diff --git a/.changes/next-release/feature-ElasticLoadBalancing-9ce18ce.json b/.changes/next-release/feature-ElasticLoadBalancing-9ce18ce.json new file mode 100644 index 000000000000..a91bc331cd37 --- /dev/null +++ b/.changes/next-release/feature-ElasticLoadBalancing-9ce18ce.json @@ -0,0 +1,5 @@ +{ + "type": "feature", + "category": "Elastic Load Balancing", + "description": "Adds support for HTTP Desync Mitigation in Application Load Balancers." +} diff --git a/services/elasticloadbalancingv2/src/main/resources/codegen-resources/service-2.json b/services/elasticloadbalancingv2/src/main/resources/codegen-resources/service-2.json index 2b0582d3b3a4..e2ee5020c5dd 100644 --- a/services/elasticloadbalancingv2/src/main/resources/codegen-resources/service-2.json +++ b/services/elasticloadbalancingv2/src/main/resources/codegen-resources/service-2.json @@ -136,7 +136,7 @@ {"shape":"InvalidLoadBalancerActionException"}, {"shape":"TooManyUniqueTargetGroupsPerLoadBalancerException"} ], - "documentation":"
Creates a rule for the specified listener. The listener must be associated with an Application Load Balancer.
Rules are evaluated in priority order, from the lowest value to the highest value. When the conditions for a rule are met, its actions are performed. If the conditions for no rules are met, the actions for the default rule are performed. For more information, see Listener Rules in the Application Load Balancers Guide.
To view your current rules, use DescribeRules. To update a rule, use ModifyRule. To set the priorities of your rules, use SetRulePriorities. To delete a rule, use DeleteRule.
" + "documentation":"Creates a rule for the specified listener. The listener must be associated with an Application Load Balancer.
Each rule consists of a priority, one or more actions, and one or more conditions. Rules are evaluated in priority order, from the lowest value to the highest value. When the conditions for a rule are met, its actions are performed. If the conditions for no rules are met, the actions for the default rule are performed. For more information, see Listener Rules in the Application Load Balancers Guide.
To view your current rules, use DescribeRules. To update a rule, use ModifyRule. To set the priorities of your rules, use SetRulePriorities. To delete a rule, use DeleteRule.
" }, "CreateTargetGroup":{ "name":"CreateTargetGroup", @@ -205,7 +205,7 @@ {"shape":"RuleNotFoundException"}, {"shape":"OperationNotPermittedException"} ], - "documentation":"Deletes the specified rule.
" + "documentation":"Deletes the specified rule.
You can't delete the default rule.
" }, "DeleteTargetGroup":{ "name":"DeleteTargetGroup", @@ -699,7 +699,7 @@ }, "Order":{ "shape":"ActionOrder", - "documentation":"The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. The last action to be performed must be one of the following types of actions: a forward
, fixed-response
, or redirect
.
The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.
" }, "RedirectConfig":{ "shape":"RedirectActionConfig", @@ -714,7 +714,7 @@ "documentation":"Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type
is forward
. If you specify both ForwardConfig
and TargetGroupArn
, you can specify only one target group using ForwardConfig
and it must be the same target group specified in TargetGroupArn
.
Information about an action.
" + "documentation":"Information about an action.
Each rule must include exactly one of the following types of actions: forward
, fixed-response
, or redirect
, and it must be the last action to be performed.
The conditions. Each rule can include zero or one of the following conditions: http-request-method
, host-header
, path-pattern
, and source-ip
, and zero or more of the following conditions: http-header
and query-string
.
The conditions. Each rule can optionally include up to one of each of the following conditions: http-request-method
, host-header
, path-pattern
, and source-ip
. Each rule can also optionally include one or more of each of the following conditions: http-header
and query-string
.
The type of target that you must specify when registering targets with this target group. You can't specify targets for a target group using more than one target type.
instance
- Targets are specified by instance ID. This is the default value. If the target group protocol is UDP or TCP_UDP, the target type must be instance
.
ip
- Targets are specified by IP address. You can specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.
lambda
- The target groups contains a single Lambda function.
The type of target that you must specify when registering targets with this target group. You can't specify targets for a target group using more than one target type.
instance
- Targets are specified by instance ID. This is the default value.
ip
- Targets are specified by IP address. You can specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.
lambda
- The target groups contains a single Lambda function.
The name of the attribute.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
access_logs.s3.enabled
- Indicates whether access logs are enabled. The value is true
or false
. The default is false
.
access_logs.s3.bucket
- The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
access_logs.s3.prefix
- The prefix for the location in the S3 bucket for the access logs.
deletion_protection.enabled
- Indicates whether deletion protection is enabled. The value is true
or false
. The default is false
.
The following attributes are supported by only Application Load Balancers:
idle_timeout.timeout_seconds
- The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.
routing.http.drop_invalid_header_fields.enabled
- Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true
) or routed to targets (false
). The default is false
.
routing.http2.enabled
- Indicates whether HTTP/2 is enabled. The value is true
or false
. The default is true
. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.
The following attributes are supported by only Network Load Balancers:
load_balancing.cross_zone.enabled
- Indicates whether cross-zone load balancing is enabled. The value is true
or false
. The default is false
.
The name of the attribute.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
access_logs.s3.enabled
- Indicates whether access logs are enabled. The value is true
or false
. The default is false
.
access_logs.s3.bucket
- The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
access_logs.s3.prefix
- The prefix for the location in the S3 bucket for the access logs.
deletion_protection.enabled
- Indicates whether deletion protection is enabled. The value is true
or false
. The default is false
.
The following attributes are supported by only Application Load Balancers:
idle_timeout.timeout_seconds
- The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.
routing.http.desync_mitigation_mode
- Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are monitor
, defensive
, and strictest
. The default is defensive
.
routing.http.drop_invalid_header_fields.enabled
- Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true
) or routed to targets (false
). The default is false
.
routing.http2.enabled
- Indicates whether HTTP/2 is enabled. The value is true
or false
. The default is true
. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.
The following attributes are supported by only Network Load Balancers:
load_balancing.cross_zone.enabled
- Indicates whether cross-zone load balancing is enabled. The value is true
or false
. The default is false
.
[HTTP/HTTPS health checks] The HTTP codes to use when checking for a successful response from a target.
With Network Load Balancers, you can't modify this setting.
" + "documentation":"[HTTP/HTTPS health checks] The HTTP codes to use when checking for a successful response from a target. The possible values are from 200 to 499. You can specify multiple values (for example, \"200,202\") or a range of values (for example, \"200-299\"). The default is 200.
With Network Load Balancers, you can't modify this setting.
" } } }, @@ -2597,7 +2597,7 @@ }, "Values":{ "shape":"ListOfString", - "documentation":"The condition value. You can use Values
if the rule contains only host-header
and path-pattern
conditions. Otherwise, you can use HostHeaderConfig
for host-header
conditions and PathPatternConfig
for path-pattern
conditions.
If Field
is host-header
, you can specify a single host name (for example, my.example.com). A host name is case insensitive, can be up to 128 characters in length, and can contain any of the following characters.
A-Z, a-z, 0-9
- .
* (matches 0 or more characters)
? (matches exactly 1 character)
If Field
is path-pattern
, you can specify a single path pattern (for example, /img/*). A path pattern is case-sensitive, can be up to 128 characters in length, and can contain any of the following characters.
A-Z, a-z, 0-9
_ - . $ / ~ \" ' @ : +
& (using &)
* (matches 0 or more characters)
? (matches exactly 1 character)
The condition value. Specify only when Field
is host-header
or path-pattern
. Alternatively, to specify multiple host names or multiple path patterns, use HostHeaderConfig
or PathPatternConfig
.
If Field
is host-header
and you are not using HostHeaderConfig
, you can specify a single host name (for example, my.example.com) in Values
. A host name is case insensitive, can be up to 128 characters in length, and can contain any of the following characters.
A-Z, a-z, 0-9
- .
* (matches 0 or more characters)
? (matches exactly 1 character)
If Field
is path-pattern
and you are not using PathPatternConfig
, you can specify a single path pattern (for example, /img/*) in Values
. A path pattern is case-sensitive, can be up to 128 characters in length, and can contain any of the following characters.
A-Z, a-z, 0-9
_ - . $ / ~ \" ' @ : +
& (using &)
* (matches 0 or more characters)
? (matches exactly 1 character)
Information for a source IP condition. Specify only when Field
is source-ip
.
Information about a condition for a rule.
" + "documentation":"Information about a condition for a rule.
Each rule can optionally include up to one of each of the following conditions: http-request-method
, host-header
, path-pattern
, and source-ip
. Each rule can also optionally include one or more of each of the following conditions: http-header
and query-string
.
The name of the attribute.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
deregistration_delay.timeout_seconds
- The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining
to unused
. The range is 0-3600 seconds. The default value is 300 seconds. If the target is a Lambda function, this attribute is not supported.
stickiness.enabled
- Indicates whether sticky sessions are enabled. The value is true
or false
. The default is false
.
stickiness.type
- The type of sticky sessions. The possible values are lb_cookie
for Application Load Balancers or source_ip
for Network Load Balancers.
The following attributes are supported only if the load balancer is an Application Load Balancer and the target is an instance or an IP address:
load_balancing.algorithm.type
- The load balancing algorithm determines how the load balancer selects targets when routing requests. The value is round_robin
or least_outstanding_requests
. The default is round_robin
.
slow_start.duration_seconds
- The time period, in seconds, during which a newly registered target receives an increasing share of the traffic to the target group. After this time period ends, the target receives its full share of traffic. The range is 30-900 seconds (15 minutes). Slow start mode is disabled by default.
stickiness.lb_cookie.duration_seconds
- The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).
The following attribute is supported only if the load balancer is an Application Load Balancer and the target is a Lambda function:
lambda.multi_value_headers.enabled
- Indicates whether the request and response headers that are exchanged between the load balancer and the Lambda function include arrays of values or strings. The value is true
or false
. The default is false
. If the value is false
and the request contains a duplicate header field name or query parameter key, the load balancer uses the last value sent by the client.
The following attribute is supported only by Network Load Balancers:
proxy_protocol_v2.enabled
- Indicates whether Proxy Protocol version 2 is enabled. The value is true
or false
. The default is false
.
The name of the attribute.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
deregistration_delay.timeout_seconds
- The amount of time, in seconds, for Elastic Load Balancing to wait before changing the state of a deregistering target from draining
to unused
. The range is 0-3600 seconds. The default value is 300 seconds. If the target is a Lambda function, this attribute is not supported.
stickiness.enabled
- Indicates whether sticky sessions are enabled. The value is true
or false
. The default is false
.
stickiness.type
- The type of sticky sessions. The possible values are lb_cookie
for Application Load Balancers or source_ip
for Network Load Balancers.
The following attributes are supported only if the load balancer is an Application Load Balancer and the target is an instance or an IP address:
load_balancing.algorithm.type
- The load balancing algorithm determines how the load balancer selects targets when routing requests. The value is round_robin
or least_outstanding_requests
. The default is round_robin
.
slow_start.duration_seconds
- The time period, in seconds, during which a newly registered target receives an increasing share of the traffic to the target group. After this time period ends, the target receives its full share of traffic. The range is 30-900 seconds (15 minutes). The default is 0 seconds (disabled).
stickiness.lb_cookie.duration_seconds
- The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).
The following attribute is supported only if the load balancer is an Application Load Balancer and the target is a Lambda function:
lambda.multi_value_headers.enabled
- Indicates whether the request and response headers that are exchanged between the load balancer and the Lambda function include arrays of values or strings. The value is true
or false
. The default is false
. If the value is false
and the request contains a duplicate header field name or query parameter key, the load balancer uses the last value sent by the client.
The following attribute is supported only by Network Load Balancers:
proxy_protocol_v2.enabled
- Indicates whether Proxy Protocol version 2 is enabled. The value is true
or false
. The default is false
.