AWS CloudFormation
User Guide (Version )

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.


Specifies a listener for an Application Load Balancer or Network Load Balancer.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::ElasticLoadBalancingV2::Listener", "Properties" : { "Certificates" : [ Certificate, ... ], "DefaultActions" : [ Action, ... ], "LoadBalancerArn" : String, "Port" : Integer, "Protocol" : String, "SslPolicy" : String } }


Type: AWS::ElasticLoadBalancingV2::Listener Properties: Certificates: - Certificate DefaultActions: - Action LoadBalancerArn: String Port: Integer Protocol: String SslPolicy: String



The default SSL server certificate. You must provide exactly one certificate if the listener protocol is HTTPS or TLS.

To create a certificate list for the listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.

Required: Conditional

Type: List of Certificate

Update requires: No interruption


The actions for the default rule.

Required: Yes

Type: List of Action

Update requires: No interruption


The Amazon Resource Name (ARN) of the load balancer.

Required: Yes

Type: String

Update requires: Replacement


The port on which the load balancer is listening.

Required: Yes

Type: Integer

Minimum: 1

Maximum: 65535

Update requires: No interruption


The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP.

Required: Yes

Type: String

Allowed Values: HTTP | HTTPS | TCP | TCP_UDP | TLS | UDP

Update requires: No interruption


[HTTPS and TLS listeners] The security policy that defines which ciphers and protocols are supported. The default is the current predefined security policy.

Required: No

Type: String

Update requires: No interruption

Return Values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN) of the listener.

For more information about using the Ref function, see Ref.


The following example creates a listener with a default action that redirects HTTP requests on port 80 to HTTPS requests on port 443, retaining the original host name, path, and query string.


HTTPlistener: Type: "AWS::ElasticLoadBalancingV2::Listener" Properties: DefaultActions: - Type: "redirect" RedirectConfig: Protocol: "HTTPS" Port: "443" Host: "#{host}" Path: "/#{path}" Query: "#{query}" StatusCode: "HTTP_301" LoadBalancerArn: !Ref myLoadBalancer Port: 80 Protocol: "HTTP"


"HTTPlistener": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "DefaultActions": [ { "Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "Host": "#{host}", "Path": "/#{path}", "Query": "#{query}", "StatusCode": "HTTP_301" } } ], "LoadBalancerArn": { "Ref": "myLoadBalancer" }, "Port": 80, "Protocol": "HTTP" } }

See Also

  • CreateListener in the Elastic Load Balancing API Reference (version 2015-12-01)

  • Listeners in the User Guide for Application Load Balancers

  • Listeners in the User Guide for Network Load Balancers