ELASTICLOADBALANCINGV2
AddListenerCertificates
valid {
input.Body.ListenerArn == STRING
input.Body.Certificates[_].CertificateArn == STRING
input.Body.Certificates[_].IsDefault == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AddTags
valid {
input.Body.ResourceArns[_] == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AddTrustStoreRevocations
enum_RevocationType := [ "CRL" ]
valid {
input.Body.TrustStoreArn == STRING
input.Body.RevocationContents[_].S3Bucket == STRING
input.Body.RevocationContents[_].S3Key == STRING
input.Body.RevocationContents[_].S3ObjectVersion == STRING
input.Body.RevocationContents[_].RevocationType == enum_RevocationType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateListener
enum_ActionTypeEnum := [ "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response" ]
enum_AuthenticateCognitoActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_AuthenticateOidcActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_ProtocolEnum := [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP", "GENEVE" ]
enum_RedirectActionStatusCodeEnum := [ "HTTP_301", "HTTP_302" ]
valid {
input.Body.LoadBalancerArn == STRING
input.Body.Protocol == enum_ProtocolEnum[_]
input.Body.Port == INTEGER
input.Body.SslPolicy == STRING
input.Body.Certificates[_].CertificateArn == STRING
input.Body.Certificates[_].IsDefault == BOOLEAN
input.Body.DefaultActions[_].Type == enum_ActionTypeEnum[_]
input.Body.DefaultActions[_].TargetGroupArn == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.Issuer == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.AuthorizationEndpoint == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.TokenEndpoint == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.UserInfoEndpoint == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.ClientId == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.ClientSecret == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.SessionCookieName == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.Scope == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.SessionTimeout == LONG
input.Body.DefaultActions[_].AuthenticateOidcConfig.AuthenticationRequestExtraParams.STRING == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.OnUnauthenticatedRequest == enum_AuthenticateOidcActionConditionalBehaviorEnum[_]
input.Body.DefaultActions[_].AuthenticateOidcConfig.UseExistingClientSecret == BOOLEAN
input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolArn == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolClientId == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolDomain == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.SessionCookieName == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.Scope == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.SessionTimeout == LONG
input.Body.DefaultActions[_].AuthenticateCognitoConfig.AuthenticationRequestExtraParams.STRING == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.OnUnauthenticatedRequest == enum_AuthenticateCognitoActionConditionalBehaviorEnum[_]
input.Body.DefaultActions[_].Order == INTEGER
input.Body.DefaultActions[_].RedirectConfig.Protocol == STRING
input.Body.DefaultActions[_].RedirectConfig.Port == STRING
input.Body.DefaultActions[_].RedirectConfig.Host == STRING
input.Body.DefaultActions[_].RedirectConfig.Path == STRING
input.Body.DefaultActions[_].RedirectConfig.Query == STRING
input.Body.DefaultActions[_].RedirectConfig.StatusCode == enum_RedirectActionStatusCodeEnum[_]
input.Body.DefaultActions[_].FixedResponseConfig.MessageBody == STRING
input.Body.DefaultActions[_].FixedResponseConfig.StatusCode == STRING
input.Body.DefaultActions[_].FixedResponseConfig.ContentType == STRING
input.Body.DefaultActions[_].ForwardConfig.TargetGroups[_].TargetGroupArn == STRING
input.Body.DefaultActions[_].ForwardConfig.TargetGroups[_].Weight == INTEGER
input.Body.DefaultActions[_].ForwardConfig.TargetGroupStickinessConfig.Enabled == BOOLEAN
input.Body.DefaultActions[_].ForwardConfig.TargetGroupStickinessConfig.DurationSeconds == INTEGER
input.Body.AlpnPolicy[_] == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.MutualAuthentication.Mode == STRING
input.Body.MutualAuthentication.TrustStoreArn == STRING
input.Body.MutualAuthentication.IgnoreClientCertificateExpiry == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateLoadBalancer
enum_IpAddressType := [ "ipv4", "dualstack" ]
enum_LoadBalancerSchemeEnum := [ "internet-facing", "internal" ]
enum_LoadBalancerTypeEnum := [ "application", "network", "gateway" ]
valid {
input.Body.Name == STRING
input.Body.Subnets[_] == STRING
input.Body.SubnetMappings[_].SubnetId == STRING
input.Body.SubnetMappings[_].AllocationId == STRING
input.Body.SubnetMappings[_].PrivateIPv4Address == STRING
input.Body.SubnetMappings[_].IPv6Address == STRING
input.Body.SecurityGroups[_] == STRING
input.Body.Scheme == enum_LoadBalancerSchemeEnum[_]
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.Type == enum_LoadBalancerTypeEnum[_]
input.Body.IpAddressType == enum_IpAddressType[_]
input.Body.CustomerOwnedIpv4Pool == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateRule
enum_ActionTypeEnum := [ "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response" ]
enum_AuthenticateCognitoActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_AuthenticateOidcActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_RedirectActionStatusCodeEnum := [ "HTTP_301", "HTTP_302" ]
valid {
input.Body.ListenerArn == STRING
input.Body.Conditions[_].Field == STRING
input.Body.Conditions[_].Values[_] == STRING
input.Body.Conditions[_].HostHeaderConfig.Values[_] == STRING
input.Body.Conditions[_].PathPatternConfig.Values[_] == STRING
input.Body.Conditions[_].HttpHeaderConfig.HttpHeaderName == STRING
input.Body.Conditions[_].HttpHeaderConfig.Values[_] == STRING
input.Body.Conditions[_].QueryStringConfig.Values[_].Key == STRING
input.Body.Conditions[_].QueryStringConfig.Values[_].Value == STRING
input.Body.Conditions[_].HttpRequestMethodConfig.Values[_] == STRING
input.Body.Conditions[_].SourceIpConfig.Values[_] == STRING
input.Body.Priority == INTEGER
input.Body.Actions[_].Type == enum_ActionTypeEnum[_]
input.Body.Actions[_].TargetGroupArn == STRING
input.Body.Actions[_].AuthenticateOidcConfig.Issuer == STRING
input.Body.Actions[_].AuthenticateOidcConfig.AuthorizationEndpoint == STRING
input.Body.Actions[_].AuthenticateOidcConfig.TokenEndpoint == STRING
input.Body.Actions[_].AuthenticateOidcConfig.UserInfoEndpoint == STRING
input.Body.Actions[_].AuthenticateOidcConfig.ClientId == STRING
input.Body.Actions[_].AuthenticateOidcConfig.ClientSecret == STRING
input.Body.Actions[_].AuthenticateOidcConfig.SessionCookieName == STRING
input.Body.Actions[_].AuthenticateOidcConfig.Scope == STRING
input.Body.Actions[_].AuthenticateOidcConfig.SessionTimeout == LONG
input.Body.Actions[_].AuthenticateOidcConfig.AuthenticationRequestExtraParams.STRING == STRING
input.Body.Actions[_].AuthenticateOidcConfig.OnUnauthenticatedRequest == enum_AuthenticateOidcActionConditionalBehaviorEnum[_]
input.Body.Actions[_].AuthenticateOidcConfig.UseExistingClientSecret == BOOLEAN
input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolArn == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolClientId == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolDomain == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.SessionCookieName == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.Scope == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.SessionTimeout == LONG
input.Body.Actions[_].AuthenticateCognitoConfig.AuthenticationRequestExtraParams.STRING == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.OnUnauthenticatedRequest == enum_AuthenticateCognitoActionConditionalBehaviorEnum[_]
input.Body.Actions[_].Order == INTEGER
input.Body.Actions[_].RedirectConfig.Protocol == STRING
input.Body.Actions[_].RedirectConfig.Port == STRING
input.Body.Actions[_].RedirectConfig.Host == STRING
input.Body.Actions[_].RedirectConfig.Path == STRING
input.Body.Actions[_].RedirectConfig.Query == STRING
input.Body.Actions[_].RedirectConfig.StatusCode == enum_RedirectActionStatusCodeEnum[_]
input.Body.Actions[_].FixedResponseConfig.MessageBody == STRING
input.Body.Actions[_].FixedResponseConfig.StatusCode == STRING
input.Body.Actions[_].FixedResponseConfig.ContentType == STRING
input.Body.Actions[_].ForwardConfig.TargetGroups[_].TargetGroupArn == STRING
input.Body.Actions[_].ForwardConfig.TargetGroups[_].Weight == INTEGER
input.Body.Actions[_].ForwardConfig.TargetGroupStickinessConfig.Enabled == BOOLEAN
input.Body.Actions[_].ForwardConfig.TargetGroupStickinessConfig.DurationSeconds == INTEGER
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateTargetGroup
enum_ProtocolEnum := [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP", "GENEVE" ]
enum_TargetGroupIpAddressTypeEnum := [ "ipv4", "ipv6" ]
enum_TargetTypeEnum := [ "instance", "ip", "lambda", "alb" ]
valid {
input.Body.Name == STRING
input.Body.Protocol == enum_ProtocolEnum[_]
input.Body.ProtocolVersion == STRING
input.Body.Port == INTEGER
input.Body.VpcId == STRING
input.Body.HealthCheckProtocol == enum_ProtocolEnum[_]
input.Body.HealthCheckPort == STRING
input.Body.HealthCheckEnabled == BOOLEAN
input.Body.HealthCheckPath == STRING
input.Body.HealthCheckIntervalSeconds == INTEGER
input.Body.HealthCheckTimeoutSeconds == INTEGER
input.Body.HealthyThresholdCount == INTEGER
input.Body.UnhealthyThresholdCount == INTEGER
input.Body.Matcher.HttpCode == STRING
input.Body.Matcher.GrpcCode == STRING
input.Body.TargetType == enum_TargetTypeEnum[_]
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.IpAddressType == enum_TargetGroupIpAddressTypeEnum[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateTrustStore
valid {
input.Body.Name == STRING
input.Body.CaCertificatesBundleS3Bucket == STRING
input.Body.CaCertificatesBundleS3Key == STRING
input.Body.CaCertificatesBundleS3ObjectVersion == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteListener
valid {
input.Body.ListenerArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteLoadBalancer
valid {
input.Body.LoadBalancerArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteRule
valid {
input.Body.RuleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteTargetGroup
valid {
input.Body.TargetGroupArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteTrustStore
valid {
input.Body.TrustStoreArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeregisterTargets
valid {
input.Body.TargetGroupArn == STRING
input.Body.Targets[_].Id == STRING
input.Body.Targets[_].Port == INTEGER
input.Body.Targets[_].AvailabilityZone == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeAccountLimits
valid {
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeListenerCertificates
valid {
input.Body.ListenerArn == STRING
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeListeners
valid {
input.Body.LoadBalancerArn == STRING
input.Body.ListenerArns[_] == STRING
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeLoadBalancerAttributes
valid {
input.Body.LoadBalancerArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeLoadBalancers
valid {
input.Body.LoadBalancerArns[_] == STRING
input.Body.Names[_] == STRING
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeRules
valid {
input.Body.ListenerArn == STRING
input.Body.RuleArns[_] == STRING
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeSSLPolicies
enum_LoadBalancerTypeEnum := [ "application", "network", "gateway" ]
valid {
input.Body.Names[_] == STRING
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.Body.LoadBalancerType == enum_LoadBalancerTypeEnum[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTags
valid {
input.Body.ResourceArns[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTargetGroupAttributes
valid {
input.Body.TargetGroupArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTargetGroups
valid {
input.Body.LoadBalancerArn == STRING
input.Body.TargetGroupArns[_] == STRING
input.Body.Names[_] == STRING
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTargetHealth
enum_DescribeTargetHealthInputIncludeEnum := [ "AnomalyDetection", "All" ]
valid {
input.Body.TargetGroupArn == STRING
input.Body.Targets[_].Id == STRING
input.Body.Targets[_].Port == INTEGER
input.Body.Targets[_].AvailabilityZone == STRING
input.Body.Include[_] == enum_DescribeTargetHealthInputIncludeEnum[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTrustStoreAssociations
valid {
input.Body.TrustStoreArn == STRING
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTrustStoreRevocations
valid {
input.Body.TrustStoreArn == STRING
input.Body.RevocationIds[_] == LONG
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTrustStores
valid {
input.Body.TrustStoreArns[_] == STRING
input.Body.Names[_] == STRING
input.Body.Marker == STRING
input.Body.PageSize == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetTrustStoreCaCertificatesBundle
valid {
input.Body.TrustStoreArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetTrustStoreRevocationContent
valid {
input.Body.TrustStoreArn == STRING
input.Body.RevocationId == LONG
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ModifyListener
enum_ActionTypeEnum := [ "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response" ]
enum_AuthenticateCognitoActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_AuthenticateOidcActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_ProtocolEnum := [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP", "GENEVE" ]
enum_RedirectActionStatusCodeEnum := [ "HTTP_301", "HTTP_302" ]
valid {
input.Body.ListenerArn == STRING
input.Body.Port == INTEGER
input.Body.Protocol == enum_ProtocolEnum[_]
input.Body.SslPolicy == STRING
input.Body.Certificates[_].CertificateArn == STRING
input.Body.Certificates[_].IsDefault == BOOLEAN
input.Body.DefaultActions[_].Type == enum_ActionTypeEnum[_]
input.Body.DefaultActions[_].TargetGroupArn == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.Issuer == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.AuthorizationEndpoint == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.TokenEndpoint == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.UserInfoEndpoint == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.ClientId == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.ClientSecret == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.SessionCookieName == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.Scope == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.SessionTimeout == LONG
input.Body.DefaultActions[_].AuthenticateOidcConfig.AuthenticationRequestExtraParams.STRING == STRING
input.Body.DefaultActions[_].AuthenticateOidcConfig.OnUnauthenticatedRequest == enum_AuthenticateOidcActionConditionalBehaviorEnum[_]
input.Body.DefaultActions[_].AuthenticateOidcConfig.UseExistingClientSecret == BOOLEAN
input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolArn == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolClientId == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.UserPoolDomain == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.SessionCookieName == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.Scope == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.SessionTimeout == LONG
input.Body.DefaultActions[_].AuthenticateCognitoConfig.AuthenticationRequestExtraParams.STRING == STRING
input.Body.DefaultActions[_].AuthenticateCognitoConfig.OnUnauthenticatedRequest == enum_AuthenticateCognitoActionConditionalBehaviorEnum[_]
input.Body.DefaultActions[_].Order == INTEGER
input.Body.DefaultActions[_].RedirectConfig.Protocol == STRING
input.Body.DefaultActions[_].RedirectConfig.Port == STRING
input.Body.DefaultActions[_].RedirectConfig.Host == STRING
input.Body.DefaultActions[_].RedirectConfig.Path == STRING
input.Body.DefaultActions[_].RedirectConfig.Query == STRING
input.Body.DefaultActions[_].RedirectConfig.StatusCode == enum_RedirectActionStatusCodeEnum[_]
input.Body.DefaultActions[_].FixedResponseConfig.MessageBody == STRING
input.Body.DefaultActions[_].FixedResponseConfig.StatusCode == STRING
input.Body.DefaultActions[_].FixedResponseConfig.ContentType == STRING
input.Body.DefaultActions[_].ForwardConfig.TargetGroups[_].TargetGroupArn == STRING
input.Body.DefaultActions[_].ForwardConfig.TargetGroups[_].Weight == INTEGER
input.Body.DefaultActions[_].ForwardConfig.TargetGroupStickinessConfig.Enabled == BOOLEAN
input.Body.DefaultActions[_].ForwardConfig.TargetGroupStickinessConfig.DurationSeconds == INTEGER
input.Body.AlpnPolicy[_] == STRING
input.Body.MutualAuthentication.Mode == STRING
input.Body.MutualAuthentication.TrustStoreArn == STRING
input.Body.MutualAuthentication.IgnoreClientCertificateExpiry == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ModifyLoadBalancerAttributes
valid {
input.Body.LoadBalancerArn == STRING
input.Body.Attributes[_].Key == STRING
input.Body.Attributes[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ModifyRule
enum_ActionTypeEnum := [ "forward", "authenticate-oidc", "authenticate-cognito", "redirect", "fixed-response" ]
enum_AuthenticateCognitoActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_AuthenticateOidcActionConditionalBehaviorEnum := [ "deny", "allow", "authenticate" ]
enum_RedirectActionStatusCodeEnum := [ "HTTP_301", "HTTP_302" ]
valid {
input.Body.RuleArn == STRING
input.Body.Conditions[_].Field == STRING
input.Body.Conditions[_].Values[_] == STRING
input.Body.Conditions[_].HostHeaderConfig.Values[_] == STRING
input.Body.Conditions[_].PathPatternConfig.Values[_] == STRING
input.Body.Conditions[_].HttpHeaderConfig.HttpHeaderName == STRING
input.Body.Conditions[_].HttpHeaderConfig.Values[_] == STRING
input.Body.Conditions[_].QueryStringConfig.Values[_].Key == STRING
input.Body.Conditions[_].QueryStringConfig.Values[_].Value == STRING
input.Body.Conditions[_].HttpRequestMethodConfig.Values[_] == STRING
input.Body.Conditions[_].SourceIpConfig.Values[_] == STRING
input.Body.Actions[_].Type == enum_ActionTypeEnum[_]
input.Body.Actions[_].TargetGroupArn == STRING
input.Body.Actions[_].AuthenticateOidcConfig.Issuer == STRING
input.Body.Actions[_].AuthenticateOidcConfig.AuthorizationEndpoint == STRING
input.Body.Actions[_].AuthenticateOidcConfig.TokenEndpoint == STRING
input.Body.Actions[_].AuthenticateOidcConfig.UserInfoEndpoint == STRING
input.Body.Actions[_].AuthenticateOidcConfig.ClientId == STRING
input.Body.Actions[_].AuthenticateOidcConfig.ClientSecret == STRING
input.Body.Actions[_].AuthenticateOidcConfig.SessionCookieName == STRING
input.Body.Actions[_].AuthenticateOidcConfig.Scope == STRING
input.Body.Actions[_].AuthenticateOidcConfig.SessionTimeout == LONG
input.Body.Actions[_].AuthenticateOidcConfig.AuthenticationRequestExtraParams.STRING == STRING
input.Body.Actions[_].AuthenticateOidcConfig.OnUnauthenticatedRequest == enum_AuthenticateOidcActionConditionalBehaviorEnum[_]
input.Body.Actions[_].AuthenticateOidcConfig.UseExistingClientSecret == BOOLEAN
input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolArn == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolClientId == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.UserPoolDomain == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.SessionCookieName == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.Scope == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.SessionTimeout == LONG
input.Body.Actions[_].AuthenticateCognitoConfig.AuthenticationRequestExtraParams.STRING == STRING
input.Body.Actions[_].AuthenticateCognitoConfig.OnUnauthenticatedRequest == enum_AuthenticateCognitoActionConditionalBehaviorEnum[_]
input.Body.Actions[_].Order == INTEGER
input.Body.Actions[_].RedirectConfig.Protocol == STRING
input.Body.Actions[_].RedirectConfig.Port == STRING
input.Body.Actions[_].RedirectConfig.Host == STRING
input.Body.Actions[_].RedirectConfig.Path == STRING
input.Body.Actions[_].RedirectConfig.Query == STRING
input.Body.Actions[_].RedirectConfig.StatusCode == enum_RedirectActionStatusCodeEnum[_]
input.Body.Actions[_].FixedResponseConfig.MessageBody == STRING
input.Body.Actions[_].FixedResponseConfig.StatusCode == STRING
input.Body.Actions[_].FixedResponseConfig.ContentType == STRING
input.Body.Actions[_].ForwardConfig.TargetGroups[_].TargetGroupArn == STRING
input.Body.Actions[_].ForwardConfig.TargetGroups[_].Weight == INTEGER
input.Body.Actions[_].ForwardConfig.TargetGroupStickinessConfig.Enabled == BOOLEAN
input.Body.Actions[_].ForwardConfig.TargetGroupStickinessConfig.DurationSeconds == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ModifyTargetGroup
enum_ProtocolEnum := [ "HTTP", "HTTPS", "TCP", "TLS", "UDP", "TCP_UDP", "GENEVE" ]
valid {
input.Body.TargetGroupArn == STRING
input.Body.HealthCheckProtocol == enum_ProtocolEnum[_]
input.Body.HealthCheckPort == STRING
input.Body.HealthCheckPath == STRING
input.Body.HealthCheckEnabled == BOOLEAN
input.Body.HealthCheckIntervalSeconds == INTEGER
input.Body.HealthCheckTimeoutSeconds == INTEGER
input.Body.HealthyThresholdCount == INTEGER
input.Body.UnhealthyThresholdCount == INTEGER
input.Body.Matcher.HttpCode == STRING
input.Body.Matcher.GrpcCode == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ModifyTargetGroupAttributes
valid {
input.Body.TargetGroupArn == STRING
input.Body.Attributes[_].Key == STRING
input.Body.Attributes[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ModifyTrustStore
valid {
input.Body.TrustStoreArn == STRING
input.Body.CaCertificatesBundleS3Bucket == STRING
input.Body.CaCertificatesBundleS3Key == STRING
input.Body.CaCertificatesBundleS3ObjectVersion == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RegisterTargets
valid {
input.Body.TargetGroupArn == STRING
input.Body.Targets[_].Id == STRING
input.Body.Targets[_].Port == INTEGER
input.Body.Targets[_].AvailabilityZone == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveListenerCertificates
valid {
input.Body.ListenerArn == STRING
input.Body.Certificates[_].CertificateArn == STRING
input.Body.Certificates[_].IsDefault == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveTags
valid {
input.Body.ResourceArns[_] == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RemoveTrustStoreRevocations
valid {
input.Body.TrustStoreArn == STRING
input.Body.RevocationIds[_] == LONG
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetIpAddressType
enum_IpAddressType := [ "ipv4", "dualstack" ]
valid {
input.Body.LoadBalancerArn == STRING
input.Body.IpAddressType == enum_IpAddressType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetRulePriorities
valid {
input.Body.RulePriorities[_].RuleArn == STRING
input.Body.RulePriorities[_].Priority == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetSecurityGroups
enum_EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum := [ "on", "off" ]
valid {
input.Body.LoadBalancerArn == STRING
input.Body.SecurityGroups[_] == STRING
input.Body.EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic == enum_EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
SetSubnets
enum_IpAddressType := [ "ipv4", "dualstack" ]
valid {
input.Body.LoadBalancerArn == STRING
input.Body.Subnets[_] == STRING
input.Body.SubnetMappings[_].SubnetId == STRING
input.Body.SubnetMappings[_].AllocationId == STRING
input.Body.SubnetMappings[_].PrivateIPv4Address == STRING
input.Body.SubnetMappings[_].IPv6Address == STRING
input.Body.IpAddressType == enum_IpAddressType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated about 24 hours ago