aws-cdk-lib 2.136.1__py3-none-any.whl → 2.138.0__py3-none-any.whl

aws_cdk/aws_elasticloadbalancingv2/__init__.py

@@ -234,7 +234,22 @@ lb = elbv2.ApplicationLoadBalancer(self, "LB",
     cross_zone_enabled=True,
 
     # Whether the load balancer blocks traffic through the Internet Gateway (IGW).
-    deny_all_igw_traffic=False
+    deny_all_igw_traffic=False,
+
+    # Whether to preserve host header in the request to the target
+    preserve_host_header=True,
+
+    # Whether to add the TLS information header to the request
+    x_amzn_tls_version_and_cipher_suite_headers=True,
+
+    # Whether the X-Forwarded-For header should preserve the source port
+    preserve_xff_client_port=True,
+
+    # The processing mode for X-Forwarded-For headers
+    xff_header_processing_mode=elbv2.XffHeaderProcessingMode.APPEND,
+
+    # Whether to allow a load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
+    waf_fail_open=True
 )
 ```
 
@@ -770,6 +785,19 @@ target_group = elbv2.ApplicationTargetGroup.from_target_group_attributes(self, "
 
 target_group_metrics = target_group.metrics
 ```
+
+## logicalIds on ExternalApplicationListener.addTargetGroups() and .addAction()
+
+By default, the `addTargetGroups()` method does not follow the standard behavior
+of adding a `Rule` suffix to the logicalId of the `ListenerRule` it creates.
+If you are deploying new `ListenerRule`s using `addTargetGroups()` the recommendation
+is to set the `removeRuleSuffixFromLogicalId: false` property.
+If you have `ListenerRule`s deployed using the legacy behavior of `addTargetGroups()`,
+which you need to switch over to being managed by the `addAction()` method,
+then you will need to enable the `removeRuleSuffixFromLogicalId: true` property in the `addAction()` method.
+
+`ListenerRule`s have a unique `priority` for a given `Listener`.
+Because the `priority` must be unique, CloudFormation will always fail when creating a new `ListenerRule` to replace the existing one, unless you change the `priority` as well as the logicalId.
 '''
 from pkgutil import extend_path
 __path__ = extend_path(__path__, __name__)
@@ -10597,7 +10625,22 @@ class DesyncMitigationMode(enum.Enum):
             cross_zone_enabled=True,
         
             # Whether the load balancer blocks traffic through the Internet Gateway (IGW).
-            deny_all_igw_traffic=False
+            deny_all_igw_traffic=False,
+        
+            # Whether to preserve host header in the request to the target
+            preserve_host_header=True,
+        
+            # Whether to add the TLS information header to the request
+            x_amzn_tls_version_and_cipher_suite_headers=True,
+        
+            # Whether the X-Forwarded-For header should preserve the source port
+            preserve_xff_client_port=True,
+        
+            # The processing mode for X-Forwarded-For headers
+            xff_header_processing_mode=elbv2.XffHeaderProcessingMode.APPEND,
+        
+            # Whether to allow a load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
+            waf_fail_open=True
         )
     '''
 
@@ -14730,7 +14773,22 @@ class IpAddressType(enum.Enum):
             cross_zone_enabled=True,
         
             # Whether the load balancer blocks traffic through the Internet Gateway (IGW).
-            deny_all_igw_traffic=False
+            deny_all_igw_traffic=False,
+        
+            # Whether to preserve host header in the request to the target
+            preserve_host_header=True,
+        
+            # Whether to add the TLS information header to the request
+            x_amzn_tls_version_and_cipher_suite_headers=True,
+        
+            # Whether the X-Forwarded-For header should preserve the source port
+            preserve_xff_client_port=True,
+        
+            # The processing mode for X-Forwarded-For headers
+            xff_header_processing_mode=elbv2.XffHeaderProcessingMode.APPEND,
+        
+            # Whether to allow a load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
+            waf_fail_open=True
         )
     '''
 
@@ -18095,6 +18153,72 @@ class WeightedTargetGroup:
         )
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_elasticloadbalancingv2.XffHeaderProcessingMode")
+class XffHeaderProcessingMode(enum.Enum):
+    '''Processing mode of the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        # vpc: ec2.Vpc
+        
+        
+        lb = elbv2.ApplicationLoadBalancer(self, "LB",
+            vpc=vpc,
+            internet_facing=True,
+        
+            # Whether HTTP/2 is enabled
+            http2_enabled=False,
+        
+            # The idle timeout value, in seconds
+            idle_timeout=Duration.seconds(1000),
+        
+            # Whether HTTP headers with header fields thatare not valid
+            # are removed by the load balancer (true), or routed to targets
+            drop_invalid_header_fields=True,
+        
+            # How the load balancer handles requests that might
+            # pose a security risk to your application
+            desync_mitigation_mode=elbv2.DesyncMitigationMode.DEFENSIVE,
+        
+            # The type of IP addresses to use.
+            ip_address_type=elbv2.IpAddressType.IPV4,
+        
+            # The duration of client keep-alive connections
+            client_keep_alive=Duration.seconds(500),
+        
+            # Whether cross-zone load balancing is enabled.
+            cross_zone_enabled=True,
+        
+            # Whether the load balancer blocks traffic through the Internet Gateway (IGW).
+            deny_all_igw_traffic=False,
+        
+            # Whether to preserve host header in the request to the target
+            preserve_host_header=True,
+        
+            # Whether to add the TLS information header to the request
+            x_amzn_tls_version_and_cipher_suite_headers=True,
+        
+            # Whether the X-Forwarded-For header should preserve the source port
+            preserve_xff_client_port=True,
+        
+            # The processing mode for X-Forwarded-For headers
+            xff_header_processing_mode=elbv2.XffHeaderProcessingMode.APPEND,
+        
+            # Whether to allow a load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
+            waf_fail_open=True
+        )
+    '''
+
+    APPEND = "APPEND"
+    '''Application Load Balancer adds the client IP address (of the last hop) to the X-Forwarded-For header in the HTTP request before it sends it to targets.'''
+    PRESERVE = "PRESERVE"
+    '''Application Load Balancer preserves the X-Forwarded-For header in the HTTP request, and sends it to targets without any change.'''
+    REMOVE = "REMOVE"
+    '''Application Load Balancer removes the X-Forwarded-For header in the HTTP request before it sends it to targets.'''
+
+
 @jsii.data_type(
     jsii_type="aws-cdk-lib.aws_elasticloadbalancingv2.AddApplicationActionProps",
     jsii_struct_bases=[AddRuleProps],
@@ -18102,6 +18226,7 @@ class WeightedTargetGroup:
         "conditions": "conditions",
         "priority": "priority",
         "action": "action",
+        "remove_suffix": "removeSuffix",
     },
 )
 class AddApplicationActionProps(AddRuleProps):
@@ -18111,12 +18236,14 @@ class AddApplicationActionProps(AddRuleProps):
         conditions: typing.Optional[typing.Sequence[ListenerCondition]] = None,
         priority: typing.Optional[jsii.Number] = None,
         action: ListenerAction,
+        remove_suffix: typing.Optional[builtins.bool] = None,
     ) -> None:
         '''Properties for adding a new action to a listener.
 
         :param conditions: Rule applies if matches the conditions. Default: - No conditions.
         :param priority: Priority of this target group. The rule with the lowest priority will be used for every request. If priority is not given, these target groups will be added as defaults, and must not have conditions. Priorities must be unique. Default: Target groups are used as defaults
         :param action: Action to perform.
+        :param remove_suffix: ``ListenerRule``s have a ``Rule`` suffix on their logicalId by default. This allows you to remove that suffix. Legacy behavior of the ``addTargetGroups()`` convenience method did not include the ``Rule`` suffix on the logicalId of the generated ``ListenerRule``. At some point, increasing complexity of requirements can require users to switch from the ``addTargetGroups()`` method to the ``addAction()`` method. When migrating ``ListenerRule``s deployed by a legacy version of ``addTargetGroups()``, you will need to enable this flag to avoid changing the logicalId of your resource. Otherwise Cfn will attempt to replace the ``ListenerRule`` and fail. Default: - use standard logicalId with the ``Rule`` suffix
 
         :exampleMetadata: infused
 
@@ -18141,6 +18268,7 @@ class AddApplicationActionProps(AddRuleProps):
             check_type(argname="argument conditions", value=conditions, expected_type=type_hints["conditions"])
             check_type(argname="argument priority", value=priority, expected_type=type_hints["priority"])
             check_type(argname="argument action", value=action, expected_type=type_hints["action"])
+            check_type(argname="argument remove_suffix", value=remove_suffix, expected_type=type_hints["remove_suffix"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "action": action,
         }
@@ -18148,6 +18276,8 @@ class AddApplicationActionProps(AddRuleProps):
             self._values["conditions"] = conditions
         if priority is not None:
             self._values["priority"] = priority
+        if remove_suffix is not None:
+            self._values["remove_suffix"] = remove_suffix
 
     @builtins.property
     def conditions(self) -> typing.Optional[typing.List[ListenerCondition]]:
@@ -18182,6 +18312,22 @@ class AddApplicationActionProps(AddRuleProps):
         assert result is not None, "Required property 'action' is missing"
         return typing.cast(ListenerAction, result)
 
+    @builtins.property
+    def remove_suffix(self) -> typing.Optional[builtins.bool]:
+        '''``ListenerRule``s have a ``Rule`` suffix on their logicalId by default. This allows you to remove that suffix.
+
+        Legacy behavior of the ``addTargetGroups()`` convenience method did not include the ``Rule`` suffix on the logicalId of the generated ``ListenerRule``.
+        At some point, increasing complexity of requirements can require users to switch from the ``addTargetGroups()`` method
+        to the ``addAction()`` method.
+        When migrating ``ListenerRule``s deployed by a legacy version of ``addTargetGroups()``,
+        you will need to enable this flag to avoid changing the logicalId of your resource.
+        Otherwise Cfn will attempt to replace the ``ListenerRule`` and fail.
+
+        :default: - use standard logicalId with the ``Rule`` suffix
+        '''
+        result = self._values.get("remove_suffix")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -19128,7 +19274,12 @@ class ApplicationLoadBalancerLookupOptions(BaseLoadBalancerLookupOptions):
         "http2_enabled": "http2Enabled",
         "idle_timeout": "idleTimeout",
         "ip_address_type": "ipAddressType",
+        "preserve_host_header": "preserveHostHeader",
+        "preserve_xff_client_port": "preserveXffClientPort",
         "security_group": "securityGroup",
+        "waf_fail_open": "wafFailOpen",
+        "x_amzn_tls_version_and_cipher_suite_headers": "xAmznTlsVersionAndCipherSuiteHeaders",
+        "xff_header_processing_mode": "xffHeaderProcessingMode",
     },
 )
 class ApplicationLoadBalancerProps(BaseLoadBalancerProps):
@@ -19148,7 +19299,12 @@ class ApplicationLoadBalancerProps(BaseLoadBalancerProps):
         http2_enabled: typing.Optional[builtins.bool] = None,
         idle_timeout: typing.Optional[_Duration_4839e8c3] = None,
         ip_address_type: typing.Optional[IpAddressType] = None,
+        preserve_host_header: typing.Optional[builtins.bool] = None,
+        preserve_xff_client_port: typing.Optional[builtins.bool] = None,
         security_group: typing.Optional[_ISecurityGroup_acf8a799] = None,
+        waf_fail_open: typing.Optional[builtins.bool] = None,
+        x_amzn_tls_version_and_cipher_suite_headers: typing.Optional[builtins.bool] = None,
+        xff_header_processing_mode: typing.Optional[XffHeaderProcessingMode] = None,
     ) -> None:
         '''Properties for defining an Application Load Balancer.
 
@@ -19165,8 +19321,14 @@ class ApplicationLoadBalancerProps(BaseLoadBalancerProps):
         :param http2_enabled: Indicates whether HTTP/2 is enabled. Default: true
         :param idle_timeout: The load balancer idle timeout, in seconds. Default: 60
         :param ip_address_type: The type of IP addresses to use. Default: IpAddressType.IPV4
+        :param preserve_host_header: Indicates whether the Application Load Balancer should preserve the host header in the HTTP request and send it to the target without any change. Default: false
+        :param preserve_xff_client_port: Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. Default: false
         :param security_group: Security group to associate with this load balancer. Default: A security group is created
+        :param waf_fail_open: Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Default: false
+        :param x_amzn_tls_version_and_cipher_suite_headers: Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. Default: false
+        :param xff_header_processing_mode: Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target. Default: XffHeaderProcessingMode.APPEND
 
+        :see: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/application-load-balancers.html#load-balancer-attributes
         :exampleMetadata: infused
 
         Example::
@@ -19218,7 +19380,12 @@ class ApplicationLoadBalancerProps(BaseLoadBalancerProps):
             check_type(argname="argument http2_enabled", value=http2_enabled, expected_type=type_hints["http2_enabled"])
             check_type(argname="argument idle_timeout", value=idle_timeout, expected_type=type_hints["idle_timeout"])
             check_type(argname="argument ip_address_type", value=ip_address_type, expected_type=type_hints["ip_address_type"])
+            check_type(argname="argument preserve_host_header", value=preserve_host_header, expected_type=type_hints["preserve_host_header"])
+            check_type(argname="argument preserve_xff_client_port", value=preserve_xff_client_port, expected_type=type_hints["preserve_xff_client_port"])
             check_type(argname="argument security_group", value=security_group, expected_type=type_hints["security_group"])
+            check_type(argname="argument waf_fail_open", value=waf_fail_open, expected_type=type_hints["waf_fail_open"])
+            check_type(argname="argument x_amzn_tls_version_and_cipher_suite_headers", value=x_amzn_tls_version_and_cipher_suite_headers, expected_type=type_hints["x_amzn_tls_version_and_cipher_suite_headers"])
+            check_type(argname="argument xff_header_processing_mode", value=xff_header_processing_mode, expected_type=type_hints["xff_header_processing_mode"])
         self._values: typing.Dict[builtins.str, typing.Any] = {
             "vpc": vpc,
         }
@@ -19246,8 +19413,18 @@ class ApplicationLoadBalancerProps(BaseLoadBalancerProps):
             self._values["idle_timeout"] = idle_timeout
         if ip_address_type is not None:
             self._values["ip_address_type"] = ip_address_type
+        if preserve_host_header is not None:
+            self._values["preserve_host_header"] = preserve_host_header
+        if preserve_xff_client_port is not None:
+            self._values["preserve_xff_client_port"] = preserve_xff_client_port
         if security_group is not None:
             self._values["security_group"] = security_group
+        if waf_fail_open is not None:
+            self._values["waf_fail_open"] = waf_fail_open
+        if x_amzn_tls_version_and_cipher_suite_headers is not None:
+            self._values["x_amzn_tls_version_and_cipher_suite_headers"] = x_amzn_tls_version_and_cipher_suite_headers
+        if xff_header_processing_mode is not None:
+            self._values["xff_header_processing_mode"] = xff_header_processing_mode
 
     @builtins.property
     def vpc(self) -> _IVpc_f30d5663:
@@ -19366,6 +19543,24 @@ class ApplicationLoadBalancerProps(BaseLoadBalancerProps):
         result = self._values.get("ip_address_type")
         return typing.cast(typing.Optional[IpAddressType], result)
 
+    @builtins.property
+    def preserve_host_header(self) -> typing.Optional[builtins.bool]:
+        '''Indicates whether the Application Load Balancer should preserve the host header in the HTTP request and send it to the target without any change.
+
+        :default: false
+        '''
+        result = self._values.get("preserve_host_header")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def preserve_xff_client_port(self) -> typing.Optional[builtins.bool]:
+        '''Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer.
+
+        :default: false
+        '''
+        result = self._values.get("preserve_xff_client_port")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def security_group(self) -> typing.Optional[_ISecurityGroup_acf8a799]:
         '''Security group to associate with this load balancer.
@@ -19375,6 +19570,40 @@ class ApplicationLoadBalancerProps(BaseLoadBalancerProps):
         result = self._values.get("security_group")
         return typing.cast(typing.Optional[_ISecurityGroup_acf8a799], result)
 
+    @builtins.property
+    def waf_fail_open(self) -> typing.Optional[builtins.bool]:
+        '''Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF.
+
+        :default: false
+        '''
+        result = self._values.get("waf_fail_open")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def x_amzn_tls_version_and_cipher_suite_headers(
+        self,
+    ) -> typing.Optional[builtins.bool]:
+        '''Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target.
+
+        The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client,
+        and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client.
+
+        Both headers are in OpenSSL format.
+
+        :default: false
+        '''
+        result = self._values.get("x_amzn_tls_version_and_cipher_suite_headers")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
+    @builtins.property
+    def xff_header_processing_mode(self) -> typing.Optional[XffHeaderProcessingMode]:
+        '''Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target.
+
+        :default: XffHeaderProcessingMode.APPEND
+        '''
+        result = self._values.get("xff_header_processing_mode")
+        return typing.cast(typing.Optional[XffHeaderProcessingMode], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -19739,6 +19968,7 @@ class IApplicationListener(
         id: builtins.str,
         *,
         action: ListenerAction,
+        remove_suffix: typing.Optional[builtins.bool] = None,
         conditions: typing.Optional[typing.Sequence[ListenerCondition]] = None,
         priority: typing.Optional[jsii.Number] = None,
     ) -> None:
@@ -19756,6 +19986,7 @@ class IApplicationListener(
 
         :param id: -
         :param action: Action to perform.
+        :param remove_suffix: ``ListenerRule``s have a ``Rule`` suffix on their logicalId by default. This allows you to remove that suffix. Legacy behavior of the ``addTargetGroups()`` convenience method did not include the ``Rule`` suffix on the logicalId of the generated ``ListenerRule``. At some point, increasing complexity of requirements can require users to switch from the ``addTargetGroups()`` method to the ``addAction()`` method. When migrating ``ListenerRule``s deployed by a legacy version of ``addTargetGroups()``, you will need to enable this flag to avoid changing the logicalId of your resource. Otherwise Cfn will attempt to replace the ``ListenerRule`` and fail. Default: - use standard logicalId with the ``Rule`` suffix
         :param conditions: Rule applies if matches the conditions. Default: - No conditions.
         :param priority: Priority of this target group. The rule with the lowest priority will be used for every request. If priority is not given, these target groups will be added as defaults, and must not have conditions. Priorities must be unique. Default: Target groups are used as defaults
         '''
@@ -19871,6 +20102,7 @@ class _IApplicationListenerProxy(
         id: builtins.str,
         *,
         action: ListenerAction,
+        remove_suffix: typing.Optional[builtins.bool] = None,
         conditions: typing.Optional[typing.Sequence[ListenerCondition]] = None,
         priority: typing.Optional[jsii.Number] = None,
     ) -> None:
@@ -19888,6 +20120,7 @@ class _IApplicationListenerProxy(
 
         :param id: -
         :param action: Action to perform.
+        :param remove_suffix: ``ListenerRule``s have a ``Rule`` suffix on their logicalId by default. This allows you to remove that suffix. Legacy behavior of the ``addTargetGroups()`` convenience method did not include the ``Rule`` suffix on the logicalId of the generated ``ListenerRule``. At some point, increasing complexity of requirements can require users to switch from the ``addTargetGroups()`` method to the ``addAction()`` method. When migrating ``ListenerRule``s deployed by a legacy version of ``addTargetGroups()``, you will need to enable this flag to avoid changing the logicalId of your resource. Otherwise Cfn will attempt to replace the ``ListenerRule`` and fail. Default: - use standard logicalId with the ``Rule`` suffix
         :param conditions: Rule applies if matches the conditions. Default: - No conditions.
         :param priority: Priority of this target group. The rule with the lowest priority will be used for every request. If priority is not given, these target groups will be added as defaults, and must not have conditions. Priorities must be unique. Default: Target groups are used as defaults
         '''
@@ -19895,7 +20128,10 @@ class _IApplicationListenerProxy(
             type_hints = typing.get_type_hints(_typecheckingstub__078c8c060ef52d807e9a62da847c7c1f9a2fb0a3f7bf8900246c80b1d9ff0a2e)
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = AddApplicationActionProps(
-            action=action, conditions=conditions, priority=priority
+            action=action,
+            remove_suffix=remove_suffix,
+            conditions=conditions,
+            priority=priority,
         )
 
         return typing.cast(None, jsii.invoke(self, "addAction", [id, props]))
@@ -21047,6 +21283,7 @@ class ApplicationListener(
         id: builtins.str,
         *,
         action: ListenerAction,
+        remove_suffix: typing.Optional[builtins.bool] = None,
         conditions: typing.Optional[typing.Sequence[ListenerCondition]] = None,
         priority: typing.Optional[jsii.Number] = None,
     ) -> None:
@@ -21062,6 +21299,7 @@ class ApplicationListener(
 
         :param id: -
         :param action: Action to perform.
+        :param remove_suffix: ``ListenerRule``s have a ``Rule`` suffix on their logicalId by default. This allows you to remove that suffix. Legacy behavior of the ``addTargetGroups()`` convenience method did not include the ``Rule`` suffix on the logicalId of the generated ``ListenerRule``. At some point, increasing complexity of requirements can require users to switch from the ``addTargetGroups()`` method to the ``addAction()`` method. When migrating ``ListenerRule``s deployed by a legacy version of ``addTargetGroups()``, you will need to enable this flag to avoid changing the logicalId of your resource. Otherwise Cfn will attempt to replace the ``ListenerRule`` and fail. Default: - use standard logicalId with the ``Rule`` suffix
         :param conditions: Rule applies if matches the conditions. Default: - No conditions.
         :param priority: Priority of this target group. The rule with the lowest priority will be used for every request. If priority is not given, these target groups will be added as defaults, and must not have conditions. Priorities must be unique. Default: Target groups are used as defaults
         '''
@@ -21069,7 +21307,10 @@ class ApplicationListener(
             type_hints = typing.get_type_hints(_typecheckingstub__646bd302ed3a63a28a30ea3b62d2e003bf976ae981493560776ad112cacb8001)
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = AddApplicationActionProps(
-            action=action, conditions=conditions, priority=priority
+            action=action,
+            remove_suffix=remove_suffix,
+            conditions=conditions,
+            priority=priority,
         )
 
         return typing.cast(None, jsii.invoke(self, "addAction", [id, props]))
@@ -21287,7 +21528,12 @@ class ApplicationLoadBalancer(
         http2_enabled: typing.Optional[builtins.bool] = None,
         idle_timeout: typing.Optional[_Duration_4839e8c3] = None,
         ip_address_type: typing.Optional[IpAddressType] = None,
+        preserve_host_header: typing.Optional[builtins.bool] = None,
+        preserve_xff_client_port: typing.Optional[builtins.bool] = None,
         security_group: typing.Optional[_ISecurityGroup_acf8a799] = None,
+        waf_fail_open: typing.Optional[builtins.bool] = None,
+        x_amzn_tls_version_and_cipher_suite_headers: typing.Optional[builtins.bool] = None,
+        xff_header_processing_mode: typing.Optional[XffHeaderProcessingMode] = None,
         vpc: _IVpc_f30d5663,
         cross_zone_enabled: typing.Optional[builtins.bool] = None,
         deletion_protection: typing.Optional[builtins.bool] = None,
@@ -21305,7 +21551,12 @@ class ApplicationLoadBalancer(
         :param http2_enabled: Indicates whether HTTP/2 is enabled. Default: true
         :param idle_timeout: The load balancer idle timeout, in seconds. Default: 60
         :param ip_address_type: The type of IP addresses to use. Default: IpAddressType.IPV4
+        :param preserve_host_header: Indicates whether the Application Load Balancer should preserve the host header in the HTTP request and send it to the target without any change. Default: false
+        :param preserve_xff_client_port: Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. Default: false
         :param security_group: Security group to associate with this load balancer. Default: A security group is created
+        :param waf_fail_open: Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. Default: false
+        :param x_amzn_tls_version_and_cipher_suite_headers: Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. Default: false
+        :param xff_header_processing_mode: Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target. Default: XffHeaderProcessingMode.APPEND
         :param vpc: The VPC network to place the load balancer in.
         :param cross_zone_enabled: Indicates whether cross-zone load balancing is enabled. Default: - false for Network Load Balancers and true for Application Load Balancers.
         :param deletion_protection: Indicates whether deletion protection is enabled. Default: false
@@ -21325,7 +21576,12 @@ class ApplicationLoadBalancer(
             http2_enabled=http2_enabled,
             idle_timeout=idle_timeout,
             ip_address_type=ip_address_type,
+            preserve_host_header=preserve_host_header,
+            preserve_xff_client_port=preserve_xff_client_port,
             security_group=security_group,
+            waf_fail_open=waf_fail_open,
+            x_amzn_tls_version_and_cipher_suite_headers=x_amzn_tls_version_and_cipher_suite_headers,
+            xff_header_processing_mode=xff_header_processing_mode,
             vpc=vpc,
             cross_zone_enabled=cross_zone_enabled,
             deletion_protection=deletion_protection,
@@ -23298,6 +23554,7 @@ __all__ = [
     "TargetType",
     "UnauthenticatedAction",
     "WeightedTargetGroup",
+    "XffHeaderProcessingMode",
 ]
 
 publication.publish()
@@ -24991,6 +25248,7 @@ def _typecheckingstub__4107bd237140ac5f517872385fdbe42c3d9200e34f993d6b71eb7a020
     conditions: typing.Optional[typing.Sequence[ListenerCondition]] = None,
     priority: typing.Optional[jsii.Number] = None,
     action: ListenerAction,
+    remove_suffix: typing.Optional[builtins.bool] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -25082,7 +25340,12 @@ def _typecheckingstub__e43cf75024913d9be0d5d621a5f2c2c7be60a57898a54967cd54179b2
     http2_enabled: typing.Optional[builtins.bool] = None,
     idle_timeout: typing.Optional[_Duration_4839e8c3] = None,
     ip_address_type: typing.Optional[IpAddressType] = None,
+    preserve_host_header: typing.Optional[builtins.bool] = None,
+    preserve_xff_client_port: typing.Optional[builtins.bool] = None,
     security_group: typing.Optional[_ISecurityGroup_acf8a799] = None,
+    waf_fail_open: typing.Optional[builtins.bool] = None,
+    x_amzn_tls_version_and_cipher_suite_headers: typing.Optional[builtins.bool] = None,
+    xff_header_processing_mode: typing.Optional[XffHeaderProcessingMode] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -25118,6 +25381,7 @@ def _typecheckingstub__078c8c060ef52d807e9a62da847c7c1f9a2fb0a3f7bf8900246c80b1d
     id: builtins.str,
     *,
     action: ListenerAction,
+    remove_suffix: typing.Optional[builtins.bool] = None,
     conditions: typing.Optional[typing.Sequence[ListenerCondition]] = None,
     priority: typing.Optional[jsii.Number] = None,
 ) -> None:
@@ -25372,6 +25636,7 @@ def _typecheckingstub__646bd302ed3a63a28a30ea3b62d2e003bf976ae981493560776ad112c
     id: builtins.str,
     *,
     action: ListenerAction,
+    remove_suffix: typing.Optional[builtins.bool] = None,
     conditions: typing.Optional[typing.Sequence[ListenerCondition]] = None,
     priority: typing.Optional[jsii.Number] = None,
 ) -> None:
@@ -25432,7 +25697,12 @@ def _typecheckingstub__22d249b6cdbe3ce0dfc1a873ef276c65fe89ce6a5dba0603fae0a5755
     http2_enabled: typing.Optional[builtins.bool] = None,
     idle_timeout: typing.Optional[_Duration_4839e8c3] = None,
     ip_address_type: typing.Optional[IpAddressType] = None,
+    preserve_host_header: typing.Optional[builtins.bool] = None,
+    preserve_xff_client_port: typing.Optional[builtins.bool] = None,
     security_group: typing.Optional[_ISecurityGroup_acf8a799] = None,
+    waf_fail_open: typing.Optional[builtins.bool] = None,
+    x_amzn_tls_version_and_cipher_suite_headers: typing.Optional[builtins.bool] = None,
+    xff_header_processing_mode: typing.Optional[XffHeaderProcessingMode] = None,
     vpc: _IVpc_f30d5663,
     cross_zone_enabled: typing.Optional[builtins.bool] = None,
     deletion_protection: typing.Optional[builtins.bool] = None,

aws_cdk/aws_emr/__init__.py

@@ -3047,7 +3047,7 @@ class CfnCluster(
             :param emr_managed_master_security_group: The identifier of the Amazon EC2 security group for the master node. If you specify ``EmrManagedMasterSecurityGroup`` , you must also specify ``EmrManagedSlaveSecurityGroup`` .
             :param emr_managed_slave_security_group: The identifier of the Amazon EC2 security group for the core and task nodes. If you specify ``EmrManagedSlaveSecurityGroup`` , you must also specify ``EmrManagedMasterSecurityGroup`` .
             :param hadoop_version: Applies only to Amazon EMR release versions earlier than 4.0. The Hadoop version for the cluster. Valid inputs are "0.18" (no longer maintained), "0.20" (no longer maintained), "0.20.205" (no longer maintained), "1.0.3", "2.2.0", or "2.4.0". If you do not set this value, the default of 0.18 is used, unless the ``AmiVersion`` parameter is set in the RunJobFlow call, in which case the default version of Hadoop for that AMI version is used.
-            :param keep_job_flow_alive_when_no_steps: Specifies whether the cluster should remain available after completing all steps. Defaults to ``true`` . For more information about configuring cluster termination, see `Control Cluster Termination <https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-termination.html>`_ in the *EMR Management Guide* .
+            :param keep_job_flow_alive_when_no_steps: Specifies whether the cluster should remain available after completing all steps. Defaults to ``false`` . For more information about configuring cluster termination, see `Control Cluster Termination <https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-termination.html>`_ in the *EMR Management Guide* .
             :param master_instance_fleet: Describes the EC2 instances and instance configurations for the master instance fleet when using clusters with the instance fleet configuration.
             :param master_instance_group: Describes the EC2 instances and instance configurations for the master instance group when using clusters with the uniform instance group configuration.
             :param placement: The Availability Zone in which the cluster runs.
@@ -3637,7 +3637,7 @@ class CfnCluster(
         ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
             '''Specifies whether the cluster should remain available after completing all steps.
 
-            Defaults to ``true`` . For more information about configuring cluster termination, see `Control Cluster Termination <https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-termination.html>`_ in the *EMR Management Guide* .
+            Defaults to ``false`` . For more information about configuring cluster termination, see `Control Cluster Termination <https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-termination.html>`_ in the *EMR Management Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-emr-cluster-jobflowinstancesconfig.html#cfn-emr-cluster-jobflowinstancesconfig-keepjobflowalivewhennosteps
             '''