aws.elbv2-load-balancer resource

Description

LoadBalancer manages an Elastic Load Balancing v2 load balancer, the way CloudFormation models AWS::ElasticLoadBalancingV2::LoadBalancer. The name, scheme (internal vs internet-facing), and type are fixed at creation, as is the Outposts customer-owned address pool, so a change to any of them replaces the load balancer; everything else reconciles in place. CreateLoadBalancer takes the name, type, scheme, IP address type, subnets or subnet mappings, security groups, and tags; the remaining settings are attributes applied by a follow-on ModifyLoadBalancerAttributes, with the subnets, security groups, and IP address type reconciled on update by SetSubnets, SetSecurityGroups, and SetIpAddressType. The access-logs and connection-logs blocks fold into the attribute list. Each attribute applies only to certain load balancer types, so the resource sends an attribute only for its supported types.

AWS enforces the name's own bounds, so they are not expressed as constraints: the name is at most 32 characters matching ^[0-9A-Za-z-]+$, must not begin or end with a hyphen, and must not begin with "internal-".

Source: internal/service/elbv2/load_balancer_rsrc.go:57

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.elbv2-load-balancer {
    # Set input fields here.
  }
}

Inputs

name

string

required

load-balancer-type

optional(string)

internal

optional(boolean)

ip-address-type

optional(string)

customer-owned-ipv4-pool

optional(string)

security-groups

list(string)

subnets

list(string)

subnet-mappings

list(object)

list(
  object({
    subnet-id: string
    allocation-id: optional(string)
    private-ipv4-address: optional(string)
    ipv6-address: optional(string)
    source-nat-ipv6-prefix: optional(string)
  })
)

access-logs

optional(object)

optional(
  object({
    enabled: optional(boolean)
    bucket: optional(string)
    prefix: optional(string)
  })
)

connection-logs

optional(object)

optional(
  object({
    enabled: optional(boolean)
    bucket: optional(string)
    prefix: optional(string)
  })
)

tags

map(string)

idle-timeout

optional(integer)

enable-deletion-protection

optional(boolean)

enable-http2

optional(boolean)

enable-cross-zone-load-balancing

optional(boolean)

desync-mitigation-mode

optional(string)

drop-invalid-header-fields

optional(boolean)

preserve-host-header

optional(boolean)

enable-xff-client-port

optional(boolean)

xff-header-processing-mode

optional(string)

client-keep-alive

optional(integer)

enable-tls-version-and-cipher-suite-headers

optional(boolean)

dns-record-client-routing-policy

optional(string)

Input Constraints

Field combinations

Exactly one of subnets or subnet-mappings.

Load balancer type rules

load-balancer-type must be application, network, or gateway.

Rule logic

When

input.load-balancer-type != null

Require

input.load-balancer-type == 'application'
|| input.load-balancer-type == 'network'
|| input.load-balancer-type == 'gateway'

Ip address type rules

ip-address-type must be ipv4, dualstack, or dualstack-without-public-ipv4.

Rule logic

When

input.ip-address-type != null

Require

input.ip-address-type == 'ipv4'
|| input.ip-address-type == 'dualstack'
|| input.ip-address-type == 'dualstack-without-public-ipv4'

Desync mitigation mode rules

desync-mitigation-mode must be monitor, defensive, or strictest.

Rule logic

When

input.desync-mitigation-mode != null

Require

input.desync-mitigation-mode == 'monitor'
|| input.desync-mitigation-mode == 'defensive'
|| input.desync-mitigation-mode == 'strictest'

Xff header processing mode rules

xff-header-processing-mode must be append, preserve, or remove.

Rule logic

When

input.xff-header-processing-mode != null

Require

input.xff-header-processing-mode == 'append'
|| input.xff-header-processing-mode == 'preserve'
|| input.xff-header-processing-mode == 'remove'

Dns record client routing policy rules

dns-record-client-routing-policy must be a valid routing policy.

Rule logic

When

input.dns-record-client-routing-policy != null

Require

input.dns-record-client-routing-policy == 'availability_zone_affinity'
|| input.dns-record-client-routing-policy == 'partial_availability_zone_affinity'
|| input.dns-record-client-routing-policy == 'any_availability_zone'

Access logs rules

enabled access-logs require a bucket.

Rule logic

When

input.access-logs.enabled == true

Require

input.access-logs.bucket != null

Connection logs rules

enabled connection-logs require a bucket.

Rule logic

When

input.connection-logs.enabled == true

Require

input.connection-logs.bucket != null

Outputs

arn

string

dns-name

string

canonical-hosted-zone-id

string

arn-suffix

string

vpc-id

string

ip-address-type

string

name

string

scheme

string