tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7
A Pulumi provider SDK for creating and managing Amazon Web Services (AWS) cloud resources in Go, providing strongly-typed resource classes and data sources for all major AWS services.
lb.mddocs/reference/networking/
Load Balancers (ALB / NLB / ELB)
The Pulumi AWS SDK provides three packages for managing load balancers:
lb— the canonical package for Application Load Balancers (ALB) and Network Load Balancers (NLB). Thealbpackage is an alias with identical functionality.elb— the legacy Classic Elastic Load Balancer (ELB) package.
Import
import "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lb"
import "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/elb"Package lb — Available Resources and Data Sources
// Resources
NewListener(ctx, name, args, opts) (*Listener, error)
NewListenerCertificate(ctx, name, args, opts) (*ListenerCertificate, error)
NewListenerRule(ctx, name, args, opts) (*ListenerRule, error)
NewLoadBalancer(ctx, name, args, opts) (*LoadBalancer, error)
NewTargetGroup(ctx, name, args, opts) (*TargetGroup, error)
NewTargetGroupAttachment(ctx, name, args, opts) (*TargetGroupAttachment, error)
NewTrustStore(ctx, name, args, opts) (*TrustStore, error)
NewTrustStoreRevocation(ctx, name, args, opts) (*TrustStoreRevocation, error)
// Data Sources
GetHostedZoneId(ctx, args, opts) (*GetHostedZoneIdResult, error)
GetHostedZoneIdOutput(ctx, args, opts) GetHostedZoneIdResultOutput
GetLbs(ctx, args, opts) (*GetLbsResult, error)
GetLbsOutput(ctx, args, opts) GetLbsResultOutput
GetListener(ctx, name, id, state, opts) (*Listener, error)
GetListenerCertificate(ctx, name, id, state, opts) (*ListenerCertificate, error)
GetListenerRule(ctx, name, id, state, opts) (*ListenerRule, error)
GetLoadBalancer(ctx, name, id, state, opts) (*LoadBalancer, error)
GetTargetGroup(ctx, name, id, state, opts) (*TargetGroup, error)
GetTargetGroupAttachment(ctx, name, id, state, opts) (*TargetGroupAttachment, error)
GetTrustStore(ctx, name, id, state, opts) (*TrustStore, error)
GetTrustStoreRevocation(ctx, name, id, state, opts) (*TrustStoreRevocation, error)Note: The
albpackage (github.com/pulumi/pulumi-aws/sdk/v7/go/aws/alb) is an alias forlb. It exposesNewListener,NewListenerCertificate,NewListenerRule,NewLoadBalancer,NewTargetGroup, andNewTargetGroupAttachmentwith identical signatures and behaviour.
LoadBalancer
Provides an ALB, NLB, or Gateway Load Balancer resource.
Constructor
func NewLoadBalancer(
ctx *pulumi.Context,
name string,
args *lb.LoadBalancerArgs,
opts ...pulumi.ResourceOption,
) (*lb.LoadBalancer, error)LoadBalancerArgs Fields
type LoadBalancerArgs struct {
// Access Logs block (S3 bucket). Optional.
AccessLogs LoadBalancerAccessLogsPtrInput
// Client keep-alive in seconds (60–604800). Default: 3600.
ClientKeepAlive pulumi.IntPtrInput
// Connection Logs block. ALB only.
ConnectionLogs LoadBalancerConnectionLogsPtrInput
// Customer-owned IPv4 pool ID.
CustomerOwnedIpv4Pool pulumi.StringPtrInput
// HTTP desync mitigation mode. Values: "monitor", "defensive" (default), "strictest". ALB only.
DesyncMitigationMode pulumi.StringPtrInput
// DNS routing policy across AZs. Values: "anyAvailabilityZone" (default),
// "availabilityZoneAffinity", "partialAvailabilityZoneAffinity". NLB only.
DnsRecordClientRoutingPolicy pulumi.StringPtrInput
// Drop invalid HTTP header fields. ALB only. Default: false.
DropInvalidHeaderFields pulumi.BoolPtrInput
// Enable cross-zone load balancing. Default: false (network/gateway), always true (application).
EnableCrossZoneLoadBalancing pulumi.BoolPtrInput
// Prevent deletion via AWS API. Default: false.
EnableDeletionProtection pulumi.BoolPtrInput
// Enable HTTP/2. ALB only. Default: true.
EnableHttp2 pulumi.BoolPtrInput
// Add TLS version and cipher suite headers. ALB only. Default: false.
EnableTlsVersionAndCipherSuiteHeaders pulumi.BoolPtrInput
// Allow WAF-enabled LB to route requests if AWS WAF is unreachable. Default: false.
EnableWafFailOpen pulumi.BoolPtrInput
// Preserve X-Forwarded-For source port. ALB only. Default: false.
EnableXffClientPort pulumi.BoolPtrInput
// Enable zonal shift. Default: false.
EnableZonalShift pulumi.BoolPtrInput
// Enforce security group inbound rules on PrivateLink traffic. NLB only. Values: "on", "off".
EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic pulumi.StringPtrInput
// Health Check Logs block. ALB only.
HealthCheckLogs LoadBalancerHealthCheckLogsPtrInput
// Idle connection timeout in seconds. ALB only. Default: 60.
IdleTimeout pulumi.IntPtrInput
// Make the LB internal (not publicly accessible). Default: false.
Internal pulumi.BoolPtrInput
// IP address type. Values: "ipv4", "dualstack", "dualstack-without-public-ipv4" (ALB only).
IpAddressType pulumi.StringPtrInput
// IPAM pools. ALB only.
IpamPools LoadBalancerIpamPoolsPtrInput
// Load balancer type. Values: "application" (default), "gateway", "network".
LoadBalancerType pulumi.StringPtrInput
// Minimum LB capacity. ALB and NLB only.
MinimumLoadBalancerCapacity LoadBalancerMinimumLoadBalancerCapacityPtrInput
// Name (max 32 chars, alphanumeric/hyphens). Auto-generated if omitted.
Name pulumi.StringPtrInput
// Unique name prefix. Conflicts with Name.
NamePrefix pulumi.StringPtrInput
// Preserve Host header. ALB only. Default: false.
PreserveHostHeader pulumi.BoolPtrInput
// AWS region override.
Region pulumi.StringPtrInput
// Number of secondary IP addresses per node (0–7). NLB only. Default: 0.
SecondaryIpsAutoAssignedPerSubnet pulumi.IntPtrInput
// Security group IDs. ALB and NLB only.
SecurityGroups pulumi.StringArrayInput
// Subnet mapping blocks (for Elastic IPs or private IPs). NLB: mappings can only be added.
SubnetMappings LoadBalancerSubnetMappingArrayInput
// Subnet IDs. NLB: subnets can only be added.
Subnets pulumi.StringArrayInput
// Resource tags.
Tags pulumi.StringMapInput
// X-Forwarded-For header processing mode. Values: "append" (default), "preserve", "remove". ALB only.
XffHeaderProcessingMode pulumi.StringPtrInput
}LoadBalancer Output Attributes
| Field | Type | Description |
|---|---|---|
Arn | pulumi.StringOutput | ARN of the load balancer |
ArnSuffix | pulumi.StringOutput | ARN suffix for CloudWatch Metrics |
DnsName | pulumi.StringOutput | DNS name of the load balancer |
Internal | pulumi.BoolOutput | Whether the LB is internal |
IpAddressType | pulumi.StringOutput | IP address type in use |
LoadBalancerType | pulumi.StringPtrOutput | Type: application, network, or gateway |
Name | pulumi.StringOutput | Name of the load balancer |
SecurityGroups | pulumi.StringArrayOutput | Attached security group IDs |
SubnetMappings | LoadBalancerSubnetMappingArrayOutput | Subnet mapping details |
Subnets | pulumi.StringArrayOutput | Attached subnet IDs |
VpcId | pulumi.StringOutput | VPC containing the load balancer |
ZoneId | pulumi.StringOutput | Route 53 hosted zone ID (for Alias records) |
Example — Application Load Balancer
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/lb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
alb, err := lb.NewLoadBalancer(ctx, "app-alb", &lb.LoadBalancerArgs{
Name: pulumi.String("app-alb"),
LoadBalancerType: pulumi.String("application"),
Internal: pulumi.Bool(false),
SecurityGroups: pulumi.StringArray{pulumi.String(sgId)},
Subnets: pulumi.StringArray{pulumi.String(subnet1Id), pulumi.String(subnet2Id)},
EnableDeletionProtection: pulumi.Bool(false),
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
ctx.Export("albDns", alb.DnsName)
return nil
})
}Example — Network Load Balancer with Elastic IPs
_, err := lb.NewLoadBalancer(ctx, "net-lb", &lb.LoadBalancerArgs{
Name: pulumi.String("example"),
LoadBalancerType: pulumi.String("network"),
SubnetMappings: lb.LoadBalancerSubnetMappingArray{
&lb.LoadBalancerSubnetMappingArgs{
SubnetId: pulumi.Any(subnet1.Id),
AllocationId: pulumi.Any(eip1.Id),
},
&lb.LoadBalancerSubnetMappingArgs{
SubnetId: pulumi.Any(subnet2.Id),
AllocationId: pulumi.Any(eip2.Id),
},
},
})Listener
Attaches a listener to an existing load balancer and defines the default action for incoming connections.
Constructor
func NewListener(
ctx *pulumi.Context,
name string,
args *lb.ListenerArgs,
opts ...pulumi.ResourceOption,
) (*lb.Listener, error)Key ListenerArgs Fields
| Field | Type | Description |
|---|---|---|
LoadBalancerArn | pulumi.StringInput | Required. ARN of the parent load balancer |
Port | pulumi.IntPtrInput | Port to listen on. Not valid for Gateway LBs |
Protocol | pulumi.StringPtrInput | HTTP, HTTPS (ALB); TCP, TLS, UDP, TCP_UDP, QUIC, TCP_QUIC (NLB) |
DefaultActions | ListenerDefaultActionArrayInput | Required. Ordered list of default actions |
CertificateArn | pulumi.StringPtrInput | SSL certificate ARN. Required when protocol is HTTPS |
SslPolicy | pulumi.StringPtrInput | SSL policy name. Default: ELBSecurityPolicy-2016-08 |
AlpnPolicy | pulumi.StringPtrInput | ALPN policy for TLS listeners: HTTP1Only, HTTP2Only, HTTP2Optional, HTTP2Preferred, None |
MutualAuthentication | ListenerMutualAuthenticationPtrInput | mTLS configuration block |
TcpIdleTimeoutSeconds | pulumi.IntPtrInput | TCP idle timeout (60–6000). NLB/Gateway only. Default: 350 |
Tags | pulumi.StringMapInput | Resource tags |
Listener Output Attributes
| Field | Type | Description |
|---|---|---|
Arn | pulumi.StringOutput | Listener ARN |
LoadBalancerArn | pulumi.StringOutput | Parent LB ARN |
Port | pulumi.IntPtrOutput | Listening port |
Protocol | pulumi.StringOutput | Protocol in use |
SslPolicy | pulumi.StringOutput | Active SSL policy name |
Default Action Types
| Type | Description |
|---|---|
forward | Forward traffic to one or more target groups |
redirect | Issue an HTTP redirect response |
fixed-response | Return a fixed HTTP response |
authenticate-cognito | Authenticate using Amazon Cognito |
authenticate-oidc | Authenticate using an OIDC-compatible IdP |
jwt-validation | Validate a JWT token |
Example — HTTPS Listener with Forward Action
_, err = lb.NewListener(ctx, "https", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(443),
Protocol: pulumi.String("HTTPS"),
SslPolicy: pulumi.String("ELBSecurityPolicy-2016-08"),
CertificateArn: pulumi.String("arn:aws:iam::187416307283:server-certificate/test_cert"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("forward"),
TargetGroupArn: targetGroup.Arn,
},
},
})Example — HTTP to HTTPS Redirect
_, err = lb.NewListener(ctx, "http-redirect", &lb.ListenerArgs{
LoadBalancerArn: frontEnd.Arn,
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
DefaultActions: lb.ListenerDefaultActionArray{
&lb.ListenerDefaultActionArgs{
Type: pulumi.String("redirect"),
Redirect: &lb.ListenerDefaultActionRedirectArgs{
Port: pulumi.String("443"),
Protocol: pulumi.String("HTTPS"),
StatusCode: pulumi.String("HTTP_301"),
},
},
},
})TargetGroup
Defines a group of targets that a load balancer routes requests to.
Constructor
func NewTargetGroup(
ctx *pulumi.Context,
name string,
args *lb.TargetGroupArgs,
opts ...pulumi.ResourceOption,
) (*lb.TargetGroup, error)Key TargetGroupArgs Fields
| Field | Type | Description |
|---|---|---|
Name | pulumi.StringPtrInput | Name (max 32 chars). Auto-generated if omitted |
NamePrefix | pulumi.StringPtrInput | Unique name prefix (max 6 chars). Conflicts with Name |
Port | pulumi.IntPtrInput | Port targets receive traffic on. Required for instance, ip, alb target types |
Protocol | pulumi.StringPtrInput | GENEVE, HTTP, HTTPS, TCP, TCP_UDP, TLS, UDP, QUIC, TCP_QUIC |
ProtocolVersion | pulumi.StringPtrInput | HTTP1 (default), HTTP2, GRPC. For HTTP/HTTPS protocols |
TargetType | pulumi.StringPtrInput | instance (default), ip, lambda, alb |
VpcId | pulumi.StringPtrInput | VPC ID. Required for instance, ip, alb target types |
HealthCheck | TargetGroupHealthCheckPtrInput | Health check configuration block |
Stickiness | TargetGroupStickinessPtrInput | Stickiness configuration block |
DeregistrationDelay | pulumi.IntPtrInput | Drain time before deregistering (0–3600). Default: 300 |
SlowStart | pulumi.IntPtrInput | Warm-up time (30–900 or 0 to disable). Default: 0 |
LoadBalancingAlgorithmType | pulumi.StringPtrInput | roundRobin (default), leastOutstandingRequests, weightedRandom. ALB only |
LambdaMultiValueHeadersEnabled | pulumi.BoolPtrInput | Enable multi-value headers for Lambda targets. Default: false |
ProxyProtocolV2 | pulumi.BoolPtrInput | Enable Proxy Protocol v2. NLB only. Default: false |
ConnectionTermination | pulumi.BoolPtrInput | Terminate connections at end of deregistration timeout. NLB only. Default: false |
IpAddressType | pulumi.StringPtrInput | ipv4 or ipv6. Only when TargetType is ip |
Tags | pulumi.StringMapInput | Resource tags |
TargetGroup Output Attributes
| Field | Type | Description |
|---|---|---|
Arn | pulumi.StringOutput | Target group ARN |
ArnSuffix | pulumi.StringOutput | ARN suffix for CloudWatch Metrics |
Name | pulumi.StringOutput | Target group name |
LoadBalancerArns | pulumi.StringArrayOutput | ARNs of associated load balancers |
Example — Instance Target Group
vpc, err := ec2.NewVpc(ctx, "main", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
})
tg, err := lb.NewTargetGroup(ctx, "app-tg", &lb.TargetGroupArgs{
Name: pulumi.String("app-tg"),
Port: pulumi.Int(80),
Protocol: pulumi.String("HTTP"),
VpcId: vpc.ID(),
HealthCheck: &lb.TargetGroupHealthCheckArgs{
Path: pulumi.String("/health"),
Protocol: pulumi.String("HTTP"),
Interval: pulumi.Int(30),
HealthyThreshold: pulumi.Int(3),
UnhealthyThreshold: pulumi.Int(3),
},
})Example — Lambda Target Group
tg, err := lb.NewTargetGroup(ctx, "lambda-tg", &lb.TargetGroupArgs{
Name: pulumi.String("lambda-tg"),
TargetType: pulumi.String("lambda"),
})TargetGroupAttachment
Registers a target (instance, IP address, Lambda function, or ALB) with a target group.
Constructor
func NewTargetGroupAttachment(
ctx *pulumi.Context,
name string,
args *lb.TargetGroupAttachmentArgs,
opts ...pulumi.ResourceOption,
) (*lb.TargetGroupAttachment, error)TargetGroupAttachmentArgs Fields
type TargetGroupAttachmentArgs struct {
// ARN of the target group. Required.
TargetGroupArn pulumi.StringInput
// Target ID: Instance ID, IP address, Lambda ARN, or ALB ARN. Required.
TargetId pulumi.StringInput
// Port the target receives traffic on. Optional for Lambda targets.
Port pulumi.IntPtrInput
// Availability Zone for the target IP. Use "all" for out-of-VPC IPs.
AvailabilityZone pulumi.StringPtrInput
// QUIC server ID (0x prefix + 16 hex chars). Required when TargetGroup protocol is QUIC or TCP_QUIC.
QuicServerId pulumi.StringPtrInput
// AWS region override.
Region pulumi.StringPtrInput
}Example — EC2 Instance Attachment
_, err = lb.NewTargetGroupAttachment(ctx, "attach", &lb.TargetGroupAttachmentArgs{
TargetGroupArn: tg.Arn,
TargetId: instance.ID(),
Port: pulumi.Int(80),
})Example — Lambda Function Attachment
_, err = lb.NewTargetGroupAttachment(ctx, "lambda-attach", &lb.TargetGroupAttachmentArgs{
TargetGroupArn: lambdaTg.Arn,
TargetId: fn.Arn,
}, pulumi.DependsOn([]pulumi.Resource{permission}))ListenerRule
Defines path-based or host-based routing rules for an ALB listener.
Constructor
func NewListenerRule(
ctx *pulumi.Context,
name string,
args *lb.ListenerRuleArgs,
opts ...pulumi.ResourceOption,
) (*lb.ListenerRule, error)Key ListenerRuleArgs Fields
| Field | Type | Description |
|---|---|---|
ListenerArn | pulumi.StringInput | Required. ARN of the listener |
Priority | pulumi.IntPtrInput | Rule priority (1–50000). Auto-assigned if omitted |
Actions | ListenerRuleActionArrayInput | Required. One or more action blocks |
Conditions | ListenerRuleConditionArrayInput | Required. One or more condition blocks |
Tags | pulumi.StringMapInput | Resource tags |
Transforms | ListenerRuleTransformArrayInput | Request transform blocks |
ListenerRule Output Attributes
| Field | Type | Description |
|---|---|---|
Arn | pulumi.StringOutput | Rule ARN |
Priority | pulumi.IntOutput | Assigned priority |
ListenerArn | pulumi.StringOutput | Parent listener ARN |
Package elb — Classic Elastic Load Balancer
Available Resources and Data Sources
// Resources
NewAppCookieStickinessPolicy(ctx, name, args, opts) (*AppCookieStickinessPolicy, error)
NewAttachment(ctx, name, args, opts) (*Attachment, error)
NewListenerPolicy(ctx, name, args, opts) (*ListenerPolicy, error)
NewLoadBalancer(ctx, name, args, opts) (*LoadBalancer, error)
NewLoadBalancerBackendServerPolicy(ctx, name, args, opts) (*LoadBalancerBackendServerPolicy, error)
NewLoadBalancerCookieStickinessPolicy(ctx, name, args, opts) (*LoadBalancerCookieStickinessPolicy, error)
NewLoadBalancerPolicy(ctx, name, args, opts) (*LoadBalancerPolicy, error)
NewSslNegotiationPolicy(ctx, name, args, opts) (*SslNegotiationPolicy, error)
// Data Sources
GetAppCookieStickinessPolicy(ctx, name, id, state, opts) (*AppCookieStickinessPolicy, error)
GetAttachment(ctx, name, id, state, opts) (*Attachment, error)
GetHostedZoneId(ctx, args, opts) (*GetHostedZoneIdResult, error)
GetHostedZoneIdOutput(ctx, args, opts) GetHostedZoneIdResultOutput
GetListenerPolicy(ctx, name, id, state, opts) (*ListenerPolicy, error)
GetLoadBalancer(ctx, name, id, state, opts) (*LoadBalancer, error)
GetLoadBalancerBackendServerPolicy(ctx, name, id, state, opts) (*LoadBalancerBackendServerPolicy, error)
GetLoadBalancerCookieStickinessPolicy(ctx, name, id, state, opts) (*LoadBalancerCookieStickinessPolicy, error)
GetLoadBalancerPolicy(ctx, name, id, state, opts) (*LoadBalancerPolicy, error)
GetServiceAccount(ctx, args, opts) (*GetServiceAccountResult, error)
GetServiceAccountOutput(ctx, args, opts) GetServiceAccountResultOutput
GetSslNegotiationPolicy(ctx, name, id, state, opts) (*SslNegotiationPolicy, error)Import
import "github.com/pulumi/pulumi-aws/sdk/v7/go/aws/elb"Example — Classic ELB
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/elb"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
_, err := elb.NewLoadBalancer(ctx, "classic", &elb.LoadBalancerArgs{
Name: pulumi.String("foobar-elb"),
AvailabilityZones: pulumi.StringArray{
pulumi.String("us-east-1c"),
},
Listeners: elb.LoadBalancerListenerArray{
&elb.LoadBalancerListenerArgs{
InstancePort: pulumi.Int(80),
InstanceProtocol: pulumi.String("http"),
LbPort: pulumi.Int(80),
LbProtocol: pulumi.String("http"),
},
},
})Import
Load balancers are imported using their ARN:
pulumi import aws_lb.bar arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188Listeners are imported using their ARN:
pulumi import aws_lb_listener.front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96Target groups are imported using their ARN:
pulumi import aws_lb_target_group.app_front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:targetgroup/app-front-end/20cfe21448b66314Install with Tessl CLI
npx tessl i tessl/golang-github-com-pulumi-pulumi-aws-sdk-v7docs