{ "description": "LB is the Schema for the LBs API. Provides a Load Balancer resource.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "LBSpec defines the desired state of LB", "properties": { "forProvider": { "properties": { "accessLogs": { "description": "Access Logs block. See below.", "properties": { "bucket": { "description": "S3 bucket name to store the logs in.", "type": "string" }, "bucketRef": { "description": "Reference to a Bucket in s3 to populate bucket.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "bucketSelector": { "description": "Selector for a Bucket in s3 to populate bucket.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "enabled": { "description": "Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.", "type": "boolean" }, "prefix": { "description": "S3 bucket prefix. Logs are stored in the root if not configured.", "type": "string" } }, "type": "object", "additionalProperties": false }, "clientKeepAlive": { "description": "Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.", "type": "number" }, "connectionLogs": { "description": "Connection Logs block. See below. Only valid for Load Balancers of type application.", "properties": { "bucket": { "description": "S3 bucket name to store the logs in.", "type": "string" }, "enabled": { "description": "Boolean to enable / disable connection_logs. Defaults to false, even when bucket is specified.", "type": "boolean" }, "prefix": { "description": "S3 bucket prefix. Logs are stored in the root if not configured.", "type": "string" } }, "type": "object", "additionalProperties": false }, "customerOwnedIpv4Pool": { "description": "ID of the customer owned ipv4 pool to use for this load balancer.", "type": "string" }, "desyncMitigationMode": { "description": "How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.", "type": "string" }, "dnsRecordClientRoutingPolicy": { "description": "How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.", "type": "string" }, "dropInvalidHeaderFields": { "description": "Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.", "type": "boolean" }, "enableCrossZoneLoadBalancing": { "description": "If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.", "type": "boolean" }, "enableDeletionProtection": { "description": "If true, deletion of the load balancer will be disabled via the AWS API. Defaults to false.", "type": "boolean" }, "enableHttp2": { "description": "Whether HTTP/2 is enabled in application load balancers. Defaults to true.", "type": "boolean" }, "enableTlsVersionAndCipherSuiteHeaders": { "description": "Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false", "type": "boolean" }, "enableWafFailOpen": { "description": "Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.", "type": "boolean" }, "enableXffClientPort": { "description": "Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.", "type": "boolean" }, "enableZonalShift": { "description": "Whether zonal shift is enabled. Defaults to false.", "type": "boolean" }, "enforceSecurityGroupInboundRulesOnPrivateLinkTraffic": { "description": "Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.", "type": "string" }, "idleTimeout": { "description": "Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.", "type": "number" }, "internal": { "description": "If true, the LB will be internal. Defaults to false.", "type": "boolean" }, "ipAddressType": { "description": "Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).", "type": "string" }, "ipamPools": { "description": ". The IPAM pools to use with the load balancer. Only valid for Load Balancers of type application. See ipam_pools for more information.", "properties": { "ipv4IpamPoolId": { "description": "The ID of the IPv4 IPAM pool.", "type": "string" } }, "type": "object", "additionalProperties": false }, "loadBalancerType": { "description": "Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.", "type": "string" }, "minimumLoadBalancerCapacity": { "description": "Minimum capacity for a load balancer. Only valid for Load Balancers of type application or network.", "properties": { "capacityUnits": { "description": "The number of capacity units.", "type": "number" } }, "type": "object", "additionalProperties": false }, "name": { "description": "Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.", "type": "string" }, "preserveHostHeader": { "description": "Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.", "type": "boolean" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "secondaryIpsAutoAssignedPerSubnet": { "description": "The number of secondary IP addresses to configure for your load balancer nodes. Only valid for Load Balancers of type network. The valid range is 0-7. When decreased, this will force a recreation of the resource. Default: 0.", "type": "number" }, "securityGroupRefs": { "description": "References to SecurityGroup in ec2 to populate securityGroups.", "items": { "description": "A NamespacedReference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "securityGroupSelector": { "description": "Selector for a list of SecurityGroup in ec2 to populate securityGroups.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "securityGroups": { "description": "List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "subnetMapping": { "description": "Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.", "items": { "properties": { "allocationId": { "description": "Allocation ID of the Elastic IP address for an internet-facing load balancer.", "type": "string" }, "ipv6Address": { "description": "IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.", "type": "string" }, "privateIpv4Address": { "description": "Private IPv4 address for an internal load balancer.", "type": "string" }, "subnetId": { "description": "ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.", "type": "string" }, "subnetIdRef": { "description": "Reference to a Subnet in ec2 to populate subnetId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "subnetIdSelector": { "description": "Selector for a Subnet in ec2 to populate subnetId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "subnetRefs": { "description": "References to Subnet in ec2 to populate subnets.", "items": { "description": "A NamespacedReference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "subnetSelector": { "description": "Selector for a list of Subnet in ec2 to populate subnets.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "subnets": { "description": "List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "xffHeaderProcessingMode": { "description": "Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.", "type": "string" } }, "required": [ "region" ], "type": "object", "additionalProperties": false }, "initProvider": { "description": "THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.", "properties": { "accessLogs": { "description": "Access Logs block. See below.", "properties": { "bucket": { "description": "S3 bucket name to store the logs in.", "type": "string" }, "bucketRef": { "description": "Reference to a Bucket in s3 to populate bucket.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "bucketSelector": { "description": "Selector for a Bucket in s3 to populate bucket.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "enabled": { "description": "Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.", "type": "boolean" }, "prefix": { "description": "S3 bucket prefix. Logs are stored in the root if not configured.", "type": "string" } }, "type": "object", "additionalProperties": false }, "clientKeepAlive": { "description": "Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.", "type": "number" }, "connectionLogs": { "description": "Connection Logs block. See below. Only valid for Load Balancers of type application.", "properties": { "bucket": { "description": "S3 bucket name to store the logs in.", "type": "string" }, "enabled": { "description": "Boolean to enable / disable connection_logs. Defaults to false, even when bucket is specified.", "type": "boolean" }, "prefix": { "description": "S3 bucket prefix. Logs are stored in the root if not configured.", "type": "string" } }, "type": "object", "additionalProperties": false }, "customerOwnedIpv4Pool": { "description": "ID of the customer owned ipv4 pool to use for this load balancer.", "type": "string" }, "desyncMitigationMode": { "description": "How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.", "type": "string" }, "dnsRecordClientRoutingPolicy": { "description": "How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.", "type": "string" }, "dropInvalidHeaderFields": { "description": "Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.", "type": "boolean" }, "enableCrossZoneLoadBalancing": { "description": "If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.", "type": "boolean" }, "enableDeletionProtection": { "description": "If true, deletion of the load balancer will be disabled via the AWS API. Defaults to false.", "type": "boolean" }, "enableHttp2": { "description": "Whether HTTP/2 is enabled in application load balancers. Defaults to true.", "type": "boolean" }, "enableTlsVersionAndCipherSuiteHeaders": { "description": "Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false", "type": "boolean" }, "enableWafFailOpen": { "description": "Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.", "type": "boolean" }, "enableXffClientPort": { "description": "Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.", "type": "boolean" }, "enableZonalShift": { "description": "Whether zonal shift is enabled. Defaults to false.", "type": "boolean" }, "enforceSecurityGroupInboundRulesOnPrivateLinkTraffic": { "description": "Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.", "type": "string" }, "idleTimeout": { "description": "Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.", "type": "number" }, "internal": { "description": "If true, the LB will be internal. Defaults to false.", "type": "boolean" }, "ipAddressType": { "description": "Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).", "type": "string" }, "ipamPools": { "description": ". The IPAM pools to use with the load balancer. Only valid for Load Balancers of type application. See ipam_pools for more information.", "properties": { "ipv4IpamPoolId": { "description": "The ID of the IPv4 IPAM pool.", "type": "string" } }, "type": "object", "additionalProperties": false }, "loadBalancerType": { "description": "Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.", "type": "string" }, "minimumLoadBalancerCapacity": { "description": "Minimum capacity for a load balancer. Only valid for Load Balancers of type application or network.", "properties": { "capacityUnits": { "description": "The number of capacity units.", "type": "number" } }, "type": "object", "additionalProperties": false }, "name": { "description": "Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.", "type": "string" }, "preserveHostHeader": { "description": "Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.", "type": "boolean" }, "secondaryIpsAutoAssignedPerSubnet": { "description": "The number of secondary IP addresses to configure for your load balancer nodes. Only valid for Load Balancers of type network. The valid range is 0-7. When decreased, this will force a recreation of the resource. Default: 0.", "type": "number" }, "securityGroupRefs": { "description": "References to SecurityGroup in ec2 to populate securityGroups.", "items": { "description": "A NamespacedReference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "securityGroupSelector": { "description": "Selector for a list of SecurityGroup in ec2 to populate securityGroups.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "securityGroups": { "description": "List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "subnetMapping": { "description": "Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.", "items": { "properties": { "allocationId": { "description": "Allocation ID of the Elastic IP address for an internet-facing load balancer.", "type": "string" }, "ipv6Address": { "description": "IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.", "type": "string" }, "privateIpv4Address": { "description": "Private IPv4 address for an internal load balancer.", "type": "string" }, "subnetId": { "description": "ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.", "type": "string" }, "subnetIdRef": { "description": "Reference to a Subnet in ec2 to populate subnetId.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "subnetIdSelector": { "description": "Selector for a Subnet in ec2 to populate subnetId.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "subnetRefs": { "description": "References to Subnet in ec2 to populate subnets.", "items": { "description": "A NamespacedReference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "namespace": { "description": "Namespace of the referenced object", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "subnetSelector": { "description": "Selector for a list of Subnet in ec2 to populate subnets.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "namespace": { "description": "Namespace for the selector", "type": "string" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "subnets": { "description": "List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "xffHeaderProcessingMode": { "description": "Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.", "type": "string" } }, "type": "object", "additionalProperties": false }, "managementPolicies": { "default": [ "*" ], "description": "THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "items": { "description": "A ManagementAction represents an action that the Crossplane controllers\ncan take on an external resource.", "enum": [ "Observe", "Create", "Update", "Delete", "LateInitialize", "*" ], "type": "string" }, "type": "array" }, "providerConfigRef": { "default": { "kind": "ClusterProviderConfig", "name": "default" }, "description": "ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.", "properties": { "kind": { "description": "Kind of the referenced object.", "type": "string" }, "name": { "description": "Name of the referenced object.", "type": "string" } }, "required": [ "kind", "name" ], "type": "object", "additionalProperties": false }, "writeConnectionSecretToRef": { "description": "WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.", "properties": { "name": { "description": "Name of the secret.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false } }, "required": [ "forProvider" ], "type": "object", "additionalProperties": false }, "status": { "description": "LBStatus defines the observed state of LB.", "properties": { "atProvider": { "properties": { "accessLogs": { "description": "Access Logs block. See below.", "properties": { "bucket": { "description": "S3 bucket name to store the logs in.", "type": "string" }, "enabled": { "description": "Boolean to enable / disable access_logs. Defaults to false, even when bucket is specified.", "type": "boolean" }, "prefix": { "description": "S3 bucket prefix. Logs are stored in the root if not configured.", "type": "string" } }, "type": "object", "additionalProperties": false }, "arn": { "description": "ARN of the load balancer.", "type": "string" }, "arnSuffix": { "description": "ARN suffix for use with CloudWatch Metrics.", "type": "string" }, "clientKeepAlive": { "description": "Client keep alive value in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.", "type": "number" }, "connectionLogs": { "description": "Connection Logs block. See below. Only valid for Load Balancers of type application.", "properties": { "bucket": { "description": "S3 bucket name to store the logs in.", "type": "string" }, "enabled": { "description": "Boolean to enable / disable connection_logs. Defaults to false, even when bucket is specified.", "type": "boolean" }, "prefix": { "description": "S3 bucket prefix. Logs are stored in the root if not configured.", "type": "string" } }, "type": "object", "additionalProperties": false }, "customerOwnedIpv4Pool": { "description": "ID of the customer owned ipv4 pool to use for this load balancer.", "type": "string" }, "desyncMitigationMode": { "description": "How the load balancer handles requests that might pose a security risk to an application due to HTTP desync. Valid values are monitor, defensive (default), strictest.", "type": "string" }, "dnsName": { "description": "DNS name of the load balancer.", "type": "string" }, "dnsRecordClientRoutingPolicy": { "description": "How traffic is distributed among the load balancer Availability Zones. Possible values are any_availability_zone (default), availability_zone_affinity, or partial_availability_zone_affinity. See Availability Zone DNS affinity for additional details. Only valid for network type load balancers.", "type": "string" }, "dropInvalidHeaderFields": { "description": "Whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type application.", "type": "boolean" }, "enableCrossZoneLoadBalancing": { "description": "If true, cross-zone load balancing of the load balancer will be enabled. For network and gateway type load balancers, this feature is disabled by default (false). For application load balancer this feature is always enabled (true) and cannot be disabled. Defaults to false.", "type": "boolean" }, "enableDeletionProtection": { "description": "If true, deletion of the load balancer will be disabled via the AWS API. Defaults to false.", "type": "boolean" }, "enableHttp2": { "description": "Whether HTTP/2 is enabled in application load balancers. Defaults to true.", "type": "boolean" }, "enableTlsVersionAndCipherSuiteHeaders": { "description": "Whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Only valid for Load Balancers of type application. Defaults to false", "type": "boolean" }, "enableWafFailOpen": { "description": "Whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Defaults to false.", "type": "boolean" }, "enableXffClientPort": { "description": "Whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer in application load balancers. Defaults to false.", "type": "boolean" }, "enableZonalShift": { "description": "Whether zonal shift is enabled. Defaults to false.", "type": "boolean" }, "enforceSecurityGroupInboundRulesOnPrivateLinkTraffic": { "description": "Whether inbound security group rules are enforced for traffic originating from a PrivateLink. Only valid for Load Balancers of type network. The possible values are on and off.", "type": "string" }, "id": { "type": "string" }, "idleTimeout": { "description": "Time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type application. Default: 60.", "type": "number" }, "internal": { "description": "If true, the LB will be internal. Defaults to false.", "type": "boolean" }, "ipAddressType": { "description": "Type of IP addresses used by the subnets for your load balancer. The possible values depend upon the load balancer type: ipv4 (all load balancer types), dualstack (all load balancer types), and dualstack-without-public-ipv4 (type application only).", "type": "string" }, "ipamPools": { "description": ". The IPAM pools to use with the load balancer. Only valid for Load Balancers of type application. See ipam_pools for more information.", "properties": { "ipv4IpamPoolId": { "description": "The ID of the IPv4 IPAM pool.", "type": "string" } }, "type": "object", "additionalProperties": false }, "loadBalancerType": { "description": "Type of load balancer to create. Possible values are application, gateway, or network. The default value is application.", "type": "string" }, "minimumLoadBalancerCapacity": { "description": "Minimum capacity for a load balancer. Only valid for Load Balancers of type application or network.", "properties": { "capacityUnits": { "description": "The number of capacity units.", "type": "number" } }, "type": "object", "additionalProperties": false }, "name": { "description": "Name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen.", "type": "string" }, "preserveHostHeader": { "description": "Whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. Defaults to false.", "type": "boolean" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "secondaryIpsAutoAssignedPerSubnet": { "description": "The number of secondary IP addresses to configure for your load balancer nodes. Only valid for Load Balancers of type network. The valid range is 0-7. When decreased, this will force a recreation of the resource. Default: 0.", "type": "number" }, "securityGroups": { "description": "List of security group IDs to assign to the LB. Only valid for Load Balancers of type application or network. For load balancers of type network security groups cannot be added if none are currently present, and cannot all be removed once added. If either of these conditions are met, this will force a recreation of the resource.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "subnetMapping": { "description": "Subnet mapping block. See below. For Load Balancers of type network subnet mappings can only be added.", "items": { "properties": { "allocationId": { "description": "Allocation ID of the Elastic IP address for an internet-facing load balancer.", "type": "string" }, "ipv6Address": { "description": "IPv6 address. You associate IPv6 CIDR blocks with your VPC and choose the subnets where you launch both internet-facing and internal Application Load Balancers or Network Load Balancers.", "type": "string" }, "outpostId": { "description": "ID of the Outpost containing the load balancer.", "type": "string" }, "privateIpv4Address": { "description": "Private IPv4 address for an internal load balancer.", "type": "string" }, "subnetId": { "description": "ID of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "subnets": { "description": "List of subnet IDs to attach to the LB. For Load Balancers of type network subnets can only be added (see Availability Zones), deleting a subnet for load balancers of type network will force a recreation of the resource.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "vpcId": { "type": "string" }, "xffHeaderProcessingMode": { "description": "Determines how the load balancer modifies the X-Forwarded-For header in the HTTP request before sending the request to the target. The possible values are append, preserve, and remove. Only valid for Load Balancers of type application. The default is append.", "type": "string" }, "zoneId": { "description": "Canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).", "type": "string" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions of the resource.", "items": { "description": "A Condition that may apply to a resource.", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "format": "date-time", "type": "string" }, "message": { "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "observedGeneration": { "description": "ObservedGeneration is the latest metadata.generation\nwhich resulted in either a ready state, or stalled due to error\nit can not recover from without human intervention.", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }