Resource: awsElb
Provides an Elastic Load Balancer resource, also known as a "Classic Load Balancer" after the release of Application/Network Load Balancers.
\~> NOTE on ELB Instances and ELB Attachments: Terraform currently provides both a standalone ELB Attachment resource (describing an instance attached to an ELB), and an ELB resource with instances defined in-line. At this time you cannot use an ELB with in-line instances in conjunction with a ELB Attachment resources. Doing so will cause a conflict and will overwrite attachments.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.elb.Elb(this, "bar", {
accessLogs: {
bucket: "foo",
bucketPrefix: "bar",
interval: 60,
},
availabilityZones: ["us-west-2a", "us-west-2b", "us-west-2c"],
connectionDraining: true,
connectionDrainingTimeout: 400,
crossZoneLoadBalancing: true,
healthCheck: {
healthyThreshold: 2,
interval: 30,
target: "HTTP:8000/",
timeout: 3,
unhealthyThreshold: 2,
},
idleTimeout: 400,
instances: ["${aws_instance.foo.id}"],
listener: [
{
instancePort: 8000,
instanceProtocol: "http",
lbPort: 80,
lbProtocol: "http",
},
{
instancePort: 8000,
instanceProtocol: "http",
lbPort: 443,
lbProtocol: "https",
sslCertificateId: "arn:aws:iam::123456789012:server-certificate/certName",
},
],
name: "foobar-terraform-elb",
tags: {
Name: "foobar-terraform-elb",
},
});
Argument Reference
The following arguments are supported:
name- (Optional) The name of the ELB. By default generated by Terraform.namePrefix- (Optional, Forces new resource) Creates a unique name beginning with the specified prefix. Conflicts withname.accessLogs- (Optional) An Access Logs block. Access Logs documented below.availabilityZones- (Required for an EC2-classic ELB) The AZ's to serve traffic in.securityGroups- (Optional) A list of security group IDs to assign to the ELB. Only valid if creating an ELB within a VPCsubnets- (Required for a VPC ELB) A list of subnet IDs to attach to the ELB.instances- (Optional) A list of instance ids to place in the ELB pool.internal- (Optional) If true, ELB will be an internal ELB.listener- (Required) A list of listener blocks. Listeners documented below.healthCheck- (Optional) A health_check block. Health Check documented below.crossZoneLoadBalancing- (Optional) Enable cross-zone load balancing. Default:trueidleTimeout- (Optional) The time in seconds that the connection is allowed to be idle. Default:60connectionDraining- (Optional) Boolean to enable connection draining. Default:falseconnectionDrainingTimeout- (Optional) The time in seconds to allow for connections to drain. Default:300desyncMitigationMode- (Optional) Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values aremonitor,defensive(default),strictest.tags- (Optional) A map of tags to assign to the resource. If configured with a providerdefaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Exactly one of availabilityZones or subnets must be specified: this determines if the ELB exists in a VPC or in EC2-classic.
Access Logs (accessLogs) support the following:
bucket- (Required) The S3 bucket name to store the logs in.bucketPrefix- (Optional) The S3 bucket prefix. Logs are stored in the root if not configured.interval- (Optional) The publishing interval in minutes. Valid values:5and60. Default:60enabled- (Optional) Boolean to enable / disableaccessLogs. Default istrue
Listeners (listener) support the following:
instancePort- (Required) The port on the instance to route toinstanceProtocol- (Required) The protocol to use to the instance. Valid values arehttp,https,tcp, orssllbPort- (Required) The port to listen on for the load balancerlbProtocol- (Required) The protocol to listen on. Valid values arehttp,https,tcp, orsslsslCertificateId- (Optional) The ARN of an SSL certificate you have uploaded to AWS IAM. Note ECDSA-specific restrictions below. Only valid whenlbProtocolis either HTTPS or SSL
Health Check (healthCheck) supports the following:
healthyThreshold- (Required) The number of checks before the instance is declared healthy.unhealthyThreshold- (Required) The number of checks before the instance is declared unhealthy.target- (Required) The target of the check. Valid pattern is "${PROTOCOL}:${PORT}${PATH}", where PROTOCOL values are:http,https- PORT and PATH are requiredtcp,ssl- PORT is required, PATH is not supportedinterval- (Required) The interval between checks.timeout- (Required) The length of time before the check times out.
Note on ECDSA Key Algorithm
If the ARN of the sslCertificateId that is pointed to references a certificate that was signed by an ECDSA key, note that ELB only supports the P256 and P384 curves. Using a certificate signed by a key using a different curve could produce the error ERR_SSL_VERSION_OR_CIPHER_MISMATCH in your browser.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id- The name of the ELBarn- The ARN of the ELBname- The name of the ELBdnsName- The DNS name of the ELBinstances- The list of instances in the ELBsourceSecurityGroup- The name of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances. Use this for Classic or Default VPC only.sourceSecurityGroupId- The ID of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances. Only available on ELBs launched in a VPC.zoneId- The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)tagsAll- A map of tags assigned to the resource, including those inherited from the providerdefaultTagsconfiguration block.
Import
ELBs can be imported using the name, e.g.,