ALIYUN::ALB::Listener is used to create an HTTP, HTTPS, or Quick UDP Internet Connections (QUIC) listener.
Syntax
{
"Type": "ALIYUN::ALB::Listener",
"Properties": {
"RequestTimeout": Integer,
"ListenerPort": Integer,
"Http2Enabled": Boolean,
"DefaultActions": List,
"Certificates": List,
"IdleTimeout": Integer,
"LoadBalancerId": String,
"ListenerProtocol": String,
"QuicConfig": Map,
"GzipEnabled": Boolean,
"SecurityPolicyId": String,
"ListenerDescription": String,
"XForwardedForConfig": Map,
"CaEnabled": Boolean,
"CaCertificates": List,
"ListenerStatus": String
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
RequestTimeout | Integer | No | Yes | The timeout period of a request. | Valid values: 1 to 180. Default value: 60. Unit: seconds. If no response is received from the backend server within the specified timeout period, Application Load Balancer (ALB) stops waiting for the response and returns an HTTP 504 status code to the client. |
ListenerPort | Integer | Yes | No | The listener port of the instance. | Valid values: 1 to 65535 |
Http2Enabled | Boolean | No | Yes | Specifies whether to enable HTTP/2. | Valid values:
Note You can specify this property only for HTTPS listeners. |
DefaultActions | List | Yes | Yes | The actions of the forwarding rule. | Example:
For more information, see DefaultActions properties. |
Certificates | List | No | Yes | The certificates. | For more information, see Certificates properties. |
IdleTimeout | Integer | No | Yes | The timeout period of an idle connection. | Valid values: 1 to 60. Default value: 15. Unit: seconds. If no request is received within the specified timeout period, ALB closes the current connection. When another request is received, ALB establishes a new connection. |
LoadBalancerId | String | Yes | No | The ID of the ALB instance. | None |
ListenerProtocol | String | Yes | No | The listener protocol of the instance. | Valid values:
|
QuicConfig | Map | No | Yes | The configurations of the QUIC listener that you want to associate with the HTTPS listener of the instance. | For more information, see QuicConfig properties. |
GzipEnabled | Boolean | No | Yes | Specifies whether to enable GNU zip (Gzip) compression to compress specific types of files. | Valid values:
|
SecurityPolicyId | String | No | Yes | The ID of the security policy. | System security policies and custom security policies are supported. Default value: tls_cipher_policy_1_0. The default value specifies the system security policy. Note You can specify this property only for HTTPS listeners. |
ListenerDescription | String | No | Yes | The description of the listener. | The description must be 2 to 256 characters in length. |
XForwardedForConfig | Map | No | Yes | The configurations of the X-Forwarded-For (XFF) header. | For more information, see XForwardedForConfig properties. |
CaEnabled | Boolean | No | Yes | Specifies whether to enable mutual authentication. | Valid values:
|
CaCertificates | List | No | Yes | The certification authority (CA) certificates. | For more information, see CaCertificates properties. |
ListenerStatus | String | No | Yes | The status of the listener. | Valid values:
|
DefaultActions syntax
"DefaultActions": [
{
"Type": String,
"ForwardGroupConfig": Map
}
]
DefaultActions properties
Property | Type | Required | Editable | Description | Constraint |
Type | String | Yes | Yes | The type of the action. | Set the value to ForwardGroup. This value specifies that requests are forwarded to multiple server groups. |
ForwardGroupConfig | Map | Yes | Yes | The configurations of the action. | For more information, see ForwardGroupConfig properties. |
ForwardGroupConfig syntax
"ForwardGroupConfig": {
"ServerGroupTuples": List
}
ForwardGroupConfig property
Property | Type | Required | Editable | Description | Constraint |
ServerGroupTuples | List | Yes | Yes | The server groups to which requests are forwarded. | For more information, see ServerGroupTuples properties. |
ServerGroupTuples syntax
"ServerGroupTuples": [
{
"ServerGroupId": String
}
]
ServerGroupTuples property
Property | Type | Required | Editable | Description | Constraint |
ServerGroupId | String | Yes | Yes | The ID of the server group to which requests are forwarded. | None |
Certificates syntax
"Certificates": [
{
"CertificateId": String
}
]
Certificates property
Property | Type | Required | Editable | Description | Constraint |
CertificateId | String | No | Yes | The ID of the certificate. | Only server certificates are supported. |
QuicConfig syntax
"QuicConfig": {
"QuicListenerId": String,
"QuicUpgradeEnabled": Boolean
}
QuicConfig properties
Property | Type | Required | Editable | Description | Constraint |
QuicListenerId | String | No | Yes | The ID of the QUIC listener. | This property is required if you set the QuicUpgradeEnabled property to true. Note
|
QuicUpgradeEnabled | Boolean | No | Yes | Specifies whether to enable QUIC upgrade. | Valid values:
Note You can specify this property only for HTTPS listeners. |
XForwardedForConfig syntax
"XForwardedForConfig": {
"XForwardedForClientCertFingerprintAlias": String,
"XForwardedForClientCertFingerprintEnabled": Boolean,
"XForwardedForClientCertIssuerDNAlias": String,
"XForwardedForClientCertClientVerifyAlias": String,
"XForwardedForSLBIdEnabled": Boolean,
"XForwardedForClientCertSubjectDNEnabled": Boolean,
"XForwardedForClientCertSubjectDNAlias": String,
"XForwardedForProtoEnabled": Boolean,
"XForwardedForClientSrcPortEnabled": Boolean,
"XForwardedForSLBPortEnabled": Boolean,
"XForwardedForEnabled": Boolean,
"XForwardedForClientCertIssuerDNEnabled": Boolean,
"XForwardedForClientCertClientVerifyEnabled": Boolean,
"XForwardedForClientSourceIpsEnabled": Boolean,
"XForwardedForClientSourceIpsTrusted": String
}
XForwardedForConfig properties
Property | Type | Required | Editable | Description | Constraint |
XForwardedForClientCertFingerprintAlias | String | No | Yes | The name of the custom header. You can use this property to query the fingerprint of the client certificate. | This property takes effect only if you set the XForwardedForClientCertFingerprintEnabled property to true. The name must be 1 to 40 characters in length and can contain lowercase letters, digits, underscores (_), and hyphens (-). Note You can specify this property only for HTTPS listeners. |
XForwardedForClientCertFingerprintEnabled | Boolean | No | Yes | Specifies whether to use the X-Forwarded-Clientcert-fingerprint header to query the fingerprint of the client certificate. | Valid values:
Note You can specify this property only for HTTPS listeners. |
XForwardedForClientCertIssuerDNAlias | String | No | Yes | The name of the custom header. You can use this property to query the information about the CA that issues the client certificate. | This property takes effect only if you set the XForwardedForClientCertIssuerDNEnabled property to true. The name must be 1 to 40 characters in length and can contain lowercase letters, digits, underscores (_), and hyphens (-). Note You can specify this property only for HTTPS listeners. |
XForwardedForClientCertClientVerifyAlias | String | No | Yes | The name of the custom header. You can use this property to query the verification result of the client certificate. | This property takes effect only if you set the XForwardedForClientCertClientVerifyEnabled property to true. The name must be 1 to 40 characters in length and can contain lowercase letters, digits, underscores (_), and hyphens (-). Note You can specify this property only for HTTPS listeners. |
XForwardedForSLBIdEnabled | Boolean | No | Yes | Specifies whether to use the SLB-ID header to query the ID of the ALB instance. | Valid values:
|
XForwardedForClientCertSubjectDNEnabled | Boolean | No | Yes | Specifies whether to use the X-Forwarded-Clientcert-subjectdn header to query the information about the owner of the client certificate. | Valid values:
Note You can specify this property only for HTTPS listeners. |
XForwardedForClientCertSubjectDNAlias | String | No | Yes | The name of the custom header. You can use this property to query the information about the owner of the client certificate. | This property takes effect only if you set the XForwardedForClientCertSubjectDNEnabled property to true. The name must be 1 to 40 characters in length and can contain lowercase letters, digits, underscores (_), and hyphens (-). Note You can specify this property only for HTTPS listeners. |
XForwardedForProtoEnabled | Boolean | No | Yes | Specifies whether to use the X-Forwarded-Proto header to query the listener protocol of the ALB instance. | Valid values:
|
XForwardedForClientSrcPortEnabled | Boolean | No | Yes | Specifies whether to use the X-Forwarded-Client-Port header to query the client port. | Valid values:
Note You can specify this property for HTTP and HTTPS listeners. |
XForwardedForSLBPortEnabled | Boolean | No | Yes | Specifies whether to use the X-Forwarded-Port header to query the listener port of the ALB instance. | Valid values:
|
XForwardedForEnabled | Boolean | No | Yes | Specifies whether to use the X-Forwarded-For header to query the real IP address of the client. | Valid values:
Note You can specify this property for HTTP and HTTPS listeners. |
XForwardedForClientCertIssuerDNEnabled | Boolean | No | Yes | Specifies whether to use the X-Forwarded-Clientcert-issuerdn header to query the information about the CA that issues the client certificate. | Valid values:
Note You can specify this property only for HTTPS listeners. |
XForwardedForClientCertClientVerifyEnabled | Boolean | No | Yes | Specifies whether to use the X-Forwarded-Clientcert-clientverify header to query the verification result of the client certificate. | Valid values:
Note You can specify this property only for HTTPS listeners. |
XForwardedForClientSourceIpsEnabled | Boolean | No | Yes | Specifies whether to use the X-Forwarded-Client-SourceIps header to query the source port of the client. | Valid values:
|
XForwardedForClientSourceIpsTrusted | String | No | Yes | Specifies whether to trust the source IP addresses of the client that are queried by using the X-Forwarded-Client-SourceIps header. | Valid values:
|
CaCertificates syntax
"CaCertificates": [
{
"CertificateId": String
}
]
CaCertificates property
Property | Type | Required | Editable | Description | Constraint |
CertificateId | String | No | Yes | The ID of the CA certificate. | None |
Return values
Fn::GetAtt
ListenerId: the ID of the listener.