Resource: awsLb
Provides a Load Balancer resource.
\~> Note: awsAlb is known as awsLb. The functionality is identical.
Example Usage
Application Load Balancer
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.lb.Lb(this, "test", {
accessLogs: {
bucket: "${aws_s3_bucket.lb_logs.id}",
enabled: true,
prefix: "test-lb",
},
enableDeletionProtection: true,
internal: false,
loadBalancerType: "application",
name: "test-lb-tf",
securityGroups: ["${aws_security_group.lb_sg.id}"],
subnets: ["${[for subnet in aws_subnet.public : subnet.id]}"],
tags: {
Environment: "production",
},
});
Network Load Balancer
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.lb.Lb(this, "test", {
enableDeletionProtection: true,
internal: false,
loadBalancerType: "network",
name: "test-lb-tf",
subnets: ["${[for subnet in aws_subnet.public : subnet.id]}"],
tags: {
Environment: "production",
},
});
Specifying Elastic IPs
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.lb.Lb(this, "example", {
loadBalancerType: "network",
name: "example",
subnetMapping: [
{
allocationId: "${aws_eip.example1.id}",
subnetId: "${aws_subnet.example1.id}",
},
{
allocationId: "${aws_eip.example2.id}",
subnetId: "${aws_subnet.example2.id}",
},
],
});
Specifying private IP addresses for an internal-facing load balancer
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.lb.Lb(this, "example", {
loadBalancerType: "network",
name: "example",
subnetMapping: [
{
privateIpv4Address: "10.0.1.15",
subnetId: "${aws_subnet.example1.id}",
},
{
privateIpv4Address: "10.0.2.15",
subnetId: "${aws_subnet.example2.id}",
},
],
});
Argument Reference
\~> NOTE: Please note that internal LBs can only use ipv4 as the ipAddressType. You can only change to dualstack ipAddressType if the selected subnets are IPv6 enabled.
\~> NOTE: Please note that one of either subnets or subnetMapping is required.
The following arguments are supported:
accessLogs- (Optional) An Access Logs block. Access Logs documented below.customerOwnedIpv4Pool- (Optional) The ID of the customer owned ipv4 pool to use for this load balancer.desyncMitigationMode- (Optional) Determines how the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values aremonitor,defensive(default),strictest.dropInvalidHeaderFields- (Optional) Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of typeapplication.enableCrossZoneLoadBalancing- (Optional) If true, cross-zone load balancing of the load balancer will be enabled. Fornetworkandgatewaytype load balancers, this feature is disabled by default (false). Forapplicationload balancer this feature is always enabled (true) and cannot be disabled. Defaults tofalse.enableDeletionProtection- (Optional) If true, deletion of the load balancer will be disabled via the AWS API. This will prevent Terraform from deleting the load balancer. Defaults tofalse.enableHttp2- (Optional) Indicates whether HTTP/2 is enabled inapplicationload balancers. Defaults totrue.enableTlsVersionAndCipherSuiteHeaders- (Optional) Indicates whether the two headers (xAmznTlsVersionandxAmznTlsCipherSuite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of typeapplication. Defaults tofalseenableXffClientPort- (Optional) Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer inapplicationload balancers. Defaults totrue.enableWafFailOpen- (Optional) Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults tofalse.idleTimeout- (Optional) The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of typeapplication. Default: 60.internal- (Optional) If true, the LB will be internal.ipAddressType- (Optional) The type of IP addresses used by the subnets for your load balancer. The possible values areipv4anddualstack.loadBalancerType- (Optional) The type of load balancer to create. Possible values areapplication,gateway, ornetwork. The default value isapplication.name- (Optional) The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, Terraform will autogenerate a name beginning withtfLb.namePrefix- (Optional) Creates a unique name beginning with the specified prefix. Conflicts withname.securityGroups- (Optional) A list of security group IDs to assign to the LB. Only valid for Load Balancers of typeapplication.preserveHostHeader- (Optional) Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults tofalse.subnetMapping- (Optional) A subnet mapping block as documented below.subnets- (Optional) A list of subnet IDs to attach to the LB. Subnets cannot be updated for Load Balancers of typenetwork. Changing this value for load balancers of typenetworkwill force a recreation of the resource.xffHeaderProcessingMode- (Optional) Determines how the load balancer modifies thexForwardedForheader in the HTTP request before sending the request to the target. The possible values areappend,preserve, andremove. Only valid for Load Balancers of typeapplication. The default isappend.tags- (Optional) A map of tags to assign to the resource. If configured with a providerdefaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
accessLogs
bucket- (Required) The S3 bucket name to store the logs in.enabled- (Optional) Boolean to enable / disableaccessLogs. Defaults tofalse, even whenbucketis specified.prefix- (Optional) The S3 bucket prefix. Logs are stored in the root if not configured.
subnetMapping
subnetId- (Required) ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.allocationId- (Optional) The allocation ID of the Elastic IP address for an internet-facing load balancer.ipv6Address- (Optional) The IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.privateIpv4Address- (Optional) The private IPv4 address for an internal load balancer.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn- The ARN of the load balancer (matchesid).arnSuffix- The ARN suffix for use with CloudWatch Metrics.dnsName- The DNS name of the load balancer.id- The ARN of the load balancer (matchesarn).subnetMapping.*OutpostId- ID of the Outpost containing the load balancer.tagsAll- A map of tags assigned to the resource, including those inherited from the providerdefaultTagsconfiguration block.zoneId- The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).
Timeouts
create- (Default10M)update- (Default10M)delete- (Default10M)
Import
LBs can be imported using their ARN, e.g.,