This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::ElasticLoadBalancingV2::LoadBalancer Specifies an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties" : { "[EnableCapacityReservationProvisionStabilize](#cfn-elasticloadbalancingv2-loadbalancer-enablecapacityreservationprovisionstabilize)" : Boolean, "[EnablePrefixForIpv6SourceNat](#cfn-elasticloadbalancingv2-loadbalancer-enableprefixforipv6sourcenat)" : String, "[EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic](#cfn-elasticloadbalancingv2-loadbalancer-enforcesecuritygroupinboundrulesonprivatelinktraffic)" : String, "[IpAddressType](#cfn-elasticloadbalancingv2-loadbalancer-ipaddresstype)" : String, "[Ipv4IpamPoolId](#cfn-elasticloadbalancingv2-loadbalancer-ipv4ipampoolid)" : String, "[LoadBalancerAttributes](#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattributes)" : [ LoadBalancerAttribute, ... ], "[MinimumLoadBalancerCapacity](#cfn-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity)" : MinimumLoadBalancerCapacity, "[Name](#cfn-elasticloadbalancingv2-loadbalancer-name)" : String, "[Scheme](#cfn-elasticloadbalancingv2-loadbalancer-scheme)" : String, "[SecurityGroups](#cfn-elasticloadbalancingv2-loadbalancer-securitygroups)" : [ String, ... ], "[SubnetMappings](#cfn-elasticloadbalancingv2-loadbalancer-subnetmappings)" : [ SubnetMapping, ... ], "[Subnets](#cfn-elasticloadbalancingv2-loadbalancer-subnets)" : [ String, ... ], "[Tags](#cfn-elasticloadbalancingv2-loadbalancer-tags)" : [ Tag, ... ], "[Type](#cfn-elasticloadbalancingv2-loadbalancer-type)" : String } } ``` ### YAML ``` Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: [EnableCapacityReservationProvisionStabilize](#cfn-elasticloadbalancingv2-loadbalancer-enablecapacityreservationprovisionstabilize): Boolean [EnablePrefixForIpv6SourceNat](#cfn-elasticloadbalancingv2-loadbalancer-enableprefixforipv6sourcenat): String [EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic](#cfn-elasticloadbalancingv2-loadbalancer-enforcesecuritygroupinboundrulesonprivatelinktraffic): String [IpAddressType](#cfn-elasticloadbalancingv2-loadbalancer-ipaddresstype): String [Ipv4IpamPoolId](#cfn-elasticloadbalancingv2-loadbalancer-ipv4ipampoolid): String [LoadBalancerAttributes](#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattributes): - LoadBalancerAttribute [MinimumLoadBalancerCapacity](#cfn-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity): MinimumLoadBalancerCapacity [Name](#cfn-elasticloadbalancingv2-loadbalancer-name): String [Scheme](#cfn-elasticloadbalancingv2-loadbalancer-scheme): String [SecurityGroups](#cfn-elasticloadbalancingv2-loadbalancer-securitygroups): - String [SubnetMappings](#cfn-elasticloadbalancingv2-loadbalancer-subnetmappings): - SubnetMapping [Subnets](#cfn-elasticloadbalancingv2-loadbalancer-subnets): - String [Tags](#cfn-elasticloadbalancingv2-loadbalancer-tags): - Tag [Type](#cfn-elasticloadbalancingv2-loadbalancer-type): String ``` ## Properties `EnableCapacityReservationProvisionStabilize` Indicates whether to enable stabilization when creating or updating an LCU reservation. This ensures that the final stack status reflects the status of the LCU reservation. The default is `false`. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EnablePrefixForIpv6SourceNat` [Network Load Balancers with UDP listeners] Indicates whether to use an IPv6 prefix from each subnet for source NAT. The IP address type must be `dualstack`. The default value is `off`. *Required*: No *Type*: String *Allowed values*: `on | off` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic` Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink. The default is `on`. You can't configure this property on a Network Load Balancer unless you associated a security group with the load balancer when you created it. *Required*: No *Type*: String *Allowed values*: `on | off` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IpAddressType` The IP address type. Internal load balancers must use `ipv4`. [Application Load Balancers] The possible values are `ipv4` (IPv4 addresses), `dualstack` (IPv4 and IPv6 addresses), and `dualstack-without-public-ipv4` (public IPv6 addresses and private IPv4 and IPv6 addresses). Application Load Balancer authentication supports IPv4 addresses only when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer can't complete the authentication process, resulting in HTTP 500 errors. [Network Load Balancers and Gateway Load Balancers] The possible values are `ipv4` (IPv4 addresses) and `dualstack` (IPv4 and IPv6 addresses). *Required*: No *Type*: String *Allowed values*: `ipv4 | dualstack | dualstack-without-public-ipv4` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Ipv4IpamPoolId` The ID of the IPv4 IPAM pool. *Required*: No *Type*: String *Pattern*: `^(ipam-pool-)[a-zA-Z0-9]+$` *Maximum*: `1000` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `LoadBalancerAttributes` The load balancer attributes. Attributes that you do not modify retain their current values. *Required*: No *Type*: Array of [LoadBalancerAttribute](aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.md) *Maximum*: `20` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `MinimumLoadBalancerCapacity` The minimum capacity for a load balancer. *Required*: No *Type*: [MinimumLoadBalancerCapacity](aws-properties-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Name` The name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-". If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name. *Required*: No *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Scheme` The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer. The default is an Internet-facing load balancer. You can't specify a scheme for a Gateway Load Balancer. *Required*: No *Type*: String *Allowed values*: `internet-facing | internal` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SecurityGroups` [Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer. *Required*: No *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubnetMappings` The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. [Application Load Balancers] You must specify subnets from at least two Availability Zones. You can't specify Elastic IP addresses for your subnets. [Application Load Balancers on Outposts] You must specify one Outpost subnet. [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. [Network Load Balancers] You can specify subnets from one or more Availability Zones. You can specify one Elastic IP address per subnet if you need static IP addresses for your internet-facing load balancer. For internal load balancers, you can specify one private IP address per subnet from the IPv4 range of the subnet. For internet-facing load balancer, you can specify one IPv6 address per subnet. [Gateway Load Balancers] You can specify subnets from one or more Availability Zones. You can't specify Elastic IP addresses for your subnets. *Required*: Conditional *Type*: Array of [SubnetMapping](aws-properties-elasticloadbalancingv2-loadbalancer-subnetmapping.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Subnets` The IDs of the subnets. You can specify only one subnet per Availability Zone. You must specify either subnets or subnet mappings, but not both. To specify an Elastic IP address, specify subnet mappings instead of subnets. [Application Load Balancers] You must specify subnets from at least two Availability Zones. [Application Load Balancers on Outposts] You must specify one Outpost subnet. [Application Load Balancers on Local Zones] You can specify subnets from one or more Local Zones. [Network Load Balancers and Gateway Load Balancers] You can specify subnets from one or more Availability Zones. *Required*: Conditional *Type*: Array of String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` The tags to assign to the load balancer. *Required*: No *Type*: Array of [Tag](aws-properties-elasticloadbalancingv2-loadbalancer-tag.md) *Minimum*: `1` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Type` The type of load balancer. The default is `application`. *Required*: No *Type*: String *Allowed values*: `application | network | gateway` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the Amazon Resource Name (ARN) of the load balancer. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `CanonicalHostedZoneID` The ID of the Amazon Route 53 hosted zone associated with the load balancer. For example, `Z2P70J7EXAMPLE`. `DNSName` The DNS name for the load balancer. For example, `my-load-balancer-424835706.us-west-2.elb.amazonaws.com`. `LoadBalancerArn` The Amazon Resource Name (ARN) of the load balancer. `LoadBalancerFullName` The full name of the load balancer. For example, `app/my-load-balancer/50dc6c495c0c9188`. `LoadBalancerName` The name of the load balancer. For example, `my-load-balancer`. `SecurityGroups` The IDs of the security groups for the load balancer. ## Examples To get started with Elastic Load Balancer create a load balancer. After you create your load balancer, add a listener using [AWS::ElasticLoadBalancingV2::Listener](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listener.html). **Topics** + [Create an Application Load Balancer](#aws-resource-elasticloadbalancingv2-loadbalancer--examples--Create_an_Application_Load_Balancer) + [Create a Network Load Balancer](#aws-resource-elasticloadbalancingv2-loadbalancer--examples--Create_a_Network_Load_Balancer) ### Create an Application Load Balancer The following example creates an internal Application Load Balancer with an associated security group and a load balancer attribute. #### YAML ``` myLoadBalancer: Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer' Properties: Name: my-alb Type: application Scheme: internal Subnets: - !Ref subnet-AZ1 - !Ref subnet-AZ2 SecurityGroups: - !Ref mySecurityGroup LoadBalancerAttributes: - Key: "deletion_protection.enabled" Value: "true" ``` #### JSON ``` { "myLoadBalancer": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "Name": "my-alb", "Type": "application", "Scheme": "internal", "Subnets": [ { "Ref": "subnet-AZ1" }, { "Ref": "subnet-AZ2" } ], "SecurityGroups": [ { "Ref": "mySecurityGroup" } ], "LoadBalancerAttributes": [ { "Key": "deletion_protection.enabled", "Value": true } ] } } } ``` ### Create a Network Load Balancer The following example creates an internal Network Load Balancer with an associated security group and a load balancer attribute. #### YAML ``` myLoadBalancer: Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer' Properties: Name: my-nlb Type: network Scheme: internal Subnets: - !Ref subnet-AZ1 - !Ref subnet-AZ2 SecurityGroups: - !Ref mySecurityGroup LoadBalancerAttributes: - Key: "deletion_protection.enabled" Value: "true" ``` #### JSON ``` { "myLoadBalancer": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "Name": "my-alb", "Type": "network", "Scheme": "internal", "Subnets": [ { "Ref": "subnet-AZ1" }, { "Ref": "subnet-AZ2" } ], "SecurityGroups": [ { "Ref": "mySecurityGroup" } ], "LoadBalancerAttributes": [ { "Key": "deletion_protection.enabled", "Value": true } ] } } } ``` ## See also + [CreateLoadBalancer](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_CreateLoadBalancer.html) in the *Elastic Load Balancing API Reference (version 2015-12-01)* + [User Guide for Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application) + [User Guide for Network Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/network) + [User Guide for Gateway Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway) # AWS::ElasticLoadBalancingV2::LoadBalancer LoadBalancerAttribute Specifies an attribute for an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattribute-key)" : String, "[Value](#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattribute-value)" : String } ``` ### YAML ``` [Key](#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattribute-key): String [Value](#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattribute-value): String ``` ## Properties `Key` The name of the attribute. The following attributes are supported by all load balancers: + `deletion_protection.enabled` - Indicates whether deletion protection is enabled. The value is `true` or `false`. The default is `false`. + `load_balancing.cross_zone.enabled` - Indicates whether cross-zone load balancing is enabled. The possible values are `true` and `false`. The default for Network Load Balancers and Gateway Load Balancers is `false`. The default for Application Load Balancers is `true`, and can't be changed. The following attributes are supported by both Application Load Balancers and Network Load Balancers: + `access_logs.s3.enabled` - Indicates whether access logs are enabled. The value is `true` or `false`. The default is `false`. + `access_logs.s3.bucket` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket. + `access_logs.s3.prefix` - The prefix for the location in the S3 bucket for the access logs. + `ipv6.deny_all_igw_traffic` - Blocks internet gateway (IGW) access to the load balancer. It is set to `false` for internet-facing load balancers and `true` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway. + `zonal_shift.config.enabled` - Indicates whether zonal shift is enabled. The possible values are `true` and `false`. The default is `false`. The following attributes are supported by only Application Load Balancers: + `idle_timeout.timeout_seconds` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds. + `client_keep_alive.seconds` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds. + `connection_logs.s3.enabled` - Indicates whether connection logs are enabled. The value is `true` or `false`. The default is `false`. + `connection_logs.s3.bucket` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket. + `connection_logs.s3.prefix` - The prefix for the location in the S3 bucket for the connection logs. + `health_check_logs.s3.enabled` - Indicates whether health check logs are enabled. The value is `true` or `false`. The default is `false`. + `health_check_logs.s3.bucket` - The name of the S3 bucket for the health check logs. This attribute is required if health check logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket. + `health_check_logs.s3.prefix` - The prefix for the location in the S3 bucket for the health check logs. + `routing.http.desync_mitigation_mode` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are `monitor`, `defensive`, and `strictest`. The default is `defensive`. + `routing.http.drop_invalid_header_fields.enabled` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (`true`) or routed to targets (`false`). The default is `false`. + `routing.http.preserve_host_header.enabled` - Indicates whether the Application Load Balancer should preserve the `Host` header in the HTTP request and send it to the target without any change. The possible values are `true` and `false`. The default is `false`. + `routing.http.x_amzn_tls_version_and_cipher_suite.enabled` - Indicates whether the two headers (`x-amzn-tls-version` and `x-amzn-tls-cipher-suite`), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The `x-amzn-tls-version` header has information about the TLS protocol version negotiated with the client, and the `x-amzn-tls-cipher-suite` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are `true` and `false`. The default is `false`. + `routing.http.xff_client_port.enabled` - Indicates whether the `X-Forwarded-For` header should preserve the source port that the client used to connect to the load balancer. The possible values are `true` and `false`. The default is `false`. + `routing.http.xff_header_processing.mode` - Enables you to modify, preserve, or remove the `X-Forwarded-For` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are `append`, `preserve`, and `remove`. The default is `append`. + If the value is `append`, the Application Load Balancer adds the client IP address (of the last hop) to the `X-Forwarded-For` header in the HTTP request before it sends it to targets. + If the value is `preserve` the Application Load Balancer preserves the `X-Forwarded-For` header in the HTTP request, and sends it to targets without any change. + If the value is `remove`, the Application Load Balancer removes the `X-Forwarded-For` header in the HTTP request before it sends it to targets. + `routing.http2.enabled` - Indicates whether clients can connect to the load balancer using HTTP/2. If `true`, clients can connect using HTTP/2 or HTTP/1.1. However, all client requests are subject to the stricter HTTP/2 header validation rules. For example, message header names must contain only alphanumeric characters and hyphens. If `false`, clients must connect using HTTP/1.1. The default is `true`. + `waf.fail_open.enabled` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are `true` and `false`. The default is `false`. The following attributes are supported by only Network Load Balancers: + `dns_record.client_routing_policy` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are `availability_zone_affinity` with 100 percent zonal affinity, `partial_availability_zone_affinity` with 85 percent zonal affinity, and `any_availability_zone` with 0 percent zonal affinity. + `secondary_ips.auto_assigned.per_subnet` - The number of secondary IP addresses to configure for your load balancer nodes. Use to address port allocation errors if you can't add targets. The valid range is 0 to 7. The default is 0. After you set this value, you can't decrease it. *Required*: No *Type*: String *Pattern*: `^[a-zA-Z0-9._]+$` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value of the attribute. *Required*: No *Type*: String *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples You can optionally configure attributes for your load balancer. **Topics** + [Enable deletion protection](#aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute--examples--Enable_deletion_protection) + [Configure access logs](#aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute--examples--Configure_access_logs) ### Enable deletion protection This example enables deletion protection for an Application Load Balancer. #### YAML ``` myLoadBalancer: Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer' Properties: Name: my-alb Type: application Scheme: internal Subnets: - !Ref subnet-AZ1 - !Ref subnet-AZ2 SecurityGroups: - !Ref mySecurityGroup LoadBalancerAttributes: - Key: "deletion_protection.enabled" Value: "true" ``` #### JSON ``` { "myLoadBalancer": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "Name": "my-alb", "Type": "application", "Scheme": "internal", "Subnets": [ { "Ref": "subnet-AZ1" }, { "Ref": "subnet-AZ2" } ], "SecurityGroups": [ { "Ref": "mySecurityGroup" } ], "LoadBalancerAttributes": [ { "Key": "deletion_protection.enabled", "Value": true } ] } } } ``` ### Configure access logs This example configures access logs for a Network Load Balancer. #### YAML ``` myLoadBalancer: Type: 'AWS::ElasticLoadBalancingV2::LoadBalancer' Properties: Name: my-nlb Type: network Scheme: internal Subnets: - !Ref subnet-AZ1 - !Ref subnet-AZ2 SecurityGroups: - !Ref mySecurityGroup LoadBalancerAttributes: - Key: "access_logs.s3.enabled" Value: "true" - Key: "access_logs.s3.bucket" Value: "amzn-s3-demo-logging-bucket" - Key: "access_logs.s3.prefix" Value: "logging-prefix" ``` #### JSON ``` { "myLoadBalancer": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "Name": "my-nlb", "Type": "network", "Scheme": "internal", "Subnets": [ { "Ref": "subnet-AZ1" }, { "Ref": "subnet-AZ2" } ], "SecurityGroups": [ { "Ref": "mySecurityGroup" } ], "LoadBalancerAttributes": [ { "Key": "access_logs.s3.enabled", "Value": "true" }, { "Key": "access_logs.s3.bucket", "Value": "amzn-s3-demo-logging-bucket" }, { "Key": "access_logs.s3.prefix", "Value": "logging-prefix" } ] } } } ``` ## See also + [ModifyLoadBalancerAttributes](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_ModifyLoadBalancerAttributes.html) in the *Elastic Load Balancing API Reference (version 2015-12-01)* + [Load balancer attributes](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes) in the *User Guide for Application Load Balancers* + [Load balancer attributes](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/network-load-balancers.html#load-balancer-attributes) in the *User Guide for Network Load Balancers* + [Load balancer attributes](https://docs.aws.amazon.com/elasticloadbalancing/latest/gateway/gateway-load-balancers.html#load-balancer-attributes) in the *User Guide for Gateway Load Balancers* # AWS::ElasticLoadBalancingV2::LoadBalancer MinimumLoadBalancerCapacity The minimum capacity for a load balancer. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CapacityUnits](#cfn-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity-capacityunits)" : Integer } ``` ### YAML ``` [CapacityUnits](#cfn-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity-capacityunits): Integer ``` ## Properties `CapacityUnits` The number of capacity units. *Required*: Yes *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ElasticLoadBalancingV2::LoadBalancer SubnetMapping Specifies a subnet for a load balancer. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[AllocationId](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-allocationid)" : String, "[IPv6Address](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-ipv6address)" : String, "[PrivateIPv4Address](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-privateipv4address)" : String, "[SourceNatIpv6Prefix](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-sourcenatipv6prefix)" : String, "[SubnetId](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-subnetid)" : String } ``` ### YAML ``` [AllocationId](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-allocationid): String [IPv6Address](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-ipv6address): String [PrivateIPv4Address](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-privateipv4address): String [SourceNatIpv6Prefix](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-sourcenatipv6prefix): String [SubnetId](#cfn-elasticloadbalancingv2-loadbalancer-subnetmapping-subnetid): String ``` ## Properties `AllocationId` [Network Load Balancers] The allocation ID of the Elastic IP address for an internet-facing load balancer. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `IPv6Address` [Network Load Balancers] The IPv6 address. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PrivateIPv4Address` [Network Load Balancers] The private IPv4 address for an internal load balancer. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SourceNatIpv6Prefix` [Network Load Balancers with UDP listeners] The IPv6 prefix to use for source NAT. Specify an IPv6 prefix (/80 netmask) from the subnet CIDR block or `auto_assigned` to use an IPv6 prefix selected at random from the subnet CIDR block. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SubnetId` The ID of the subnet. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::ElasticLoadBalancingV2::LoadBalancer Tag Information about a tag. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-elasticloadbalancingv2-loadbalancer-tag-key)" : String, "[Value](#cfn-elasticloadbalancingv2-loadbalancer-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-elasticloadbalancingv2-loadbalancer-tag-key): String [Value](#cfn-elasticloadbalancingv2-loadbalancer-tag-value): String ``` ## Properties `Key` The key of the tag. *Required*: Yes *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The value of the tag. *Required*: No *Type*: String *Pattern*: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$` *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### The following example creates a Network Load Balancer with two tags. #### YAML ``` myLoadBalancer: Type: AWS::ElasticLoadBalancingV2::LoadBalancer Properties: Name: my-nlb Type: network Scheme: internal Subnets: - !Ref subnet-AZ1 - !Ref subnet-AZ2 SecurityGroups: - !Ref mySecurityGroup Tags: - Key: "department" Value: "123" - Key: "project" Value: "lima" ``` #### JSON ``` { "myLoadBalancer": { "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer", "Properties": { "Name": "my-alb", "Type": "network", "Scheme": "internal", "Subnets": [ { "Ref": "subnet-AZ1" }, { "Ref": "subnet-AZ2" } ], "SecurityGroups": [ { "Ref": "mySecurityGroup" } ], "Tags": [ { "Key": "department", "Value": "123" }, { "Key": "project", "Value": "lima" } ] } } } ```