aws.elbv2-listener-rule resource¶

Description¶

ListenerRule is one routing rule on an Application Load Balancer listener: an ordered set of conditions that match a request and the actions to take when they do. The fields mirror the ELBv2 CreateRule API, which an update reconciles through ModifyRule, with priority reconciled by the separate SetRulePriorities call.

A rule belongs to one listener for its lifetime, so a change to the listener ARN replaces the rule; everything else changes in place. The priority orders the rule against the listener's other rules and may change without replacing the rule. When the priority is omitted, the resource assigns the next free slot above the listener's highest non-default rule, retrying if another rule claims that slot first.

The cross-field rules on actions and conditions are all declared as constraints: each action's type fixes which sub-block it takes, each condition sets exactly one matcher with non-empty values, a forward block names one to five weighted target groups, and every query-string pair sets a value.

Source: internal/service/elbv2/listener_rule_rsrc.go:53

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.elbv2-listener-rule {
    # Set input fields here.
  }
}

Inputs¶

listener-arn

string

required

priority

optional(integer)

actions

list(object)

list(
  object({
    type: string
    order: optional(integer)
    target-group-arn: optional(string)
    forward: optional(
      object({
        target-groups: list(
          object({
            arn: optional(string)
            weight: optional(integer)
          })
        )
        stickiness: optional(
          object({
            enabled: optional(boolean)
            duration-seconds: optional(integer)
          })
        )
      })
    )
    redirect: optional(
      object({
        status-code: string
        host: optional(string)
        path: optional(string)
        port: optional(string)
        protocol: optional(string)
        query: optional(string)
      })
    )
    fixed-response: optional(
      object({
        content-type: string
        status-code: optional(string)
        message-body: optional(string)
      })
    )
  })
)

required

conditions

list(object)

list(
  object({
    host-header: optional(
      object({
        values: list(string)
      })
    )
    http-header: optional(
      object({
        http-header-name: string
        values: list(string)
      })
    )
    http-request-method: optional(
      object({
        values: list(string)
      })
    )
    path-pattern: optional(
      object({
        values: list(string)
      })
    )
    query-string: optional(
      object({
        values: list(
          object({
            key: optional(string)
            value: optional(string)
          })
        )
      })
    )
    source-ip: optional(
      object({
        values: list(string)
      })
    )
  })
)

required

tags

map(string)

Input Constraints¶

Priority rules

priority must be between 1 and 50000.

Rule logic

When: input.priority != null
Require: (input.priority == null || input.priority >= 1)
&& (input.priority == null || input.priority <= 50000)

Actions rules

a rule requires at least one action.

Rule logic

Require: input.actions != null
&& @core.length(input.actions) >= 1

an action type must be forward, redirect, or fixed-response.

Rule logic

For each: input.actions
Require: @each.value.type == 'forward'
|| @each.value.type == 'redirect'
|| @each.value.type == 'fixed-response'

a forward action takes exactly one of target-group-arn or forward.

Rule logic

For each: input.actions
When: @each.value.type == 'forward'
Require: (((@each.value.target-group-arn != null) && (@each.value.forward == null)) || ((@each.value.target-group-arn == null) && (@each.value.forward != null)))
&& @each.value.redirect == null
&& @each.value.fixed-response == null

a redirect action takes a redirect block only.

Rule logic

For each: input.actions
When: @each.value.type == 'redirect'
Require: @each.value.redirect != null
&& @each.value.target-group-arn == null
&& @each.value.forward == null
&& @each.value.fixed-response == null

a fixed-response action takes a fixed-response block only.

Rule logic

For each: input.actions
When: @each.value.type == 'fixed-response'
Require: @each.value.fixed-response != null
&& @each.value.target-group-arn == null
&& @each.value.forward == null
&& @each.value.redirect == null

an action order must be between 1 and 50000.

Rule logic

For each: input.actions
When: @each.value.order != null
Require: (@each.value.order == null || @each.value.order >= 1)
&& (@each.value.order == null || @each.value.order <= 50000)

a redirect status-code must be HTTP_301 or HTTP_302.

Rule logic

For each: input.actions
When: @each.value.redirect.status-code != null
Require: @each.value.redirect.status-code == 'HTTP_301'
|| @each.value.redirect.status-code == 'HTTP_302'

a redirect protocol must be HTTP, HTTPS, or #{protocol}.

Rule logic

For each: input.actions
When: @each.value.redirect.protocol != null
Require: @each.value.redirect.protocol == '#{protocol}'
|| @each.value.redirect.protocol == 'HTTP'
|| @each.value.redirect.protocol == 'HTTPS'

a fixed-response content-type must be one of the accepted types.

Rule logic

For each: input.actions
When: @each.value.fixed-response.content-type != null
Require: @each.value.fixed-response.content-type == 'text/plain'
|| @each.value.fixed-response.content-type == 'text/css'
|| @each.value.fixed-response.content-type == 'text/html'
|| @each.value.fixed-response.content-type == 'application/javascript'
|| @each.value.fixed-response.content-type == 'application/json'

a forward block takes one to five target-groups.

Rule logic

For each: input.actions
When: @each.value.forward != null
Require: ((@each.value.forward.target-groups != null) && (@core.length(@each.value.forward.target-groups) >= 1))
&& (@each.value.forward.target-groups == null || @core.length(@each.value.forward.target-groups) <= 5)

a forward target-group requires an arn.

Rule logic

For each: @a in input.actions
@g in @a.value.forward.target-groups
Require: @g.value.arn != null

a target group weight must be between 0 and 999.

Rule logic

For each: @a in input.actions
@g in @a.value.forward.target-groups
When: @g.value.weight != null
Require: (@g.value.weight == null || @g.value.weight >= 0)
&& (@g.value.weight == null || @g.value.weight <= 999)

enabled forward stickiness requires duration-seconds.

Rule logic

For each: input.actions
When: @each.value.forward.stickiness.enabled == true
Require: @each.value.forward.stickiness.duration-seconds != null

stickiness duration-seconds must be between 1 and 604800.

Rule logic

For each: input.actions
When: @each.value.forward.stickiness.duration-seconds != null
Require: (@each.value.forward.stickiness.duration-seconds == null || @each.value.forward.stickiness.duration-seconds >= 1)
&& (@each.value.forward.stickiness.duration-seconds == null || @each.value.forward.stickiness.duration-seconds <= 604800)

Conditions rules

a rule requires at least one condition.

Rule logic

Require: input.conditions != null
&& @core.length(input.conditions) >= 1

At most one of conditions[*].host-header, conditions[*].http-header, conditions[*].http-request-method, conditions[*].path-pattern, conditions[*].query-string, or conditions[*].source-ip.

a condition requires exactly one matcher.

Rule logic

For each: input.conditions
Require: @each.value.host-header != null
|| @each.value.http-header != null
|| @each.value.http-request-method != null
|| @each.value.path-pattern != null
|| @each.value.query-string != null
|| @each.value.source-ip != null

host-header requires values.

Rule logic

For each: input.conditions
When: @each.value.host-header != null
Require: @each.value.host-header.values != null
&& @core.length(@each.value.host-header.values) >= 1

http-header requires values.

Rule logic

For each: input.conditions
When: @each.value.http-header != null
Require: @each.value.http-header.values != null
&& @core.length(@each.value.http-header.values) >= 1

http-request-method requires values.

Rule logic

For each: input.conditions
When: @each.value.http-request-method != null
Require: @each.value.http-request-method.values != null
&& @core.length(@each.value.http-request-method.values) >= 1

path-pattern requires values.

Rule logic

For each: input.conditions
When: @each.value.path-pattern != null
Require: @each.value.path-pattern.values != null
&& @core.length(@each.value.path-pattern.values) >= 1

query-string requires values.

Rule logic

For each: input.conditions
When: @each.value.query-string != null
Require: @each.value.query-string.values != null
&& @core.length(@each.value.query-string.values) >= 1

source-ip requires values.

Rule logic

For each: input.conditions
When: @each.value.source-ip != null
Require: @each.value.source-ip.values != null
&& @core.length(@each.value.source-ip.values) >= 1

a query-string pair requires a value.

Rule logic

For each: @c in input.conditions
@p in @c.value.query-string.values
Require: @p.value.value != null

Outputs¶

arn

string