AWS v6.73.0, Mar 19 25

AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

aws.alb.LoadBalancer

Explore with Pulumi AI

AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

pulumi/pulumi-aws

Example Usage

Application Load Balancer

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = new aws.lb.LoadBalancer("test", {
    name: "test-lb-tf",
    internal: false,
    loadBalancerType: "application",
    securityGroups: [lbSg.id],
    subnets: .map(subnet => (subnet.id)),
    enableDeletionProtection: true,
    accessLogs: {
        bucket: lbLogs.id,
        prefix: "test-lb",
        enabled: true,
    },
    tags: {
        Environment: "production",
    },
});

import pulumi
import pulumi_aws as aws

test = aws.lb.LoadBalancer("test",
    name="test-lb-tf",
    internal=False,
    load_balancer_type="application",
    security_groups=[lb_sg["id"]],
    subnets=[subnet["id"] for subnet in public],
    enable_deletion_protection=True,
    access_logs={
        "bucket": lb_logs["id"],
        "prefix": "test-lb",
        "enabled": True,
    },
    tags={
        "Environment": "production",
    })

Coming soon!

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var test = new Aws.LB.LoadBalancer("test", new()
    {
        Name = "test-lb-tf",
        Internal = false,
        LoadBalancerType = "application",
        SecurityGroups = new[]
        {
            lbSg.Id,
        },
        Subnets = .Select(subnet => 
        {
            return subnet.Id;
        }).ToList(),
        EnableDeletionProtection = true,
        AccessLogs = new Aws.LB.Inputs.LoadBalancerAccessLogsArgs
        {
            Bucket = lbLogs.Id,
            Prefix = "test-lb",
            Enabled = true,
        },
        Tags = 
        {
            { "Environment", "production" },
        },
    });

});

Coming soon!

Coming soon!

Network Load Balancer

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = new aws.lb.LoadBalancer("test", {
    name: "test-lb-tf",
    internal: false,
    loadBalancerType: "network",
    subnets: .map(subnet => (subnet.id)),
    enableDeletionProtection: true,
    tags: {
        Environment: "production",
    },
});

import pulumi
import pulumi_aws as aws

test = aws.lb.LoadBalancer("test",
    name="test-lb-tf",
    internal=False,
    load_balancer_type="network",
    subnets=[subnet["id"] for subnet in public],
    enable_deletion_protection=True,
    tags={
        "Environment": "production",
    })

Coming soon!

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var test = new Aws.LB.LoadBalancer("test", new()
    {
        Name = "test-lb-tf",
        Internal = false,
        LoadBalancerType = "network",
        Subnets = .Select(subnet => 
        {
            return subnet.Id;
        }).ToList(),
        EnableDeletionProtection = true,
        Tags = 
        {
            { "Environment", "production" },
        },
    });

});

Coming soon!

Coming soon!

Specifying Elastic IPs

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lb.LoadBalancer("example", {
    name: "example",
    loadBalancerType: "network",
    subnetMappings: [
        {
            subnetId: example1AwsSubnet.id,
            allocationId: example1.id,
        },
        {
            subnetId: example2AwsSubnet.id,
            allocationId: example2.id,
        },
    ],
});

import pulumi
import pulumi_aws as aws

example = aws.lb.LoadBalancer("example",
    name="example",
    load_balancer_type="network",
    subnet_mappings=[
        {
            "subnet_id": example1_aws_subnet["id"],
            "allocation_id": example1["id"],
        },
        {
            "subnet_id": example2_aws_subnet["id"],
            "allocation_id": example2["id"],
        },
    ])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
			Name:             pulumi.String("example"),
			LoadBalancerType: pulumi.String("network"),
			SubnetMappings: lb.LoadBalancerSubnetMappingArray{
				&lb.LoadBalancerSubnetMappingArgs{
					SubnetId:     pulumi.Any(example1AwsSubnet.Id),
					AllocationId: pulumi.Any(example1.Id),
				},
				&lb.LoadBalancerSubnetMappingArgs{
					SubnetId:     pulumi.Any(example2AwsSubnet.Id),
					AllocationId: pulumi.Any(example2.Id),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LB.LoadBalancer("example", new()
    {
        Name = "example",
        LoadBalancerType = "network",
        SubnetMappings = new[]
        {
            new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
            {
                SubnetId = example1AwsSubnet.Id,
                AllocationId = example1.Id,
            },
            new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
            {
                SubnetId = example2AwsSubnet.Id,
                AllocationId = example2.Id,
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.LoadBalancerArgs;
import com.pulumi.aws.lb.inputs.LoadBalancerSubnetMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new LoadBalancer("example", LoadBalancerArgs.builder()
            .name("example")
            .loadBalancerType("network")
            .subnetMappings(            
                LoadBalancerSubnetMappingArgs.builder()
                    .subnetId(example1AwsSubnet.id())
                    .allocationId(example1.id())
                    .build(),
                LoadBalancerSubnetMappingArgs.builder()
                    .subnetId(example2AwsSubnet.id())
                    .allocationId(example2.id())
                    .build())
            .build());

    }
}

resources:
  example:
    type: aws:lb:LoadBalancer
    properties:
      name: example
      loadBalancerType: network
      subnetMappings:
        - subnetId: ${example1AwsSubnet.id}
          allocationId: ${example1.id}
        - subnetId: ${example2AwsSubnet.id}
          allocationId: ${example2.id}

Specifying private IP addresses for an internal-facing load balancer

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.lb.LoadBalancer("example", {
    name: "example",
    loadBalancerType: "network",
    subnetMappings: [
        {
            subnetId: example1.id,
            privateIpv4Address: "10.0.1.15",
        },
        {
            subnetId: example2.id,
            privateIpv4Address: "10.0.2.15",
        },
    ],
});

import pulumi
import pulumi_aws as aws

example = aws.lb.LoadBalancer("example",
    name="example",
    load_balancer_type="network",
    subnet_mappings=[
        {
            "subnet_id": example1["id"],
            "private_ipv4_address": "10.0.1.15",
        },
        {
            "subnet_id": example2["id"],
            "private_ipv4_address": "10.0.2.15",
        },
    ])

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/lb"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := lb.NewLoadBalancer(ctx, "example", &lb.LoadBalancerArgs{
			Name:             pulumi.String("example"),
			LoadBalancerType: pulumi.String("network"),
			SubnetMappings: lb.LoadBalancerSubnetMappingArray{
				&lb.LoadBalancerSubnetMappingArgs{
					SubnetId:           pulumi.Any(example1.Id),
					PrivateIpv4Address: pulumi.String("10.0.1.15"),
				},
				&lb.LoadBalancerSubnetMappingArgs{
					SubnetId:           pulumi.Any(example2.Id),
					PrivateIpv4Address: pulumi.String("10.0.2.15"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.LB.LoadBalancer("example", new()
    {
        Name = "example",
        LoadBalancerType = "network",
        SubnetMappings = new[]
        {
            new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
            {
                SubnetId = example1.Id,
                PrivateIpv4Address = "10.0.1.15",
            },
            new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs
            {
                SubnetId = example2.Id,
                PrivateIpv4Address = "10.0.2.15",
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.lb.LoadBalancer;
import com.pulumi.aws.lb.LoadBalancerArgs;
import com.pulumi.aws.lb.inputs.LoadBalancerSubnetMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new LoadBalancer("example", LoadBalancerArgs.builder()
            .name("example")
            .loadBalancerType("network")
            .subnetMappings(            
                LoadBalancerSubnetMappingArgs.builder()
                    .subnetId(example1.id())
                    .privateIpv4Address("10.0.1.15")
                    .build(),
                LoadBalancerSubnetMappingArgs.builder()
                    .subnetId(example2.id())
                    .privateIpv4Address("10.0.2.15")
                    .build())
            .build());

    }
}

resources:
  example:
    type: aws:lb:LoadBalancer
    properties:
      name: example
      loadBalancerType: network
      subnetMappings:
        - subnetId: ${example1.id}
          privateIpv4Address: 10.0.1.15
        - subnetId: ${example2.id}
          privateIpv4Address: 10.0.2.15

Create LoadBalancer Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new LoadBalancer(name: string, args?: LoadBalancerArgs, opts?: CustomResourceOptions);

@overload
def LoadBalancer(resource_name: str,
                 args: Optional[LoadBalancerArgs] = None,
                 opts: Optional[ResourceOptions] = None)

@overload
def LoadBalancer(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 access_logs: Optional[LoadBalancerAccessLogsArgs] = None,
                 client_keep_alive: Optional[int] = None,
                 connection_logs: Optional[LoadBalancerConnectionLogsArgs] = None,
                 customer_owned_ipv4_pool: Optional[str] = None,
                 desync_mitigation_mode: Optional[str] = None,
                 dns_record_client_routing_policy: Optional[str] = None,
                 drop_invalid_header_fields: Optional[bool] = None,
                 enable_cross_zone_load_balancing: Optional[bool] = None,
                 enable_deletion_protection: Optional[bool] = None,
                 enable_http2: Optional[bool] = None,
                 enable_tls_version_and_cipher_suite_headers: Optional[bool] = None,
                 enable_waf_fail_open: Optional[bool] = None,
                 enable_xff_client_port: Optional[bool] = None,
                 enable_zonal_shift: Optional[bool] = None,
                 enforce_security_group_inbound_rules_on_private_link_traffic: Optional[str] = None,
                 idle_timeout: Optional[int] = None,
                 internal: Optional[bool] = None,
                 ip_address_type: Optional[str] = None,
                 load_balancer_type: Optional[str] = None,
                 name: Optional[str] = None,
                 name_prefix: Optional[str] = None,
                 preserve_host_header: Optional[bool] = None,
                 security_groups: Optional[Sequence[str]] = None,
                 subnet_mappings: Optional[Sequence[LoadBalancerSubnetMappingArgs]] = None,
                 subnets: Optional[Sequence[str]] = None,
                 tags: Optional[Mapping[str, str]] = None,
                 xff_header_processing_mode: Optional[str] = None)

func NewLoadBalancer(ctx *Context, name string, args *LoadBalancerArgs, opts ...ResourceOption) (*LoadBalancer, error)

public LoadBalancer(string name, LoadBalancerArgs? args = null, CustomResourceOptions? opts = null)

public LoadBalancer(String name, LoadBalancerArgs args)
public LoadBalancer(String name, LoadBalancerArgs args, CustomResourceOptions options)

type: aws:alb:LoadBalancer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args LoadBalancerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args LoadBalancerArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args LoadBalancerArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args LoadBalancerArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args LoadBalancerArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var loadBalancerResource = new Aws.Alb.LoadBalancer("loadBalancerResource", new()
{
    AccessLogs = new Aws.Alb.Inputs.LoadBalancerAccessLogsArgs
    {
        Bucket = "string",
        Enabled = false,
        Prefix = "string",
    },
    ClientKeepAlive = 0,
    ConnectionLogs = new Aws.Alb.Inputs.LoadBalancerConnectionLogsArgs
    {
        Bucket = "string",
        Enabled = false,
        Prefix = "string",
    },
    CustomerOwnedIpv4Pool = "string",
    DesyncMitigationMode = "string",
    DnsRecordClientRoutingPolicy = "string",
    DropInvalidHeaderFields = false,
    EnableCrossZoneLoadBalancing = false,
    EnableDeletionProtection = false,
    EnableHttp2 = false,
    EnableTlsVersionAndCipherSuiteHeaders = false,
    EnableWafFailOpen = false,
    EnableXffClientPort = false,
    EnableZonalShift = false,
    EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic = "string",
    IdleTimeout = 0,
    Internal = false,
    IpAddressType = "string",
    LoadBalancerType = "string",
    Name = "string",
    NamePrefix = "string",
    PreserveHostHeader = false,
    SecurityGroups = new[]
    {
        "string",
    },
    SubnetMappings = new[]
    {
        new Aws.Alb.Inputs.LoadBalancerSubnetMappingArgs
        {
            SubnetId = "string",
            AllocationId = "string",
            Ipv6Address = "string",
            OutpostId = "string",
            PrivateIpv4Address = "string",
        },
    },
    Subnets = new[]
    {
        "string",
    },
    Tags = 
    {
        { "string", "string" },
    },
    XffHeaderProcessingMode = "string",
});

example, err := alb.NewLoadBalancer(ctx, "loadBalancerResource", &alb.LoadBalancerArgs{
	AccessLogs: &alb.LoadBalancerAccessLogsArgs{
		Bucket:  pulumi.String("string"),
		Enabled: pulumi.Bool(false),
		Prefix:  pulumi.String("string"),
	},
	ClientKeepAlive: pulumi.Int(0),
	ConnectionLogs: &alb.LoadBalancerConnectionLogsArgs{
		Bucket:  pulumi.String("string"),
		Enabled: pulumi.Bool(false),
		Prefix:  pulumi.String("string"),
	},
	CustomerOwnedIpv4Pool:                                pulumi.String("string"),
	DesyncMitigationMode:                                 pulumi.String("string"),
	DnsRecordClientRoutingPolicy:                         pulumi.String("string"),
	DropInvalidHeaderFields:                              pulumi.Bool(false),
	EnableCrossZoneLoadBalancing:                         pulumi.Bool(false),
	EnableDeletionProtection:                             pulumi.Bool(false),
	EnableHttp2:                                          pulumi.Bool(false),
	EnableTlsVersionAndCipherSuiteHeaders:                pulumi.Bool(false),
	EnableWafFailOpen:                                    pulumi.Bool(false),
	EnableXffClientPort:                                  pulumi.Bool(false),
	EnableZonalShift:                                     pulumi.Bool(false),
	EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: pulumi.String("string"),
	IdleTimeout:                                          pulumi.Int(0),
	Internal:                                             pulumi.Bool(false),
	IpAddressType:                                        pulumi.String("string"),
	LoadBalancerType:                                     pulumi.String("string"),
	Name:                                                 pulumi.String("string"),
	NamePrefix:                                           pulumi.String("string"),
	PreserveHostHeader:                                   pulumi.Bool(false),
	SecurityGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	SubnetMappings: alb.LoadBalancerSubnetMappingArray{
		&alb.LoadBalancerSubnetMappingArgs{
			SubnetId:           pulumi.String("string"),
			AllocationId:       pulumi.String("string"),
			Ipv6Address:        pulumi.String("string"),
			OutpostId:          pulumi.String("string"),
			PrivateIpv4Address: pulumi.String("string"),
		},
	},
	Subnets: pulumi.StringArray{
		pulumi.String("string"),
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	XffHeaderProcessingMode: pulumi.String("string"),
})

var loadBalancerResource = new LoadBalancer("loadBalancerResource", LoadBalancerArgs.builder()
    .accessLogs(LoadBalancerAccessLogsArgs.builder()
        .bucket("string")
        .enabled(false)
        .prefix("string")
        .build())
    .clientKeepAlive(0)
    .connectionLogs(LoadBalancerConnectionLogsArgs.builder()
        .bucket("string")
        .enabled(false)
        .prefix("string")
        .build())
    .customerOwnedIpv4Pool("string")
    .desyncMitigationMode("string")
    .dnsRecordClientRoutingPolicy("string")
    .dropInvalidHeaderFields(false)
    .enableCrossZoneLoadBalancing(false)
    .enableDeletionProtection(false)
    .enableHttp2(false)
    .enableTlsVersionAndCipherSuiteHeaders(false)
    .enableWafFailOpen(false)
    .enableXffClientPort(false)
    .enableZonalShift(false)
    .enforceSecurityGroupInboundRulesOnPrivateLinkTraffic("string")
    .idleTimeout(0)
    .internal(false)
    .ipAddressType("string")
    .loadBalancerType("string")
    .name("string")
    .namePrefix("string")
    .preserveHostHeader(false)
    .securityGroups("string")
    .subnetMappings(LoadBalancerSubnetMappingArgs.builder()
        .subnetId("string")
        .allocationId("string")
        .ipv6Address("string")
        .outpostId("string")
        .privateIpv4Address("string")
        .build())
    .subnets("string")
    .tags(Map.of("string", "string"))
    .xffHeaderProcessingMode("string")
    .build());

load_balancer_resource = aws.alb.LoadBalancer("loadBalancerResource",
    access_logs={
        "bucket": "string",
        "enabled": False,
        "prefix": "string",
    },
    client_keep_alive=0,
    connection_logs={
        "bucket": "string",
        "enabled": False,
        "prefix": "string",
    },
    customer_owned_ipv4_pool="string",
    desync_mitigation_mode="string",
    dns_record_client_routing_policy="string",
    drop_invalid_header_fields=False,
    enable_cross_zone_load_balancing=False,
    enable_deletion_protection=False,
    enable_http2=False,
    enable_tls_version_and_cipher_suite_headers=False,
    enable_waf_fail_open=False,
    enable_xff_client_port=False,
    enable_zonal_shift=False,
    enforce_security_group_inbound_rules_on_private_link_traffic="string",
    idle_timeout=0,
    internal=False,
    ip_address_type="string",
    load_balancer_type="string",
    name="string",
    name_prefix="string",
    preserve_host_header=False,
    security_groups=["string"],
    subnet_mappings=[{
        "subnet_id": "string",
        "allocation_id": "string",
        "ipv6_address": "string",
        "outpost_id": "string",
        "private_ipv4_address": "string",
    }],
    subnets=["string"],
    tags={
        "string": "string",
    },
    xff_header_processing_mode="string")

const loadBalancerResource = new aws.alb.LoadBalancer("loadBalancerResource", {
    accessLogs: {
        bucket: "string",
        enabled: false,
        prefix: "string",
    },
    clientKeepAlive: 0,
    connectionLogs: {
        bucket: "string",
        enabled: false,
        prefix: "string",
    },
    customerOwnedIpv4Pool: "string",
    desyncMitigationMode: "string",
    dnsRecordClientRoutingPolicy: "string",
    dropInvalidHeaderFields: false,
    enableCrossZoneLoadBalancing: false,
    enableDeletionProtection: false,
    enableHttp2: false,
    enableTlsVersionAndCipherSuiteHeaders: false,
    enableWafFailOpen: false,
    enableXffClientPort: false,
    enableZonalShift: false,
    enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: "string",
    idleTimeout: 0,
    internal: false,
    ipAddressType: "string",
    loadBalancerType: "string",
    name: "string",
    namePrefix: "string",
    preserveHostHeader: false,
    securityGroups: ["string"],
    subnetMappings: [{
        subnetId: "string",
        allocationId: "string",
        ipv6Address: "string",
        outpostId: "string",
        privateIpv4Address: "string",
    }],
    subnets: ["string"],
    tags: {
        string: "string",
    },
    xffHeaderProcessingMode: "string",
});

type: aws:alb:LoadBalancer
properties:
    accessLogs:
        bucket: string
        enabled: false
        prefix: string
    clientKeepAlive: 0
    connectionLogs:
        bucket: string
        enabled: false
        prefix: string
    customerOwnedIpv4Pool: string
    desyncMitigationMode: string
    dnsRecordClientRoutingPolicy: string
    dropInvalidHeaderFields: false
    enableCrossZoneLoadBalancing: false
    enableDeletionProtection: false
    enableHttp2: false
    enableTlsVersionAndCipherSuiteHeaders: false
    enableWafFailOpen: false
    enableXffClientPort: false
    enableZonalShift: false
    enforceSecurityGroupInboundRulesOnPrivateLinkTraffic: string
    idleTimeout: 0
    internal: false
    ipAddressType: string
    loadBalancerType: string
    name: string
    namePrefix: string
    preserveHostHeader: false
    securityGroups:
        - string
    subnetMappings:
        - allocationId: string
          ipv6Address: string
          outpostId: string
          privateIpv4Address: string
          subnetId: string
    subnets:
        - string
    tags:
        string: string
    xffHeaderProcessingMode: string

LoadBalancer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The LoadBalancer resource accepts the following input properties:

AccessLogs LoadBalancerAccessLogs: Access Logs block. See below.
ClientKeepAlive int: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
ConnectionLogs LoadBalancerConnectionLogs: Connection Logs block. See below. Only valid for Load Balancers of type application.
CustomerOwnedIpv4Pool string: ID of the customer owned ipv4 pool to use for this load balancer.
DesyncMitigationMode string: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
DnsRecordClientRoutingPolicy string: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
DropInvalidHeaderFields bool: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
EnableCrossZoneLoadBalancing bool: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
EnableDeletionProtection bool: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
EnableHttp2 bool: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
EnableTlsVersionAndCipherSuiteHeaders bool: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
EnableWafFailOpen bool: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
EnableXffClientPort bool: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
EnableZonalShift bool: Whether zonal shift is enabled. Defaults to false.
EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic string: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
IdleTimeout int: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
Internal bool: If true, the LB will be internal. Defaults to false.
IpAddressType string: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
LoadBalancerType string: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
Name string: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
PreserveHostHeader bool: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
SecurityGroups List<string>: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
SubnetMappings List<LoadBalancerSubnetMapping>: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
Subnets List<string>: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
Tags Dictionary<string, string>: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
XffHeaderProcessingMode string: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.

AccessLogs LoadBalancerAccessLogsArgs: Access Logs block. See below.
ClientKeepAlive int: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
ConnectionLogs LoadBalancerConnectionLogsArgs: Connection Logs block. See below. Only valid for Load Balancers of type application.
CustomerOwnedIpv4Pool string: ID of the customer owned ipv4 pool to use for this load balancer.
DesyncMitigationMode string: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
DnsRecordClientRoutingPolicy string: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
DropInvalidHeaderFields bool: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
EnableCrossZoneLoadBalancing bool: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
EnableDeletionProtection bool: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
EnableHttp2 bool: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
EnableTlsVersionAndCipherSuiteHeaders bool: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
EnableWafFailOpen bool: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
EnableXffClientPort bool: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
EnableZonalShift bool: Whether zonal shift is enabled. Defaults to false.
EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic string: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
IdleTimeout int: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
Internal bool: If true, the LB will be internal. Defaults to false.
IpAddressType string: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
LoadBalancerType string: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
Name string: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
PreserveHostHeader bool: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
SecurityGroups []string: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
SubnetMappings []LoadBalancerSubnetMappingArgs: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
Subnets []string: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
Tags map[string]string: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
XffHeaderProcessingMode string: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.

accessLogs LoadBalancerAccessLogs: Access Logs block. See below.
clientKeepAlive Integer: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connectionLogs LoadBalancerConnectionLogs: Connection Logs block. See below. Only valid for Load Balancers of type application.
customerOwnedIpv4Pool String: ID of the customer owned ipv4 pool to use for this load balancer.
desyncMitigationMode String: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
dnsRecordClientRoutingPolicy String: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
dropInvalidHeaderFields Boolean: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
enableCrossZoneLoadBalancing Boolean: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
enableDeletionProtection Boolean: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
enableHttp2 Boolean: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
enableTlsVersionAndCipherSuiteHeaders Boolean: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
enableWafFailOpen Boolean: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
enableXffClientPort Boolean: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
enableZonalShift Boolean: Whether zonal shift is enabled. Defaults to false.
enforceSecurityGroupInboundRulesOnPrivateLinkTraffic String: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
idleTimeout Integer: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
internal Boolean: If true, the LB will be internal. Defaults to false.
ipAddressType String: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
loadBalancerType String: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
name String: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
preserveHostHeader Boolean: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
securityGroups List<String>: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
subnetMappings List<LoadBalancerSubnetMapping>: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
subnets List<String>: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
tags Map<String,String>: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
xffHeaderProcessingMode String: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.

accessLogs LoadBalancerAccessLogs: Access Logs block. See below.
clientKeepAlive number: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connectionLogs LoadBalancerConnectionLogs: Connection Logs block. See below. Only valid for Load Balancers of type application.
customerOwnedIpv4Pool string: ID of the customer owned ipv4 pool to use for this load balancer.
desyncMitigationMode string: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
dnsRecordClientRoutingPolicy string: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
dropInvalidHeaderFields boolean: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
enableCrossZoneLoadBalancing boolean: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
enableDeletionProtection boolean: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
enableHttp2 boolean: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
enableTlsVersionAndCipherSuiteHeaders boolean: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
enableWafFailOpen boolean: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
enableXffClientPort boolean: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
enableZonalShift boolean: Whether zonal shift is enabled. Defaults to false.
enforceSecurityGroupInboundRulesOnPrivateLinkTraffic string: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
idleTimeout number: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
internal boolean: If true, the LB will be internal. Defaults to false.
ipAddressType IpAddressType: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
loadBalancerType LoadBalancerType: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
name string: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
preserveHostHeader boolean: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
securityGroups string[]: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
subnetMappings LoadBalancerSubnetMapping[]: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
subnets string[]: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
tags {[key: string]: string}: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
xffHeaderProcessingMode string: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.

access_logs LoadBalancerAccessLogsArgs: Access Logs block. See below.
client_keep_alive int: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connection_logs LoadBalancerConnectionLogsArgs: Connection Logs block. See below. Only valid for Load Balancers of type application.
customer_owned_ipv4_pool str: ID of the customer owned ipv4 pool to use for this load balancer.
desync_mitigation_mode str: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
dns_record_client_routing_policy str: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
drop_invalid_header_fields bool: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
enable_cross_zone_load_balancing bool: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
enable_deletion_protection bool: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
enable_http2 bool: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
enable_tls_version_and_cipher_suite_headers bool: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
enable_waf_fail_open bool: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
enable_xff_client_port bool: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
enable_zonal_shift bool: Whether zonal shift is enabled. Defaults to false.
enforce_security_group_inbound_rules_on_private_link_traffic str: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
idle_timeout int: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
internal bool: If true, the LB will be internal. Defaults to false.
ip_address_type str: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
load_balancer_type str: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
name str: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
preserve_host_header bool: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
security_groups Sequence[str]: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
subnet_mappings Sequence[LoadBalancerSubnetMappingArgs]: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
subnets Sequence[str]: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
tags Mapping[str, str]: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
xff_header_processing_mode str: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.

accessLogs Property Map: Access Logs block. See below.
clientKeepAlive Number: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connectionLogs Property Map: Connection Logs block. See below. Only valid for Load Balancers of type application.
customerOwnedIpv4Pool String: ID of the customer owned ipv4 pool to use for this load balancer.
desyncMitigationMode String: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
dnsRecordClientRoutingPolicy String: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
dropInvalidHeaderFields Boolean: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
enableCrossZoneLoadBalancing Boolean: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
enableDeletionProtection Boolean: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
enableHttp2 Boolean: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
enableTlsVersionAndCipherSuiteHeaders Boolean: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
enableWafFailOpen Boolean: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
enableXffClientPort Boolean: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
enableZonalShift Boolean: Whether zonal shift is enabled. Defaults to false.
enforceSecurityGroupInboundRulesOnPrivateLinkTraffic String: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
idleTimeout Number: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
internal Boolean: If true, the LB will be internal. Defaults to false.
ipAddressType: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
loadBalancerType: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
name String: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
preserveHostHeader Boolean: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
securityGroups List<String>: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
subnetMappings List<Property Map>: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
subnets List<String>: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
tags Map<String>: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
xffHeaderProcessingMode String: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.

Outputs

All input properties are implicitly available as output properties. Additionally, the LoadBalancer resource produces the following output properties:

Arn string: ARN of the load balancer (matches id).
ArnSuffix string: ARN suffix for use with CloudWatch Metrics.
DnsName string: DNS name of the load balancer.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VpcId string
ZoneId string: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

Arn string: ARN of the load balancer (matches id).
ArnSuffix string: ARN suffix for use with CloudWatch Metrics.
DnsName string: DNS name of the load balancer.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VpcId string
ZoneId string: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

arn String: ARN of the load balancer (matches id).
arnSuffix String: ARN suffix for use with CloudWatch Metrics.
dnsName String: DNS name of the load balancer.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpcId String
zoneId String: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

arn string: ARN of the load balancer (matches id).
arnSuffix string: ARN suffix for use with CloudWatch Metrics.
dnsName string: DNS name of the load balancer.
id string: The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpcId string
zoneId string: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

arn str: ARN of the load balancer (matches id).
arn_suffix str: ARN suffix for use with CloudWatch Metrics.
dns_name str: DNS name of the load balancer.
id str: The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpc_id str
zone_id str: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

arn String: ARN of the load balancer (matches id).
arnSuffix String: ARN suffix for use with CloudWatch Metrics.
dnsName String: DNS name of the load balancer.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpcId String
zoneId String: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

Look up Existing LoadBalancer Resource

Get an existing LoadBalancer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: LoadBalancerState, opts?: CustomResourceOptions): LoadBalancer

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_logs: Optional[LoadBalancerAccessLogsArgs] = None,
        arn: Optional[str] = None,
        arn_suffix: Optional[str] = None,
        client_keep_alive: Optional[int] = None,
        connection_logs: Optional[LoadBalancerConnectionLogsArgs] = None,
        customer_owned_ipv4_pool: Optional[str] = None,
        desync_mitigation_mode: Optional[str] = None,
        dns_name: Optional[str] = None,
        dns_record_client_routing_policy: Optional[str] = None,
        drop_invalid_header_fields: Optional[bool] = None,
        enable_cross_zone_load_balancing: Optional[bool] = None,
        enable_deletion_protection: Optional[bool] = None,
        enable_http2: Optional[bool] = None,
        enable_tls_version_and_cipher_suite_headers: Optional[bool] = None,
        enable_waf_fail_open: Optional[bool] = None,
        enable_xff_client_port: Optional[bool] = None,
        enable_zonal_shift: Optional[bool] = None,
        enforce_security_group_inbound_rules_on_private_link_traffic: Optional[str] = None,
        idle_timeout: Optional[int] = None,
        internal: Optional[bool] = None,
        ip_address_type: Optional[str] = None,
        load_balancer_type: Optional[str] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        preserve_host_header: Optional[bool] = None,
        security_groups: Optional[Sequence[str]] = None,
        subnet_mappings: Optional[Sequence[LoadBalancerSubnetMappingArgs]] = None,
        subnets: Optional[Sequence[str]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        vpc_id: Optional[str] = None,
        xff_header_processing_mode: Optional[str] = None,
        zone_id: Optional[str] = None) -> LoadBalancer

func GetLoadBalancer(ctx *Context, name string, id IDInput, state *LoadBalancerState, opts ...ResourceOption) (*LoadBalancer, error)

public static LoadBalancer Get(string name, Input<string> id, LoadBalancerState? state, CustomResourceOptions? opts = null)

public static LoadBalancer get(String name, Output<String> id, LoadBalancerState state, CustomResourceOptions options)

resources:  _:    type: aws:alb:LoadBalancer    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessLogs LoadBalancerAccessLogs: Access Logs block. See below.
Arn string: ARN of the load balancer (matches id).
ArnSuffix string: ARN suffix for use with CloudWatch Metrics.
ClientKeepAlive int: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
ConnectionLogs LoadBalancerConnectionLogs: Connection Logs block. See below. Only valid for Load Balancers of type application.
CustomerOwnedIpv4Pool string: ID of the customer owned ipv4 pool to use for this load balancer.
DesyncMitigationMode string: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
DnsName string: DNS name of the load balancer.
DnsRecordClientRoutingPolicy string: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
DropInvalidHeaderFields bool: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
EnableCrossZoneLoadBalancing bool: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
EnableDeletionProtection bool: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
EnableHttp2 bool: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
EnableTlsVersionAndCipherSuiteHeaders bool: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
EnableWafFailOpen bool: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
EnableXffClientPort bool: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
EnableZonalShift bool: Whether zonal shift is enabled. Defaults to false.
EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic string: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
IdleTimeout int: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
Internal bool: If true, the LB will be internal. Defaults to false.
IpAddressType string: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
LoadBalancerType string: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
Name string: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
PreserveHostHeader bool: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
SecurityGroups List<string>: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
SubnetMappings List<LoadBalancerSubnetMapping>: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
Subnets List<string>: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
Tags Dictionary<string, string>: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VpcId string
XffHeaderProcessingMode string: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.
ZoneId string: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

AccessLogs LoadBalancerAccessLogsArgs: Access Logs block. See below.
Arn string: ARN of the load balancer (matches id).
ArnSuffix string: ARN suffix for use with CloudWatch Metrics.
ClientKeepAlive int: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
ConnectionLogs LoadBalancerConnectionLogsArgs: Connection Logs block. See below. Only valid for Load Balancers of type application.
CustomerOwnedIpv4Pool string: ID of the customer owned ipv4 pool to use for this load balancer.
DesyncMitigationMode string: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
DnsName string: DNS name of the load balancer.
DnsRecordClientRoutingPolicy string: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
DropInvalidHeaderFields bool: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
EnableCrossZoneLoadBalancing bool: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
EnableDeletionProtection bool: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
EnableHttp2 bool: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
EnableTlsVersionAndCipherSuiteHeaders bool: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
EnableWafFailOpen bool: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
EnableXffClientPort bool: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
EnableZonalShift bool: Whether zonal shift is enabled. Defaults to false.
EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic string: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
IdleTimeout int: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
Internal bool: If true, the LB will be internal. Defaults to false.
IpAddressType string: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
LoadBalancerType string: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
Name string: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
PreserveHostHeader bool: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
SecurityGroups []string: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
SubnetMappings []LoadBalancerSubnetMappingArgs: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
Subnets []string: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
Tags map[string]string: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
VpcId string
XffHeaderProcessingMode string: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.
ZoneId string: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

accessLogs LoadBalancerAccessLogs: Access Logs block. See below.
arn String: ARN of the load balancer (matches id).
arnSuffix String: ARN suffix for use with CloudWatch Metrics.
clientKeepAlive Integer: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connectionLogs LoadBalancerConnectionLogs: Connection Logs block. See below. Only valid for Load Balancers of type application.
customerOwnedIpv4Pool String: ID of the customer owned ipv4 pool to use for this load balancer.
desyncMitigationMode String: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
dnsName String: DNS name of the load balancer.
dnsRecordClientRoutingPolicy String: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
dropInvalidHeaderFields Boolean: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
enableCrossZoneLoadBalancing Boolean: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
enableDeletionProtection Boolean: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
enableHttp2 Boolean: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
enableTlsVersionAndCipherSuiteHeaders Boolean: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
enableWafFailOpen Boolean: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
enableXffClientPort Boolean: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
enableZonalShift Boolean: Whether zonal shift is enabled. Defaults to false.
enforceSecurityGroupInboundRulesOnPrivateLinkTraffic String: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
idleTimeout Integer: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
internal Boolean: If true, the LB will be internal. Defaults to false.
ipAddressType String: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
loadBalancerType String: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
name String: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
preserveHostHeader Boolean: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
securityGroups List<String>: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
subnetMappings List<LoadBalancerSubnetMapping>: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
subnets List<String>: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
tags Map<String,String>: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpcId String
xffHeaderProcessingMode String: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.
zoneId String: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

accessLogs LoadBalancerAccessLogs: Access Logs block. See below.
arn string: ARN of the load balancer (matches id).
arnSuffix string: ARN suffix for use with CloudWatch Metrics.
clientKeepAlive number: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connectionLogs LoadBalancerConnectionLogs: Connection Logs block. See below. Only valid for Load Balancers of type application.
customerOwnedIpv4Pool string: ID of the customer owned ipv4 pool to use for this load balancer.
desyncMitigationMode string: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
dnsName string: DNS name of the load balancer.
dnsRecordClientRoutingPolicy string: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
dropInvalidHeaderFields boolean: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
enableCrossZoneLoadBalancing boolean: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
enableDeletionProtection boolean: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
enableHttp2 boolean: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
enableTlsVersionAndCipherSuiteHeaders boolean: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
enableWafFailOpen boolean: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
enableXffClientPort boolean: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
enableZonalShift boolean: Whether zonal shift is enabled. Defaults to false.
enforceSecurityGroupInboundRulesOnPrivateLinkTraffic string: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
idleTimeout number: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
internal boolean: If true, the LB will be internal. Defaults to false.
ipAddressType IpAddressType: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
loadBalancerType LoadBalancerType: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
name string: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
preserveHostHeader boolean: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
securityGroups string[]: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
subnetMappings LoadBalancerSubnetMapping[]: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
subnets string[]: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
tags {[key: string]: string}: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpcId string
xffHeaderProcessingMode string: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.
zoneId string: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

access_logs LoadBalancerAccessLogsArgs: Access Logs block. See below.
arn str: ARN of the load balancer (matches id).
arn_suffix str: ARN suffix for use with CloudWatch Metrics.
client_keep_alive int: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connection_logs LoadBalancerConnectionLogsArgs: Connection Logs block. See below. Only valid for Load Balancers of type application.
customer_owned_ipv4_pool str: ID of the customer owned ipv4 pool to use for this load balancer.
desync_mitigation_mode str: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
dns_name str: DNS name of the load balancer.
dns_record_client_routing_policy str: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
drop_invalid_header_fields bool: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
enable_cross_zone_load_balancing bool: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
enable_deletion_protection bool: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
enable_http2 bool: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
enable_tls_version_and_cipher_suite_headers bool: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
enable_waf_fail_open bool: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
enable_xff_client_port bool: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
enable_zonal_shift bool: Whether zonal shift is enabled. Defaults to false.
enforce_security_group_inbound_rules_on_private_link_traffic str: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
idle_timeout int: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
internal bool: If true, the LB will be internal. Defaults to false.
ip_address_type str: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
load_balancer_type str: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
name str: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
preserve_host_header bool: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
security_groups Sequence[str]: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
subnet_mappings Sequence[LoadBalancerSubnetMappingArgs]: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
subnets Sequence[str]: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
tags Mapping[str, str]: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpc_id str
xff_header_processing_mode str: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.
zone_id str: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

accessLogs Property Map: Access Logs block. See below.
arn String: ARN of the load balancer (matches id).
arnSuffix String: ARN suffix for use with CloudWatch Metrics.
clientKeepAlive Number: Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connectionLogs Property Map: Connection Logs block. See below. Only valid for Load Balancers of type application.
customerOwnedIpv4Pool String: ID of the customer owned ipv4 pool to use for this load balancer.
desyncMitigationMode String: How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.
dnsName String: DNS name of the load balancer.
dnsRecordClientRoutingPolicy String: How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.
dropInvalidHeaderFields Boolean: Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.
enableCrossZoneLoadBalancing Boolean: If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.
enableDeletionProtection Boolean: If true, deletion of the load balancer will be disabled via the AWS API. This will prevent this provider from deleting the load balancer. Defaults to false.
enableHttp2 Boolean: Whether HTTP/2 is enabled in application load balancers. Defaults to true.
enableTlsVersionAndCipherSuiteHeaders Boolean: Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false
enableWafFailOpen Boolean: Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.
enableXffClientPort Boolean: Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.
enableZonalShift Boolean: Whether zonal shift is enabled. Defaults to false.
enforceSecurityGroupInboundRulesOnPrivateLinkTraffic String: Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.
idleTimeout Number: Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.
internal Boolean: If true, the LB will be internal. Defaults to false.
ipAddressType: Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).
loadBalancerType: Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.
name String: Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified, this provider will autogenerate a name beginning with tf-lb.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
preserveHostHeader Boolean: Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.
securityGroups List<String>: List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.
subnetMappings List<Property Map>: Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.
subnets List<String>: List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.
tags Map<String>: Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
vpcId String
xffHeaderProcessingMode String: Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.
zoneId String: Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).

Supporting Types

LoadBalancerAccessLogs, LoadBalancerAccessLogsArgs

Bucket string: S3 bucket name to store the logs in.
Enabled bool: Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.
Prefix string: S3 bucket prefix. Logs are stored in the root if not configured.

Bucket string: S3 bucket name to store the logs in.
Enabled bool: Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.
Prefix string: S3 bucket prefix. Logs are stored in the root if not configured.

bucket String: S3 bucket name to store the logs in.
enabled Boolean: Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.
prefix String: S3 bucket prefix. Logs are stored in the root if not configured.

bucket string: S3 bucket name to store the logs in.
enabled boolean: Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.
prefix string: S3 bucket prefix. Logs are stored in the root if not configured.

bucket str: S3 bucket name to store the logs in.
enabled bool: Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.
prefix str: S3 bucket prefix. Logs are stored in the root if not configured.

bucket String: S3 bucket name to store the logs in.
enabled Boolean: Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.
prefix String: S3 bucket prefix. Logs are stored in the root if not configured.

LoadBalancerConnectionLogs, LoadBalancerConnectionLogsArgs

Bucket string: S3 bucket name to store the logs in.
Enabled bool: Boolean to enable / disable connection_logs. Defaults to false, even when bucket is specified.
Prefix string: S3 bucket prefix. Logs are stored in the root if not configured.

Bucket string: S3 bucket name to store the logs in.
Enabled bool: Boolean to enable / disable connection_logs. Defaults to false, even when bucket is specified.
Prefix string: S3 bucket prefix. Logs are stored in the root if not configured.

bucket String: S3 bucket name to store the logs in.
enabled Boolean: Boolean to enable / disable connection_logs. Defaults to false, even when bucket is specified.
prefix String: S3 bucket prefix. Logs are stored in the root if not configured.

bucket string: S3 bucket name to store the logs in.
enabled boolean: Boolean to enable / disable connection_logs. Defaults to false, even when bucket is specified.
prefix string: S3 bucket prefix. Logs are stored in the root if not configured.

bucket str: S3 bucket name to store the logs in.
enabled bool: Boolean to enable / disable connection_logs. Defaults to false, even when bucket is specified.
prefix str: S3 bucket prefix. Logs are stored in the root if not configured.

bucket String: S3 bucket name to store the logs in.
enabled Boolean: Boolean to enable / disable connection_logs. Defaults to false, even when bucket is specified.
prefix String: S3 bucket prefix. Logs are stored in the root if not configured.

LoadBalancerSubnetMapping, LoadBalancerSubnetMappingArgs

SubnetId string: ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.
AllocationId string: Allocation ID of the Elastic IP address for an internet-facing load balancer.
Ipv6Address string: IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
OutpostId string
PrivateIpv4Address string: Private IPv4 address for an internal load balancer.

SubnetId string: ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.
AllocationId string: Allocation ID of the Elastic IP address for an internet-facing load balancer.
Ipv6Address string: IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
OutpostId string
PrivateIpv4Address string: Private IPv4 address for an internal load balancer.

subnetId String: ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.
allocationId String: Allocation ID of the Elastic IP address for an internet-facing load balancer.
ipv6Address String: IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
outpostId String
privateIpv4Address String: Private IPv4 address for an internal load balancer.

subnetId string: ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.
allocationId string: Allocation ID of the Elastic IP address for an internet-facing load balancer.
ipv6Address string: IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
outpostId string
privateIpv4Address string: Private IPv4 address for an internal load balancer.

subnet_id str: ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.
allocation_id str: Allocation ID of the Elastic IP address for an internet-facing load balancer.
ipv6_address str: IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
outpost_id str
private_ipv4_address str: Private IPv4 address for an internal load balancer.

subnetId String: ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.
allocationId String: Allocation ID of the Elastic IP address for an internet-facing load balancer.
ipv6Address String: IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.
outpostId String
privateIpv4Address String: Private IPv4 address for an internal load balancer.

Import

Using pulumi import, import LBs using their ARN. For example:

$ pulumi import aws:alb/loadBalancer:LoadBalancer bar arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi

pulumi/pulumi-aws

aws.alb.LoadBalancer

On this page

On this page

Example Usage

Application Load Balancer

Network Load Balancer

Specifying Elastic IPs

Specifying private IP addresses for an internal-facing load balancer

Create LoadBalancer Resource

Constructor syntax

Parameters

Constructor example

LoadBalancer Resource Properties

Inputs

Outputs

Look up Existing LoadBalancer Resource

Supporting Types

LoadBalancerAccessLogs, LoadBalancerAccessLogsArgs

LoadBalancerConnectionLogs, LoadBalancerConnectionLogsArgs

LoadBalancerSubnetMapping, LoadBalancerSubnetMappingArgs

Import

Package Details

On this page

On this page