancerName"`
	// Which subnets place the load balancer in.
	// Default: - the Vpc default strategy.
	//
	VpcSubnets *awsec2.SubnetSelection `field:"optional" json:"vpcSubnets" yaml:"vpcSubnets"`
	// The AZ affinity routing policy.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#zonal-dns-affinity
	//
	// Default: - AZ affinity is disabled.
	//
	ClientRoutingPolicy ClientRoutingPolicy `field:"optional" json:"clientRoutingPolicy" yaml:"clientRoutingPolicy"`
	// Indicates whether to use an IPv6 prefix from each subnet for source NAT.
	//
	// The IP address type must be IpAddressType.DUALSTACK.
	// Default: undefined - NLB default behavior is false.
	//
	EnablePrefixForIpv6SourceNat *bool `field:"optional" json:"enablePrefixForIpv6SourceNat" yaml:"enablePrefixForIpv6SourceNat"`
	// Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink.
	// Default: true.
	//
	EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic *bool `` /* 136-byte string literal not displayed */
	// The type of IP addresses to use.
	//
	// If you want to add a UDP or TCP_UDP listener to the load balancer,
	// you must choose IPv4.
	// Default: IpAddressType.IPV4
	//
	IpAddressType IpAddressType `field:"optional" json:"ipAddressType" yaml:"ipAddressType"`
	// Security groups to associate with this load balancer.
	// Default: - No security groups associated with the load balancer.
	//
	SecurityGroups *[]awsec2.ISecurityGroup `field:"optional" json:"securityGroups" yaml:"securityGroups"`
	// Indicates whether zonal shift is enabled.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/network/zonal-shift.html
	//
	// Default: false.
	//
	ZonalShift *bool `field:"optional" json:"zonalShift" yaml:"zonalShift"`
}

Properties for a network load balancer.

Example:

var vpc vpc

lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	IpAddressType: elbv2.IpAddressType_DUAL_STACK,
	EnablePrefixForIpv6SourceNat: jsii.Boolean(true),
})

listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(1229),
	Protocol: elbv2.Protocol_UDP,
})

type NetworkTargetGroup

type NetworkTargetGroup interface {
	TargetGroupBase
	INetworkTargetGroup
	// Default port configured for members of this target group.
	DefaultPort() *float64
	// Full name of first load balancer.
	FirstLoadBalancerFullName() *string
	// Health check for the members of this target group.
	HealthCheck() *HealthCheck
	SetHealthCheck(val *HealthCheck)
	// A token representing a list of ARNs of the load balancers that route traffic to this target group.
	LoadBalancerArns() *string
	// List of constructs that need to be depended on to ensure the TargetGroup is associated to a load balancer.
	LoadBalancerAttached() constructs.IDependable
	// Configurable dependable with all resources that lead to load balancer attachment.
	LoadBalancerAttachedDependencies() constructs.DependencyGroup
	// All metrics available for this target group.
	Metrics() INetworkTargetGroupMetrics
	// The tree node.
	Node() constructs.Node
	// The ARN of the target group.
	TargetGroupArn() *string
	// The full name of the target group.
	TargetGroupFullName() *string
	// ARNs of load balancers load balancing to this TargetGroup.
	TargetGroupLoadBalancerArns() *[]*string
	// The name of the target group.
	TargetGroupName() *string
	// The types of the directly registered members of this target group.
	TargetType() TargetType
	SetTargetType(val TargetType)
	// Register the given load balancing target as part of this group.
	AddLoadBalancerTarget(props *LoadBalancerTargetProps)
	// Add a load balancing target to this target group.
	AddTarget(targets ...INetworkLoadBalancerTarget)
	// Set/replace the target group's health check.
	ConfigureHealthCheck(healthCheck *HealthCheck)
	// The number of targets that are considered healthy.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “NetworkTargetGroup.metrics.healthyHostCount“ instead
	MetricHealthyHostCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// The number of targets that are considered unhealthy.
	// Default: Average over 5 minutes.
	//
	// Deprecated: Use “NetworkTargetGroup.metrics.healthyHostCount“ instead
	MetricUnHealthyHostCount(props *awscloudwatch.MetricOptions) awscloudwatch.Metric
	// Register a listener that is load balancing to this target group.
	//
	// Don't call this directly. It will be called by listeners.
	RegisterListener(listener INetworkListener)
	// Set a non-standard attribute on the target group.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-attributes
	//
	SetAttribute(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
	ValidateHealthCheck() *[]*string
	ValidateTargetGroup() *[]*string
}

Define a Network Target Group.

Example:

import elb "github.com/aws/aws-cdk-go/awscdk"
import elb2 "github.com/aws/aws-cdk-go/awscdk"

var clb loadBalancer
var alb applicationLoadBalancer
var nlb networkLoadBalancer

albListener := alb.AddListener(jsii.String("ALBListener"), &BaseApplicationListenerProps{
	Port: jsii.Number(80),
})
albTargetGroup := albListener.AddTargets(jsii.String("ALBFleet"), &AddApplicationTargetsProps{
	Port: jsii.Number(80),
})

nlbListener := nlb.AddListener(jsii.String("NLBListener"), &BaseNetworkListenerProps{
	Port: jsii.Number(80),
})
nlbTargetGroup := nlbListener.AddTargets(jsii.String("NLBFleet"), &AddNetworkTargetsProps{
	Port: jsii.Number(80),
})

deploymentGroup := codedeploy.NewServerDeploymentGroup(this, jsii.String("DeploymentGroup"), &ServerDeploymentGroupProps{
	LoadBalancers: []loadBalancer{
		codedeploy.*loadBalancer_Classic(clb),
		codedeploy.*loadBalancer_Application(albTargetGroup),
		codedeploy.*loadBalancer_Network(nlbTargetGroup),
	},
})

func NewNetworkTargetGroup

func NewNetworkTargetGroup(scope constructs.Construct, id *string, props *NetworkTargetGroupProps) NetworkTargetGroup

type NetworkTargetGroupProps

type NetworkTargetGroupProps struct {
	// Indicates whether cross zone load balancing is enabled.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-targetgroup-targetgroupattribute.html
	//
	// Default: - use load balancer configuration.
	//
	CrossZoneEnabled *bool `field:"optional" json:"crossZoneEnabled" yaml:"crossZoneEnabled"`
	// The amount of time for Elastic Load Balancing to wait before deregistering a target.
	//
	// The range is 0-3600 seconds.
	// Default: 300.
	//
	DeregistrationDelay awscdk.Duration `field:"optional" json:"deregistrationDelay" yaml:"deregistrationDelay"`
	// Health check configuration.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#aws-resource-elasticloadbalancingv2-targetgroup-properties
	//
	// Default: - The default value for each property in this configuration varies depending on the target.
	//
	HealthCheck *HealthCheck `field:"optional" json:"healthCheck" yaml:"healthCheck"`
	// The type of IP addresses of the targets registered with the target group.
	// Default: undefined - ELB defaults to IPv4.
	//
	IpAddressType TargetGroupIpAddressType `field:"optional" json:"ipAddressType" yaml:"ipAddressType"`
	// The name of the target group.
	//
	// This name must be unique per region per account, can have a maximum of
	// 32 characters, must contain only alphanumeric characters or hyphens, and
	// must not begin or end with a hyphen.
	// Default: - Automatically generated.
	//
	TargetGroupName *string `field:"optional" json:"targetGroupName" yaml:"targetGroupName"`
	// The type of targets registered to this TargetGroup, either IP or Instance.
	//
	// All targets registered into the group must be of this type. If you
	// register targets to the TargetGroup in the CDK app, the TargetType is
	// determined automatically.
	// Default: - Determined automatically.
	//
	TargetType TargetType `field:"optional" json:"targetType" yaml:"targetType"`
	// The virtual private cloud (VPC).
	//
	// only if `TargetType` is `Ip` or `InstanceId`.
	// Default: - undefined.
	//
	Vpc awsec2.IVpc `field:"optional" json:"vpc" yaml:"vpc"`
	// The port on which the target receives traffic.
	Port *float64 `field:"required" json:"port" yaml:"port"`
	// Indicates whether the load balancer terminates connections at the end of the deregistration timeout.
	// Default: false.
	//
	ConnectionTermination *bool `field:"optional" json:"connectionTermination" yaml:"connectionTermination"`
	// Indicates whether client IP preservation is enabled.
	// Default: false if the target group type is IP address and the
	// target group protocol is TCP or TLS. Otherwise, true.
	//
	PreserveClientIp *bool `field:"optional" json:"preserveClientIp" yaml:"preserveClientIp"`
	// Protocol for target group, expects TCP, TLS, UDP, or TCP_UDP.
	// Default: - TCP.
	//
	Protocol Protocol `field:"optional" json:"protocol" yaml:"protocol"`
	// Indicates whether Proxy Protocol version 2 is enabled.
	// Default: false.
	//
	ProxyProtocolV2 *bool `field:"optional" json:"proxyProtocolV2" yaml:"proxyProtocolV2"`
	// The targets to add to this target group.
	//
	// Can be `Instance`, `IPAddress`, or any self-registering load balancing
	// target. If you use either `Instance` or `IPAddress` as targets, all
	// target must be of the same type.
	// Default: - No targets.
	//
	Targets *[]INetworkLoadBalancerTarget `field:"optional" json:"targets" yaml:"targets"`
}

Properties for a new Network Target Group.

Example:

var vpc vpc

ipv4ApplicationTargetGroup := elbv2.NewApplicationTargetGroup(this, jsii.String("IPv4ApplicationTargetGroup"), &ApplicationTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV4,
})

ipv6ApplicationTargetGroup := elbv2.NewApplicationTargetGroup(this, jsii.String("Ipv6ApplicationTargetGroup"), &ApplicationTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV6,
})

ipv4NetworkTargetGroup := elbv2.NewNetworkTargetGroup(this, jsii.String("IPv4NetworkTargetGroup"), &NetworkTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV4,
})

ipv6NetworkTargetGroup := elbv2.NewNetworkTargetGroup(this, jsii.String("Ipv6NetworkTargetGroup"), &NetworkTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV6,
})

type NetworkWeightedTargetGroup

type NetworkWeightedTargetGroup struct {
	// The target group.
	TargetGroup INetworkTargetGroup `field:"required" json:"targetGroup" yaml:"targetGroup"`
	// The target group's weight.
	//
	// Range is [0..1000).
	// Default: 1.
	//
	Weight *float64 `field:"optional" json:"weight" yaml:"weight"`
}

A Target Group and weight combination.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var networkTargetGroup networkTargetGroup

networkWeightedTargetGroup := &NetworkWeightedTargetGroup{
	TargetGroup: networkTargetGroup,

	// the properties below are optional
	Weight: jsii.Number(123),
}

type Protocol

type Protocol string

Backend protocol for network load balancers and health checks.

Example:

var vpc vpc

lb := elbv2.NewNetworkLoadBalancer(this, jsii.String("LB"), &NetworkLoadBalancerProps{
	Vpc: Vpc,
	IpAddressType: elbv2.IpAddressType_DUAL_STACK,
	EnablePrefixForIpv6SourceNat: jsii.Boolean(true),
})

listener := lb.AddListener(jsii.String("Listener"), &BaseNetworkListenerProps{
	Port: jsii.Number(1229),
	Protocol: elbv2.Protocol_UDP,
})
const (
	// HTTP (ALB health checks and NLB health checks).
	Protocol_HTTP Protocol = "HTTP"
	// HTTPS (ALB health checks and NLB health checks).
	Protocol_HTTPS Protocol = "HTTPS"
	// TCP (NLB, NLB health checks).
	Protocol_TCP Protocol = "TCP"
	// TLS (NLB).
	Protocol_TLS Protocol = "TLS"
	// UDP (NLB).
	Protocol_UDP Protocol = "UDP"
	// Listen to both TCP and UDP on the same port (NLB).
	Protocol_TCP_UDP Protocol = "TCP_UDP"
)

type QueryStringCondition

type QueryStringCondition struct {
	// The query string value for the condition.
	Value *string `field:"required" json:"value" yaml:"value"`
	// The query string key for the condition.
	// Default: - Any key can be matched.
	//
	Key *string `field:"optional" json:"key" yaml:"key"`
}

Properties for the key/value pair of the query string.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

queryStringCondition := &QueryStringCondition{
	Value: jsii.String("value"),

	// the properties below are optional
	Key: jsii.String("key"),
}

type RedirectOptions

type RedirectOptions struct {
	// The hostname.
	//
	// This component is not percent-encoded. The hostname can contain #{host}.
	// Default: - No change.
	//
	Host *string `field:"optional" json:"host" yaml:"host"`
	// The absolute path, starting with the leading "/".
	//
	// This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}.
	// Default: - No change.
	//
	Path *string `field:"optional" json:"path" yaml:"path"`
	// The HTTP redirect code.
	//
	// The redirect is either permanent (HTTP 301) or temporary (HTTP 302).
	// Default: false.
	//
	Permanent *bool `field:"optional" json:"permanent" yaml:"permanent"`
	// The port.
	//
	// You can specify a value from 1 to 65535 or #{port}.
	// Default: - No change.
	//
	Port *string `field:"optional" json:"port" yaml:"port"`
	// The protocol.
	//
	// You can specify HTTP, HTTPS, or #{protocol}. You can redirect HTTP to HTTP, HTTP to HTTPS, and HTTPS to HTTPS. You cannot redirect HTTPS to HTTP.
	// Default: - No change.
	//
	Protocol *string `field:"optional" json:"protocol" yaml:"protocol"`
	// The query parameters, URL-encoded when necessary, but not percent-encoded.
	//
	// Do not include the leading "?", as it is automatically added. You can specify any of the reserved keywords.
	// Default: - No change.
	//
	Query *string `field:"optional" json:"query" yaml:"query"`
}

Options for `ListenerAction.redirect()`.

A URI consists of the following components: protocol://hostname:port/path?query. You must modify at least one of the following components to avoid a redirect loop: protocol, hostname, port, or path. Any components that you do not modify retain their original values.

You can reuse URI components using the following reserved keywords:

- `#{protocol}` - `#{host}` - `#{port}` - `#{path}` (the leading "/" is removed) - `#{query}`

For example, you can change the path to "/new/#{path}", the hostname to "example.#{host}", or the query to "#{query}&value=xyz".

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

redirectOptions := &RedirectOptions{
	Host: jsii.String("host"),
	Path: jsii.String("path"),
	Permanent: jsii.Boolean(false),
	Port: jsii.String("port"),
	Protocol: jsii.String("protocol"),
	Query: jsii.String("query"),
}

type RevocationContent added in v2.154.0

type RevocationContent struct {
	// The Amazon S3 bucket for the revocation file.
	Bucket awss3.IBucket `field:"required" json:"bucket" yaml:"bucket"`
	// The Amazon S3 path for the revocation file.
	Key *string `field:"required" json:"key" yaml:"key"`
	// The type of revocation file.
	// Default: RevocationType.CRL
	//
	RevocationType RevocationType `field:"optional" json:"revocationType" yaml:"revocationType"`
	// The Amazon S3 object version of the revocation file.
	// Default: - latest version.
	//
	Version *string `field:"optional" json:"version" yaml:"version"`
}

Information about a revocation file.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

var bucket bucket

revocationContent := &RevocationContent{
	Bucket: bucket,
	Key: jsii.String("key"),

	// the properties below are optional
	RevocationType: awscdk.Aws_elasticloadbalancingv2.RevocationType_CRL,
	Version: jsii.String("version"),
}

type RevocationType added in v2.154.0

type RevocationType string

The type of revocation file.

Example:

var trustStore trustStore
var bucket bucket

elbv2.NewTrustStoreRevocation(this, jsii.String("Revocation"), &TrustStoreRevocationProps{
	TrustStore: TrustStore,
	RevocationContents: []revocationContent{
		&revocationContent{
			RevocationType: elbv2.RevocationType_CRL,
			Bucket: *Bucket,
			Key: jsii.String("crl.pem"),
		},
	},
})
const (
	// A signed list of revoked certificates.
	RevocationType_CRL RevocationType = "CRL"
)

type SslPolicy

type SslPolicy string

Elastic Load Balancing provides the following security policies for Application Load Balancers.

We recommend the Recommended policy for general use. You can use the ForwardSecrecy policy if you require Forward Secrecy (FS).

You can use one of the TLS policies to meet compliance and security standards that require disabling certain TLS protocol versions, or to support legacy clients that require deprecated ciphers.

Example:

import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"
import "github.com/aws/aws-cdk-go/awscdk"

vpc := ec2.NewVpc(this, jsii.String("Vpc"), &VpcProps{
	MaxAzs: jsii.Number(1),
})
loadBalancedFargateService := ecsPatterns.NewApplicationMultipleTargetGroupsFargateService(this, jsii.String("myService"), &ApplicationMultipleTargetGroupsFargateServiceProps{
	Cluster: ecs.NewCluster(this, jsii.String("EcsCluster"), &ClusterProps{
		Vpc: *Vpc,
	}),
	MemoryLimitMiB: jsii.Number(256),
	TaskImageOptions: &ApplicationLoadBalancedTaskImageProps{
		Image: ecs.ContainerImage_FromRegistry(jsii.String("amazon/amazon-ecs-sample")),
	},
	EnableExecuteCommand: jsii.Boolean(true),
	LoadBalancers: []applicationLoadBalancerProps{
		&applicationLoadBalancerProps{
			Name: jsii.String("lb"),
			IdleTimeout: awscdk.Duration_Seconds(jsii.Number(400)),
			DomainName: jsii.String("api.example.com"),
			DomainZone: awscdk.NewPublicHostedZone(this, jsii.String("HostedZone"), &PublicHostedZoneProps{
				ZoneName: jsii.String("example.com"),
			}),
			Listeners: []applicationListenerProps{
				&applicationListenerProps{
					Name: jsii.String("listener"),
					Protocol: awscdk.ApplicationProtocol_HTTPS,
					Certificate: awscdk.Certificate_FromCertificateArn(this, jsii.String("Cert"), jsii.String("helloworld")),
					SslPolicy: awscdk.SslPolicy_TLS12_EXT,
				},
			},
		},
		&applicationLoadBalancerProps{
			Name: jsii.String("lb2"),
			IdleTimeout: awscdk.Duration_*Seconds(jsii.Number(120)),
			DomainName: jsii.String("frontend.com"),
			DomainZone: awscdk.NewPublicHostedZone(this, jsii.String("HostedZone"), &PublicHostedZoneProps{
				ZoneName: jsii.String("frontend.com"),
			}),
			Listeners: []*applicationListenerProps{
				&applicationListenerProps{
					Name: jsii.String("listener2"),
					Protocol: awscdk.ApplicationProtocol_HTTPS,
					Certificate: awscdk.Certificate_*FromCertificateArn(this, jsii.String("Cert2"), jsii.String("helloworld")),
					SslPolicy: awscdk.SslPolicy_TLS12_EXT,
				},
			},
		},
	},
	TargetGroups: []applicationTargetProps{
		&applicationTargetProps{
			ContainerPort: jsii.Number(80),
			Listener: jsii.String("listener"),
		},
		&applicationTargetProps{
			ContainerPort: jsii.Number(90),
			PathPattern: jsii.String("a/b/c"),
			Priority: jsii.Number(10),
			Listener: jsii.String("listener"),
		},
		&applicationTargetProps{
			ContainerPort: jsii.Number(443),
			Listener: jsii.String("listener2"),
		},
		&applicationTargetProps{
			ContainerPort: jsii.Number(80),
			PathPattern: jsii.String("a/b/c"),
			Priority: jsii.Number(10),
			Listener: jsii.String("listener2"),
		},
	},
})

See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html

const (
	// The recommended security policy for TLS listeners. This is the default policy for listeners created using the AWS Management Console.
	//
	// This policy includes TLS 1.3, and is backwards compatible with TLS 1.2
	SslPolicy_RECOMMENDED_TLS SslPolicy = "RECOMMENDED_TLS"
	// The recommended policy for http listeners.
	//
	// This is the default security policy for listeners created using the AWS CLI.
	SslPolicy_RECOMMENDED SslPolicy = "RECOMMENDED"
	// TLS1.2 and 1.3.
	SslPolicy_TLS13_RES SslPolicy = "TLS13_RES"
	// TLS1.2 and 1.3 and no SHA ciphers.
	SslPolicy_TLS13_EXT1 SslPolicy = "TLS13_EXT1"
	// TLS1.2 and 1.3 with all ciphers.
	SslPolicy_TLS13_EXT2 SslPolicy = "TLS13_EXT2"
	// TLS1.0 through 1.3 with all ciphers.
	SslPolicy_TLS13_10 SslPolicy = "TLS13_10"
	// TLS1.1 through 1.3 with all ciphers.
	SslPolicy_TLS13_11 SslPolicy = "TLS13_11"
	// TLS1.3 only.
	SslPolicy_TLS13_13 SslPolicy = "TLS13_13"
	// TLS 1.3 only with AES 128 and 256 GCM SHA ciphers.
	SslPolicy_FIPS_TLS13_13 SslPolicy = "FIPS_TLS13_13"
	// TLS 1.2 and 1.3 with AES and ECDHE GCM/SHA ciphers.
	SslPolicy_FIPS_TLS13_12_RES SslPolicy = "FIPS_TLS13_12_RES"
	// TLS 1.2 and 1.3 with ECDHE SHA/GCM ciphers, excluding SHA1 ciphers.
	SslPolicy_FIPS_TLS13_12 SslPolicy = "FIPS_TLS13_12"
	// TLS 1.2 and 1.3 with all ECDHE ciphers.
	SslPolicy_FIPS_TLS13_12_EXT0 SslPolicy = "FIPS_TLS13_12_EXT0"
	// TLS 1.2 and 1.3 with all AES and ECDHE ciphers excluding SHA1 ciphers.
	SslPolicy_FIPS_TLS13_12_EXT1 SslPolicy = "FIPS_TLS13_12_EXT1"
	// TLS 1.2 and 1.3 with all ciphers.
	SslPolicy_FIPS_TLS13_12_EXT2 SslPolicy = "FIPS_TLS13_12_EXT2"
	// TLS1.1 through 1.3 with all ciphers.
	SslPolicy_FIPS_TLS13_11 SslPolicy = "FIPS_TLS13_11"
	// TLS1.0 through 1.3 with all ciphers.
	SslPolicy_FIPS_TLS13_10 SslPolicy = "FIPS_TLS13_10"
	// Strong foward secrecy ciphers and TLV1.2 only (2020 edition). Same as FORWARD_SECRECY_TLS12_RES, but only supports GCM versions of the TLS ciphers.
	SslPolicy_FORWARD_SECRECY_TLS12_RES_GCM SslPolicy = "FORWARD_SECRECY_TLS12_RES_GCM"
	// Strong forward secrecy ciphers and TLS1.2 only.
	SslPolicy_FORWARD_SECRECY_TLS12_RES SslPolicy = "FORWARD_SECRECY_TLS12_RES"
	// Forward secrecy ciphers and TLS1.2 only.
	SslPolicy_FORWARD_SECRECY_TLS12 SslPolicy = "FORWARD_SECRECY_TLS12"
	// Forward secrecy ciphers only with TLS1.1 and 1.2.
	SslPolicy_FORWARD_SECRECY_TLS11 SslPolicy = "FORWARD_SECRECY_TLS11"
	// Forward secrecy ciphers only.
	SslPolicy_FORWARD_SECRECY SslPolicy = "FORWARD_SECRECY"
	// TLS1.2 only and no SHA ciphers.
	SslPolicy_TLS12 SslPolicy = "TLS12"
	// TLS1.2 only with all ciphers.
	SslPolicy_TLS12_EXT SslPolicy = "TLS12_EXT"
	// TLS1.1 and 1.2 with all ciphers.
	SslPolicy_TLS11 SslPolicy = "TLS11"
	// Support for DES-CBC3-SHA.
	//
	// Do not use this security policy unless you must support a legacy client
	// that requires the DES-CBC3-SHA cipher, which is a weak cipher.
	SslPolicy_LEGACY SslPolicy = "LEGACY"
)

type TargetGroupAttributes

type TargetGroupAttributes struct {
	// ARN of the target group.
	TargetGroupArn *string `field:"required" json:"targetGroupArn" yaml:"targetGroupArn"`
	// A Token representing the list of ARNs for the load balancer routing to this target group.
	LoadBalancerArns *string `field:"optional" json:"loadBalancerArns" yaml:"loadBalancerArns"`
}

Properties to reference an existing target group.

Example:

var stack stack

targetGroup := elbv2.ApplicationTargetGroup_FromTargetGroupAttributes(this, jsii.String("MyTargetGroup"), &TargetGroupAttributes{
	TargetGroupArn: awscdk.Fn_ImportValue(jsii.String("TargetGroupArn")),
	LoadBalancerArns: awscdk.Fn_*ImportValue(jsii.String("LoadBalancerArn")),
})

targetGroupMetrics := targetGroup.Metrics

type TargetGroupBase

type TargetGroupBase interface {
	constructs.Construct
	ITargetGroup
	// Default port configured for members of this target group.
	DefaultPort() *float64
	// Full name of first load balancer.
	//
	// This identifier is emitted as a dimensions of the metrics of this target
	// group.
	//
	// Example value: `app/my-load-balancer/123456789`.
	FirstLoadBalancerFullName() *string
	// Health check for the members of this target group.
	HealthCheck() *HealthCheck
	SetHealthCheck(val *HealthCheck)
	// A token representing a list of ARNs of the load balancers that route traffic to this target group.
	LoadBalancerArns() *string
	// List of constructs that need to be depended on to ensure the TargetGroup is associated to a load balancer.
	LoadBalancerAttached() constructs.IDependable
	// Configurable dependable with all resources that lead to load balancer attachment.
	LoadBalancerAttachedDependencies() constructs.DependencyGroup
	// The tree node.
	Node() constructs.Node
	// The ARN of the target group.
	TargetGroupArn() *string
	// The full name of the target group.
	TargetGroupFullName() *string
	// ARNs of load balancers load balancing to this TargetGroup.
	TargetGroupLoadBalancerArns() *[]*string
	// The name of the target group.
	TargetGroupName() *string
	// The types of the directly registered members of this target group.
	TargetType() TargetType
	SetTargetType(val TargetType)
	// Register the given load balancing target as part of this group.
	AddLoadBalancerTarget(props *LoadBalancerTargetProps)
	// Set/replace the target group's health check.
	ConfigureHealthCheck(healthCheck *HealthCheck)
	// Set a non-standard attribute on the target group.
	// See: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-attributes
	//
	SetAttribute(key *string, value *string)
	// Returns a string representation of this construct.
	ToString() *string
	ValidateHealthCheck() *[]*string
	ValidateTargetGroup() *[]*string
}

Define the target of a load balancer.

type TargetGroupIpAddressType added in v2.172.0

type TargetGroupIpAddressType string

The IP address type of targets registered with a target group.

Example:

var vpc vpc

ipv4ApplicationTargetGroup := elbv2.NewApplicationTargetGroup(this, jsii.String("IPv4ApplicationTargetGroup"), &ApplicationTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV4,
})

ipv6ApplicationTargetGroup := elbv2.NewApplicationTargetGroup(this, jsii.String("Ipv6ApplicationTargetGroup"), &ApplicationTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV6,
})

ipv4NetworkTargetGroup := elbv2.NewNetworkTargetGroup(this, jsii.String("IPv4NetworkTargetGroup"), &NetworkTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV4,
})

ipv6NetworkTargetGroup := elbv2.NewNetworkTargetGroup(this, jsii.String("Ipv6NetworkTargetGroup"), &NetworkTargetGroupProps{
	Vpc: Vpc,
	Port: jsii.Number(80),
	TargetType: elbv2.TargetType_INSTANCE,
	IpAddressType: elbv2.TargetGroupIpAddressType_IPV6,
})
const (
	// IPv4 addresses.
	TargetGroupIpAddressType_IPV4 TargetGroupIpAddressType = "IPV4"
	// IPv6 addresses.
	TargetGroupIpAddressType_IPV6 TargetGroupIpAddressType = "IPV6"
)

type TargetGroupLoadBalancingAlgorithmType

type TargetGroupLoadBalancingAlgorithmType string

Load balancing algorithmm type for target groups.

Example:

var vpc vpc

tg := elbv2.NewApplicationTargetGroup(this, jsii.String("TargetGroup"), &ApplicationTargetGroupProps{
	Vpc: Vpc,
	LoadBalancingAlgorithmType: elbv2.TargetGroupLoadBalancingAlgorithmType_WEIGHTED_RANDOM,
	EnableAnomalyMitigation: jsii.Boolean(true),
})
const (
	// round_robin.
	TargetGroupLoadBalancingAlgorithmType_ROUND_ROBIN TargetGroupLoadBalancingAlgorithmType = "ROUND_ROBIN"
	// least_outstanding_requests.
	TargetGroupLoadBalancingAlgorithmType_LEAST_OUTSTANDING_REQUESTS TargetGroupLoadBalancingAlgorithmType = "LEAST_OUTSTANDING_REQUESTS"
	// weighted_random.
	TargetGroupLoadBalancingAlgorithmType_WEIGHTED_RANDOM TargetGroupLoadBalancingAlgorithmType = "WEIGHTED_RANDOM"
)

type TargetType

type TargetType string

How to interpret the load balancing target identifiers.

Example:

var vpc vpc

tg := elbv2.NewApplicationTargetGroup(this, jsii.String("TG"), &ApplicationTargetGroupProps{
	TargetType: elbv2.TargetType_IP,
	Port: jsii.Number(50051),
	Protocol: elbv2.ApplicationProtocol_HTTP,
	ProtocolVersion: elbv2.ApplicationProtocolVersion_GRPC,
	HealthCheck: &HealthCheck{
		Enabled: jsii.Boolean(true),
		HealthyGrpcCodes: jsii.String("0-99"),
	},
	Vpc: Vpc,
})
const (
	// Targets identified by instance ID.
	TargetType_INSTANCE TargetType = "INSTANCE"
	// Targets identified by IP address.
	TargetType_IP TargetType = "IP"
	// Target is a single Lambda Function.
	TargetType_LAMBDA TargetType = "LAMBDA"
	// Target is a single Application Load Balancer.
	TargetType_ALB TargetType = "ALB"
)

type TrustStore added in v2.154.0

type TrustStore interface {
	awscdk.Resource
	ITrustStore
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// The number of CA certificates in the trust store.
	NumberOfCaCertificates() *float64
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// The status of the trust store.
	Status() *string
	// The ARN of the trust store.
	TrustStoreArn() *string
	// The name of the trust store.
	TrustStoreName() *string
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

A new Trust Store.

Example:

import acm "github.com/aws/aws-cdk-go/awscdk"

var certificate certificate
var lb applicationLoadBalancer
var bucket bucket

trustStore := elbv2.NewTrustStore(this, jsii.String("Store"), &TrustStoreProps{
	Bucket: Bucket,
	Key: jsii.String("rootCA_cert.pem"),
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Protocol: elbv2.ApplicationProtocol_HTTPS,
	Certificates: []iListenerCertificate{
		certificate,
	},
	// mTLS settings
	MutualAuthentication: &MutualAuthentication{
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		MutualAuthenticationMode: elbv2.MutualAuthenticationMode_VERIFY,
		TrustStore: *TrustStore,
	},
	DefaultAction: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("Success mTLS"),
	}),
})

func NewTrustStore added in v2.154.0

func NewTrustStore(scope constructs.Construct, id *string, props *TrustStoreProps) TrustStore

type TrustStoreProps added in v2.154.0

type TrustStoreProps struct {
	// The bucket that the trust store is hosted in.
	Bucket awss3.IBucket `field:"required" json:"bucket" yaml:"bucket"`
	// The key in S3 to look at for the trust store.
	Key *string `field:"required" json:"key" yaml:"key"`
	// The name of the trust store.
	// Default: - Auto generated.
	//
	TrustStoreName *string `field:"optional" json:"trustStoreName" yaml:"trustStoreName"`
	// The version of the S3 object that contains your truststore.
	//
	// To specify a version, you must have versioning enabled for the S3 bucket.
	// Default: - latest version.
	//
	Version *string `field:"optional" json:"version" yaml:"version"`
}

Properties used for the Trust Store.

Example:

import acm "github.com/aws/aws-cdk-go/awscdk"

var certificate certificate
var lb applicationLoadBalancer
var bucket bucket

trustStore := elbv2.NewTrustStore(this, jsii.String("Store"), &TrustStoreProps{
	Bucket: Bucket,
	Key: jsii.String("rootCA_cert.pem"),
})

lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
	Port: jsii.Number(443),
	Protocol: elbv2.ApplicationProtocol_HTTPS,
	Certificates: []iListenerCertificate{
		certificate,
	},
	// mTLS settings
	MutualAuthentication: &MutualAuthentication{
		IgnoreClientCertificateExpiry: jsii.Boolean(false),
		MutualAuthenticationMode: elbv2.MutualAuthenticationMode_VERIFY,
		TrustStore: *TrustStore,
	},
	DefaultAction: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
		ContentType: jsii.String("text/plain"),
		MessageBody: jsii.String("Success mTLS"),
	}),
})

type TrustStoreRevocation added in v2.154.0

type TrustStoreRevocation interface {
	awscdk.Resource
	// The environment this resource belongs to.
	//
	// For resources that are created and managed by the CDK
	// (generally, those created by creating new class instances like Role, Bucket, etc.),
	// this is always the same as the environment of the stack they belong to;
	// however, for imported resources
	// (those obtained from static methods like fromRoleArn, fromBucketName, etc.),
	// that might be different than the stack they were imported into.
	Env() *awscdk.ResourceEnvironment
	// The tree node.
	Node() constructs.Node
	// Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
	//
	// This value will resolve to one of the following:
	// - a concrete value (e.g. `"my-awesome-bucket"`)
	// - `undefined`, when a name should be generated by CloudFormation
	// - a concrete name generated automatically during synthesis, in
	//   cross-environment scenarios.
	PhysicalName() *string
	// The stack in which this resource is defined.
	Stack() awscdk.Stack
	// Apply the given removal policy to this resource.
	//
	// The Removal Policy controls what happens to this resource when it stops
	// being managed by CloudFormation, either because you've removed it from the
	// CDK application or because you've made a change that requires the resource
	// to be replaced.
	//
	// The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS
	// account for data recovery and cleanup later (`RemovalPolicy.RETAIN`).
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	// Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. `bucket.bucketArn`).
	//
	// Normally, this token will resolve to `arnAttr`, but if the resource is
	// referenced across environments, `arnComponents` will be used to synthesize
	// a concrete ARN with the resource's physical name. Make sure to reference
	// `this.physicalName` in `arnComponents`.
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	// Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. `bucket.bucketName`).
	//
	// Normally, this token will resolve to `nameAttr`, but if the resource is
	// referenced across environments, it will be resolved to `this.physicalName`,
	// which will be a concrete name.
	GetResourceNameAttribute(nameAttr *string) *string
	// Returns a string representation of this construct.
	ToString() *string
}

A new Trust Store Revocation.

Example:

var trustStore trustStore
var bucket bucket

elbv2.NewTrustStoreRevocation(this, jsii.String("Revocation"), &TrustStoreRevocationProps{
	TrustStore: TrustStore,
	RevocationContents: []revocationContent{
		&revocationContent{
			RevocationType: elbv2.RevocationType_CRL,
			Bucket: *Bucket,
			Key: jsii.String("crl.pem"),
		},
	},
})

func NewTrustStoreRevocation added in v2.154.0

func NewTrustStoreRevocation(scope constructs.Construct, id *string, props *TrustStoreRevocationProps) TrustStoreRevocation

type TrustStoreRevocationProps added in v2.154.0

type TrustStoreRevocationProps struct {
	// The revocation file to add.
	RevocationContents *[]*RevocationContent `field:"required" json:"revocationContents" yaml:"revocationContents"`
	// The trust store.
	TrustStore ITrustStore `field:"required" json:"trustStore" yaml:"trustStore"`
}

Properties for the trust store revocation.

Example:

var trustStore trustStore
var bucket bucket

elbv2.NewTrustStoreRevocation(this, jsii.String("Revocation"), &TrustStoreRevocationProps{
	TrustStore: TrustStore,
	RevocationContents: []revocationContent{
		&revocationContent{
			RevocationType: elbv2.RevocationType_CRL,
			Bucket: *Bucket,
			Key: jsii.String("crl.pem"),
		},
	},
})

type UnauthenticatedAction

type UnauthenticatedAction string

What to do with unauthenticated requests.

const (
	// Return an HTTP 401 Unauthorized error.
	UnauthenticatedAction_DENY UnauthenticatedAction = "DENY"
	// Allow the request to be forwarded to the target.
	UnauthenticatedAction_ALLOW UnauthenticatedAction = "ALLOW"
	// Redirect the request to the IdP authorization endpoint.
	UnauthenticatedAction_AUTHENTICATE UnauthenticatedAction = "AUTHENTICATE"
)

type WeightedTargetGroup

type WeightedTargetGroup struct {
	// The target group.
	TargetGroup IApplicationTargetGroup `field:"required" json:"targetGroup" yaml:"targetGroup"`
	// The target group's weight.
	//
	// Range is [0..1000).
	// Default: 1.
	//
	Weight *float64 `field:"optional" json:"weight" yaml:"weight"`
}

A Target Group and weight combination.

Example:

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import "github.com/aws/aws-cdk-go/awscdk"

var applicationTargetGroup applicationTargetGroup

weightedTargetGroup := &WeightedTargetGroup{
	TargetGroup: applicationTargetGroup,

	// the properties below are optional
	Weight: jsii.Number(123),
}

type XffHeaderProcessingMode added in v2.137.0

type XffHeaderProcessingMode string

Processing mode of the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target.

Example:

var vpc vpc

lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
	Vpc: Vpc,
	InternetFacing: jsii.Boolean(true),

	// Whether HTTP/2 is enabled
	Http2Enabled: jsii.Boolean(false),

	// The idle timeout value, in seconds
	IdleTimeout: awscdk.Duration_Seconds(jsii.Number(1000)),

	// Whether HTTP headers with header fields thatare not valid
	// are removed by the load balancer (true), or routed to targets
	DropInvalidHeaderFields: jsii.Boolean(true),

	// How the load balancer handles requests that might
	// pose a security risk to your application
	DesyncMitigationMode: elbv2.DesyncMitigationMode_DEFENSIVE,

	// The type of IP addresses to use.
	IpAddressType: elbv2.IpAddressType_IPV4,

	// The duration of client keep-alive connections
	ClientKeepAlive: awscdk.Duration_*Seconds(jsii.Number(500)),

	// Whether cross-zone load balancing is enabled.
	CrossZoneEnabled: jsii.Boolean(true),

	// Whether the load balancer blocks traffic through the Internet Gateway (IGW).
	DenyAllIgwTraffic: jsii.Boolean(false),

	// Whether to preserve host header in the request to the target
	PreserveHostHeader: jsii.Boolean(true),

	// Whether to add the TLS information header to the request
	XAmznTlsVersionAndCipherSuiteHeaders: jsii.Boolean(true),

	// Whether the X-Forwarded-For header should preserve the source port
	PreserveXffClientPort: jsii.Boolean(true),

	// The processing mode for X-Forwarded-For headers
	XffHeaderProcessingMode: elbv2.XffHeaderProcessingMode_APPEND,

	// Whether to allow a load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
	WafFailOpen: jsii.Boolean(true),
})
const (
	// Application Load Balancer adds the client IP address (of the last hop) to the X-Forwarded-For header in the HTTP request before it sends it to targets.
	XffHeaderProcessingMode_APPEND XffHeaderProcessingMode = "APPEND"
	// Application Load Balancer preserves the X-Forwarded-For header in the HTTP request, and sends it to targets without any change.
	XffHeaderProcessingMode_PRESERVE XffHeaderProcessingMode = "PRESERVE"
	// Application Load Balancer removes the X-Forwarded-For header in the HTTP request before it sends it to targets.
	XffHeaderProcessingMode_REMOVE XffHeaderProcessingMode = "REMOVE"
)

Source Files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL