listeners

Creates, updates, deletes or gets a listener resource or lists listeners in a region

Overview

Name	`listeners`
Type	Resource
Description	Specifies a listener for an Application Load Balancer, Network Load Balancer, or Gateway Load Balancer.
Id	`aws.elasticloadbalancingv2.listeners`

Fields

Name	Datatype	Description
`listener_arn`	`string`
`mutual_authentication`	`object`	The mutual authentication configuration information.
`alpn_policy`	`array`	[TLS listener] The name of the Application-Layer Protocol Negotiation (ALPN) policy.
`ssl_policy`	`string`	[HTTPS and TLS listeners] The security policy that defines which protocols and ciphers are supported. Updating the security policy can result in interruptions if the load balancer is handling a high volume of traffic. For more information, see [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies) in the Application Load Balancers Guide and [Security policies](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html#describe-ssl-policies) in the Network Load Balancers Guide.
`load_balancer_arn`	`string`	The Amazon Resource Name (ARN) of the load balancer.
`default_actions`	`array`	The actions for the default rule. You cannot define a condition for a default rule. To create additional rules for an Application Load Balancer, use [AWS::ElasticLoadBalancingV2::ListenerRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html).
`port`	`integer`	The port on which the load balancer is listening. You cannot specify a port for a Gateway Load Balancer.
`certificates`	`array`	The default SSL server certificate for a secure listener. You must provide exactly one certificate if the listener protocol is HTTPS or TLS. To create a certificate list for a secure listener, use [AWS::ElasticLoadBalancingV2::ListenerCertificate](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenercertificate.html).
`protocol`	`string`	The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You cannot specify a protocol for a Gateway Load Balancer.
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`LoadBalancerArn, DefaultActions, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all listeners in a region.

SELECT
region,
listener_arn,
mutual_authentication,
alpn_policy,
ssl_policy,
load_balancer_arn,
default_actions,
port,
certificates,
protocol
FROM aws.elasticloadbalancingv2.listeners
WHERE region = 'us-east-1';

Gets all properties from an individual listener.

SELECT
region,
listener_arn,
mutual_authentication,
alpn_policy,
ssl_policy,
load_balancer_arn,
default_actions,
port,
certificates,
protocol
FROM aws.elasticloadbalancingv2.listeners
WHERE region = 'us-east-1' AND data__Identifier = '<ListenerArn>';

`INSERT` example

Use the following StackQL query and manifest file to create a new listener resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.elasticloadbalancingv2.listeners (
 LoadBalancerArn,
 DefaultActions,
 region
)
SELECT 
'{{ LoadBalancerArn }}',
 '{{ DefaultActions }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.elasticloadbalancingv2.listeners (
 MutualAuthentication,
 AlpnPolicy,
 SslPolicy,
 LoadBalancerArn,
 DefaultActions,
 Port,
 Certificates,
 Protocol,
 region
)
SELECT 
 '{{ MutualAuthentication }}',
 '{{ AlpnPolicy }}',
 '{{ SslPolicy }}',
 '{{ LoadBalancerArn }}',
 '{{ DefaultActions }}',
 '{{ Port }}',
 '{{ Certificates }}',
 '{{ Protocol }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: listener
    props:
      - name: MutualAuthentication
        value:
          IgnoreClientCertificateExpiry: '{{ IgnoreClientCertificateExpiry }}'
          Mode: '{{ Mode }}'
          TrustStoreArn: '{{ TrustStoreArn }}'
      - name: AlpnPolicy
        value:
          - '{{ AlpnPolicy[0] }}'
      - name: SslPolicy
        value: '{{ SslPolicy }}'
      - name: LoadBalancerArn
        value: '{{ LoadBalancerArn }}'
      - name: DefaultActions
        value:
          - Order: '{{ Order }}'
            TargetGroupArn: '{{ TargetGroupArn }}'
            FixedResponseConfig:
              ContentType: '{{ ContentType }}'
              StatusCode: '{{ StatusCode }}'
              MessageBody: '{{ MessageBody }}'
            AuthenticateCognitoConfig:
              OnUnauthenticatedRequest: '{{ OnUnauthenticatedRequest }}'
              UserPoolClientId: '{{ UserPoolClientId }}'
              UserPoolDomain: '{{ UserPoolDomain }}'
              SessionTimeout: '{{ SessionTimeout }}'
              Scope: '{{ Scope }}'
              SessionCookieName: '{{ SessionCookieName }}'
              UserPoolArn: '{{ UserPoolArn }}'
              AuthenticationRequestExtraParams: {}
            Type: '{{ Type }}'
            RedirectConfig:
              Path: '{{ Path }}'
              Query: '{{ Query }}'
              Port: '{{ Port }}'
              Host: '{{ Host }}'
              Protocol: '{{ Protocol }}'
              StatusCode: '{{ StatusCode }}'
            ForwardConfig:
              TargetGroupStickinessConfig:
                Enabled: '{{ Enabled }}'
                DurationSeconds: '{{ DurationSeconds }}'
              TargetGroups:
                - TargetGroupArn: '{{ TargetGroupArn }}'
                  Weight: '{{ Weight }}'
            AuthenticateOidcConfig:
              OnUnauthenticatedRequest: '{{ OnUnauthenticatedRequest }}'
              TokenEndpoint: '{{ TokenEndpoint }}'
              SessionTimeout: '{{ SessionTimeout }}'
              Scope: '{{ Scope }}'
              Issuer: '{{ Issuer }}'
              ClientSecret: '{{ ClientSecret }}'
              UserInfoEndpoint: '{{ UserInfoEndpoint }}'
              ClientId: '{{ ClientId }}'
              AuthorizationEndpoint: '{{ AuthorizationEndpoint }}'
              SessionCookieName: '{{ SessionCookieName }}'
              UseExistingClientSecret: '{{ UseExistingClientSecret }}'
              AuthenticationRequestExtraParams: {}
      - name: Port
        value: '{{ Port }}'
      - name: Certificates
        value:
          - CertificateArn: '{{ CertificateArn }}'
      - name: Protocol
        value: '{{ Protocol }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.elasticloadbalancingv2.listeners
WHERE data__Identifier = '<ListenerArn>'
AND region = 'us-east-1';

Permissions

To operate on the listeners resource, the following permissions are required:

Read

elasticloadbalancing:DescribeListeners

Create

elasticloadbalancing:CreateListener,
elasticloadbalancing:DescribeListeners,
cognito-idp:DescribeUserPoolClient

Update

elasticloadbalancing:ModifyListener,
elasticloadbalancing:DescribeListeners,
cognito-idp:DescribeUserPoolClient

List

elasticloadbalancing:DescribeListeners

Delete

elasticloadbalancing:DeleteListener,
elasticloadbalancing:DescribeListeners

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Read​

Create​

Update​

List​

Delete​