diff --git a/awsx/package.json b/awsx/package.json index 86001136b..e8be109ae 100644 --- a/awsx/package.json +++ b/awsx/package.json @@ -25,7 +25,7 @@ }, "//": "Pulumi sub-provider dependencies must be pinned at an exact version because we extract this value to generate the correct dependency in the schema", "dependencies": { - "@pulumi/aws": "6.66.3", + "@pulumi/aws": "6.67.0", "@pulumi/docker": "4.6.0", "@pulumi/docker-build": "0.0.8", "@pulumi/pulumi": "3.144.1", diff --git a/awsx/schema-types.ts b/awsx/schema-types.ts index 4ee53dd10..2f02bdc56 100644 --- a/awsx/schema-types.ts +++ b/awsx/schema-types.ts @@ -1084,6 +1084,25 @@ export interface ListenerInputs { readonly mutualAuthentication?: pulumi.Input; readonly port?: pulumi.Input; readonly protocol?: pulumi.Input; + readonly routingHttpRequestXAmznMtlsClientcertHeaderName?: pulumi.Input; + readonly routingHttpRequestXAmznMtlsClientcertIssuerHeaderName?: pulumi.Input; + readonly routingHttpRequestXAmznMtlsClientcertLeafHeaderName?: pulumi.Input; + readonly routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName?: pulumi.Input; + readonly routingHttpRequestXAmznMtlsClientcertSubjectHeaderName?: pulumi.Input; + readonly routingHttpRequestXAmznMtlsClientcertValidityHeaderName?: pulumi.Input; + readonly routingHttpRequestXAmznTlsCipherSuiteHeaderName?: pulumi.Input; + readonly routingHttpRequestXAmznTlsVersionHeaderName?: pulumi.Input; + readonly routingHttpResponseAccessControlAllowCredentialsHeaderValue?: pulumi.Input; + readonly routingHttpResponseAccessControlAllowHeadersHeaderValue?: pulumi.Input; + readonly routingHttpResponseAccessControlAllowMethodsHeaderValue?: pulumi.Input; + readonly routingHttpResponseAccessControlAllowOriginHeaderValue?: pulumi.Input; + readonly routingHttpResponseAccessControlExposeHeadersHeaderValue?: pulumi.Input; + readonly routingHttpResponseAccessControlMaxAgeHeaderValue?: pulumi.Input; + readonly routingHttpResponseContentSecurityPolicyHeaderValue?: pulumi.Input; + readonly routingHttpResponseServerEnabled?: pulumi.Input; + readonly routingHttpResponseStrictTransportSecurityHeaderValue?: pulumi.Input; + readonly routingHttpResponseXContentTypeOptionsHeaderValue?: pulumi.Input; + readonly routingHttpResponseXFrameOptionsHeaderValue?: pulumi.Input; readonly sslPolicy?: pulumi.Input; readonly tags?: pulumi.Input>>; readonly tcpIdleTimeoutSeconds?: pulumi.Input; @@ -1095,6 +1114,25 @@ export interface ListenerOutputs { readonly mutualAuthentication?: pulumi.Output; readonly port?: pulumi.Output; readonly protocol?: pulumi.Output; + readonly routingHttpRequestXAmznMtlsClientcertHeaderName?: pulumi.Output; + readonly routingHttpRequestXAmznMtlsClientcertIssuerHeaderName?: pulumi.Output; + readonly routingHttpRequestXAmznMtlsClientcertLeafHeaderName?: pulumi.Output; + readonly routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName?: pulumi.Output; + readonly routingHttpRequestXAmznMtlsClientcertSubjectHeaderName?: pulumi.Output; + readonly routingHttpRequestXAmznMtlsClientcertValidityHeaderName?: pulumi.Output; + readonly routingHttpRequestXAmznTlsCipherSuiteHeaderName?: pulumi.Output; + readonly routingHttpRequestXAmznTlsVersionHeaderName?: pulumi.Output; + readonly routingHttpResponseAccessControlAllowCredentialsHeaderValue?: pulumi.Output; + readonly routingHttpResponseAccessControlAllowHeadersHeaderValue?: pulumi.Output; + readonly routingHttpResponseAccessControlAllowMethodsHeaderValue?: pulumi.Output; + readonly routingHttpResponseAccessControlAllowOriginHeaderValue?: pulumi.Output; + readonly routingHttpResponseAccessControlExposeHeadersHeaderValue?: pulumi.Output; + readonly routingHttpResponseAccessControlMaxAgeHeaderValue?: pulumi.Output; + readonly routingHttpResponseContentSecurityPolicyHeaderValue?: pulumi.Output; + readonly routingHttpResponseServerEnabled?: pulumi.Output; + readonly routingHttpResponseStrictTransportSecurityHeaderValue?: pulumi.Output; + readonly routingHttpResponseXContentTypeOptionsHeaderValue?: pulumi.Output; + readonly routingHttpResponseXFrameOptionsHeaderValue?: pulumi.Output; readonly sslPolicy?: pulumi.Output; readonly tags?: pulumi.Output>; readonly tcpIdleTimeoutSeconds?: pulumi.Output; diff --git a/awsx/yarn.lock b/awsx/yarn.lock index 4416de380..52751fd77 100644 --- a/awsx/yarn.lock +++ b/awsx/yarn.lock @@ -1661,10 +1661,10 @@ resolved "https://registry.yarnpkg.com/@protobufjs/utf8/-/utf8-1.1.0.tgz#a777360b5b39a1a2e5106f8e858f2fd2d060c570" integrity sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw== -"@pulumi/aws@6.66.3": - version "6.66.3" - resolved "https://registry.yarnpkg.com/@pulumi/aws/-/aws-6.66.3.tgz#5dd81c31fa53d53f5abf2a916e848c0f901cbbd4" - integrity sha512-dDu9W+sdCrmVhIV+uales73gW+xTbl82YbNaD7/Du/Nt5sNDt+sB8gWRX0uUahVAmF3znhWDAZ5aOKiQd3wp/w== +"@pulumi/aws@6.67.0": + version "6.67.0" + resolved "https://registry.yarnpkg.com/@pulumi/aws/-/aws-6.67.0.tgz#3cce7d4a6d3773f143fb30e658524caa83ed036a" + integrity sha512-5RjRSAhgKycoNIm8ButuFr7m5m6i/0kYxb9ew61ra3JtJdx6KmwQGPrZ/sY/ktR42Hw/F5P8qBudSq3NkqVo2g== dependencies: "@pulumi/pulumi" "^3.142.0" mime "^2.0.0" diff --git a/provider/cmd/pulumi-resource-awsx/schema.json b/provider/cmd/pulumi-resource-awsx/schema.json index 97b08759f..54d109a0c 100644 --- a/provider/cmd/pulumi-resource-awsx/schema.json +++ b/provider/cmd/pulumi-resource-awsx/schema.json @@ -36,7 +36,7 @@ }, "java": { "dependencies": { - "com.pulumi:aws": "6.66.3", + "com.pulumi:aws": "6.67.0", "com.pulumi:docker": "4.6.0", "com.pulumi:docker-build": "0.0.8" } @@ -44,7 +44,7 @@ "nodejs": { "dependencies": { "@aws-sdk/client-ecs": "^3.405.0", - "@pulumi/aws": "^6.66.3", + "@pulumi/aws": "^6.67.0", "@pulumi/docker": "^4.6.0", "@pulumi/docker-build": "^0.0.8", "@types/aws-lambda": "^8.10.23", @@ -108,7 +108,7 @@ "corsRules": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:s3/BucketCorsRule:BucketCorsRule" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:s3/BucketCorsRule:BucketCorsRule" }, "description": "A rule of [Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) (documented below).\n" }, @@ -119,7 +119,7 @@ "grants": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:s3/BucketGrant:BucketGrant" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:s3/BucketGrant:BucketGrant" }, "description": "An [ACL policy grant](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#sample-acl) (documented below). Conflicts with `acl`.\n" }, @@ -130,19 +130,19 @@ "lifecycleRules": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:s3/BucketLifecycleRule:BucketLifecycleRule" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:s3/BucketLifecycleRule:BucketLifecycleRule" }, "description": "A configuration of [object lifecycle management](http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) (documented below).\n" }, "loggings": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:s3/BucketLogging:BucketLogging" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:s3/BucketLogging:BucketLogging" }, "description": "A settings of [bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/UG/ManagingBucketLogging.html) (documented below).\n" }, "objectLockConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:s3/BucketObjectLockConfiguration:BucketObjectLockConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:s3/BucketObjectLockConfiguration:BucketObjectLockConfiguration", "description": "A configuration of [S3 object locking](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) (documented below)\n\n\u003e **NOTE:** You cannot use `acceleration_status` in `cn-north-1` or `us-gov-west-1`\n" }, "policy": { @@ -150,7 +150,7 @@ "description": "A valid [bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html) JSON document. Note that if the policy document is not specific enough (but still valid), this provider may view the policy as constantly changing in a `pulumi preview`. In this case, please make sure you use the verbose/specific version of the policy.\n" }, "replicationConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:s3/BucketReplicationConfiguration:BucketReplicationConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:s3/BucketReplicationConfiguration:BucketReplicationConfiguration", "description": "A configuration of [replication configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) (documented below).\n" }, "requestPayer": { @@ -158,7 +158,7 @@ "description": "Specifies who should bear the cost of Amazon S3 data transfer.\nCan be either `BucketOwner` or `Requester`. By default, the owner of the S3 bucket would incur\nthe costs of any data transfer. See [Requester Pays Buckets](http://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html)\ndeveloper guide for more information.\n" }, "serverSideEncryptionConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:s3/BucketServerSideEncryptionConfiguration:BucketServerSideEncryptionConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:s3/BucketServerSideEncryptionConfiguration:BucketServerSideEncryptionConfiguration", "description": "A configuration of [server-side encryption configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) (documented below)\n" }, "tags": { @@ -169,11 +169,11 @@ "description": "A map of tags to assign to the bucket. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" }, "versioning": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:s3/BucketVersioning:BucketVersioning", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:s3/BucketVersioning:BucketVersioning", "description": "A state of [versioning](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html) (documented below)\n" }, "website": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:s3/BucketWebsite:BucketWebsite", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:s3/BucketWebsite:BucketWebsite", "description": "A website object (documented below).\n" }, "websiteDomain": { @@ -408,7 +408,7 @@ "inlinePolicies": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:iam/RoleInlinePolicy:RoleInlinePolicy" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:iam/RoleInlinePolicy:RoleInlinePolicy" }, "description": "Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. See below. If no blocks are configured, Pulumi will not manage any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause Pulumi to remove _all_ inline policies added out of band on `apply`.\n" }, @@ -473,14 +473,14 @@ "egress": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ec2/SecurityGroupEgress:SecurityGroupEgress" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ec2/SecurityGroupEgress:SecurityGroupEgress" }, "description": "Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below. This argument is processed in attribute-as-blocks mode.\n" }, "ingress": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ec2/SecurityGroupIngress:SecurityGroupIngress" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ec2/SecurityGroupIngress:SecurityGroupIngress" }, "description": "Configuration block for ingress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below. This argument is processed in attribute-as-blocks mode.\n" }, @@ -704,7 +704,7 @@ "description": "Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account)." }, "dnsOptions": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ec2/VpcEndpointDnsOptions:VpcEndpointDnsOptions", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ec2/VpcEndpointDnsOptions:VpcEndpointDnsOptions", "description": "The DNS options for the endpoint. See dns_options below.\n" }, "ipAddressType": { @@ -747,7 +747,7 @@ "subnetConfigurations": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ec2/VpcEndpointSubnetConfiguration:VpcEndpointSubnetConfiguration" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ec2/VpcEndpointSubnetConfiguration:VpcEndpointSubnetConfiguration" }, "description": "Subnet configuration for the endpoint, used to select specific IPv4 and/or IPv6 addresses to the endpoint. See subnet_configuration below.\n" }, @@ -931,7 +931,7 @@ "description": "The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]" }, "ephemeralStorage": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", "description": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.\n", "willReplaceOnChanges": true }, @@ -947,7 +947,7 @@ "inferenceAccelerators": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" }, "description": "Configuration block(s) with Inference Accelerators settings. Detailed below.\n", "willReplaceOnChanges": true @@ -979,18 +979,18 @@ "placementConstraints": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" }, "description": "Configuration block for rules that are taken into consideration during task placement. Maximum number of `placement_constraints` is `10`. Detailed below.\n", "willReplaceOnChanges": true }, "proxyConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", "description": "Configuration block for the App Mesh proxy. Detailed below.\n", "willReplaceOnChanges": true }, "runtimePlatform": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionRuntimePlatform:TaskDefinitionRuntimePlatform", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionRuntimePlatform:TaskDefinitionRuntimePlatform", "description": "Configuration block for runtime_platform that containers in your task may use.\n", "willReplaceOnChanges": true }, @@ -1017,7 +1017,7 @@ "volumes": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" }, "description": "Configuration block for volumes that containers in your task may use. Detailed below.\n", "willReplaceOnChanges": true @@ -1047,7 +1047,7 @@ "description": "The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]" }, "ephemeralStorage": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", "description": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.\n", "willReplaceOnChanges": true }, @@ -1063,7 +1063,7 @@ "inferenceAccelerators": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" }, "description": "Configuration block(s) with Inference Accelerators settings. Detailed below.\n", "willReplaceOnChanges": true @@ -1090,18 +1090,18 @@ "placementConstraints": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" }, "description": "Configuration block for rules that are taken into consideration during task placement. Maximum number of `placement_constraints` is `10`. Detailed below.\n", "willReplaceOnChanges": true }, "proxyConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", "description": "Configuration block for the App Mesh proxy. Detailed below.\n", "willReplaceOnChanges": true }, "runtimePlatform": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionRuntimePlatform:TaskDefinitionRuntimePlatform", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionRuntimePlatform:TaskDefinitionRuntimePlatform", "description": "Configuration block for runtime_platform that containers in your task may use.\n", "willReplaceOnChanges": true }, @@ -1128,7 +1128,7 @@ "volumes": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" }, "description": "Configuration block for volumes that containers in your task may use. Detailed below.\n", "willReplaceOnChanges": true @@ -1525,7 +1525,7 @@ "type": "string" }, "targetGroup": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lb%2FtargetGroup:TargetGroup" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lb%2FtargetGroup:TargetGroup" } }, "type": "object" @@ -1660,12 +1660,12 @@ "defaultActions": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/ListenerDefaultAction:ListenerDefaultAction" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/ListenerDefaultAction:ListenerDefaultAction" }, "description": "Configuration block for default actions. See below.\n" }, "mutualAuthentication": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/ListenerMutualAuthentication:ListenerMutualAuthentication", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/ListenerMutualAuthentication:ListenerMutualAuthentication", "description": "The mutual authentication configuration information. See below.\n" }, "port": { @@ -1676,6 +1676,82 @@ "type": "string", "description": "Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are `HTTP` and `HTTPS`, with a default of `HTTP`. For Network Load Balancers, valid values are `TCP`, `TLS`, `UDP`, and `TCP_UDP`. Not valid to use `UDP` or `TCP_UDP` if dual-stack mode is enabled. Not valid for Gateway Load Balancers.\n" }, + "routingHttpRequestXAmznMtlsClientcertHeaderName": { + "type": "string", + "description": "Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers.\n" + }, + "routingHttpRequestXAmznMtlsClientcertIssuerHeaderName": { + "type": "string", + "description": "Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers.\n" + }, + "routingHttpRequestXAmznMtlsClientcertLeafHeaderName": { + "type": "string", + "description": "Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers.\n" + }, + "routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName": { + "type": "string", + "description": "Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers.\n" + }, + "routingHttpRequestXAmznMtlsClientcertSubjectHeaderName": { + "type": "string", + "description": "Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers.\n" + }, + "routingHttpRequestXAmznMtlsClientcertValidityHeaderName": { + "type": "string", + "description": "Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers.\n" + }, + "routingHttpRequestXAmznTlsCipherSuiteHeaderName": { + "type": "string", + "description": "Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers.\n" + }, + "routingHttpRequestXAmznTlsVersionHeaderName": { + "type": "string", + "description": "Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers.\n" + }, + "routingHttpResponseAccessControlAllowCredentialsHeaderValue": { + "type": "string", + "description": "Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`.\n" + }, + "routingHttpResponseAccessControlAllowHeadersHeaderValue": { + "type": "string", + "description": "Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation.\n" + }, + "routingHttpResponseAccessControlAllowMethodsHeaderValue": { + "type": "string", + "description": "Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`.\n" + }, + "routingHttpResponseAccessControlAllowOriginHeaderValue": { + "type": "string", + "description": "Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`.\n" + }, + "routingHttpResponseAccessControlExposeHeadersHeaderValue": { + "type": "string", + "description": "Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation.\n" + }, + "routingHttpResponseAccessControlMaxAgeHeaderValue": { + "type": "string", + "description": "Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation.\n" + }, + "routingHttpResponseContentSecurityPolicyHeaderValue": { + "type": "string", + "description": "Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation.\n" + }, + "routingHttpResponseServerEnabled": { + "type": "boolean", + "description": "Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`.\n" + }, + "routingHttpResponseStrictTransportSecurityHeaderValue": { + "type": "string", + "description": "Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details.\n" + }, + "routingHttpResponseXContentTypeOptionsHeaderValue": { + "type": "string", + "description": "Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`.\n" + }, + "routingHttpResponseXFrameOptionsHeaderValue": { + "type": "string", + "description": "Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`.\n" + }, "sslPolicy": { "type": "string", "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`.\n" @@ -1706,7 +1782,7 @@ "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" }, "healthCheck": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/TargetGroupHealthCheck:TargetGroupHealthCheck", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/TargetGroupHealthCheck:TargetGroupHealthCheck", "description": "Health Check configuration block. Detailed below.\n" }, "ipAddressType": { @@ -1768,7 +1844,7 @@ "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" }, "stickiness": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/TargetGroupStickiness:TargetGroupStickiness", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/TargetGroupStickiness:TargetGroupStickiness", "description": "Stickiness configuration block. Detailed below.\n" }, "tags": { @@ -1781,18 +1857,18 @@ "targetFailovers": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/TargetGroupTargetFailover:TargetGroupTargetFailover" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/TargetGroupTargetFailover:TargetGroupTargetFailover" }, "description": "Target failover block. Only applicable for Gateway Load Balancer target groups. See target_failover for more information.\n" }, "targetGroupHealth": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/TargetGroupTargetGroupHealth:TargetGroupTargetGroupHealth", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/TargetGroupTargetGroupHealth:TargetGroupTargetGroupHealth", "description": "Target health requirements block. See target_group_health for more information.\n" }, "targetHealthStates": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/TargetGroupTargetHealthState:TargetGroupTargetHealthState" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/TargetGroupTargetHealthState:TargetGroupTargetHealthState" }, "description": "Target health state block. Only applicable for Network Load Balancer target groups when `protocol` is `TCP` or `TLS`. See target_health_state for more information.\n" }, @@ -1815,15 +1891,15 @@ "awsx:cloudtrail:Trail": { "properties": { "bucket": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:s3%2Fbucket:Bucket", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:s3%2Fbucket:Bucket", "description": "The managed S3 Bucket where the Trail will place its logs." }, "logGroup": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:cloudwatch%2FlogGroup:LogGroup", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:cloudwatch%2FlogGroup:LogGroup", "description": "The managed Cloudwatch Log Group." }, "trail": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:cloudtrail%2Ftrail:Trail", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:cloudtrail%2Ftrail:Trail", "description": "The CloudTrail Trail.", "language": { "csharp": { @@ -1839,7 +1915,7 @@ "advancedEventSelectors": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:cloudtrail/TrailAdvancedEventSelector:TrailAdvancedEventSelector" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:cloudtrail/TrailAdvancedEventSelector:TrailAdvancedEventSelector" }, "description": "Specifies an advanced event selector for enabling data event logging. Fields documented below. Conflicts with `event_selector`.\n" }, @@ -1859,7 +1935,7 @@ "eventSelectors": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:cloudtrail/TrailEventSelector:TrailEventSelector" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:cloudtrail/TrailEventSelector:TrailEventSelector" }, "description": "Specifies an event selector for enabling data event logging. Fields documented below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these. Conflicts with `advanced_event_selector`.\n" }, @@ -1870,7 +1946,7 @@ "insightSelectors": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:cloudtrail/TrailInsightSelector:TrailInsightSelector" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:cloudtrail/TrailInsightSelector:TrailInsightSelector" }, "description": "Configuration block for identifying unusual operational activity. See details below.\n" }, @@ -1947,12 +2023,12 @@ "eips": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2feip:Eip" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2feip:Eip" }, "description": "The EIPs for any NAT Gateways for the VPC. If no NAT Gateways are specified, this will be an empty list." }, "internetGateway": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2finternetGateway:InternetGateway", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2finternetGateway:InternetGateway", "description": "The Internet Gateway for the VPC." }, "isolatedSubnetIds": { @@ -1964,7 +2040,7 @@ "natGateways": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2fnatGateway:NatGateway" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2fnatGateway:NatGateway" }, "description": "The NAT Gateways for the VPC. If no NAT Gateways are specified, this will be an empty list." }, @@ -1983,21 +2059,21 @@ "routeTableAssociations": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2frouteTableAssociation:RouteTableAssociation" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2frouteTableAssociation:RouteTableAssociation" }, "description": "The Route Table Associations for the VPC." }, "routeTables": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2frouteTable:RouteTable" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2frouteTable:RouteTable" }, "description": "The Route Tables for the VPC." }, "routes": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2froute:Route" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2froute:Route" }, "description": "The Routes for the VPC." }, @@ -2011,12 +2087,12 @@ "subnets": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2fsubnet:Subnet" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2fsubnet:Subnet" }, "description": "The VPC's subnets." }, "vpc": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2fvpc:Vpc", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2fvpc:Vpc", "description": "The VPC.", "language": { "csharp": { @@ -2027,7 +2103,7 @@ "vpcEndpoints": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2fvpcEndpoint:VpcEndpoint" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2fvpcEndpoint:VpcEndpoint" }, "description": "The VPC Endpoints that are enabled" }, @@ -2282,11 +2358,11 @@ "description": "A [Repository] represents an [aws.ecr.Repository] along with an associated [LifecyclePolicy] controlling how images are retained in the repo. \n\nDocker images can be built and pushed to the repo using the [buildAndPushImage] method. This will call into the `@pulumi/docker/buildAndPushImage` function using this repo as the appropriate destination registry.", "properties": { "lifecyclePolicy": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ecr%2flifecyclePolicy:LifecyclePolicy", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ecr%2flifecyclePolicy:LifecyclePolicy", "description": "Underlying repository lifecycle policy" }, "repository": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ecr%2frepository:Repository", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ecr%2frepository:Repository", "description": "Underlying Repository resource", "language": { "csharp": { @@ -2308,7 +2384,7 @@ "encryptionConfigurations": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecr/RepositoryEncryptionConfiguration:RepositoryEncryptionConfiguration" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecr/RepositoryEncryptionConfiguration:RepositoryEncryptionConfiguration" }, "description": "Encryption configuration for the repository. See below for schema.\n", "willReplaceOnChanges": true @@ -2318,7 +2394,7 @@ "description": "If `true`, will delete the repository even if it contains images.\nDefaults to `false`.\n" }, "imageScanningConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecr/RepositoryImageScanningConfiguration:RepositoryImageScanningConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecr/RepositoryImageScanningConfiguration:RepositoryImageScanningConfiguration", "description": "Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the [ECR User Guide](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html) for more information about image scanning.\n" }, "imageTagMutability": { @@ -2349,11 +2425,11 @@ "description": "Create an ECS Service resource for EC2 with the given unique name, arguments, and options.\nCreates Task definition if `taskDefinitionArgs` is specified.", "properties": { "service": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ecs%2fservice:Service", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ecs%2fservice:Service", "description": "Underlying ECS Service resource" }, "taskDefinition": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ecs%2FtaskDefinition:TaskDefinition", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ecs%2FtaskDefinition:TaskDefinition", "description": "Underlying EC2 Task definition component resource if created from args" } }, @@ -2362,7 +2438,7 @@ ], "inputProperties": { "alarms": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceAlarms:ServiceAlarms", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceAlarms:ServiceAlarms", "description": "Information about the CloudWatch alarms. See below.\n" }, "availabilityZoneRebalancing": { @@ -2379,11 +2455,11 @@ "description": "If `true`, this provider will not wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`." }, "deploymentCircuitBreaker": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker", "description": "Configuration block for deployment circuit breaker. See below.\n" }, "deploymentController": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController", "description": "Configuration block for deployment controller configuration. See below.\n" }, "deploymentMaximumPercent": { @@ -2426,7 +2502,7 @@ "loadBalancers": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer" }, "description": "Configuration block for load balancers. See below.\n" }, @@ -2436,20 +2512,20 @@ "willReplaceOnChanges": true }, "networkConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration", "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. See below.\n" }, "orderedPlacementStrategies": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceOrderedPlacementStrategy:ServiceOrderedPlacementStrategy" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceOrderedPlacementStrategy:ServiceOrderedPlacementStrategy" }, "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. See below.\n" }, "placementConstraints": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint" }, "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below.\n" }, @@ -2467,11 +2543,11 @@ "willReplaceOnChanges": true }, "serviceConnectConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceServiceConnectConfiguration:ServiceServiceConnectConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceServiceConnectConfiguration:ServiceServiceConnectConfiguration", "description": "ECS Service Connect configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. See below.\n" }, "serviceRegistries": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries", "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below.\n" }, "tags": { @@ -2498,13 +2574,13 @@ "description": "Map of arbitrary keys and values that, when changed, will trigger an in-place update (redeployment). Useful with `\"plantimestamp()\"`. When using the triggers property you also need to set the forceNewDeployment property to True.\n" }, "volumeConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceVolumeConfiguration:ServiceVolumeConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceVolumeConfiguration:ServiceVolumeConfiguration", "description": "Configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. See below.\n" }, "vpcLatticeConfigurations": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceVpcLatticeConfiguration:ServiceVpcLatticeConfiguration" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceVpcLatticeConfiguration:ServiceVpcLatticeConfiguration" }, "description": "The VPC Lattice configuration for your service that allows Lattice to connect, secure, and monitor your service across multiple accounts and VPCs. See below.\n" } @@ -2515,26 +2591,26 @@ "description": "Create a TaskDefinition resource with the given unique name, arguments, and options.\nCreates required log-group and task \u0026 execution roles.\nPresents required Service load balancers if target group included in port mappings.", "properties": { "executionRole": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:iam%2Frole:Role", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:iam%2Frole:Role", "description": "Auto-created IAM task execution role that the Amazon ECS container agent and the Docker daemon can assume." }, "loadBalancers": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs%2FServiceLoadBalancer:ServiceLoadBalancer" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs%2FServiceLoadBalancer:ServiceLoadBalancer" }, "description": "Computed load balancers from target groups specified of container port mappings." }, "logGroup": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:cloudwatch%2FlogGroup:LogGroup", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:cloudwatch%2FlogGroup:LogGroup", "description": "Auto-created Log Group resource for use by containers." }, "taskDefinition": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ecs%2FtaskDefinition:TaskDefinition", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ecs%2FtaskDefinition:TaskDefinition", "description": "Underlying ECS Task Definition resource" }, "taskRole": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:iam%2Frole:Role", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:iam%2Frole:Role", "description": "Auto-created IAM role that allows your Amazon ECS container task to make calls to other AWS services." } }, @@ -2562,7 +2638,7 @@ "description": "The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]" }, "ephemeralStorage": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", "description": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.\n", "willReplaceOnChanges": true }, @@ -2578,7 +2654,7 @@ "inferenceAccelerators": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" }, "description": "Configuration block(s) with Inference Accelerators settings. Detailed below.\n", "willReplaceOnChanges": true @@ -2610,18 +2686,18 @@ "placementConstraints": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" }, "description": "Configuration block for rules that are taken into consideration during task placement. Maximum number of `placement_constraints` is `10`. Detailed below.\n", "willReplaceOnChanges": true }, "proxyConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", "description": "Configuration block for the App Mesh proxy. Detailed below.\n", "willReplaceOnChanges": true }, "runtimePlatform": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionRuntimePlatform:TaskDefinitionRuntimePlatform", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionRuntimePlatform:TaskDefinitionRuntimePlatform", "description": "Configuration block for runtime_platform that containers in your task may use.\n", "willReplaceOnChanges": true }, @@ -2648,7 +2724,7 @@ "volumes": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" }, "description": "Configuration block for volumes that containers in your task may use. Detailed below.\n", "willReplaceOnChanges": true @@ -2660,11 +2736,11 @@ "description": "Create an ECS Service resource for Fargate with the given unique name, arguments, and options.\nCreates Task definition if `taskDefinitionArgs` is specified.", "properties": { "service": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ecs%2fservice:Service", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ecs%2fservice:Service", "description": "Underlying ECS Service resource" }, "taskDefinition": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ecs%2FtaskDefinition:TaskDefinition", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ecs%2FtaskDefinition:TaskDefinition", "description": "Underlying Fargate component resource if created from args" } }, @@ -2673,7 +2749,7 @@ ], "inputProperties": { "alarms": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceAlarms:ServiceAlarms", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceAlarms:ServiceAlarms", "description": "Information about the CloudWatch alarms. See below.\n" }, "assignPublicIp": { @@ -2694,11 +2770,11 @@ "description": "If `true`, this provider will not wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`." }, "deploymentCircuitBreaker": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker", "description": "Configuration block for deployment circuit breaker. See below.\n" }, "deploymentController": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController", "description": "Configuration block for deployment controller configuration. See below.\n" }, "deploymentMaximumPercent": { @@ -2741,7 +2817,7 @@ "loadBalancers": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer" }, "description": "Configuration block for load balancers. See below.\n" }, @@ -2751,13 +2827,13 @@ "willReplaceOnChanges": true }, "networkConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration", "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. See below.\n" }, "placementConstraints": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint" }, "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. See below.\n" }, @@ -2775,11 +2851,11 @@ "willReplaceOnChanges": true }, "serviceConnectConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceServiceConnectConfiguration:ServiceServiceConnectConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceServiceConnectConfiguration:ServiceServiceConnectConfiguration", "description": "ECS Service Connect configuration for this service to discover and connect to services, and be discovered by, and connected from, other services within a namespace. See below.\n" }, "serviceRegistries": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries", "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. See below.\n" }, "tags": { @@ -2806,13 +2882,13 @@ "description": "Map of arbitrary keys and values that, when changed, will trigger an in-place update (redeployment). Useful with `\"plantimestamp()\"`. When using the triggers property you also need to set the forceNewDeployment property to True.\n" }, "volumeConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceVolumeConfiguration:ServiceVolumeConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceVolumeConfiguration:ServiceVolumeConfiguration", "description": "Configuration for a volume specified in the task definition as a volume that is configured at launch time. Currently, the only supported volume type is an Amazon EBS volume. See below.\n" }, "vpcLatticeConfigurations": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/ServiceVpcLatticeConfiguration:ServiceVpcLatticeConfiguration" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/ServiceVpcLatticeConfiguration:ServiceVpcLatticeConfiguration" }, "description": "The VPC Lattice configuration for your service that allows Lattice to connect, secure, and monitor your service across multiple accounts and VPCs. See below.\n" } @@ -2823,26 +2899,26 @@ "description": "Create a TaskDefinition resource with the given unique name, arguments, and options.\nCreates required log-group and task \u0026 execution roles.\nPresents required Service load balancers if target group included in port mappings.", "properties": { "executionRole": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:iam%2Frole:Role", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:iam%2Frole:Role", "description": "Auto-created IAM task execution role that the Amazon ECS container agent and the Docker daemon can assume." }, "loadBalancers": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs%2FServiceLoadBalancer:ServiceLoadBalancer" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs%2FServiceLoadBalancer:ServiceLoadBalancer" }, "description": "Computed load balancers from target groups specified of container port mappings." }, "logGroup": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:cloudwatch%2FlogGroup:LogGroup", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:cloudwatch%2FlogGroup:LogGroup", "description": "Auto-created Log Group resource for use by containers." }, "taskDefinition": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ecs%2FtaskDefinition:TaskDefinition", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ecs%2FtaskDefinition:TaskDefinition", "description": "Underlying ECS Task Definition resource" }, "taskRole": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:iam%2Frole:Role", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:iam%2Frole:Role", "description": "Auto-created IAM role that allows your Amazon ECS container task to make calls to other AWS services." } }, @@ -2870,7 +2946,7 @@ "description": "The number of cpu units used by the task. If not provided, a default will be computed based on the cumulative needs specified by [containerDefinitions]" }, "ephemeralStorage": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", "description": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.\n", "willReplaceOnChanges": true }, @@ -2886,7 +2962,7 @@ "inferenceAccelerators": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" }, "description": "Configuration block(s) with Inference Accelerators settings. Detailed below.\n", "willReplaceOnChanges": true @@ -2913,18 +2989,18 @@ "placementConstraints": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" }, "description": "Configuration block for rules that are taken into consideration during task placement. Maximum number of `placement_constraints` is `10`. Detailed below.\n", "willReplaceOnChanges": true }, "proxyConfiguration": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", "description": "Configuration block for the App Mesh proxy. Detailed below.\n", "willReplaceOnChanges": true }, "runtimePlatform": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionRuntimePlatform:TaskDefinitionRuntimePlatform", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionRuntimePlatform:TaskDefinitionRuntimePlatform", "description": "Configuration block for runtime_platform that containers in your task may use.\n", "willReplaceOnChanges": true }, @@ -2951,7 +3027,7 @@ "volumes": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" }, "description": "Configuration block for volumes that containers in your task may use. Detailed below.\n", "willReplaceOnChanges": true @@ -2963,22 +3039,22 @@ "description": "Provides an Application Load Balancer resource with listeners, default target group and default security group.", "properties": { "defaultSecurityGroup": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2fsecurityGroup:SecurityGroup", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2fsecurityGroup:SecurityGroup", "description": "Default security group, if auto-created" }, "defaultTargetGroup": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lb%2ftargetGroup:TargetGroup", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lb%2ftargetGroup:TargetGroup", "description": "Default target group, if auto-created" }, "listeners": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lb%2flistener:Listener" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lb%2flistener:Listener" }, "description": "Listeners created as part of this load balancer" }, "loadBalancer": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lb%2floadBalancer:LoadBalancer", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lb%2floadBalancer:LoadBalancer", "description": "Underlying Load Balancer resource" }, "vpcId": { @@ -2993,7 +3069,7 @@ ], "inputProperties": { "accessLogs": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", "description": "Access Logs block. See below.\n" }, "clientKeepAlive": { @@ -3001,7 +3077,7 @@ "description": "Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n" }, "connectionLogs": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/LoadBalancerConnectionLogs:LoadBalancerConnectionLogs", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/LoadBalancerConnectionLogs:LoadBalancerConnectionLogs", "description": "Connection Logs block. See below. Only valid for Load Balancers of type `application`.\n" }, "customerOwnedIpv4Pool": { @@ -3121,14 +3197,14 @@ "subnetMappings": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" }, "description": "Subnet mapping block. See below. For Load Balancers of type `network` subnet mappings can only be added.\n" }, "subnets": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2fsubnet:Subnet" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2fsubnet:Subnet" }, "description": "A list of subnets to attach to the LB. Only one of [subnets], [subnetIds] or [subnetMappings] can be specified" }, @@ -3150,18 +3226,18 @@ "description": "Provides a Network Load Balancer resource with listeners and default target group.", "properties": { "defaultTargetGroup": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lb%2ftargetGroup:TargetGroup", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lb%2ftargetGroup:TargetGroup", "description": "Default target group, if auto-created" }, "listeners": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lb%2flistener:Listener" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lb%2flistener:Listener" }, "description": "Listeners created as part of this load balancer" }, "loadBalancer": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lb%2floadBalancer:LoadBalancer", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lb%2floadBalancer:LoadBalancer", "description": "Underlying Load Balancer resource" }, "vpcId": { @@ -3176,7 +3252,7 @@ ], "inputProperties": { "accessLogs": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", "description": "Access Logs block. See below.\n" }, "clientKeepAlive": { @@ -3184,7 +3260,7 @@ "description": "Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.\n" }, "connectionLogs": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/LoadBalancerConnectionLogs:LoadBalancerConnectionLogs", + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/LoadBalancerConnectionLogs:LoadBalancerConnectionLogs", "description": "Connection Logs block. See below. Only valid for Load Balancers of type `application`.\n" }, "customerOwnedIpv4Pool": { @@ -3299,14 +3375,14 @@ "subnetMappings": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/types/aws:lb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + "$ref": "/aws/v6.67.0/schema.json#/types/aws:lb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" }, "description": "Subnet mapping block. See below. For Load Balancers of type `network` subnet mappings can only be added.\n" }, "subnets": { "type": "array", "items": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2fsubnet:Subnet" + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2fsubnet:Subnet" }, "description": "A list of subnets to attach to the LB. Only one of [subnets], [subnetIds] or [subnetMappings] can be specified" }, @@ -3328,11 +3404,11 @@ "description": "Attach an EC2 instance or Lambda to a Load Balancer. This will create required permissions if attaching to a Lambda Function.", "properties": { "lambdaPermission": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lambda%2fpermission:Permission", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lambda%2fpermission:Permission", "description": "Auto-created Lambda permission, if targeting a Lambda function" }, "targetGroupAttachment": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lb%2ftargetGroupAttachment:TargetGroupAttachment", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lb%2ftargetGroupAttachment:TargetGroupAttachment", "description": "Underlying Target Group Attachment resource", "language": { "csharp": { @@ -3347,7 +3423,7 @@ ], "inputProperties": { "instance": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:ec2%2finstance:Instance", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:ec2%2finstance:Instance", "description": "EC2 Instance to attach to the Target Group. Exactly 1 of [instance], [instanceId], [lambda] or [lambdaArn] must be provided." }, "instanceId": { @@ -3355,7 +3431,7 @@ "description": "ID of an EC2 Instance to attach to the Target Group. Exactly 1 of [instance], [instanceId], [lambda] or [lambdaArn] must be provided." }, "lambda": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lambda%2ffunction:Function", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lambda%2ffunction:Function", "description": "Lambda Function to attach to the Target Group. Exactly 1 of [instance], [instanceId], [lambda] or [lambdaArn] must be provided.", "language": { "python": { @@ -3368,7 +3444,7 @@ "description": "ARN of a Lambda Function to attach to the Target Group. Exactly 1 of [instance], [instanceId], [lambda] or [lambdaArn] must be provided." }, "targetGroup": { - "$ref": "/aws/v6.66.3/schema.json#/resources/aws:lb%2ftargetGroup:TargetGroup", + "$ref": "/aws/v6.67.0/schema.json#/resources/aws:lb%2ftargetGroup:TargetGroup", "description": "Target Group to attach to. Exactly one of [targetGroup] or [targetGroupArn] must be specified." }, "targetGroupArn": { diff --git a/sdk/dotnet/Lb/Inputs/ListenerArgs.cs b/sdk/dotnet/Lb/Inputs/ListenerArgs.cs index d395f4397..3f6dc5dc8 100644 --- a/sdk/dotnet/Lb/Inputs/ListenerArgs.cs +++ b/sdk/dotnet/Lb/Inputs/ListenerArgs.cs @@ -1653,6 +1653,120 @@ public InputList DefaultActions [Input("protocol")] public Input? Protocol { get; set; } + /// + /// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + /// + [Input("routingHttpRequestXAmznMtlsClientcertHeaderName")] + public Input? RoutingHttpRequestXAmznMtlsClientcertHeaderName { get; set; } + + /// + /// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + /// + [Input("routingHttpRequestXAmznMtlsClientcertIssuerHeaderName")] + public Input? RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName { get; set; } + + /// + /// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + /// + [Input("routingHttpRequestXAmznMtlsClientcertLeafHeaderName")] + public Input? RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName { get; set; } + + /// + /// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + /// + [Input("routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName")] + public Input? RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName { get; set; } + + /// + /// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + /// + [Input("routingHttpRequestXAmznMtlsClientcertSubjectHeaderName")] + public Input? RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName { get; set; } + + /// + /// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + /// + [Input("routingHttpRequestXAmznMtlsClientcertValidityHeaderName")] + public Input? RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName { get; set; } + + /// + /// Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + /// + [Input("routingHttpRequestXAmznTlsCipherSuiteHeaderName")] + public Input? RoutingHttpRequestXAmznTlsCipherSuiteHeaderName { get; set; } + + /// + /// Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + /// + [Input("routingHttpRequestXAmznTlsVersionHeaderName")] + public Input? RoutingHttpRequestXAmznTlsVersionHeaderName { get; set; } + + /// + /// Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + /// + [Input("routingHttpResponseAccessControlAllowCredentialsHeaderValue")] + public Input? RoutingHttpResponseAccessControlAllowCredentialsHeaderValue { get; set; } + + /// + /// Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + /// + [Input("routingHttpResponseAccessControlAllowHeadersHeaderValue")] + public Input? RoutingHttpResponseAccessControlAllowHeadersHeaderValue { get; set; } + + /// + /// Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + /// + [Input("routingHttpResponseAccessControlAllowMethodsHeaderValue")] + public Input? RoutingHttpResponseAccessControlAllowMethodsHeaderValue { get; set; } + + /// + /// Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + /// + [Input("routingHttpResponseAccessControlAllowOriginHeaderValue")] + public Input? RoutingHttpResponseAccessControlAllowOriginHeaderValue { get; set; } + + /// + /// Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + /// + [Input("routingHttpResponseAccessControlExposeHeadersHeaderValue")] + public Input? RoutingHttpResponseAccessControlExposeHeadersHeaderValue { get; set; } + + /// + /// Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + /// + [Input("routingHttpResponseAccessControlMaxAgeHeaderValue")] + public Input? RoutingHttpResponseAccessControlMaxAgeHeaderValue { get; set; } + + /// + /// Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + /// + [Input("routingHttpResponseContentSecurityPolicyHeaderValue")] + public Input? RoutingHttpResponseContentSecurityPolicyHeaderValue { get; set; } + + /// + /// Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + /// + [Input("routingHttpResponseServerEnabled")] + public Input? RoutingHttpResponseServerEnabled { get; set; } + + /// + /// Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + /// + [Input("routingHttpResponseStrictTransportSecurityHeaderValue")] + public Input? RoutingHttpResponseStrictTransportSecurityHeaderValue { get; set; } + + /// + /// Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + /// + [Input("routingHttpResponseXContentTypeOptionsHeaderValue")] + public Input? RoutingHttpResponseXContentTypeOptionsHeaderValue { get; set; } + + /// + /// Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + /// + [Input("routingHttpResponseXFrameOptionsHeaderValue")] + public Input? RoutingHttpResponseXFrameOptionsHeaderValue { get; set; } + /// /// Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. /// diff --git a/sdk/go/awsx/lb/pulumiTypes.go b/sdk/go/awsx/lb/pulumiTypes.go index f395e680b..b05f9aa67 100644 --- a/sdk/go/awsx/lb/pulumiTypes.go +++ b/sdk/go/awsx/lb/pulumiTypes.go @@ -440,6 +440,44 @@ type Listener struct { Port *int `pulumi:"port"` // Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are `HTTP` and `HTTPS`, with a default of `HTTP`. For Network Load Balancers, valid values are `TCP`, `TLS`, `UDP`, and `TCP_UDP`. Not valid to use `UDP` or `TCP_UDP` if dual-stack mode is enabled. Not valid for Gateway Load Balancers. Protocol *string `pulumi:"protocol"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertHeaderName *string `pulumi:"routingHttpRequestXAmznMtlsClientcertHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName *string `pulumi:"routingHttpRequestXAmznMtlsClientcertIssuerHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName *string `pulumi:"routingHttpRequestXAmznMtlsClientcertLeafHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName *string `pulumi:"routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName *string `pulumi:"routingHttpRequestXAmznMtlsClientcertSubjectHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName *string `pulumi:"routingHttpRequestXAmznMtlsClientcertValidityHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznTlsCipherSuiteHeaderName *string `pulumi:"routingHttpRequestXAmznTlsCipherSuiteHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznTlsVersionHeaderName *string `pulumi:"routingHttpRequestXAmznTlsVersionHeaderName"` + // Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + RoutingHttpResponseAccessControlAllowCredentialsHeaderValue *string `pulumi:"routingHttpResponseAccessControlAllowCredentialsHeaderValue"` + // Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + RoutingHttpResponseAccessControlAllowHeadersHeaderValue *string `pulumi:"routingHttpResponseAccessControlAllowHeadersHeaderValue"` + // Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + RoutingHttpResponseAccessControlAllowMethodsHeaderValue *string `pulumi:"routingHttpResponseAccessControlAllowMethodsHeaderValue"` + // Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + RoutingHttpResponseAccessControlAllowOriginHeaderValue *string `pulumi:"routingHttpResponseAccessControlAllowOriginHeaderValue"` + // Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + RoutingHttpResponseAccessControlExposeHeadersHeaderValue *string `pulumi:"routingHttpResponseAccessControlExposeHeadersHeaderValue"` + // Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + RoutingHttpResponseAccessControlMaxAgeHeaderValue *string `pulumi:"routingHttpResponseAccessControlMaxAgeHeaderValue"` + // Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + RoutingHttpResponseContentSecurityPolicyHeaderValue *string `pulumi:"routingHttpResponseContentSecurityPolicyHeaderValue"` + // Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + RoutingHttpResponseServerEnabled *bool `pulumi:"routingHttpResponseServerEnabled"` + // Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + RoutingHttpResponseStrictTransportSecurityHeaderValue *string `pulumi:"routingHttpResponseStrictTransportSecurityHeaderValue"` + // Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + RoutingHttpResponseXContentTypeOptionsHeaderValue *string `pulumi:"routingHttpResponseXContentTypeOptionsHeaderValue"` + // Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + RoutingHttpResponseXFrameOptionsHeaderValue *string `pulumi:"routingHttpResponseXFrameOptionsHeaderValue"` // Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. SslPolicy *string `pulumi:"sslPolicy"` // A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. @@ -887,6 +925,44 @@ type ListenerArgs struct { Port pulumi.IntPtrInput `pulumi:"port"` // Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are `HTTP` and `HTTPS`, with a default of `HTTP`. For Network Load Balancers, valid values are `TCP`, `TLS`, `UDP`, and `TCP_UDP`. Not valid to use `UDP` or `TCP_UDP` if dual-stack mode is enabled. Not valid for Gateway Load Balancers. Protocol pulumi.StringPtrInput `pulumi:"protocol"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertHeaderName pulumi.StringPtrInput `pulumi:"routingHttpRequestXAmznMtlsClientcertHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName pulumi.StringPtrInput `pulumi:"routingHttpRequestXAmznMtlsClientcertIssuerHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName pulumi.StringPtrInput `pulumi:"routingHttpRequestXAmznMtlsClientcertLeafHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName pulumi.StringPtrInput `pulumi:"routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName pulumi.StringPtrInput `pulumi:"routingHttpRequestXAmznMtlsClientcertSubjectHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName pulumi.StringPtrInput `pulumi:"routingHttpRequestXAmznMtlsClientcertValidityHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznTlsCipherSuiteHeaderName pulumi.StringPtrInput `pulumi:"routingHttpRequestXAmznTlsCipherSuiteHeaderName"` + // Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + RoutingHttpRequestXAmznTlsVersionHeaderName pulumi.StringPtrInput `pulumi:"routingHttpRequestXAmznTlsVersionHeaderName"` + // Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + RoutingHttpResponseAccessControlAllowCredentialsHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseAccessControlAllowCredentialsHeaderValue"` + // Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + RoutingHttpResponseAccessControlAllowHeadersHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseAccessControlAllowHeadersHeaderValue"` + // Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + RoutingHttpResponseAccessControlAllowMethodsHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseAccessControlAllowMethodsHeaderValue"` + // Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + RoutingHttpResponseAccessControlAllowOriginHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseAccessControlAllowOriginHeaderValue"` + // Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + RoutingHttpResponseAccessControlExposeHeadersHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseAccessControlExposeHeadersHeaderValue"` + // Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + RoutingHttpResponseAccessControlMaxAgeHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseAccessControlMaxAgeHeaderValue"` + // Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + RoutingHttpResponseContentSecurityPolicyHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseContentSecurityPolicyHeaderValue"` + // Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + RoutingHttpResponseServerEnabled pulumi.BoolPtrInput `pulumi:"routingHttpResponseServerEnabled"` + // Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + RoutingHttpResponseStrictTransportSecurityHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseStrictTransportSecurityHeaderValue"` + // Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + RoutingHttpResponseXContentTypeOptionsHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseXContentTypeOptionsHeaderValue"` + // Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + RoutingHttpResponseXFrameOptionsHeaderValue pulumi.StringPtrInput `pulumi:"routingHttpResponseXFrameOptionsHeaderValue"` // Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. SslPolicy pulumi.StringPtrInput `pulumi:"sslPolicy"` // A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. @@ -1442,6 +1518,101 @@ func (o ListenerOutput) Protocol() pulumi.StringPtrOutput { return o.ApplyT(func(v Listener) *string { return v.Protocol }).(pulumi.StringPtrOutput) } +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerOutput) RoutingHttpRequestXAmznMtlsClientcertHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpRequestXAmznMtlsClientcertHeaderName }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerOutput) RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerOutput) RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerOutput) RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerOutput) RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerOutput) RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerOutput) RoutingHttpRequestXAmznTlsCipherSuiteHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpRequestXAmznTlsCipherSuiteHeaderName }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerOutput) RoutingHttpRequestXAmznTlsVersionHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpRequestXAmznTlsVersionHeaderName }).(pulumi.StringPtrOutput) +} + +// Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. +func (o ListenerOutput) RoutingHttpResponseAccessControlAllowCredentialsHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseAccessControlAllowCredentialsHeaderValue }).(pulumi.StringPtrOutput) +} + +// Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. +func (o ListenerOutput) RoutingHttpResponseAccessControlAllowHeadersHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseAccessControlAllowHeadersHeaderValue }).(pulumi.StringPtrOutput) +} + +// Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. +func (o ListenerOutput) RoutingHttpResponseAccessControlAllowMethodsHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseAccessControlAllowMethodsHeaderValue }).(pulumi.StringPtrOutput) +} + +// Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. +func (o ListenerOutput) RoutingHttpResponseAccessControlAllowOriginHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseAccessControlAllowOriginHeaderValue }).(pulumi.StringPtrOutput) +} + +// Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. +func (o ListenerOutput) RoutingHttpResponseAccessControlExposeHeadersHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseAccessControlExposeHeadersHeaderValue }).(pulumi.StringPtrOutput) +} + +// Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. +func (o ListenerOutput) RoutingHttpResponseAccessControlMaxAgeHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseAccessControlMaxAgeHeaderValue }).(pulumi.StringPtrOutput) +} + +// Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. +func (o ListenerOutput) RoutingHttpResponseContentSecurityPolicyHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseContentSecurityPolicyHeaderValue }).(pulumi.StringPtrOutput) +} + +// Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. +func (o ListenerOutput) RoutingHttpResponseServerEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v Listener) *bool { return v.RoutingHttpResponseServerEnabled }).(pulumi.BoolPtrOutput) +} + +// Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. +func (o ListenerOutput) RoutingHttpResponseStrictTransportSecurityHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseStrictTransportSecurityHeaderValue }).(pulumi.StringPtrOutput) +} + +// Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. +func (o ListenerOutput) RoutingHttpResponseXContentTypeOptionsHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseXContentTypeOptionsHeaderValue }).(pulumi.StringPtrOutput) +} + +// Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. +func (o ListenerOutput) RoutingHttpResponseXFrameOptionsHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v Listener) *string { return v.RoutingHttpResponseXFrameOptionsHeaderValue }).(pulumi.StringPtrOutput) +} + // Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. func (o ListenerOutput) SslPolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v Listener) *string { return v.SslPolicy }).(pulumi.StringPtrOutput) @@ -1543,6 +1714,196 @@ func (o ListenerPtrOutput) Protocol() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerPtrOutput) RoutingHttpRequestXAmznMtlsClientcertHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpRequestXAmznMtlsClientcertHeaderName + }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerPtrOutput) RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpRequestXAmznMtlsClientcertIssuerHeaderName + }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerPtrOutput) RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpRequestXAmznMtlsClientcertLeafHeaderName + }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerPtrOutput) RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName + }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerPtrOutput) RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpRequestXAmznMtlsClientcertSubjectHeaderName + }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerPtrOutput) RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpRequestXAmznMtlsClientcertValidityHeaderName + }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerPtrOutput) RoutingHttpRequestXAmznTlsCipherSuiteHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpRequestXAmznTlsCipherSuiteHeaderName + }).(pulumi.StringPtrOutput) +} + +// Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. +func (o ListenerPtrOutput) RoutingHttpRequestXAmznTlsVersionHeaderName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpRequestXAmznTlsVersionHeaderName + }).(pulumi.StringPtrOutput) +} + +// Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. +func (o ListenerPtrOutput) RoutingHttpResponseAccessControlAllowCredentialsHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseAccessControlAllowCredentialsHeaderValue + }).(pulumi.StringPtrOutput) +} + +// Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. +func (o ListenerPtrOutput) RoutingHttpResponseAccessControlAllowHeadersHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseAccessControlAllowHeadersHeaderValue + }).(pulumi.StringPtrOutput) +} + +// Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. +func (o ListenerPtrOutput) RoutingHttpResponseAccessControlAllowMethodsHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseAccessControlAllowMethodsHeaderValue + }).(pulumi.StringPtrOutput) +} + +// Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. +func (o ListenerPtrOutput) RoutingHttpResponseAccessControlAllowOriginHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseAccessControlAllowOriginHeaderValue + }).(pulumi.StringPtrOutput) +} + +// Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. +func (o ListenerPtrOutput) RoutingHttpResponseAccessControlExposeHeadersHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseAccessControlExposeHeadersHeaderValue + }).(pulumi.StringPtrOutput) +} + +// Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. +func (o ListenerPtrOutput) RoutingHttpResponseAccessControlMaxAgeHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseAccessControlMaxAgeHeaderValue + }).(pulumi.StringPtrOutput) +} + +// Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. +func (o ListenerPtrOutput) RoutingHttpResponseContentSecurityPolicyHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseContentSecurityPolicyHeaderValue + }).(pulumi.StringPtrOutput) +} + +// Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. +func (o ListenerPtrOutput) RoutingHttpResponseServerEnabled() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *Listener) *bool { + if v == nil { + return nil + } + return v.RoutingHttpResponseServerEnabled + }).(pulumi.BoolPtrOutput) +} + +// Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. +func (o ListenerPtrOutput) RoutingHttpResponseStrictTransportSecurityHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseStrictTransportSecurityHeaderValue + }).(pulumi.StringPtrOutput) +} + +// Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. +func (o ListenerPtrOutput) RoutingHttpResponseXContentTypeOptionsHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseXContentTypeOptionsHeaderValue + }).(pulumi.StringPtrOutput) +} + +// Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. +func (o ListenerPtrOutput) RoutingHttpResponseXFrameOptionsHeaderValue() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Listener) *string { + if v == nil { + return nil + } + return v.RoutingHttpResponseXFrameOptionsHeaderValue + }).(pulumi.StringPtrOutput) +} + // Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. func (o ListenerPtrOutput) SslPolicy() pulumi.StringPtrOutput { return o.ApplyT(func(v *Listener) *string { diff --git a/sdk/java/build.gradle b/sdk/java/build.gradle index 2a64a46d6..9cd91aa25 100644 --- a/sdk/java/build.gradle +++ b/sdk/java/build.gradle @@ -43,7 +43,7 @@ repositories { dependencies { implementation("com.google.code.findbugs:jsr305:3.0.2") implementation("com.google.code.gson:gson:2.8.9") - implementation("com.pulumi:aws:6.66.3") + implementation("com.pulumi:aws:6.67.0") implementation("com.pulumi:docker:4.6.0") implementation("com.pulumi:docker-build:0.0.8") implementation("com.pulumi:pulumi:0.9.7") diff --git a/sdk/java/src/main/java/com/pulumi/awsx/lb/inputs/ListenerArgs.java b/sdk/java/src/main/java/com/pulumi/awsx/lb/inputs/ListenerArgs.java index 72f6ae87d..b2a4f6c20 100644 --- a/sdk/java/src/main/java/com/pulumi/awsx/lb/inputs/ListenerArgs.java +++ b/sdk/java/src/main/java/com/pulumi/awsx/lb/inputs/ListenerArgs.java @@ -7,6 +7,7 @@ import com.pulumi.aws.lb.inputs.ListenerMutualAuthenticationArgs; import com.pulumi.core.Output; import com.pulumi.core.annotations.Import; +import java.lang.Boolean; import java.lang.Integer; import java.lang.String; import java.util.List; @@ -552,6 +553,291 @@ public Optional> protocol() { return Optional.ofNullable(this.protocol); } + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + @Import(name="routingHttpRequestXAmznMtlsClientcertHeaderName") + private @Nullable Output routingHttpRequestXAmznMtlsClientcertHeaderName; + + /** + * @return Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + public Optional> routingHttpRequestXAmznMtlsClientcertHeaderName() { + return Optional.ofNullable(this.routingHttpRequestXAmznMtlsClientcertHeaderName); + } + + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + @Import(name="routingHttpRequestXAmznMtlsClientcertIssuerHeaderName") + private @Nullable Output routingHttpRequestXAmznMtlsClientcertIssuerHeaderName; + + /** + * @return Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + public Optional> routingHttpRequestXAmznMtlsClientcertIssuerHeaderName() { + return Optional.ofNullable(this.routingHttpRequestXAmznMtlsClientcertIssuerHeaderName); + } + + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + @Import(name="routingHttpRequestXAmznMtlsClientcertLeafHeaderName") + private @Nullable Output routingHttpRequestXAmznMtlsClientcertLeafHeaderName; + + /** + * @return Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + public Optional> routingHttpRequestXAmznMtlsClientcertLeafHeaderName() { + return Optional.ofNullable(this.routingHttpRequestXAmznMtlsClientcertLeafHeaderName); + } + + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + @Import(name="routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName") + private @Nullable Output routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName; + + /** + * @return Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + public Optional> routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName() { + return Optional.ofNullable(this.routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName); + } + + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + @Import(name="routingHttpRequestXAmznMtlsClientcertSubjectHeaderName") + private @Nullable Output routingHttpRequestXAmznMtlsClientcertSubjectHeaderName; + + /** + * @return Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + public Optional> routingHttpRequestXAmznMtlsClientcertSubjectHeaderName() { + return Optional.ofNullable(this.routingHttpRequestXAmznMtlsClientcertSubjectHeaderName); + } + + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + @Import(name="routingHttpRequestXAmznMtlsClientcertValidityHeaderName") + private @Nullable Output routingHttpRequestXAmznMtlsClientcertValidityHeaderName; + + /** + * @return Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + public Optional> routingHttpRequestXAmznMtlsClientcertValidityHeaderName() { + return Optional.ofNullable(this.routingHttpRequestXAmznMtlsClientcertValidityHeaderName); + } + + /** + * Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + @Import(name="routingHttpRequestXAmznTlsCipherSuiteHeaderName") + private @Nullable Output routingHttpRequestXAmznTlsCipherSuiteHeaderName; + + /** + * @return Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + public Optional> routingHttpRequestXAmznTlsCipherSuiteHeaderName() { + return Optional.ofNullable(this.routingHttpRequestXAmznTlsCipherSuiteHeaderName); + } + + /** + * Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + @Import(name="routingHttpRequestXAmznTlsVersionHeaderName") + private @Nullable Output routingHttpRequestXAmznTlsVersionHeaderName; + + /** + * @return Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + */ + public Optional> routingHttpRequestXAmznTlsVersionHeaderName() { + return Optional.ofNullable(this.routingHttpRequestXAmznTlsVersionHeaderName); + } + + /** + * Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + * + */ + @Import(name="routingHttpResponseAccessControlAllowCredentialsHeaderValue") + private @Nullable Output routingHttpResponseAccessControlAllowCredentialsHeaderValue; + + /** + * @return Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + * + */ + public Optional> routingHttpResponseAccessControlAllowCredentialsHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseAccessControlAllowCredentialsHeaderValue); + } + + /** + * Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + * + */ + @Import(name="routingHttpResponseAccessControlAllowHeadersHeaderValue") + private @Nullable Output routingHttpResponseAccessControlAllowHeadersHeaderValue; + + /** + * @return Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + * + */ + public Optional> routingHttpResponseAccessControlAllowHeadersHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseAccessControlAllowHeadersHeaderValue); + } + + /** + * Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + * + */ + @Import(name="routingHttpResponseAccessControlAllowMethodsHeaderValue") + private @Nullable Output routingHttpResponseAccessControlAllowMethodsHeaderValue; + + /** + * @return Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + * + */ + public Optional> routingHttpResponseAccessControlAllowMethodsHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseAccessControlAllowMethodsHeaderValue); + } + + /** + * Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + * + */ + @Import(name="routingHttpResponseAccessControlAllowOriginHeaderValue") + private @Nullable Output routingHttpResponseAccessControlAllowOriginHeaderValue; + + /** + * @return Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + * + */ + public Optional> routingHttpResponseAccessControlAllowOriginHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseAccessControlAllowOriginHeaderValue); + } + + /** + * Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + * + */ + @Import(name="routingHttpResponseAccessControlExposeHeadersHeaderValue") + private @Nullable Output routingHttpResponseAccessControlExposeHeadersHeaderValue; + + /** + * @return Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + * + */ + public Optional> routingHttpResponseAccessControlExposeHeadersHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseAccessControlExposeHeadersHeaderValue); + } + + /** + * Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + * + */ + @Import(name="routingHttpResponseAccessControlMaxAgeHeaderValue") + private @Nullable Output routingHttpResponseAccessControlMaxAgeHeaderValue; + + /** + * @return Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + * + */ + public Optional> routingHttpResponseAccessControlMaxAgeHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseAccessControlMaxAgeHeaderValue); + } + + /** + * Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + * + */ + @Import(name="routingHttpResponseContentSecurityPolicyHeaderValue") + private @Nullable Output routingHttpResponseContentSecurityPolicyHeaderValue; + + /** + * @return Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + * + */ + public Optional> routingHttpResponseContentSecurityPolicyHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseContentSecurityPolicyHeaderValue); + } + + /** + * Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + * + */ + @Import(name="routingHttpResponseServerEnabled") + private @Nullable Output routingHttpResponseServerEnabled; + + /** + * @return Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + * + */ + public Optional> routingHttpResponseServerEnabled() { + return Optional.ofNullable(this.routingHttpResponseServerEnabled); + } + + /** + * Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + * + */ + @Import(name="routingHttpResponseStrictTransportSecurityHeaderValue") + private @Nullable Output routingHttpResponseStrictTransportSecurityHeaderValue; + + /** + * @return Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + * + */ + public Optional> routingHttpResponseStrictTransportSecurityHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseStrictTransportSecurityHeaderValue); + } + + /** + * Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + * + */ + @Import(name="routingHttpResponseXContentTypeOptionsHeaderValue") + private @Nullable Output routingHttpResponseXContentTypeOptionsHeaderValue; + + /** + * @return Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + * + */ + public Optional> routingHttpResponseXContentTypeOptionsHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseXContentTypeOptionsHeaderValue); + } + + /** + * Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + * + */ + @Import(name="routingHttpResponseXFrameOptionsHeaderValue") + private @Nullable Output routingHttpResponseXFrameOptionsHeaderValue; + + /** + * @return Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + * + */ + public Optional> routingHttpResponseXFrameOptionsHeaderValue() { + return Optional.ofNullable(this.routingHttpResponseXFrameOptionsHeaderValue); + } + /** * Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. * @@ -610,6 +896,25 @@ private ListenerArgs(ListenerArgs $) { this.mutualAuthentication = $.mutualAuthentication; this.port = $.port; this.protocol = $.protocol; + this.routingHttpRequestXAmznMtlsClientcertHeaderName = $.routingHttpRequestXAmznMtlsClientcertHeaderName; + this.routingHttpRequestXAmznMtlsClientcertIssuerHeaderName = $.routingHttpRequestXAmznMtlsClientcertIssuerHeaderName; + this.routingHttpRequestXAmznMtlsClientcertLeafHeaderName = $.routingHttpRequestXAmznMtlsClientcertLeafHeaderName; + this.routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName = $.routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName; + this.routingHttpRequestXAmznMtlsClientcertSubjectHeaderName = $.routingHttpRequestXAmznMtlsClientcertSubjectHeaderName; + this.routingHttpRequestXAmznMtlsClientcertValidityHeaderName = $.routingHttpRequestXAmznMtlsClientcertValidityHeaderName; + this.routingHttpRequestXAmznTlsCipherSuiteHeaderName = $.routingHttpRequestXAmznTlsCipherSuiteHeaderName; + this.routingHttpRequestXAmznTlsVersionHeaderName = $.routingHttpRequestXAmznTlsVersionHeaderName; + this.routingHttpResponseAccessControlAllowCredentialsHeaderValue = $.routingHttpResponseAccessControlAllowCredentialsHeaderValue; + this.routingHttpResponseAccessControlAllowHeadersHeaderValue = $.routingHttpResponseAccessControlAllowHeadersHeaderValue; + this.routingHttpResponseAccessControlAllowMethodsHeaderValue = $.routingHttpResponseAccessControlAllowMethodsHeaderValue; + this.routingHttpResponseAccessControlAllowOriginHeaderValue = $.routingHttpResponseAccessControlAllowOriginHeaderValue; + this.routingHttpResponseAccessControlExposeHeadersHeaderValue = $.routingHttpResponseAccessControlExposeHeadersHeaderValue; + this.routingHttpResponseAccessControlMaxAgeHeaderValue = $.routingHttpResponseAccessControlMaxAgeHeaderValue; + this.routingHttpResponseContentSecurityPolicyHeaderValue = $.routingHttpResponseContentSecurityPolicyHeaderValue; + this.routingHttpResponseServerEnabled = $.routingHttpResponseServerEnabled; + this.routingHttpResponseStrictTransportSecurityHeaderValue = $.routingHttpResponseStrictTransportSecurityHeaderValue; + this.routingHttpResponseXContentTypeOptionsHeaderValue = $.routingHttpResponseXContentTypeOptionsHeaderValue; + this.routingHttpResponseXFrameOptionsHeaderValue = $.routingHttpResponseXFrameOptionsHeaderValue; this.sslPolicy = $.sslPolicy; this.tags = $.tags; this.tcpIdleTimeoutSeconds = $.tcpIdleTimeoutSeconds; @@ -769,6 +1074,405 @@ public Builder protocol(String protocol) { return protocol(Output.of(protocol)); } + /** + * @param routingHttpRequestXAmznMtlsClientcertHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertHeaderName(@Nullable Output routingHttpRequestXAmznMtlsClientcertHeaderName) { + $.routingHttpRequestXAmznMtlsClientcertHeaderName = routingHttpRequestXAmznMtlsClientcertHeaderName; + return this; + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertHeaderName(String routingHttpRequestXAmznMtlsClientcertHeaderName) { + return routingHttpRequestXAmznMtlsClientcertHeaderName(Output.of(routingHttpRequestXAmznMtlsClientcertHeaderName)); + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertIssuerHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertIssuerHeaderName(@Nullable Output routingHttpRequestXAmznMtlsClientcertIssuerHeaderName) { + $.routingHttpRequestXAmznMtlsClientcertIssuerHeaderName = routingHttpRequestXAmznMtlsClientcertIssuerHeaderName; + return this; + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertIssuerHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertIssuerHeaderName(String routingHttpRequestXAmznMtlsClientcertIssuerHeaderName) { + return routingHttpRequestXAmznMtlsClientcertIssuerHeaderName(Output.of(routingHttpRequestXAmznMtlsClientcertIssuerHeaderName)); + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertLeafHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertLeafHeaderName(@Nullable Output routingHttpRequestXAmznMtlsClientcertLeafHeaderName) { + $.routingHttpRequestXAmznMtlsClientcertLeafHeaderName = routingHttpRequestXAmznMtlsClientcertLeafHeaderName; + return this; + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertLeafHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertLeafHeaderName(String routingHttpRequestXAmznMtlsClientcertLeafHeaderName) { + return routingHttpRequestXAmznMtlsClientcertLeafHeaderName(Output.of(routingHttpRequestXAmznMtlsClientcertLeafHeaderName)); + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName(@Nullable Output routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName) { + $.routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName = routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName; + return this; + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName(String routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName) { + return routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName(Output.of(routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName)); + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertSubjectHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertSubjectHeaderName(@Nullable Output routingHttpRequestXAmznMtlsClientcertSubjectHeaderName) { + $.routingHttpRequestXAmznMtlsClientcertSubjectHeaderName = routingHttpRequestXAmznMtlsClientcertSubjectHeaderName; + return this; + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertSubjectHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertSubjectHeaderName(String routingHttpRequestXAmznMtlsClientcertSubjectHeaderName) { + return routingHttpRequestXAmznMtlsClientcertSubjectHeaderName(Output.of(routingHttpRequestXAmznMtlsClientcertSubjectHeaderName)); + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertValidityHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertValidityHeaderName(@Nullable Output routingHttpRequestXAmznMtlsClientcertValidityHeaderName) { + $.routingHttpRequestXAmznMtlsClientcertValidityHeaderName = routingHttpRequestXAmznMtlsClientcertValidityHeaderName; + return this; + } + + /** + * @param routingHttpRequestXAmznMtlsClientcertValidityHeaderName Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznMtlsClientcertValidityHeaderName(String routingHttpRequestXAmznMtlsClientcertValidityHeaderName) { + return routingHttpRequestXAmznMtlsClientcertValidityHeaderName(Output.of(routingHttpRequestXAmznMtlsClientcertValidityHeaderName)); + } + + /** + * @param routingHttpRequestXAmznTlsCipherSuiteHeaderName Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznTlsCipherSuiteHeaderName(@Nullable Output routingHttpRequestXAmznTlsCipherSuiteHeaderName) { + $.routingHttpRequestXAmznTlsCipherSuiteHeaderName = routingHttpRequestXAmznTlsCipherSuiteHeaderName; + return this; + } + + /** + * @param routingHttpRequestXAmznTlsCipherSuiteHeaderName Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznTlsCipherSuiteHeaderName(String routingHttpRequestXAmznTlsCipherSuiteHeaderName) { + return routingHttpRequestXAmznTlsCipherSuiteHeaderName(Output.of(routingHttpRequestXAmznTlsCipherSuiteHeaderName)); + } + + /** + * @param routingHttpRequestXAmznTlsVersionHeaderName Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznTlsVersionHeaderName(@Nullable Output routingHttpRequestXAmznTlsVersionHeaderName) { + $.routingHttpRequestXAmznTlsVersionHeaderName = routingHttpRequestXAmznTlsVersionHeaderName; + return this; + } + + /** + * @param routingHttpRequestXAmznTlsVersionHeaderName Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + * + * @return builder + * + */ + public Builder routingHttpRequestXAmznTlsVersionHeaderName(String routingHttpRequestXAmznTlsVersionHeaderName) { + return routingHttpRequestXAmznTlsVersionHeaderName(Output.of(routingHttpRequestXAmznTlsVersionHeaderName)); + } + + /** + * @param routingHttpResponseAccessControlAllowCredentialsHeaderValue Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlAllowCredentialsHeaderValue(@Nullable Output routingHttpResponseAccessControlAllowCredentialsHeaderValue) { + $.routingHttpResponseAccessControlAllowCredentialsHeaderValue = routingHttpResponseAccessControlAllowCredentialsHeaderValue; + return this; + } + + /** + * @param routingHttpResponseAccessControlAllowCredentialsHeaderValue Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlAllowCredentialsHeaderValue(String routingHttpResponseAccessControlAllowCredentialsHeaderValue) { + return routingHttpResponseAccessControlAllowCredentialsHeaderValue(Output.of(routingHttpResponseAccessControlAllowCredentialsHeaderValue)); + } + + /** + * @param routingHttpResponseAccessControlAllowHeadersHeaderValue Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlAllowHeadersHeaderValue(@Nullable Output routingHttpResponseAccessControlAllowHeadersHeaderValue) { + $.routingHttpResponseAccessControlAllowHeadersHeaderValue = routingHttpResponseAccessControlAllowHeadersHeaderValue; + return this; + } + + /** + * @param routingHttpResponseAccessControlAllowHeadersHeaderValue Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlAllowHeadersHeaderValue(String routingHttpResponseAccessControlAllowHeadersHeaderValue) { + return routingHttpResponseAccessControlAllowHeadersHeaderValue(Output.of(routingHttpResponseAccessControlAllowHeadersHeaderValue)); + } + + /** + * @param routingHttpResponseAccessControlAllowMethodsHeaderValue Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlAllowMethodsHeaderValue(@Nullable Output routingHttpResponseAccessControlAllowMethodsHeaderValue) { + $.routingHttpResponseAccessControlAllowMethodsHeaderValue = routingHttpResponseAccessControlAllowMethodsHeaderValue; + return this; + } + + /** + * @param routingHttpResponseAccessControlAllowMethodsHeaderValue Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlAllowMethodsHeaderValue(String routingHttpResponseAccessControlAllowMethodsHeaderValue) { + return routingHttpResponseAccessControlAllowMethodsHeaderValue(Output.of(routingHttpResponseAccessControlAllowMethodsHeaderValue)); + } + + /** + * @param routingHttpResponseAccessControlAllowOriginHeaderValue Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlAllowOriginHeaderValue(@Nullable Output routingHttpResponseAccessControlAllowOriginHeaderValue) { + $.routingHttpResponseAccessControlAllowOriginHeaderValue = routingHttpResponseAccessControlAllowOriginHeaderValue; + return this; + } + + /** + * @param routingHttpResponseAccessControlAllowOriginHeaderValue Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlAllowOriginHeaderValue(String routingHttpResponseAccessControlAllowOriginHeaderValue) { + return routingHttpResponseAccessControlAllowOriginHeaderValue(Output.of(routingHttpResponseAccessControlAllowOriginHeaderValue)); + } + + /** + * @param routingHttpResponseAccessControlExposeHeadersHeaderValue Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlExposeHeadersHeaderValue(@Nullable Output routingHttpResponseAccessControlExposeHeadersHeaderValue) { + $.routingHttpResponseAccessControlExposeHeadersHeaderValue = routingHttpResponseAccessControlExposeHeadersHeaderValue; + return this; + } + + /** + * @param routingHttpResponseAccessControlExposeHeadersHeaderValue Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlExposeHeadersHeaderValue(String routingHttpResponseAccessControlExposeHeadersHeaderValue) { + return routingHttpResponseAccessControlExposeHeadersHeaderValue(Output.of(routingHttpResponseAccessControlExposeHeadersHeaderValue)); + } + + /** + * @param routingHttpResponseAccessControlMaxAgeHeaderValue Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlMaxAgeHeaderValue(@Nullable Output routingHttpResponseAccessControlMaxAgeHeaderValue) { + $.routingHttpResponseAccessControlMaxAgeHeaderValue = routingHttpResponseAccessControlMaxAgeHeaderValue; + return this; + } + + /** + * @param routingHttpResponseAccessControlMaxAgeHeaderValue Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + * + * @return builder + * + */ + public Builder routingHttpResponseAccessControlMaxAgeHeaderValue(String routingHttpResponseAccessControlMaxAgeHeaderValue) { + return routingHttpResponseAccessControlMaxAgeHeaderValue(Output.of(routingHttpResponseAccessControlMaxAgeHeaderValue)); + } + + /** + * @param routingHttpResponseContentSecurityPolicyHeaderValue Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + * + * @return builder + * + */ + public Builder routingHttpResponseContentSecurityPolicyHeaderValue(@Nullable Output routingHttpResponseContentSecurityPolicyHeaderValue) { + $.routingHttpResponseContentSecurityPolicyHeaderValue = routingHttpResponseContentSecurityPolicyHeaderValue; + return this; + } + + /** + * @param routingHttpResponseContentSecurityPolicyHeaderValue Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + * + * @return builder + * + */ + public Builder routingHttpResponseContentSecurityPolicyHeaderValue(String routingHttpResponseContentSecurityPolicyHeaderValue) { + return routingHttpResponseContentSecurityPolicyHeaderValue(Output.of(routingHttpResponseContentSecurityPolicyHeaderValue)); + } + + /** + * @param routingHttpResponseServerEnabled Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + * + * @return builder + * + */ + public Builder routingHttpResponseServerEnabled(@Nullable Output routingHttpResponseServerEnabled) { + $.routingHttpResponseServerEnabled = routingHttpResponseServerEnabled; + return this; + } + + /** + * @param routingHttpResponseServerEnabled Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + * + * @return builder + * + */ + public Builder routingHttpResponseServerEnabled(Boolean routingHttpResponseServerEnabled) { + return routingHttpResponseServerEnabled(Output.of(routingHttpResponseServerEnabled)); + } + + /** + * @param routingHttpResponseStrictTransportSecurityHeaderValue Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + * + * @return builder + * + */ + public Builder routingHttpResponseStrictTransportSecurityHeaderValue(@Nullable Output routingHttpResponseStrictTransportSecurityHeaderValue) { + $.routingHttpResponseStrictTransportSecurityHeaderValue = routingHttpResponseStrictTransportSecurityHeaderValue; + return this; + } + + /** + * @param routingHttpResponseStrictTransportSecurityHeaderValue Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + * + * @return builder + * + */ + public Builder routingHttpResponseStrictTransportSecurityHeaderValue(String routingHttpResponseStrictTransportSecurityHeaderValue) { + return routingHttpResponseStrictTransportSecurityHeaderValue(Output.of(routingHttpResponseStrictTransportSecurityHeaderValue)); + } + + /** + * @param routingHttpResponseXContentTypeOptionsHeaderValue Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + * + * @return builder + * + */ + public Builder routingHttpResponseXContentTypeOptionsHeaderValue(@Nullable Output routingHttpResponseXContentTypeOptionsHeaderValue) { + $.routingHttpResponseXContentTypeOptionsHeaderValue = routingHttpResponseXContentTypeOptionsHeaderValue; + return this; + } + + /** + * @param routingHttpResponseXContentTypeOptionsHeaderValue Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + * + * @return builder + * + */ + public Builder routingHttpResponseXContentTypeOptionsHeaderValue(String routingHttpResponseXContentTypeOptionsHeaderValue) { + return routingHttpResponseXContentTypeOptionsHeaderValue(Output.of(routingHttpResponseXContentTypeOptionsHeaderValue)); + } + + /** + * @param routingHttpResponseXFrameOptionsHeaderValue Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + * + * @return builder + * + */ + public Builder routingHttpResponseXFrameOptionsHeaderValue(@Nullable Output routingHttpResponseXFrameOptionsHeaderValue) { + $.routingHttpResponseXFrameOptionsHeaderValue = routingHttpResponseXFrameOptionsHeaderValue; + return this; + } + + /** + * @param routingHttpResponseXFrameOptionsHeaderValue Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + * + * @return builder + * + */ + public Builder routingHttpResponseXFrameOptionsHeaderValue(String routingHttpResponseXFrameOptionsHeaderValue) { + return routingHttpResponseXFrameOptionsHeaderValue(Output.of(routingHttpResponseXFrameOptionsHeaderValue)); + } + /** * @param sslPolicy Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. * diff --git a/sdk/nodejs/package.json b/sdk/nodejs/package.json index 6e2ead538..e79f68bbd 100644 --- a/sdk/nodejs/package.json +++ b/sdk/nodejs/package.json @@ -16,7 +16,7 @@ }, "dependencies": { "@aws-sdk/client-ecs": "^3.405.0", - "@pulumi/aws": "^6.66.3", + "@pulumi/aws": "^6.67.0", "@pulumi/docker": "^4.6.0", "@pulumi/docker-build": "^0.0.8", "@pulumi/pulumi": "^3.142.0", diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index f931ebea4..dbf5c7781 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -3240,6 +3240,82 @@ export namespace lb { * Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are `HTTP` and `HTTPS`, with a default of `HTTP`. For Network Load Balancers, valid values are `TCP`, `TLS`, `UDP`, and `TCP_UDP`. Not valid to use `UDP` or `TCP_UDP` if dual-stack mode is enabled. Not valid for Gateway Load Balancers. */ protocol?: pulumi.Input; + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + */ + routingHttpRequestXAmznMtlsClientcertHeaderName?: pulumi.Input; + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + */ + routingHttpRequestXAmznMtlsClientcertIssuerHeaderName?: pulumi.Input; + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + */ + routingHttpRequestXAmznMtlsClientcertLeafHeaderName?: pulumi.Input; + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + */ + routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName?: pulumi.Input; + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + */ + routingHttpRequestXAmznMtlsClientcertSubjectHeaderName?: pulumi.Input; + /** + * Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + */ + routingHttpRequestXAmznMtlsClientcertValidityHeaderName?: pulumi.Input; + /** + * Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + */ + routingHttpRequestXAmznTlsCipherSuiteHeaderName?: pulumi.Input; + /** + * Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + */ + routingHttpRequestXAmznTlsVersionHeaderName?: pulumi.Input; + /** + * Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + */ + routingHttpResponseAccessControlAllowCredentialsHeaderValue?: pulumi.Input; + /** + * Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + */ + routingHttpResponseAccessControlAllowHeadersHeaderValue?: pulumi.Input; + /** + * Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + */ + routingHttpResponseAccessControlAllowMethodsHeaderValue?: pulumi.Input; + /** + * Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + */ + routingHttpResponseAccessControlAllowOriginHeaderValue?: pulumi.Input; + /** + * Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + */ + routingHttpResponseAccessControlExposeHeadersHeaderValue?: pulumi.Input; + /** + * Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + */ + routingHttpResponseAccessControlMaxAgeHeaderValue?: pulumi.Input; + /** + * Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + */ + routingHttpResponseContentSecurityPolicyHeaderValue?: pulumi.Input; + /** + * Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + */ + routingHttpResponseServerEnabled?: pulumi.Input; + /** + * Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + */ + routingHttpResponseStrictTransportSecurityHeaderValue?: pulumi.Input; + /** + * Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + */ + routingHttpResponseXContentTypeOptionsHeaderValue?: pulumi.Input; + /** + * Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + */ + routingHttpResponseXFrameOptionsHeaderValue?: pulumi.Input; /** * Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. */ diff --git a/sdk/python/pulumi_awsx/lb/_inputs.py b/sdk/python/pulumi_awsx/lb/_inputs.py index a3a6ef896..72f79ad3f 100644 --- a/sdk/python/pulumi_awsx/lb/_inputs.py +++ b/sdk/python/pulumi_awsx/lb/_inputs.py @@ -1649,6 +1649,82 @@ class ListenerArgsDict(TypedDict): """ Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are `HTTP` and `HTTPS`, with a default of `HTTP`. For Network Load Balancers, valid values are `TCP`, `TLS`, `UDP`, and `TCP_UDP`. Not valid to use `UDP` or `TCP_UDP` if dual-stack mode is enabled. Not valid for Gateway Load Balancers. """ + routing_http_request_x_amzn_mtls_clientcert_header_name: NotRequired[pulumi.Input[str]] + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + routing_http_request_x_amzn_mtls_clientcert_issuer_header_name: NotRequired[pulumi.Input[str]] + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + routing_http_request_x_amzn_mtls_clientcert_leaf_header_name: NotRequired[pulumi.Input[str]] + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name: NotRequired[pulumi.Input[str]] + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + routing_http_request_x_amzn_mtls_clientcert_subject_header_name: NotRequired[pulumi.Input[str]] + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + routing_http_request_x_amzn_mtls_clientcert_validity_header_name: NotRequired[pulumi.Input[str]] + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + routing_http_request_x_amzn_tls_cipher_suite_header_name: NotRequired[pulumi.Input[str]] + """ + Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + routing_http_request_x_amzn_tls_version_header_name: NotRequired[pulumi.Input[str]] + """ + Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + routing_http_response_access_control_allow_credentials_header_value: NotRequired[pulumi.Input[str]] + """ + Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + """ + routing_http_response_access_control_allow_headers_header_value: NotRequired[pulumi.Input[str]] + """ + Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + """ + routing_http_response_access_control_allow_methods_header_value: NotRequired[pulumi.Input[str]] + """ + Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + """ + routing_http_response_access_control_allow_origin_header_value: NotRequired[pulumi.Input[str]] + """ + Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + """ + routing_http_response_access_control_expose_headers_header_value: NotRequired[pulumi.Input[str]] + """ + Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + """ + routing_http_response_access_control_max_age_header_value: NotRequired[pulumi.Input[str]] + """ + Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + """ + routing_http_response_content_security_policy_header_value: NotRequired[pulumi.Input[str]] + """ + Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + """ + routing_http_response_server_enabled: NotRequired[pulumi.Input[bool]] + """ + Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + """ + routing_http_response_strict_transport_security_header_value: NotRequired[pulumi.Input[str]] + """ + Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + """ + routing_http_response_x_content_type_options_header_value: NotRequired[pulumi.Input[str]] + """ + Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + """ + routing_http_response_x_frame_options_header_value: NotRequired[pulumi.Input[str]] + """ + Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + """ ssl_policy: NotRequired[pulumi.Input[str]] """ Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. @@ -1675,6 +1751,25 @@ def __init__(__self__, *, mutual_authentication: Optional[pulumi.Input['pulumi_aws.lb.ListenerMutualAuthenticationArgs']] = None, port: Optional[pulumi.Input[int]] = None, protocol: Optional[pulumi.Input[str]] = None, + routing_http_request_x_amzn_mtls_clientcert_header_name: Optional[pulumi.Input[str]] = None, + routing_http_request_x_amzn_mtls_clientcert_issuer_header_name: Optional[pulumi.Input[str]] = None, + routing_http_request_x_amzn_mtls_clientcert_leaf_header_name: Optional[pulumi.Input[str]] = None, + routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name: Optional[pulumi.Input[str]] = None, + routing_http_request_x_amzn_mtls_clientcert_subject_header_name: Optional[pulumi.Input[str]] = None, + routing_http_request_x_amzn_mtls_clientcert_validity_header_name: Optional[pulumi.Input[str]] = None, + routing_http_request_x_amzn_tls_cipher_suite_header_name: Optional[pulumi.Input[str]] = None, + routing_http_request_x_amzn_tls_version_header_name: Optional[pulumi.Input[str]] = None, + routing_http_response_access_control_allow_credentials_header_value: Optional[pulumi.Input[str]] = None, + routing_http_response_access_control_allow_headers_header_value: Optional[pulumi.Input[str]] = None, + routing_http_response_access_control_allow_methods_header_value: Optional[pulumi.Input[str]] = None, + routing_http_response_access_control_allow_origin_header_value: Optional[pulumi.Input[str]] = None, + routing_http_response_access_control_expose_headers_header_value: Optional[pulumi.Input[str]] = None, + routing_http_response_access_control_max_age_header_value: Optional[pulumi.Input[str]] = None, + routing_http_response_content_security_policy_header_value: Optional[pulumi.Input[str]] = None, + routing_http_response_server_enabled: Optional[pulumi.Input[bool]] = None, + routing_http_response_strict_transport_security_header_value: Optional[pulumi.Input[str]] = None, + routing_http_response_x_content_type_options_header_value: Optional[pulumi.Input[str]] = None, + routing_http_response_x_frame_options_header_value: Optional[pulumi.Input[str]] = None, ssl_policy: Optional[pulumi.Input[str]] = None, tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, tcp_idle_timeout_seconds: Optional[pulumi.Input[int]] = None): @@ -3283,6 +3378,25 @@ def __init__(__self__, *, :param pulumi.Input['pulumi_aws.lb.ListenerMutualAuthenticationArgs'] mutual_authentication: The mutual authentication configuration information. See below. :param pulumi.Input[int] port: Port on which the load balancer is listening. Not valid for Gateway Load Balancers. :param pulumi.Input[str] protocol: Protocol for connections from clients to the load balancer. For Application Load Balancers, valid values are `HTTP` and `HTTPS`, with a default of `HTTP`. For Network Load Balancers, valid values are `TCP`, `TLS`, `UDP`, and `TCP_UDP`. Not valid to use `UDP` or `TCP_UDP` if dual-stack mode is enabled. Not valid for Gateway Load Balancers. + :param pulumi.Input[str] routing_http_request_x_amzn_mtls_clientcert_header_name: Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + :param pulumi.Input[str] routing_http_request_x_amzn_mtls_clientcert_issuer_header_name: Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + :param pulumi.Input[str] routing_http_request_x_amzn_mtls_clientcert_leaf_header_name: Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + :param pulumi.Input[str] routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name: Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + :param pulumi.Input[str] routing_http_request_x_amzn_mtls_clientcert_subject_header_name: Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + :param pulumi.Input[str] routing_http_request_x_amzn_mtls_clientcert_validity_header_name: Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + :param pulumi.Input[str] routing_http_request_x_amzn_tls_cipher_suite_header_name: Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + :param pulumi.Input[str] routing_http_request_x_amzn_tls_version_header_name: Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + :param pulumi.Input[str] routing_http_response_access_control_allow_credentials_header_value: Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + :param pulumi.Input[str] routing_http_response_access_control_allow_headers_header_value: Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + :param pulumi.Input[str] routing_http_response_access_control_allow_methods_header_value: Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + :param pulumi.Input[str] routing_http_response_access_control_allow_origin_header_value: Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + :param pulumi.Input[str] routing_http_response_access_control_expose_headers_header_value: Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + :param pulumi.Input[str] routing_http_response_access_control_max_age_header_value: Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + :param pulumi.Input[str] routing_http_response_content_security_policy_header_value: Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + :param pulumi.Input[bool] routing_http_response_server_enabled: Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + :param pulumi.Input[str] routing_http_response_strict_transport_security_header_value: Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + :param pulumi.Input[str] routing_http_response_x_content_type_options_header_value: Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + :param pulumi.Input[str] routing_http_response_x_frame_options_header_value: Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. :param pulumi.Input[str] ssl_policy: Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`. Default is `ELBSecurityPolicy-2016-08`. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] tags: A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. @@ -3301,6 +3415,44 @@ def __init__(__self__, *, pulumi.set(__self__, "port", port) if protocol is not None: pulumi.set(__self__, "protocol", protocol) + if routing_http_request_x_amzn_mtls_clientcert_header_name is not None: + pulumi.set(__self__, "routing_http_request_x_amzn_mtls_clientcert_header_name", routing_http_request_x_amzn_mtls_clientcert_header_name) + if routing_http_request_x_amzn_mtls_clientcert_issuer_header_name is not None: + pulumi.set(__self__, "routing_http_request_x_amzn_mtls_clientcert_issuer_header_name", routing_http_request_x_amzn_mtls_clientcert_issuer_header_name) + if routing_http_request_x_amzn_mtls_clientcert_leaf_header_name is not None: + pulumi.set(__self__, "routing_http_request_x_amzn_mtls_clientcert_leaf_header_name", routing_http_request_x_amzn_mtls_clientcert_leaf_header_name) + if routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name is not None: + pulumi.set(__self__, "routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name", routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name) + if routing_http_request_x_amzn_mtls_clientcert_subject_header_name is not None: + pulumi.set(__self__, "routing_http_request_x_amzn_mtls_clientcert_subject_header_name", routing_http_request_x_amzn_mtls_clientcert_subject_header_name) + if routing_http_request_x_amzn_mtls_clientcert_validity_header_name is not None: + pulumi.set(__self__, "routing_http_request_x_amzn_mtls_clientcert_validity_header_name", routing_http_request_x_amzn_mtls_clientcert_validity_header_name) + if routing_http_request_x_amzn_tls_cipher_suite_header_name is not None: + pulumi.set(__self__, "routing_http_request_x_amzn_tls_cipher_suite_header_name", routing_http_request_x_amzn_tls_cipher_suite_header_name) + if routing_http_request_x_amzn_tls_version_header_name is not None: + pulumi.set(__self__, "routing_http_request_x_amzn_tls_version_header_name", routing_http_request_x_amzn_tls_version_header_name) + if routing_http_response_access_control_allow_credentials_header_value is not None: + pulumi.set(__self__, "routing_http_response_access_control_allow_credentials_header_value", routing_http_response_access_control_allow_credentials_header_value) + if routing_http_response_access_control_allow_headers_header_value is not None: + pulumi.set(__self__, "routing_http_response_access_control_allow_headers_header_value", routing_http_response_access_control_allow_headers_header_value) + if routing_http_response_access_control_allow_methods_header_value is not None: + pulumi.set(__self__, "routing_http_response_access_control_allow_methods_header_value", routing_http_response_access_control_allow_methods_header_value) + if routing_http_response_access_control_allow_origin_header_value is not None: + pulumi.set(__self__, "routing_http_response_access_control_allow_origin_header_value", routing_http_response_access_control_allow_origin_header_value) + if routing_http_response_access_control_expose_headers_header_value is not None: + pulumi.set(__self__, "routing_http_response_access_control_expose_headers_header_value", routing_http_response_access_control_expose_headers_header_value) + if routing_http_response_access_control_max_age_header_value is not None: + pulumi.set(__self__, "routing_http_response_access_control_max_age_header_value", routing_http_response_access_control_max_age_header_value) + if routing_http_response_content_security_policy_header_value is not None: + pulumi.set(__self__, "routing_http_response_content_security_policy_header_value", routing_http_response_content_security_policy_header_value) + if routing_http_response_server_enabled is not None: + pulumi.set(__self__, "routing_http_response_server_enabled", routing_http_response_server_enabled) + if routing_http_response_strict_transport_security_header_value is not None: + pulumi.set(__self__, "routing_http_response_strict_transport_security_header_value", routing_http_response_strict_transport_security_header_value) + if routing_http_response_x_content_type_options_header_value is not None: + pulumi.set(__self__, "routing_http_response_x_content_type_options_header_value", routing_http_response_x_content_type_options_header_value) + if routing_http_response_x_frame_options_header_value is not None: + pulumi.set(__self__, "routing_http_response_x_frame_options_header_value", routing_http_response_x_frame_options_header_value) if ssl_policy is not None: pulumi.set(__self__, "ssl_policy", ssl_policy) if tags is not None: @@ -3380,6 +3532,234 @@ def protocol(self) -> Optional[pulumi.Input[str]]: def protocol(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "protocol", value) + @property + @pulumi.getter(name="routingHttpRequestXAmznMtlsClientcertHeaderName") + def routing_http_request_x_amzn_mtls_clientcert_header_name(self) -> Optional[pulumi.Input[str]]: + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + return pulumi.get(self, "routing_http_request_x_amzn_mtls_clientcert_header_name") + + @routing_http_request_x_amzn_mtls_clientcert_header_name.setter + def routing_http_request_x_amzn_mtls_clientcert_header_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_request_x_amzn_mtls_clientcert_header_name", value) + + @property + @pulumi.getter(name="routingHttpRequestXAmznMtlsClientcertIssuerHeaderName") + def routing_http_request_x_amzn_mtls_clientcert_issuer_header_name(self) -> Optional[pulumi.Input[str]]: + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Issuer` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + return pulumi.get(self, "routing_http_request_x_amzn_mtls_clientcert_issuer_header_name") + + @routing_http_request_x_amzn_mtls_clientcert_issuer_header_name.setter + def routing_http_request_x_amzn_mtls_clientcert_issuer_header_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_request_x_amzn_mtls_clientcert_issuer_header_name", value) + + @property + @pulumi.getter(name="routingHttpRequestXAmznMtlsClientcertLeafHeaderName") + def routing_http_request_x_amzn_mtls_clientcert_leaf_header_name(self) -> Optional[pulumi.Input[str]]: + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Leaf` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + return pulumi.get(self, "routing_http_request_x_amzn_mtls_clientcert_leaf_header_name") + + @routing_http_request_x_amzn_mtls_clientcert_leaf_header_name.setter + def routing_http_request_x_amzn_mtls_clientcert_leaf_header_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_request_x_amzn_mtls_clientcert_leaf_header_name", value) + + @property + @pulumi.getter(name="routingHttpRequestXAmznMtlsClientcertSerialNumberHeaderName") + def routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name(self) -> Optional[pulumi.Input[str]]: + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Serial-Number` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + return pulumi.get(self, "routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name") + + @routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name.setter + def routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name", value) + + @property + @pulumi.getter(name="routingHttpRequestXAmznMtlsClientcertSubjectHeaderName") + def routing_http_request_x_amzn_mtls_clientcert_subject_header_name(self) -> Optional[pulumi.Input[str]]: + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Subject` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + return pulumi.get(self, "routing_http_request_x_amzn_mtls_clientcert_subject_header_name") + + @routing_http_request_x_amzn_mtls_clientcert_subject_header_name.setter + def routing_http_request_x_amzn_mtls_clientcert_subject_header_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_request_x_amzn_mtls_clientcert_subject_header_name", value) + + @property + @pulumi.getter(name="routingHttpRequestXAmznMtlsClientcertValidityHeaderName") + def routing_http_request_x_amzn_mtls_clientcert_validity_header_name(self) -> Optional[pulumi.Input[str]]: + """ + Enables you to modify the header name of the `X-Amzn-Mtls-Clientcert-Validity` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + return pulumi.get(self, "routing_http_request_x_amzn_mtls_clientcert_validity_header_name") + + @routing_http_request_x_amzn_mtls_clientcert_validity_header_name.setter + def routing_http_request_x_amzn_mtls_clientcert_validity_header_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_request_x_amzn_mtls_clientcert_validity_header_name", value) + + @property + @pulumi.getter(name="routingHttpRequestXAmznTlsCipherSuiteHeaderName") + def routing_http_request_x_amzn_tls_cipher_suite_header_name(self) -> Optional[pulumi.Input[str]]: + """ + Enables you to modify the header name of the `X-Amzn-Tls-Cipher-Suite` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + return pulumi.get(self, "routing_http_request_x_amzn_tls_cipher_suite_header_name") + + @routing_http_request_x_amzn_tls_cipher_suite_header_name.setter + def routing_http_request_x_amzn_tls_cipher_suite_header_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_request_x_amzn_tls_cipher_suite_header_name", value) + + @property + @pulumi.getter(name="routingHttpRequestXAmznTlsVersionHeaderName") + def routing_http_request_x_amzn_tls_version_header_name(self) -> Optional[pulumi.Input[str]]: + """ + Enables you to modify the header name of the `X-Amzn-Tls-Version` HTTP request header. Can only be set if protocol is `HTTPS` for Application Load Balancers. + """ + return pulumi.get(self, "routing_http_request_x_amzn_tls_version_header_name") + + @routing_http_request_x_amzn_tls_version_header_name.setter + def routing_http_request_x_amzn_tls_version_header_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_request_x_amzn_tls_version_header_name", value) + + @property + @pulumi.getter(name="routingHttpResponseAccessControlAllowCredentialsHeaderValue") + def routing_http_response_access_control_allow_credentials_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Specifies which headers the browser can expose to the requesting client. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `true`. + """ + return pulumi.get(self, "routing_http_response_access_control_allow_credentials_header_value") + + @routing_http_response_access_control_allow_credentials_header_value.setter + def routing_http_response_access_control_allow_credentials_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_access_control_allow_credentials_header_value", value) + + @property + @pulumi.getter(name="routingHttpResponseAccessControlAllowHeadersHeaderValue") + def routing_http_response_access_control_allow_headers_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Specifies which headers can be used during the request. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Accept`, `Accept-Language`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, `Pragma`. Dependent on your use-case other headers can be exposed and then set as a value consult the Access-Control-Allow-Headers documentation. + """ + return pulumi.get(self, "routing_http_response_access_control_allow_headers_header_value") + + @routing_http_response_access_control_allow_headers_header_value.setter + def routing_http_response_access_control_allow_headers_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_access_control_allow_headers_header_value", value) + + @property + @pulumi.getter(name="routingHttpResponseAccessControlAllowMethodsHeaderValue") + def routing_http_response_access_control_allow_methods_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Set which HTTP methods are allowed when accessing the server from a different origin. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `GET`, `HEAD`, `POST`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE` or `PATCH`. + """ + return pulumi.get(self, "routing_http_response_access_control_allow_methods_header_value") + + @routing_http_response_access_control_allow_methods_header_value.setter + def routing_http_response_access_control_allow_methods_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_access_control_allow_methods_header_value", value) + + @property + @pulumi.getter(name="routingHttpResponseAccessControlAllowOriginHeaderValue") + def routing_http_response_access_control_allow_origin_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Specifies which origins are allowed to access the server. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. A valid value is a URI, eg: `https://example.com`. + """ + return pulumi.get(self, "routing_http_response_access_control_allow_origin_header_value") + + @routing_http_response_access_control_allow_origin_header_value.setter + def routing_http_response_access_control_allow_origin_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_access_control_allow_origin_header_value", value) + + @property + @pulumi.getter(name="routingHttpResponseAccessControlExposeHeadersHeaderValue") + def routing_http_response_access_control_expose_headers_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Specifies whether the browser should include credentials such as cookies or authentication when making requests. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `*`, `Cache-Control`, `Content-Language`, `Content-Length`, `Content-Type`, `Expires`, `Last-Modified`, or `Pragma`. Dependent on your use-case other headers can be exposed, consult the Access-Control-Expose-Headers documentation. + """ + return pulumi.get(self, "routing_http_response_access_control_expose_headers_header_value") + + @routing_http_response_access_control_expose_headers_header_value.setter + def routing_http_response_access_control_expose_headers_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_access_control_expose_headers_header_value", value) + + @property + @pulumi.getter(name="routingHttpResponseAccessControlMaxAgeHeaderValue") + def routing_http_response_access_control_max_age_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Specifies how long the results of a preflight request can be cached, in seconds. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are between `0` and `86400`. This value is browser specific, consult the Access-Control-Max-Age documentation. + """ + return pulumi.get(self, "routing_http_response_access_control_max_age_header_value") + + @routing_http_response_access_control_max_age_header_value.setter + def routing_http_response_access_control_max_age_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_access_control_max_age_header_value", value) + + @property + @pulumi.getter(name="routingHttpResponseContentSecurityPolicyHeaderValue") + def routing_http_response_content_security_policy_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Values for this are extensive, and can be impactful when set, consult Content-Security-Policy documentation. + """ + return pulumi.get(self, "routing_http_response_content_security_policy_header_value") + + @routing_http_response_content_security_policy_header_value.setter + def routing_http_response_content_security_policy_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_content_security_policy_header_value", value) + + @property + @pulumi.getter(name="routingHttpResponseServerEnabled") + def routing_http_response_server_enabled(self) -> Optional[pulumi.Input[bool]]: + """ + Enables you to allow or remove the HTTP response server header. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. Valid values are `true` or `false`. + """ + return pulumi.get(self, "routing_http_response_server_enabled") + + @routing_http_response_server_enabled.setter + def routing_http_response_server_enabled(self, value: Optional[pulumi.Input[bool]]): + pulumi.set(self, "routing_http_response_server_enabled", value) + + @property + @pulumi.getter(name="routingHttpResponseStrictTransportSecurityHeaderValue") + def routing_http_response_strict_transport_security_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. Default values are `max-age=31536000; includeSubDomains; preload` consult the Strict-Transport-Security documentation for further details. + """ + return pulumi.get(self, "routing_http_response_strict_transport_security_header_value") + + @routing_http_response_strict_transport_security_header_value.setter + def routing_http_response_strict_transport_security_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_strict_transport_security_header_value", value) + + @property + @pulumi.getter(name="routingHttpResponseXContentTypeOptionsHeaderValue") + def routing_http_response_x_content_type_options_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Indicates whether the MIME types advertised in the Content-Type headers should be followed and not be changed. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid value is `nosniff`. + """ + return pulumi.get(self, "routing_http_response_x_content_type_options_header_value") + + @routing_http_response_x_content_type_options_header_value.setter + def routing_http_response_x_content_type_options_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_x_content_type_options_header_value", value) + + @property + @pulumi.getter(name="routingHttpResponseXFrameOptionsHeaderValue") + def routing_http_response_x_frame_options_header_value(self) -> Optional[pulumi.Input[str]]: + """ + Indicates whether the browser is allowed to render a page in a frame, iframe, embed or object. Can only be set if protocol is `HTTP` or `HTTPS` for Application Load Balancers. Not supported for Network Load Balancer, or with a Gateway Load Balancer. The only valid values are `DENY`, `SAMEORIGIN`, or `ALLOW-FROM https://example.com`. + """ + return pulumi.get(self, "routing_http_response_x_frame_options_header_value") + + @routing_http_response_x_frame_options_header_value.setter + def routing_http_response_x_frame_options_header_value(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "routing_http_response_x_frame_options_header_value", value) + @property @pulumi.getter(name="sslPolicy") def ssl_policy(self) -> Optional[pulumi.Input[str]]: