AWS::ElasticLoadBalancingV2::Listener - AWS CloudFormation


Specifies a listener for an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::ElasticLoadBalancingV2::Listener", "Properties" : { "AlpnPolicy" : [ String, ... ], "Certificates" : [ Certificate, ... ], "DefaultActions" : [ Action, ... ], "LoadBalancerArn" : String, "MutualAuthentication" : MutualAuthentication, "Port" : Integer, "Protocol" : String, "SslPolicy" : String } }


Type: AWS::ElasticLoadBalancingV2::Listener Properties: AlpnPolicy: - String Certificates: - Certificate DefaultActions: - Action LoadBalancerArn: String MutualAuthentication: MutualAuthentication Port: Integer Protocol: String SslPolicy: String



[TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.

Required: No

Type: Array of String

Update requires: No interruption


The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS.

To create a certificate list for a secure listener, use AWS::ElasticLoadBalancingV2::ListenerCertificate.

Required: Conditional

Type: Array of Certificate

Update requires: No interruption


The actions for the default rule. You cannot define a condition for a default rule.

To create additional rules for an Application Load Balancer, use AWS::ElasticLoadBalancingV2::ListenerRule.

Required: Yes

Type: Array of Action

Update requires: No interruption


The Amazon Resource Name (ARN) of the load balancer.

Required: Yes

Type: String

Update requires: Replacement


The mutual authentication configuration information.

Required: No

Type: MutualAuthentication

Update requires: No interruption


The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.

Required: No

Type: Integer

Minimum: 1

Maximum: 65535

Update requires: No interruption


The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.

Required: No

Type: String

Allowed values: HTTP | HTTPS | TCP | TLS | UDP | TCP_UDP | GENEVE

Update requires: No interruption


[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported.

Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic.

For more information, see Security policies in the Application Load Balancers Guide and Security policies in the Network Load Balancers Guide.

Required: No

Type: String

Update requires: Some interruptions

Return values


When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN) of the listener.

For more information about using the Ref function, see Ref.


The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The Amazon Resource Name (ARN) of the listener.


The following example creates a listener with a default action that redirects HTTP requests on port 80 to HTTPS requests on port 443, retaining the original host name, path, and query string.


HTTPlistener: Type: "AWS::ElasticLoadBalancingV2::Listener" Properties: DefaultActions: - Type: "redirect" RedirectConfig: Protocol: "HTTPS" Port: 443 Host: "#{host}" Path: "/#{path}" Query: "#{query}" StatusCode: "HTTP_301" LoadBalancerArn: !Ref myLoadBalancer Port: 80 Protocol: "HTTP"


"HTTPlistener": { "Type": "AWS::ElasticLoadBalancingV2::Listener", "Properties": { "DefaultActions": [ { "Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": 443, "Host": "#{host}", "Path": "/#{path}", "Query": "#{query}", "StatusCode": "HTTP_301" } } ], "LoadBalancerArn": { "Ref": "myLoadBalancer" }, "Port": 80, "Protocol": "HTTP" } }

See also

  • CreateListener in the Elastic Load Balancing API Reference (version 2015-12-01)

  • Listeners in the User Guide for Application Load Balancers

  • Listeners in the User Guide for Network Load Balancers

  • Listeners in the User Guide for Gateway Load Balancers