class ApplicationLoadBalancer (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.ElasticLoadBalancingV2.ApplicationLoadBalancer |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awselasticloadbalancingv2#ApplicationLoadBalancer |
 Java | software.amazon.awscdk.services.elasticloadbalancingv2.ApplicationLoadBalancer |
 Python | aws_cdk.aws_elasticloadbalancingv2.ApplicationLoadBalancer |
 TypeScript (source) | aws-cdk-lib » aws_elasticloadbalancingv2 » ApplicationLoadBalancer |
Implements
IConstruct, IDependable, IResource, IApplication, ILoad, IConnectable
Define an Application Load Balancer.
Example
import { AutoScalingGroup } from 'aws-cdk-lib/aws-autoscaling';
declare const asg: AutoScalingGroup;
declare const vpc: ec2.Vpc;
// Create the load balancer in a VPC. 'internetFacing' is 'false'
// by default, which creates an internal load balancer.
const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', {
vpc,
internetFacing: true
});
// Add a listener and open up the load balancer's security group
// to the world.
const listener = lb.addListener('Listener', {
port: 80,
// 'open: true' is the default, you can leave it out if you want. Set it
// to 'false' and use `listener.connections` if you want to be selective
// about who can access the load balancer.
open: true,
});
// Create an AutoScaling group and add it as a load balancing
// target to the listener.
listener.addTargets('ApplicationFleet', {
port: 8080,
targets: [asg]
});
Initializer
new ApplicationLoadBalancer(scope: Construct, id: string, props: ApplicationLoadBalancerProps)
Parameters
- scope
Construct - id
string - props
ApplicationLoad Balancer Props
Construct Props
| Name | Type | Description |
|---|---|---|
| vpc | IVpc | The VPC network to place the load balancer in. |
| client | Duration | The client keep alive duration. |
| cross | boolean | Indicates whether cross-zone load balancing is enabled. |
| deletion | boolean | Indicates whether deletion protection is enabled. |
| deny | boolean | Indicates whether the load balancer blocks traffic through the Internet Gateway (IGW). |
| desync | Desync | Determines how the load balancer handles requests that might pose a security risk to your application. |
| drop | boolean | Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). |
| http2 | boolean | Indicates whether HTTP/2 is enabled. |
| idle | Duration | The load balancer idle timeout, in seconds. |
| internet | boolean | Whether the load balancer has an internet-routable address. |
| ip | Ip | The type of IP addresses to use. |
| load | string | Name of the load balancer. |
| preserve | boolean | Indicates whether the Application Load Balancer should preserve the host header in the HTTP request and send it to the target without any change. |
| preserve | boolean | Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. |
| security | ISecurity | Security group to associate with this load balancer. |
| vpc | Subnet | Which subnets place the load balancer in. |
| waf | boolean | Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. |
| x | boolean | Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. |
| xff | Xff | Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target. |
vpc
Type:
IVpc
The VPC network to place the load balancer in.
clientKeepAlive?
Type:
Duration
(optional, default: Duration.seconds(3600))
The client keep alive duration.
The valid range is 60 to 604800 seconds (1 minute to 7 days).
crossZoneEnabled?
Type:
boolean
(optional, default: false for Network Load Balancers and true for Application Load Balancers.
This can not be false for Application Load Balancers.)
Indicates whether cross-zone load balancing is enabled.
deletionProtection?
Type:
boolean
(optional, default: false)
Indicates whether deletion protection is enabled.
denyAllIgwTraffic?
Type:
boolean
(optional, default: false for internet-facing load balancers and true for internal load balancers)
Indicates whether the load balancer blocks traffic through the Internet Gateway (IGW).
desyncMitigationMode?
Type:
Desync
(optional, default: DesyncMitigationMode.DEFENSIVE)
Determines how the load balancer handles requests that might pose a security risk to your application.
dropInvalidHeaderFields?
Type:
boolean
(optional, default: false)
Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false).
http2Enabled?
Type:
boolean
(optional, default: true)
Indicates whether HTTP/2 is enabled.
idleTimeout?
Type:
Duration
(optional, default: 60)
The load balancer idle timeout, in seconds.
internetFacing?
Type:
boolean
(optional, default: false)
Whether the load balancer has an internet-routable address.
ipAddressType?
Type:
Ip
(optional, default: IpAddressType.IPV4)
The type of IP addresses to use.
loadBalancerName?
Type:
string
(optional, default: Automatically generated name.)
Name of the load balancer.
preserveHostHeader?
Type:
boolean
(optional, default: false)
Indicates whether the Application Load Balancer should preserve the host header in the HTTP request and send it to the target without any change.
preserveXffClientPort?
Type:
boolean
(optional, default: false)
Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer.
securityGroup?
Type:
ISecurity
(optional, default: A security group is created)
Security group to associate with this load balancer.
vpcSubnets?
Type:
Subnet
(optional, default: the Vpc default strategy.)
Which subnets place the load balancer in.
wafFailOpen?
Type:
boolean
(optional, default: false)
Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
xAmznTlsVersionAndCipherSuiteHeaders?
Type:
boolean
(optional, default: false)
Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target.
The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client.
Both headers are in OpenSSL format.
xffHeaderProcessingMode?
Type:
Xff
(optional, default: XffHeaderProcessingMode.APPEND)
Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target.
Properties
| Name | Type | Description |
|---|---|---|
| connections | Connections | The network connections associated with this resource. |
| env | Resource | The environment this resource belongs to. |
| listeners | Application[] | A list of listeners that have been added to the load balancer. |
| load | string | The ARN of this load balancer. |
| load | string | The canonical hosted zone ID of this load balancer. |
| load | string | The DNS name of this load balancer. |
| load | string | The full name of this load balancer. |
| load | string | The name of this load balancer. |
| load | string[] | |
| metrics | IApplication | All metrics available for this load balancer. |
| node | Node | The tree node. |
| stack | Stack | The stack in which this resource is defined. |
| ip | Ip | The IP Address Type for this load balancer. |
| vpc? | IVpc | The VPC this load balancer has been created in. |
connections
Type:
Connections
The network connections associated with this resource.
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
listeners
Type:
Application[]
A list of listeners that have been added to the load balancer.
This list is only valid for owned constructs.
loadBalancerArn
Type:
string
The ARN of this load balancer.
Example value: arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-internal-load-balancer/50dc6c495c0c9188
loadBalancerCanonicalHostedZoneId
Type:
string
The canonical hosted zone ID of this load balancer.
Example value: Z2P70J7EXAMPLE
loadBalancerDnsName
Type:
string
The DNS name of this load balancer.
Example value: my-load-balancer-424835706.us-west-2.elb.amazonaws.com
loadBalancerFullName
Type:
string
The full name of this load balancer.
Example value: app/my-load-balancer/50dc6c495c0c9188
loadBalancerName
Type:
string
The name of this load balancer.
Example value: my-load-balancer
loadBalancerSecurityGroups
Type:
string[]
metrics
Type:
IApplication
All metrics available for this load balancer.
node
Type:
Node
The tree node.
stack
Type:
Stack
The stack in which this resource is defined.
ipAddressType?
Type:
Ip
(optional)
The IP Address Type for this load balancer.
vpc?
Type:
IVpc
(optional)
The VPC this load balancer has been created in.
This property is always defined (not null or undefined) for sub-classes of BaseLoadBalancer.
Methods
| Name | Description |
|---|---|
| add | Add a new listener to this load balancer. |
| add | Add a redirection listener to this load balancer. |
| add | Add a security group to this load balancer. |
| apply | Apply the given removal policy to this resource. |
| log | Enable access logging for this load balancer. |
| log | Enable connection logging for this load balancer. |
| metric(metricName, props?) | Return the given named metric for this Application Load Balancer. |
| metric | The total number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets. |
| metric | The number of TLS connections initiated by the client that did not establish a session with the load balancer. |
| metric | The number of load balancer capacity units (LCU) used by your load balancer. |
| metric | The number of user authentications that could not be completed. |
| metric | The number of user authentications that could not be completed because the IdP denied access to the user or an authorization code was used more than once. |
| metric | The time elapsed, in milliseconds, to query the IdP for the ID token and user info. |
| metric | The number of authenticate actions that were successful. |
| metric | The number of HTTP 3xx/4xx/5xx codes that originate from the load balancer. |
| metric | The number of HTTP 2xx/3xx/4xx/5xx response codes generated by all targets in the load balancer. |
| metric | The number of fixed-response actions that were successful. |
| metric | The number of redirect actions that were successful. |
| metric | The number of redirect actions that couldn't be completed because the URL in the response location header is larger than 8K. |
| metric | The total number of bytes processed by the load balancer over IPv6. |
| metric | The number of IPv6 requests received by the load balancer. |
| metric | The total number of new TCP connections established from clients to the load balancer and from the load balancer to targets. |
| metric | The total number of bytes processed by the load balancer over IPv4 and IPv6. |
| metric | The number of connections that were rejected because the load balancer had reached its maximum number of connections. |
| metric | The number of requests processed over IPv4 and IPv6. |
| metric | The number of rules processed by the load balancer given a request rate averaged over an hour. |
| metric | The number of connections that were not successfully established between the load balancer and target. |
| metric | The time elapsed, in seconds, after the request leaves the load balancer until a response from the target is received. |
| metric | The number of TLS connections initiated by the load balancer that did not establish a session with the target. |
| remove | Remove an attribute from the load balancer. |
| set | Set a non-standard attribute on the load balancer. |
| to | Returns a string representation of this construct. |
| static from | Import an existing Application Load Balancer. |
| static from | Look up an application load balancer. |
addListener(id, props)
public addListener(id: string, props: BaseApplicationListenerProps): ApplicationListener
Parameters
- id
string - props
BaseApplication Listener Props
Returns
Add a new listener to this load balancer.
addRedirect(props?)
public addRedirect(props?: ApplicationLoadBalancerRedirectConfig): ApplicationListener
Parameters
Returns
Add a redirection listener to this load balancer.
addSecurityGroup(securityGroup)
public addSecurityGroup(securityGroup: ISecurityGroup): void
Parameters
- securityGroup
ISecurityGroup
Add a security group to this load balancer.
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
logAccessLogs(bucket, prefix?)
public logAccessLogs(bucket: IBucket, prefix?: string): void
Parameters
- bucket
IBucket - prefix
string
Enable access logging for this load balancer.
A region must be specified on the stack containing the load balancer; you cannot enable logging on environment-agnostic stacks. See https://docs.aws.amazon.com/cdk/latest/guide/environments.html
logConnectionLogs(bucket, prefix?)
public logConnectionLogs(bucket: IBucket, prefix?: string): void
Parameters
- bucket
IBucket - prefix
string
Enable connection logging for this load balancer.
A region must be specified on the stack containing the load balancer; you cannot enable logging on environment-agnostic stacks.
See also: https://docs.aws.amazon.com/cdk/latest/guide/environments.html
metric(metricName, props?)
public metric(metricName: string, props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.custom instead
Parameters
- metricName
string - props
MetricOptions
Returns
Return the given named metric for this Application Load Balancer.
metricActiveConnectionCount(props?)
public metricActiveConnectionCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.activeConnectionCount instead
Parameters
- props
MetricOptions
Returns
The total number of concurrent TCP connections active from clients to the load balancer and from the load balancer to targets.
metricClientTlsNegotiationErrorCount(props?)
public metricClientTlsNegotiationErrorCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.clientTlsNegotiationErrorCount instead
Parameters
- props
MetricOptions
Returns
The number of TLS connections initiated by the client that did not establish a session with the load balancer.
Possible causes include a mismatch of ciphers or protocols.
metricConsumedLCUs(props?)
public metricConsumedLCUs(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.consumedLCUs instead
Parameters
- props
MetricOptions
Returns
The number of load balancer capacity units (LCU) used by your load balancer.
metricElbAuthError(props?)
public metricElbAuthError(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.elbAuthError instead
Parameters
- props
MetricOptions
Returns
The number of user authentications that could not be completed.
Because an authenticate action was misconfigured, the load balancer couldn't establish a connection with the IdP, or the load balancer couldn't complete the authentication flow due to an internal error.
metricElbAuthFailure(props?)
public metricElbAuthFailure(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.elbAuthFailure instead
Parameters
- props
MetricOptions
Returns
The number of user authentications that could not be completed because the IdP denied access to the user or an authorization code was used more than once.
metricElbAuthLatency(props?)
public metricElbAuthLatency(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.elbAuthLatency instead
Parameters
- props
MetricOptions
Returns
The time elapsed, in milliseconds, to query the IdP for the ID token and user info.
If one or more of these operations fail, this is the time to failure.
metricElbAuthSuccess(props?)
public metricElbAuthSuccess(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.elbAuthSuccess instead
Parameters
- props
MetricOptions
Returns
The number of authenticate actions that were successful.
This metric is incremented at the end of the authentication workflow, after the load balancer has retrieved the user claims from the IdP.
metricHttpCodeElb(code, props?)
public metricHttpCodeElb(code: HttpCodeElb, props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.httpCodeElb instead
Parameters
- code
HttpCode Elb - props
MetricOptions
Returns
The number of HTTP 3xx/4xx/5xx codes that originate from the load balancer.
This does not include any response codes generated by the targets.
metricHttpCodeTarget(code, props?)
public metricHttpCodeTarget(code: HttpCodeTarget, props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.httpCodeTarget instead
Parameters
- code
HttpCode Target - props
MetricOptions
Returns
The number of HTTP 2xx/3xx/4xx/5xx response codes generated by all targets in the load balancer.
This does not include any response codes generated by the load balancer.
metricHttpFixedResponseCount(props?)
public metricHttpFixedResponseCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.httpFixedResponseCount instead
Parameters
- props
MetricOptions
Returns
The number of fixed-response actions that were successful.
metricHttpRedirectCount(props?)
public metricHttpRedirectCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.httpRedirectCount instead
Parameters
- props
MetricOptions
Returns
The number of redirect actions that were successful.
metricHttpRedirectUrlLimitExceededCount(props?)
public metricHttpRedirectUrlLimitExceededCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.httpRedirectUrlLimitExceededCount instead
Parameters
- props
MetricOptions
Returns
The number of redirect actions that couldn't be completed because the URL in the response location header is larger than 8K.
metricIpv6ProcessedBytes(props?)
public metricIpv6ProcessedBytes(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.ipv6ProcessedBytes instead
Parameters
- props
MetricOptions
Returns
The total number of bytes processed by the load balancer over IPv6.
metricIpv6RequestCount(props?)
public metricIpv6RequestCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.ipv6RequestCount instead
Parameters
- props
MetricOptions
Returns
The number of IPv6 requests received by the load balancer.
metricNewConnectionCount(props?)
public metricNewConnectionCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.newConnectionCount instead
Parameters
- props
MetricOptions
Returns
The total number of new TCP connections established from clients to the load balancer and from the load balancer to targets.
metricProcessedBytes(props?)
public metricProcessedBytes(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.processedBytes instead
Parameters
- props
MetricOptions
Returns
The total number of bytes processed by the load balancer over IPv4 and IPv6.
metricRejectedConnectionCount(props?)
public metricRejectedConnectionCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.rejectedConnectionCount instead
Parameters
- props
MetricOptions
Returns
The number of connections that were rejected because the load balancer had reached its maximum number of connections.
metricRequestCount(props?)
public metricRequestCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.requestCount instead
Parameters
- props
MetricOptions
Returns
The number of requests processed over IPv4 and IPv6.
This count includes only the requests with a response generated by a target of the load balancer.
metricRuleEvaluations(props?)
public metricRuleEvaluations(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.ruleEvaluations instead
Parameters
- props
MetricOptions
Returns
The number of rules processed by the load balancer given a request rate averaged over an hour.
metricTargetConnectionErrorCount(props?)
public metricTargetConnectionErrorCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.targetConnectionErrorCount instead
Parameters
- props
MetricOptions
Returns
The number of connections that were not successfully established between the load balancer and target.
metricTargetResponseTime(props?)
public metricTargetResponseTime(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.targetResponseTime instead
Parameters
- props
MetricOptions
Returns
The time elapsed, in seconds, after the request leaves the load balancer until a response from the target is received.
metricTargetTLSNegotiationErrorCount(props?)
public metricTargetTLSNegotiationErrorCount(props?: MetricOptions): Metric
⚠️ Deprecated: Use ApplicationLoadBalancer.metrics.targetTLSNegotiationErrorCount instead
Parameters
- props
MetricOptions
Returns
The number of TLS connections initiated by the load balancer that did not establish a session with the target.
Possible causes include a mismatch of ciphers or protocols.
removeAttribute(key)
public removeAttribute(key: string): void
Parameters
- key
string
Remove an attribute from the load balancer.
setAttribute(key, value?)
public setAttribute(key: string, value?: string): void
Parameters
- key
string - value
string
Set a non-standard attribute on the load balancer.
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromApplicationLoadBalancerAttributes(scope, id, attrs)
public static fromApplicationLoadBalancerAttributes(scope: Construct, id: string, attrs: ApplicationLoadBalancerAttributes): IApplicationLoadBalancer
Parameters
- scope
Construct - id
string - attrs
ApplicationLoad Balancer Attributes
Returns
Import an existing Application Load Balancer.
static fromLookup(scope, id, options)
public static fromLookup(scope: Construct, id: string, options: ApplicationLoadBalancerLookupOptions): IApplicationLoadBalancer
Parameters
- scope
Construct - id
string - options
ApplicationLoad Balancer Lookup Options
Returns
Look up an application load balancer.