Skip to content

Resource: awsLoadBalancerPolicy

Provides a load balancer policy, which can be attached to an ELB listener or backend server.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsElbWuTang = new aws.elb.Elb(this, "wu-tang", {
  availabilityZones: ["us-east-1a"],
  listener: [
    {
      instancePort: 443,
      instanceProtocol: "http",
      lbPort: 443,
      lbProtocol: "https",
      sslCertificateId:
        "arn:aws:iam::000000000000:server-certificate/wu-tang.net",
    },
  ],
  name: "wu-tang",
  tags: {
    Name: "wu-tang",
  },
});
new aws.loadBalancerPolicy.LoadBalancerPolicy(
  this,
  "wu-tang-ca-pubkey-policy",
  {
    loadBalancerName: awsElbWuTang.name,
    policyAttribute: [
      {
        name: "PublicKey",
        value: '${file("wu-tang-pubkey")}',
      },
    ],
    policyName: "wu-tang-ca-pubkey-policy",
    policyTypeName: "PublicKeyPolicyType",
  }
);
const awsLoadBalancerPolicyWuTangRootCaBackendAuthPolicy =
  new aws.loadBalancerPolicy.LoadBalancerPolicy(
    this,
    "wu-tang-root-ca-backend-auth-policy",
    {
      loadBalancerName: awsElbWuTang.name,
      policyAttribute: [
        {
          name: "PublicKeyPolicyName",
          value:
            "${aws_load_balancer_policy.wu-tang-root-ca-pubkey-policy.policy_name}",
        },
      ],
      policyName: "wu-tang-root-ca-backend-auth-policy",
      policyTypeName: "BackendServerAuthenticationPolicyType",
    }
  );
const awsLoadBalancerPolicyWuTangSsl =
  new aws.loadBalancerPolicy.LoadBalancerPolicy(this, "wu-tang-ssl", {
    loadBalancerName: awsElbWuTang.name,
    policyAttribute: [
      {
        name: "ECDHE-ECDSA-AES128-GCM-SHA256",
        value: "true",
      },
      {
        name: "Protocol-TLSv1.2",
        value: "true",
      },
    ],
    policyName: "wu-tang-ssl",
    policyTypeName: "SSLNegotiationPolicyType",
  });
new aws.loadBalancerPolicy.LoadBalancerPolicy(this, "wu-tang-ssl-tls-1-1", {
  loadBalancerName: awsElbWuTang.name,
  policyAttribute: [
    {
      name: "Reference-Security-Policy",
      value: "ELBSecurityPolicy-TLS-1-1-2017-01",
    },
  ],
  policyName: "wu-tang-ssl",
  policyTypeName: "SSLNegotiationPolicyType",
});
new aws.loadBalancerBackendServerPolicy.LoadBalancerBackendServerPolicy(
  this,
  "wu-tang-backend-auth-policies-443",
  {
    instancePort: 443,
    loadBalancerName: awsElbWuTang.name,
    policyNames: [
      awsLoadBalancerPolicyWuTangRootCaBackendAuthPolicy.policyName,
    ],
  }
);
new aws.loadBalancerListenerPolicy.LoadBalancerListenerPolicy(
  this,
  "wu-tang-listener-policies-443",
  {
    loadBalancerName: awsElbWuTang.name,
    loadBalancerPort: 443,
    policyNames: [awsLoadBalancerPolicyWuTangSsl.policyName],
  }
);

Argument Reference

The following arguments are supported:

  • loadBalancerName - (Required) The load balancer on which the policy is defined.
  • policyName - (Required) The name of the load balancer policy.
  • policyTypeName - (Required) The policy type.
  • policyAttribute - (Optional) Policy attribute to apply to the policy.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the policy.
  • policyName - The name of the stickiness policy.
  • policyTypeName - The policy type of the policy.
  • loadBalancerName - The load balancer on which the policy is defined.