-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(elasticloadbalancingv2): application load balancer attributes #29586
Changes from 6 commits
df8fc8b
86cfa8f
9f869dd
630752e
eed2a9c
02303be
2ed74bc
4b75c5d
b0c440c
d8462c7
518e58c
ca94a94
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -65,6 +65,69 @@ export interface ApplicationLoadBalancerProps extends BaseLoadBalancerProps { | |
* @default - Duration.seconds(3600) | ||
*/ | ||
readonly clientKeepAlive?: Duration; | ||
|
||
/** | ||
* Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: |
||
* and send it to the target without any change. | ||
* | ||
* @default false | ||
*/ | ||
readonly preserveHostHeader?: boolean; | ||
|
||
/** | ||
* Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), | ||
* which contain information about the negotiated TLS version and cipher suite, | ||
* are added to the client request before sending it to the target. | ||
* | ||
* The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, | ||
* and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client. | ||
* | ||
* Both headers are in OpenSSL format. | ||
* | ||
* @default false | ||
*/ | ||
readonly xAmznTlsVersionAndCipherSuiteHeaders?: boolean; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. can you add There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @badmintoncryer Since the urls are the same, I think it'd make more sense to add the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @msambol I was unable to retrieve links for each attribute and ended up entering the same URL... |
||
|
||
/** | ||
* Indicates whether the X-Forwarded-For header should preserve the source port | ||
* that the client used to connect to the load balancer. | ||
* | ||
* @default false | ||
*/ | ||
readonly preserveXffClientPort?: boolean; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. likewise for this and below, can you add |
||
|
||
/** | ||
* Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request | ||
* before the Application Load Balancer sends the request to the target. | ||
* | ||
* @default XffHeaderProcessingMode.APPEND | ||
*/ | ||
readonly xffHeaderProcessingMode?: XffHeaderProcessingMode; | ||
|
||
/** | ||
* Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. | ||
* | ||
* @default false | ||
*/ | ||
readonly wafFailOpen?: boolean; | ||
} | ||
|
||
/** | ||
* Processing mode of the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target. | ||
*/ | ||
export enum XffHeaderProcessingMode { | ||
/** | ||
* Application Load Balancer adds the client IP address (of the last hop) to the X-Forwarded-For header in the HTTP request before it sends it to targets. | ||
*/ | ||
APPEND = 'append', | ||
/** | ||
* Application Load Balancer preserves the X-Forwarded-For header in the HTTP request, and sends it to targets without any change. | ||
*/ | ||
PRESERVE = 'preserve', | ||
/** | ||
* Application Load Balancer removes the X-Forwarded-For header in the HTTP request before it sends it to targets. | ||
*/ | ||
REMOVE = 'remove', | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: can you shorten these docs and move to multiple lines? |
||
} | ||
|
||
/** | ||
|
@@ -126,6 +189,11 @@ export class ApplicationLoadBalancer extends BaseLoadBalancer implements IApplic | |
if (props.idleTimeout !== undefined) { this.setAttribute('idle_timeout.timeout_seconds', props.idleTimeout.toSeconds().toString()); } | ||
if (props.dropInvalidHeaderFields) {this.setAttribute('routing.http.drop_invalid_header_fields.enabled', 'true'); } | ||
if (props.desyncMitigationMode !== undefined) {this.setAttribute('routing.http.desync_mitigation_mode', props.desyncMitigationMode); } | ||
if (props.preserveHostHeader) { this.setAttribute('routing.http.preserve_host_header.enabled', 'true'); } | ||
if (props.xAmznTlsVersionAndCipherSuiteHeaders) { this.setAttribute('routing.http.x_amzn_tls_version_and_cipher_suite.enabled', 'true'); } | ||
if (props.preserveXffClientPort) { this.setAttribute('routing.http.xff_client_port.enabled', 'true'); } | ||
if (props.xffHeaderProcessingMode !== undefined) { this.setAttribute('routing.http.xff_header_processing.mode', props.xffHeaderProcessingMode); } | ||
if (props.wafFailOpen) { this.setAttribute('waf.fail_open.enabled', 'true'); } | ||
if (props.clientKeepAlive !== undefined) { | ||
const clientKeepAliveInMillis = props.clientKeepAlive.toMilliseconds(); | ||
if (clientKeepAliveInMillis < 1000) { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: lowercase
host