AWS::ElasticLoadBalancing::LoadBalancer
Specifies a Classic Load Balancer.
If this resource has a public IP address and is also in a VPC that is defined in the same template, you must use the DependsOn attribute to declare a dependency on the VPC-gateway attachment.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::ElasticLoadBalancing::LoadBalancer", "Properties" : { "AccessLoggingPolicy" :AccessLoggingPolicy, "AppCookieStickinessPolicy" :[ AppCookieStickinessPolicy, ... ], "AvailabilityZones" :[ String, ... ], "ConnectionDrainingPolicy" :ConnectionDrainingPolicy, "ConnectionSettings" :ConnectionSettings, "CrossZone" :Boolean, "HealthCheck" :HealthCheck, "Instances" :[ String, ... ], "LBCookieStickinessPolicy" :[ LBCookieStickinessPolicy, ... ], "Listeners" :[ Listeners, ... ], "LoadBalancerName" :String, "Policies" :[ Policies, ... ], "Scheme" :String, "SecurityGroups" :[ String, ... ], "Subnets" :[ String, ... ], "Tags" :[ Tag, ... ]} }
YAML
Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AccessLoggingPolicy:AccessLoggingPolicyAppCookieStickinessPolicy:- AppCookieStickinessPolicyAvailabilityZones:- StringConnectionDrainingPolicy:ConnectionDrainingPolicyConnectionSettings:ConnectionSettingsCrossZone:BooleanHealthCheck:HealthCheckInstances:- StringLBCookieStickinessPolicy:- LBCookieStickinessPolicyListeners:- ListenersLoadBalancerName:StringPolicies:- PoliciesScheme:StringSecurityGroups:- StringSubnets:- StringTags:- Tag
Properties
AccessLoggingPolicy-
Information about where and how access logs are stored for the load balancer.
Required: No
Type: AccessLoggingPolicy
Update requires: No interruption
-
Information about a policy for application-controlled session stickiness.
Required: No
Type: Array of AppCookieStickinessPolicy
Update requires: No interruption
AvailabilityZones-
The Availability Zones for a load balancer in a default VPC. For a load balancer in a nondefault VPC, specify
Subnetsinstead.Update requires replacement if you did not previously specify an Availability Zone or if you are removing all Availability Zones. Otherwise, update requires no interruption.
Required: No
Type: Array of String
Update requires: Some interruptions
ConnectionDrainingPolicy-
If enabled, the load balancer allows existing requests to complete before the load balancer shifts traffic away from a deregistered or unhealthy instance.
For more information, see Configure connection draining in the User Guide for Classic Load Balancers.
Required: No
Type: ConnectionDrainingPolicy
Update requires: No interruption
ConnectionSettings-
If enabled, the load balancer allows the connections to remain idle (no data is sent over the connection) for the specified duration.
By default, Elastic Load Balancing maintains a 60-second idle connection timeout for both front-end and back-end connections of your load balancer. For more information, see Configure idle connection timeout in the User Guide for Classic Load Balancers.
Required: No
Type: ConnectionSettings
Update requires: No interruption
CrossZone-
If enabled, the load balancer routes the request traffic evenly across all instances regardless of the Availability Zones.
For more information, see Configure cross-zone load balancing in the User Guide for Classic Load Balancers.
Required: No
Type: Boolean
Update requires: No interruption
HealthCheck-
The health check settings to use when evaluating the health of your EC2 instances.
Update requires replacement if you did not previously specify health check settings or if you are removing the health check settings. Otherwise, update requires no interruption.
Required: No
Type: HealthCheck
Update requires: No interruption
Instances-
The IDs of the instances for the load balancer.
Required: No
Type: Array of String
Update requires: No interruption
-
Information about a policy for duration-based session stickiness.
Required: No
Type: Array of LBCookieStickinessPolicy
Update requires: No interruption
Listeners-
The listeners for the load balancer. You can specify at most one listener per port.
If you update the properties for a listener, AWS CloudFormation deletes the existing listener and creates a new one with the specified properties. While the new listener is being created, clients cannot connect to the load balancer.
Required: Yes
Update requires: No interruption
LoadBalancerName-
The name of the load balancer. This name must be unique within your set of load balancers for the region.
If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. For more information, see Name Type. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.
Required: No
Type: String
Update requires: Replacement
Policies-
The policies defined for your Classic Load Balancer. Specify only back-end server policies.
Required: No
Update requires: No interruption
Scheme-
The type of load balancer. Valid only for load balancers in a VPC.
If
Schemeisinternet-facing, the load balancer has a public DNS name that resolves to a public IP address.If
Schemeisinternal, the load balancer has a public DNS name that resolves to a private IP address.Required: No
Type: String
Update requires: Replacement
SecurityGroups-
The security groups for the load balancer. Valid only for load balancers in a VPC.
Required: No
Type: Array of String
Update requires: No interruption
Subnets-
The IDs of the subnets for the load balancer. You can specify at most one subnet per Availability Zone.
Update requires replacement if you did not previously specify a subnet or if you are removing all subnets. Otherwise, update requires no interruption. To update to a different subnet in the current Availability Zone, you must first update to a subnet in a different Availability Zone, then update to the new subnet in the original Availability Zone.
Required: No
Type: Array of String
Update requires: Some interruptions
-
The tags associated with a load balancer.
Required: No
Type: Array of Tag
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the load balancer.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
CanonicalHostedZoneName-
The name of the Route 53 hosted zone that is associated with the load balancer. Internal-facing load balancers don't use this value, use
DNSNameinstead. CanonicalHostedZoneNameID-
The ID of the Route 53 hosted zone name that is associated with the load balancer.
DNSName-
The DNS name for the load balancer.
SourceSecurityGroup.GroupName-
The name of the security group that you can use as part of your inbound rules for your load balancer's back-end instances.
SourceSecurityGroup.OwnerAlias-
The owner of the source security group.
Examples
Classic Load Balancer in a default VPC
The following example specifies a Classic Load Balancer with a secure listener in a default VPC.
JSON
"MyLoadBalancer" : { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "AvailabilityZones": [ "us-east-2a" ], "CrossZone": "true", "Listeners": [{ "InstancePort": "80", "InstanceProtocol": "HTTP", "LoadBalancerPort": "443", "Protocol": "HTTPS", "PolicyNames": [ "My-SSLNegotiation-Policy" ], "SSLCertificateId": "arn:aws:iam::123456789012:server-certificate/my-server-certificate" }], "HealthCheck": { "Target": "HTTP:80/", "HealthyThreshold": "2", "UnhealthyThreshold": "3", "Interval": "10", "Timeout": "5" }, "Policies": [{ "PolicyName": "My-SSLNegotiation-Policy", "PolicyType": "SSLNegotiationPolicyType", "Attributes": [{ "Name": "Reference-Security-Policy", "Value": "ELBSecurityPolicy-TLS-1-2-2017-01" }] }] } }
YAML
MyLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: AvailabilityZones: - "us-east-2a" CrossZone: true Listeners: - InstancePort: '80' InstanceProtocol: HTTP LoadBalancerPort: '443' Protocol: HTTPS PolicyNames: - My-SSLNegotiation-Policy SSLCertificateId: arn:aws:iam::123456789012:server-certificate/my-server-certificate HealthCheck: Target: HTTP:80/ HealthyThreshold: '2' UnhealthyThreshold: '3' Interval: '10' Timeout: '5' Policies: - PolicyName: My-SSLNegotiation-Policy PolicyType: SSLNegotiationPolicyType Attributes: - Name: Reference-Security-Policy Value: ELBSecurityPolicy-TLS-1-2-2017-01
Classic Load Balancer in a nondefault VPC
The following example specifies a Classic Load Balancer with an HTTP listener and a VPC with one subnet and an internet gateway.
JSON
{ "Resources": { "myLoadBalancer": { "Type": "AWS::ElasticLoadBalancing::LoadBalancer", "Properties": { "Subnets": [ { "Ref": "mySubnet" } ], "Listeners": [ { "LoadBalancerPort": "80", "InstancePort": "80", "Protocol": "HTTP" } ] } }, "myVPC": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16", "EnableDnsSupport": true, "EnableDnsHostnames": true } }, "mySubnet": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "myVPC" }, "CidrBlock": "10.0.0.0/24", "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "" } ] } } }, "myInternetGateway": { "Type": "AWS::EC2::InternetGateway" }, "myGatewayAttachment": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "myVPC" }, "InternetGatewayId": { "Ref": "myInternetGateway" } } }, "myRouteTable": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "myVPC" } } }, "myRoute": { "Type": "AWS::EC2::Route", "Properties": { "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "myInternetGateway" }, "RouteTableId": { "Ref": "myRouteTable" } } }, "myRouteTableAssociation": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "myRouteTable" }, "SubnetId": { "Ref": "mySubnet" } } } } }
YAML
Resources: myLoadBalancer: Type: AWS::ElasticLoadBalancing::LoadBalancer Properties: Subnets: - !Ref mySubnet Listeners: - LoadBalancerPort: '80' InstancePort: '80' Protocol: HTTP myVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: true EnableDnsHostnames: true mySubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref myVPC CidrBlock: 10.0.0.0/24 AvailabilityZone: !Select [ 1, !GetAZs ] myInternetGateway: Type: AWS::EC2::InternetGateway myGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref myVPC InternetGatewayId: !Ref myInternetGateway myRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref myVPC myRoute: Type: AWS::EC2::Route Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref myInternetGateway RouteTableId: !Ref myRouteTable myRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref myRouteTable SubnetId: !Ref mySubnet
See also
-
CreateLoadBalancer in the Elastic Load Balancing API Reference (version 2012-06-01)
-
ModifyLoadBalancerAttributes in the Elastic Load Balancing API Reference (version 2012-06-01)
-
ConfigureHealthCheck in the Elastic Load Balancing API Reference (version 2012-06-01)
