aws-cdk-lib 2.171.1__py3-none-any.whl → 2.173.0__py3-none-any.whl

aws_cdk/aws_elasticloadbalancingv2/__init__.py

@@ -390,7 +390,24 @@ lb = elbv2.NetworkLoadBalancer(self, "LB",
 )
 ```
 
-You cannot add UDP or TCP_UDP listeners to a dualstack Network Load Balancer.
+You can configure whether to use an IPv6 prefix from each subnet for source NAT by setting `enablePrefixForIpv6SourceNat` to `true`.
+This must be enabled if you want to create a dualstack Network Load Balancer with a listener that uses UDP protocol.
+
+```python
+# vpc: ec2.Vpc
+
+
+lb = elbv2.NetworkLoadBalancer(self, "LB",
+    vpc=vpc,
+    ip_address_type=elbv2.IpAddressType.DUAL_STACK,
+    enable_prefix_for_ipv6_source_nat=True
+)
+
+listener = lb.add_listener("Listener",
+    port=1229,
+    protocol=elbv2.Protocol.UDP
+)
+```
 
 ### Network Load Balancer attributes
 
@@ -598,6 +615,47 @@ target_group = elbv2.ApplicationTargetGroup(self, "TargetGroup",
 )
 ```
 
+### IP Address Type for Target Groups
+
+You can set the IP address type for the target group by setting the `ipAddressType` property for both Application and Network target groups.
+
+If you set the `ipAddressType` property to `IPV6`, the VPC for the target group must have an associated IPv6 CIDR block.
+
+For more information, see IP address type for [Network Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#target-group-ip-address-type) and [Application Load Balancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#target-group-ip-address-type).
+
+```python
+# vpc: ec2.Vpc
+
+
+ipv4_application_target_group = elbv2.ApplicationTargetGroup(self, "IPv4ApplicationTargetGroup",
+    vpc=vpc,
+    port=80,
+    target_type=elbv2.TargetType.INSTANCE,
+    ip_address_type=elbv2.TargetGroupIpAddressType.IPV4
+)
+
+ipv6_application_target_group = elbv2.ApplicationTargetGroup(self, "Ipv6ApplicationTargetGroup",
+    vpc=vpc,
+    port=80,
+    target_type=elbv2.TargetType.INSTANCE,
+    ip_address_type=elbv2.TargetGroupIpAddressType.IPV6
+)
+
+ipv4_network_target_group = elbv2.NetworkTargetGroup(self, "IPv4NetworkTargetGroup",
+    vpc=vpc,
+    port=80,
+    target_type=elbv2.TargetType.INSTANCE,
+    ip_address_type=elbv2.TargetGroupIpAddressType.IPV4
+)
+
+ipv6_network_target_group = elbv2.NetworkTargetGroup(self, "Ipv6NetworkTargetGroup",
+    vpc=vpc,
+    port=80,
+    target_type=elbv2.TargetType.INSTANCE,
+    ip_address_type=elbv2.TargetGroupIpAddressType.IPV6
+)
+```
+
 ## Using Lambda Targets
 
 To use a Lambda Function as a target, use the integration class in the
@@ -3332,6 +3390,7 @@ class BaseNetworkListenerProps:
         "cross_zone_enabled": "crossZoneEnabled",
         "deregistration_delay": "deregistrationDelay",
         "health_check": "healthCheck",
+        "ip_address_type": "ipAddressType",
         "target_group_name": "targetGroupName",
         "target_type": "targetType",
         "vpc": "vpc",
@@ -3344,6 +3403,7 @@ class BaseTargetGroupProps:
         cross_zone_enabled: typing.Optional[builtins.bool] = None,
         deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
         health_check: typing.Optional[typing.Union["HealthCheck", typing.Dict[builtins.str, typing.Any]]] = None,
+        ip_address_type: typing.Optional["TargetGroupIpAddressType"] = None,
         target_group_name: typing.Optional[builtins.str] = None,
         target_type: typing.Optional["TargetType"] = None,
         vpc: typing.Optional[_IVpc_f30d5663] = None,
@@ -3353,6 +3413,7 @@ class BaseTargetGroupProps:
         :param cross_zone_enabled: Indicates whether cross zone load balancing is enabled. Default: - use load balancer configuration
         :param deregistration_delay: The amount of time for Elastic Load Balancing to wait before deregistering a target. The range is 0-3600 seconds. Default: 300
         :param health_check: Health check configuration. Default: - The default value for each property in this configuration varies depending on the target.
+        :param ip_address_type: The type of IP addresses of the targets registered with the target group. Default: undefined - ELB defaults to IPv4
         :param target_group_name: The name of the target group. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. Default: - Automatically generated.
         :param target_type: The type of targets registered to this TargetGroup, either IP or Instance. All targets registered into the group must be of this type. If you register targets to the TargetGroup in the CDK app, the TargetType is determined automatically. Default: - Determined automatically.
         :param vpc: The virtual private cloud (VPC). only if ``TargetType`` is ``Ip`` or ``InstanceId`` Default: - undefined
@@ -3384,6 +3445,7 @@ class BaseTargetGroupProps:
                     timeout=cdk.Duration.minutes(30),
                     unhealthy_threshold_count=123
                 ),
+                ip_address_type=elbv2.TargetGroupIpAddressType.IPV4,
                 target_group_name="targetGroupName",
                 target_type=elbv2.TargetType.INSTANCE,
                 vpc=vpc
@@ -3396,6 +3458,7 @@ class BaseTargetGroupProps:
             check_type(argname="argument cross_zone_enabled", value=cross_zone_enabled, expected_type=type_hints["cross_zone_enabled"])
             check_type(argname="argument deregistration_delay", value=deregistration_delay, expected_type=type_hints["deregistration_delay"])
             check_type(argname="argument health_check", value=health_check, expected_type=type_hints["health_check"])
+            check_type(argname="argument ip_address_type", value=ip_address_type, expected_type=type_hints["ip_address_type"])
             check_type(argname="argument target_group_name", value=target_group_name, expected_type=type_hints["target_group_name"])
             check_type(argname="argument target_type", value=target_type, expected_type=type_hints["target_type"])
             check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
@@ -3406,6 +3469,8 @@ class BaseTargetGroupProps:
             self._values["deregistration_delay"] = deregistration_delay
         if health_check is not None:
             self._values["health_check"] = health_check
+        if ip_address_type is not None:
+            self._values["ip_address_type"] = ip_address_type
         if target_group_name is not None:
             self._values["target_group_name"] = target_group_name
         if target_type is not None:
@@ -3446,6 +3511,15 @@ class BaseTargetGroupProps:
         result = self._values.get("health_check")
         return typing.cast(typing.Optional["HealthCheck"], result)
 
+    @builtins.property
+    def ip_address_type(self) -> typing.Optional["TargetGroupIpAddressType"]:
+        '''The type of IP addresses of the targets registered with the target group.
+
+        :default: undefined - ELB defaults to IPv4
+        '''
+        result = self._values.get("ip_address_type")
+        return typing.cast(typing.Optional["TargetGroupIpAddressType"], result)
+
     @builtins.property
     def target_group_name(self) -> typing.Optional[builtins.str]:
         '''The name of the target group.
@@ -3592,6 +3666,7 @@ class CfnListener(
                 value="value"
             )],
             mutual_authentication=elbv2.CfnListener.MutualAuthenticationProperty(
+                advertise_trust_store_ca_names="advertiseTrustStoreCaNames",
                 ignore_client_certificate_expiry=False,
                 mode="mode",
                 trust_store_arn="trustStoreArn"
@@ -4778,7 +4853,7 @@ class CfnListener(
         ) -> None:
             '''Information about a listener attribute.
 
-            :param key: The name of the attribute. The following attribute is supported by Network Load Balancers, and Gateway Load Balancers. - ``tcp.idle_timeout.seconds`` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.
+            :param key: The name of the attribute. The following attribute is supported by Network Load Balancers, and Gateway Load Balancers. - ``tcp.idle_timeout.seconds`` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds. The following attributes are only supported by Application Load Balancers. - ``routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Serial-Number* HTTP request header. - ``routing.http.request.x_amzn_mtls_clientcert_issuer.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Issuer* HTTP request header. - ``routing.http.request.x_amzn_mtls_clientcert_subject.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Subject* HTTP request header. - ``routing.http.request.x_amzn_mtls_clientcert_validity.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Validity* HTTP request header. - ``routing.http.request.x_amzn_mtls_clientcert_leaf.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Leaf* HTTP request header. - ``routing.http.request.x_amzn_mtls_clientcert.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert* HTTP request header. - ``routing.http.request.x_amzn_tls_version.header_name`` - Enables you to modify the header name of the *X-Amzn-Tls-Version* HTTP request header. - ``routing.http.request.x_amzn_tls_cipher_suite.header_name`` - Enables you to modify the header name of the *X-Amzn-Tls-Cipher-Suite* HTTP request header. - ``routing.http.response.server.enabled`` - Enables you to allow or remove the HTTP response server header. - ``routing.http.response.strict_transport_security.header_value`` - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS. - ``routing.http.response.access_control_allow_origin.header_value`` - Specifies which origins are allowed to access the server. - ``routing.http.response.access_control_allow_methods.header_value`` - Returns which HTTP methods are allowed when accessing the server from a different origin. - ``routing.http.response.access_control_allow_headers.header_value`` - Specifies which headers can be used during the request. - ``routing.http.response.access_control_allow_credentials.header_value`` - Indicates whether the browser should include credentials such as cookies or authentication when making requests. - ``routing.http.response.access_control_expose_headers.header_value`` - Returns which headers the browser can expose to the requesting client. - ``routing.http.response.access_control_max_age.header_value`` - Specifies how long the results of a preflight request can be cached, in seconds. - ``routing.http.response.content_security_policy.header_value`` - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats. - ``routing.http.response.x_content_type_options.header_value`` - Indicates whether the MIME types advertised in the *Content-Type* headers should be followed and not be changed. - ``routing.http.response.x_frame_options.header_value`` - Indicates whether the browser is allowed to render a page in a *frame* , *iframe* , *embed* or *object* .
             :param value: The value of the attribute.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html
@@ -4813,6 +4888,28 @@ class CfnListener(
 
             - ``tcp.idle_timeout.seconds`` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds.
 
+            The following attributes are only supported by Application Load Balancers.
+
+            - ``routing.http.request.x_amzn_mtls_clientcert_serial_number.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Serial-Number* HTTP request header.
+            - ``routing.http.request.x_amzn_mtls_clientcert_issuer.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Issuer* HTTP request header.
+            - ``routing.http.request.x_amzn_mtls_clientcert_subject.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Subject* HTTP request header.
+            - ``routing.http.request.x_amzn_mtls_clientcert_validity.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Validity* HTTP request header.
+            - ``routing.http.request.x_amzn_mtls_clientcert_leaf.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert-Leaf* HTTP request header.
+            - ``routing.http.request.x_amzn_mtls_clientcert.header_name`` - Enables you to modify the header name of the *X-Amzn-Mtls-Clientcert* HTTP request header.
+            - ``routing.http.request.x_amzn_tls_version.header_name`` - Enables you to modify the header name of the *X-Amzn-Tls-Version* HTTP request header.
+            - ``routing.http.request.x_amzn_tls_cipher_suite.header_name`` - Enables you to modify the header name of the *X-Amzn-Tls-Cipher-Suite* HTTP request header.
+            - ``routing.http.response.server.enabled`` - Enables you to allow or remove the HTTP response server header.
+            - ``routing.http.response.strict_transport_security.header_value`` - Informs browsers that the site should only be accessed using HTTPS, and that any future attempts to access it using HTTP should automatically be converted to HTTPS.
+            - ``routing.http.response.access_control_allow_origin.header_value`` - Specifies which origins are allowed to access the server.
+            - ``routing.http.response.access_control_allow_methods.header_value`` - Returns which HTTP methods are allowed when accessing the server from a different origin.
+            - ``routing.http.response.access_control_allow_headers.header_value`` - Specifies which headers can be used during the request.
+            - ``routing.http.response.access_control_allow_credentials.header_value`` - Indicates whether the browser should include credentials such as cookies or authentication when making requests.
+            - ``routing.http.response.access_control_expose_headers.header_value`` - Returns which headers the browser can expose to the requesting client.
+            - ``routing.http.response.access_control_max_age.header_value`` - Specifies how long the results of a preflight request can be cached, in seconds.
+            - ``routing.http.response.content_security_policy.header_value`` - Specifies restrictions enforced by the browser to help minimize the risk of certain types of security threats.
+            - ``routing.http.response.x_content_type_options.header_value`` - Indicates whether the MIME types advertised in the *Content-Type* headers should be followed and not be changed.
+            - ``routing.http.response.x_frame_options.header_value`` - Indicates whether the browser is allowed to render a page in a *frame* , *iframe* , *embed* or *object* .
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-listenerattribute.html#cfn-elasticloadbalancingv2-listener-listenerattribute-key
             '''
             result = self._values.get("key")
@@ -4842,6 +4939,7 @@ class CfnListener(
         jsii_type="aws-cdk-lib.aws_elasticloadbalancingv2.CfnListener.MutualAuthenticationProperty",
         jsii_struct_bases=[],
         name_mapping={
+            "advertise_trust_store_ca_names": "advertiseTrustStoreCaNames",
             "ignore_client_certificate_expiry": "ignoreClientCertificateExpiry",
             "mode": "mode",
             "trust_store_arn": "trustStoreArn",
@@ -4851,12 +4949,14 @@ class CfnListener(
         def __init__(
             self,
             *,
+            advertise_trust_store_ca_names: typing.Optional[builtins.str] = None,
             ignore_client_certificate_expiry: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
             mode: typing.Optional[builtins.str] = None,
             trust_store_arn: typing.Optional[builtins.str] = None,
         ) -> None:
             '''Specifies the configuration information for mutual authentication.
 
+            :param advertise_trust_store_ca_names: 
             :param ignore_client_certificate_expiry: Indicates whether expired client certificates are ignored.
             :param mode: The client certificate handling method. Options are ``off`` , ``passthrough`` or ``verify`` . The default value is ``off`` .
             :param trust_store_arn: The Amazon Resource Name (ARN) of the trust store.
@@ -4871,6 +4971,7 @@ class CfnListener(
                 from aws_cdk import aws_elasticloadbalancingv2 as elbv2
                 
                 mutual_authentication_property = elbv2.CfnListener.MutualAuthenticationProperty(
+                    advertise_trust_store_ca_names="advertiseTrustStoreCaNames",
                     ignore_client_certificate_expiry=False,
                     mode="mode",
                     trust_store_arn="trustStoreArn"
@@ -4878,10 +4979,13 @@ class CfnListener(
             '''
             if __debug__:
                 type_hints = typing.get_type_hints(_typecheckingstub__07605e87f763c352d3e6705d69aa07723ad3c005493c1fdef02b175f49d53ee0)
+                check_type(argname="argument advertise_trust_store_ca_names", value=advertise_trust_store_ca_names, expected_type=type_hints["advertise_trust_store_ca_names"])
                 check_type(argname="argument ignore_client_certificate_expiry", value=ignore_client_certificate_expiry, expected_type=type_hints["ignore_client_certificate_expiry"])
                 check_type(argname="argument mode", value=mode, expected_type=type_hints["mode"])
                 check_type(argname="argument trust_store_arn", value=trust_store_arn, expected_type=type_hints["trust_store_arn"])
             self._values: typing.Dict[builtins.str, typing.Any] = {}
+            if advertise_trust_store_ca_names is not None:
+                self._values["advertise_trust_store_ca_names"] = advertise_trust_store_ca_names
             if ignore_client_certificate_expiry is not None:
                 self._values["ignore_client_certificate_expiry"] = ignore_client_certificate_expiry
             if mode is not None:
@@ -4889,6 +4993,14 @@ class CfnListener(
             if trust_store_arn is not None:
                 self._values["trust_store_arn"] = trust_store_arn
 
+        @builtins.property
+        def advertise_trust_store_ca_names(self) -> typing.Optional[builtins.str]:
+            '''
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-mutualauthentication.html#cfn-elasticloadbalancingv2-listener-mutualauthentication-advertisetruststorecanames
+            '''
+            result = self._values.get("advertise_trust_store_ca_names")
+            return typing.cast(typing.Optional[builtins.str], result)
+
         @builtins.property
         def ignore_client_certificate_expiry(
             self,
@@ -5629,6 +5741,7 @@ class CfnListenerProps:
                     value="value"
                 )],
                 mutual_authentication=elbv2.CfnListener.MutualAuthenticationProperty(
+                    advertise_trust_store_ca_names="advertiseTrustStoreCaNames",
                     ignore_client_certificate_expiry=False,
                     mode="mode",
                     trust_store_arn="trustStoreArn"
@@ -8174,6 +8287,9 @@ class CfnLoadBalancer(
                 key="key",
                 value="value"
             )],
+            minimum_load_balancer_capacity=elbv2.CfnLoadBalancer.MinimumLoadBalancerCapacityProperty(
+                capacity_units=123
+            ),
             name="name",
             scheme="scheme",
             security_groups=["securityGroups"],
@@ -8204,6 +8320,7 @@ class CfnLoadBalancer(
         enforce_security_group_inbound_rules_on_private_link_traffic: typing.Optional[builtins.str] = None,
         ip_address_type: typing.Optional[builtins.str] = None,
         load_balancer_attributes: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnLoadBalancer.LoadBalancerAttributeProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        minimum_load_balancer_capacity: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnLoadBalancer.MinimumLoadBalancerCapacityProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
         name: typing.Optional[builtins.str] = None,
         scheme: typing.Optional[builtins.str] = None,
         security_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
@@ -8219,6 +8336,7 @@ class CfnLoadBalancer(
         :param enforce_security_group_inbound_rules_on_private_link_traffic: Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink .
         :param ip_address_type: The IP address type. Internal load balancers must use ``ipv4`` . [Application Load Balancers] The possible values are ``ipv4`` (IPv4 addresses), ``dualstack`` (IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (public IPv6 addresses and private IPv4 and IPv6 addresses). Application Load Balancer authentication supports IPv4 addresses only when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer can't complete the authentication process, resulting in HTTP 500 errors. [Network Load Balancers and Gateway Load Balancers] The possible values are ``ipv4`` (IPv4 addresses) and ``dualstack`` (IPv4 and IPv6 addresses).
         :param load_balancer_attributes: The load balancer attributes.
+        :param minimum_load_balancer_capacity: The minimum capacity for a load balancer.
         :param name: The name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-". If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.
         :param scheme: The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer. The default is an Internet-facing load balancer. You can't specify a scheme for a Gateway Load Balancer.
         :param security_groups: [Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.
@@ -8236,6 +8354,7 @@ class CfnLoadBalancer(
             enforce_security_group_inbound_rules_on_private_link_traffic=enforce_security_group_inbound_rules_on_private_link_traffic,
             ip_address_type=ip_address_type,
             load_balancer_attributes=load_balancer_attributes,
+            minimum_load_balancer_capacity=minimum_load_balancer_capacity,
             name=name,
             scheme=scheme,
             security_groups=security_groups,
@@ -8418,6 +8537,24 @@ class CfnLoadBalancer(
             check_type(argname="argument value", value=value, expected_type=type_hints["value"])
         jsii.set(self, "loadBalancerAttributes", value) # pyright: ignore[reportArgumentType]
 
+    @builtins.property
+    @jsii.member(jsii_name="minimumLoadBalancerCapacity")
+    def minimum_load_balancer_capacity(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLoadBalancer.MinimumLoadBalancerCapacityProperty"]]:
+        '''The minimum capacity for a load balancer.'''
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLoadBalancer.MinimumLoadBalancerCapacityProperty"]], jsii.get(self, "minimumLoadBalancerCapacity"))
+
+    @minimum_load_balancer_capacity.setter
+    def minimum_load_balancer_capacity(
+        self,
+        value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnLoadBalancer.MinimumLoadBalancerCapacityProperty"]],
+    ) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__102164e78a5cf61e67908e476a27971c19e5604c38d90ddca6b4b346581d0209)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "minimumLoadBalancerCapacity", value) # pyright: ignore[reportArgumentType]
+
     @builtins.property
     @jsii.member(jsii_name="name")
     def name(self) -> typing.Optional[builtins.str]:
@@ -8531,7 +8668,7 @@ class CfnLoadBalancer(
         ) -> None:
             '''Specifies an attribute for an Application Load Balancer, a Network Load Balancer, or a Gateway Load Balancer.
 
-            :param key: The name of the attribute. The following attributes are supported by all load balancers: - ``deletion_protection.enabled`` - Indicates whether deletion protection is enabled. The value is ``true`` or ``false`` . The default is ``false`` . - ``load_balancing.cross_zone.enabled`` - Indicates whether cross-zone load balancing is enabled. The possible values are ``true`` and ``false`` . The default for Network Load Balancers and Gateway Load Balancers is ``false`` . The default for Application Load Balancers is ``true`` , and can't be changed. The following attributes are supported by both Application Load Balancers and Network Load Balancers: - ``access_logs.s3.enabled`` - Indicates whether access logs are enabled. The value is ``true`` or ``false`` . The default is ``false`` . - ``access_logs.s3.bucket`` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket. - ``access_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the access logs. - ``ipv6.deny_all_igw_traffic`` - Blocks internet gateway (IGW) access to the load balancer. It is set to ``false`` for internet-facing load balancers and ``true`` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway. The following attributes are supported by only Application Load Balancers: - ``idle_timeout.timeout_seconds`` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds. - ``client_keep_alive.seconds`` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds. - ``connection_logs.s3.enabled`` - Indicates whether connection logs are enabled. The value is ``true`` or ``false`` . The default is ``false`` . - ``connection_logs.s3.bucket`` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket. - ``connection_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the connection logs. - ``routing.http.desync_mitigation_mode`` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are ``monitor`` , ``defensive`` , and ``strictest`` . The default is ``defensive`` . - ``routing.http.drop_invalid_header_fields.enabled`` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer ( ``true`` ) or routed to targets ( ``false`` ). The default is ``false`` . - ``routing.http.preserve_host_header.enabled`` - Indicates whether the Application Load Balancer should preserve the ``Host`` header in the HTTP request and send it to the target without any change. The possible values are ``true`` and ``false`` . The default is ``false`` . - ``routing.http.x_amzn_tls_version_and_cipher_suite.enabled`` - Indicates whether the two headers ( ``x-amzn-tls-version`` and ``x-amzn-tls-cipher-suite`` ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The ``x-amzn-tls-version`` header has information about the TLS protocol version negotiated with the client, and the ``x-amzn-tls-cipher-suite`` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are ``true`` and ``false`` . The default is ``false`` . - ``routing.http.xff_client_port.enabled`` - Indicates whether the ``X-Forwarded-For`` header should preserve the source port that the client used to connect to the load balancer. The possible values are ``true`` and ``false`` . The default is ``false`` . - ``routing.http.xff_header_processing.mode`` - Enables you to modify, preserve, or remove the ``X-Forwarded-For`` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are ``append`` , ``preserve`` , and ``remove`` . The default is ``append`` . - If the value is ``append`` , the Application Load Balancer adds the client IP address (of the last hop) to the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets. - If the value is ``preserve`` the Application Load Balancer preserves the ``X-Forwarded-For`` header in the HTTP request, and sends it to targets without any change. - If the value is ``remove`` , the Application Load Balancer removes the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets. - ``routing.http2.enabled`` - Indicates whether HTTP/2 is enabled. The possible values are ``true`` and ``false`` . The default is ``true`` . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. - ``waf.fail_open.enabled`` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are ``true`` and ``false`` . The default is ``false`` . The following attributes are supported by only Network Load Balancers: - ``dns_record.client_routing_policy`` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are ``availability_zone_affinity`` with 100 percent zonal affinity, ``partial_availability_zone_affinity`` with 85 percent zonal affinity, and ``any_availability_zone`` with 0 percent zonal affinity. - ``zonal_shift.config.enabled`` - Indicates whether zonal shift is enabled. The possible values are ``true`` and ``false`` . The default is ``false`` .
+            :param key: The name of the attribute. The following attributes are supported by all load balancers: - ``deletion_protection.enabled`` - Indicates whether deletion protection is enabled. The value is ``true`` or ``false`` . The default is ``false`` . - ``load_balancing.cross_zone.enabled`` - Indicates whether cross-zone load balancing is enabled. The possible values are ``true`` and ``false`` . The default for Network Load Balancers and Gateway Load Balancers is ``false`` . The default for Application Load Balancers is ``true`` , and can't be changed. The following attributes are supported by both Application Load Balancers and Network Load Balancers: - ``access_logs.s3.enabled`` - Indicates whether access logs are enabled. The value is ``true`` or ``false`` . The default is ``false`` . - ``access_logs.s3.bucket`` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket. - ``access_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the access logs. - ``ipv6.deny_all_igw_traffic`` - Blocks internet gateway (IGW) access to the load balancer. It is set to ``false`` for internet-facing load balancers and ``true`` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway. - ``zonal_shift.config.enabled`` - Indicates whether zonal shift is enabled. The possible values are ``true`` and ``false`` . The default is ``false`` . The following attributes are supported by only Application Load Balancers: - ``idle_timeout.timeout_seconds`` - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds. - ``client_keep_alive.seconds`` - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds. - ``connection_logs.s3.enabled`` - Indicates whether connection logs are enabled. The value is ``true`` or ``false`` . The default is ``false`` . - ``connection_logs.s3.bucket`` - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket. - ``connection_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the connection logs. - ``routing.http.desync_mitigation_mode`` - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are ``monitor`` , ``defensive`` , and ``strictest`` . The default is ``defensive`` . - ``routing.http.drop_invalid_header_fields.enabled`` - Indicates whether HTTP headers with invalid header fields are removed by the load balancer ( ``true`` ) or routed to targets ( ``false`` ). The default is ``false`` . - ``routing.http.preserve_host_header.enabled`` - Indicates whether the Application Load Balancer should preserve the ``Host`` header in the HTTP request and send it to the target without any change. The possible values are ``true`` and ``false`` . The default is ``false`` . - ``routing.http.x_amzn_tls_version_and_cipher_suite.enabled`` - Indicates whether the two headers ( ``x-amzn-tls-version`` and ``x-amzn-tls-cipher-suite`` ), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The ``x-amzn-tls-version`` header has information about the TLS protocol version negotiated with the client, and the ``x-amzn-tls-cipher-suite`` header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are ``true`` and ``false`` . The default is ``false`` . - ``routing.http.xff_client_port.enabled`` - Indicates whether the ``X-Forwarded-For`` header should preserve the source port that the client used to connect to the load balancer. The possible values are ``true`` and ``false`` . The default is ``false`` . - ``routing.http.xff_header_processing.mode`` - Enables you to modify, preserve, or remove the ``X-Forwarded-For`` header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are ``append`` , ``preserve`` , and ``remove`` . The default is ``append`` . - If the value is ``append`` , the Application Load Balancer adds the client IP address (of the last hop) to the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets. - If the value is ``preserve`` the Application Load Balancer preserves the ``X-Forwarded-For`` header in the HTTP request, and sends it to targets without any change. - If the value is ``remove`` , the Application Load Balancer removes the ``X-Forwarded-For`` header in the HTTP request before it sends it to targets. - ``routing.http2.enabled`` - Indicates whether HTTP/2 is enabled. The possible values are ``true`` and ``false`` . The default is ``true`` . Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. - ``waf.fail_open.enabled`` - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to AWS WAF. The possible values are ``true`` and ``false`` . The default is ``false`` . The following attributes are supported by only Network Load Balancers: - ``dns_record.client_routing_policy`` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are ``availability_zone_affinity`` with 100 percent zonal affinity, ``partial_availability_zone_affinity`` with 85 percent zonal affinity, and ``any_availability_zone`` with 0 percent zonal affinity.
             :param value: The value of the attribute.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.html
@@ -8573,6 +8710,7 @@ class CfnLoadBalancer(
             - ``access_logs.s3.bucket`` - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
             - ``access_logs.s3.prefix`` - The prefix for the location in the S3 bucket for the access logs.
             - ``ipv6.deny_all_igw_traffic`` - Blocks internet gateway (IGW) access to the load balancer. It is set to ``false`` for internet-facing load balancers and ``true`` for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.
+            - ``zonal_shift.config.enabled`` - Indicates whether zonal shift is enabled. The possible values are ``true`` and ``false`` . The default is ``false`` .
 
             The following attributes are supported by only Application Load Balancers:
 
@@ -8596,7 +8734,6 @@ class CfnLoadBalancer(
             The following attributes are supported by only Network Load Balancers:
 
             - ``dns_record.client_routing_policy`` - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are ``availability_zone_affinity`` with 100 percent zonal affinity, ``partial_availability_zone_affinity`` with 85 percent zonal affinity, and ``any_availability_zone`` with 0 percent zonal affinity.
-            - ``zonal_shift.config.enabled`` - Indicates whether zonal shift is enabled. The possible values are ``true`` and ``false`` . The default is ``false`` .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-loadbalancerattribute.html#cfn-elasticloadbalancingv2-loadbalancer-loadbalancerattribute-key
             '''
@@ -8623,6 +8760,58 @@ class CfnLoadBalancer(
                 k + "=" + repr(v) for k, v in self._values.items()
             )
 
+    @jsii.data_type(
+        jsii_type="aws-cdk-lib.aws_elasticloadbalancingv2.CfnLoadBalancer.MinimumLoadBalancerCapacityProperty",
+        jsii_struct_bases=[],
+        name_mapping={"capacity_units": "capacityUnits"},
+    )
+    class MinimumLoadBalancerCapacityProperty:
+        def __init__(self, *, capacity_units: jsii.Number) -> None:
+            '''The minimum capacity for a load balancer.
+
+            :param capacity_units: The number of capacity units.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity.html
+            :exampleMetadata: fixture=_generated
+
+            Example::
+
+                # The code below shows an example of how to instantiate this type.
+                # The values are placeholders you should change.
+                from aws_cdk import aws_elasticloadbalancingv2 as elbv2
+                
+                minimum_load_balancer_capacity_property = elbv2.CfnLoadBalancer.MinimumLoadBalancerCapacityProperty(
+                    capacity_units=123
+                )
+            '''
+            if __debug__:
+                type_hints = typing.get_type_hints(_typecheckingstub__bd0d2d4a891c02fabab09ae876b5f738a440bf3402f1db5dc28e3cdd47b733bc)
+                check_type(argname="argument capacity_units", value=capacity_units, expected_type=type_hints["capacity_units"])
+            self._values: typing.Dict[builtins.str, typing.Any] = {
+                "capacity_units": capacity_units,
+            }
+
+        @builtins.property
+        def capacity_units(self) -> jsii.Number:
+            '''The number of capacity units.
+
+            :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity.html#cfn-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity-capacityunits
+            '''
+            result = self._values.get("capacity_units")
+            assert result is not None, "Required property 'capacity_units' is missing"
+            return typing.cast(jsii.Number, result)
+
+        def __eq__(self, rhs: typing.Any) -> builtins.bool:
+            return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+        def __ne__(self, rhs: typing.Any) -> builtins.bool:
+            return not (rhs == self)
+
+        def __repr__(self) -> str:
+            return "MinimumLoadBalancerCapacityProperty(%s)" % ", ".join(
+                k + "=" + repr(v) for k, v in self._values.items()
+            )
+
     @jsii.data_type(
         jsii_type="aws-cdk-lib.aws_elasticloadbalancingv2.CfnLoadBalancer.SubnetMappingProperty",
         jsii_struct_bases=[],
@@ -8758,6 +8947,7 @@ class CfnLoadBalancer(
         "enforce_security_group_inbound_rules_on_private_link_traffic": "enforceSecurityGroupInboundRulesOnPrivateLinkTraffic",
         "ip_address_type": "ipAddressType",
         "load_balancer_attributes": "loadBalancerAttributes",
+        "minimum_load_balancer_capacity": "minimumLoadBalancerCapacity",
         "name": "name",
         "scheme": "scheme",
         "security_groups": "securityGroups",
@@ -8775,6 +8965,7 @@ class CfnLoadBalancerProps:
         enforce_security_group_inbound_rules_on_private_link_traffic: typing.Optional[builtins.str] = None,
         ip_address_type: typing.Optional[builtins.str] = None,
         load_balancer_attributes: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnLoadBalancer.LoadBalancerAttributeProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+        minimum_load_balancer_capacity: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnLoadBalancer.MinimumLoadBalancerCapacityProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
         name: typing.Optional[builtins.str] = None,
         scheme: typing.Optional[builtins.str] = None,
         security_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
@@ -8789,6 +8980,7 @@ class CfnLoadBalancerProps:
         :param enforce_security_group_inbound_rules_on_private_link_traffic: Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink .
         :param ip_address_type: The IP address type. Internal load balancers must use ``ipv4`` . [Application Load Balancers] The possible values are ``ipv4`` (IPv4 addresses), ``dualstack`` (IPv4 and IPv6 addresses), and ``dualstack-without-public-ipv4`` (public IPv6 addresses and private IPv4 and IPv6 addresses). Application Load Balancer authentication supports IPv4 addresses only when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer can't complete the authentication process, resulting in HTTP 500 errors. [Network Load Balancers and Gateway Load Balancers] The possible values are ``ipv4`` (IPv4 addresses) and ``dualstack`` (IPv4 and IPv6 addresses).
         :param load_balancer_attributes: The load balancer attributes.
+        :param minimum_load_balancer_capacity: The minimum capacity for a load balancer.
         :param name: The name of the load balancer. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, must not begin or end with a hyphen, and must not begin with "internal-". If you don't specify a name, AWS CloudFormation generates a unique physical ID for the load balancer. If you specify a name, you cannot perform updates that require replacement of this resource, but you can perform other updates. To replace the resource, specify a new name.
         :param scheme: The nodes of an Internet-facing load balancer have public IP addresses. The DNS name of an Internet-facing load balancer is publicly resolvable to the public IP addresses of the nodes. Therefore, Internet-facing load balancers can route requests from clients over the internet. The nodes of an internal load balancer have only private IP addresses. The DNS name of an internal load balancer is publicly resolvable to the private IP addresses of the nodes. Therefore, internal load balancers can route requests only from clients with access to the VPC for the load balancer. The default is an Internet-facing load balancer. You can't specify a scheme for a Gateway Load Balancer.
         :param security_groups: [Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.
@@ -8814,6 +9006,9 @@ class CfnLoadBalancerProps:
                     key="key",
                     value="value"
                 )],
+                minimum_load_balancer_capacity=elbv2.CfnLoadBalancer.MinimumLoadBalancerCapacityProperty(
+                    capacity_units=123
+                ),
                 name="name",
                 scheme="scheme",
                 security_groups=["securityGroups"],
@@ -8840,6 +9035,7 @@ class CfnLoadBalancerProps:
             check_type(argname="argument enforce_security_group_inbound_rules_on_private_link_traffic", value=enforce_security_group_inbound_rules_on_private_link_traffic, expected_type=type_hints["enforce_security_group_inbound_rules_on_private_link_traffic"])
             check_type(argname="argument ip_address_type", value=ip_address_type, expected_type=type_hints["ip_address_type"])
             check_type(argname="argument load_balancer_attributes", value=load_balancer_attributes, expected_type=type_hints["load_balancer_attributes"])
+            check_type(argname="argument minimum_load_balancer_capacity", value=minimum_load_balancer_capacity, expected_type=type_hints["minimum_load_balancer_capacity"])
             check_type(argname="argument name", value=name, expected_type=type_hints["name"])
             check_type(argname="argument scheme", value=scheme, expected_type=type_hints["scheme"])
             check_type(argname="argument security_groups", value=security_groups, expected_type=type_hints["security_groups"])
@@ -8856,6 +9052,8 @@ class CfnLoadBalancerProps:
             self._values["ip_address_type"] = ip_address_type
         if load_balancer_attributes is not None:
             self._values["load_balancer_attributes"] = load_balancer_attributes
+        if minimum_load_balancer_capacity is not None:
+            self._values["minimum_load_balancer_capacity"] = minimum_load_balancer_capacity
         if name is not None:
             self._values["name"] = name
         if scheme is not None:
@@ -8919,6 +9117,17 @@ class CfnLoadBalancerProps:
         result = self._values.get("load_balancer_attributes")
         return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, CfnLoadBalancer.LoadBalancerAttributeProperty]]]], result)
 
+    @builtins.property
+    def minimum_load_balancer_capacity(
+        self,
+    ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnLoadBalancer.MinimumLoadBalancerCapacityProperty]]:
+        '''The minimum capacity for a load balancer.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#cfn-elasticloadbalancingv2-loadbalancer-minimumloadbalancercapacity
+        '''
+        result = self._values.get("minimum_load_balancer_capacity")
+        return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnLoadBalancer.MinimumLoadBalancerCapacityProperty]], result)
+
     @builtins.property
     def name(self) -> typing.Optional[builtins.str]:
         '''The name of the load balancer.
@@ -11284,15 +11493,15 @@ class HealthCheck:
         '''Properties for configuring a health check.
 
         :param enabled: Indicates whether health checks are enabled. If the target type is lambda, health checks are disabled by default but can be enabled. If the target type is instance or ip, health checks are always enabled and cannot be disabled. Default: - Determined automatically.
-        :param healthy_grpc_codes: GRPC code to use when checking for a successful response from a target. You can specify values between 0 and 99. You can specify multiple values (for example, "0,1") or a range of values (for example, "0-5"). Default: - 12
+        :param healthy_grpc_codes: GRPC code to use when checking for a successful response from a target. You can specify values between 0 and 99. You can specify multiple values (for example, "0,1") or a range of values (for example, "0-5"). Default: 12
         :param healthy_http_codes: HTTP code to use when checking for a successful response from a target. For Application Load Balancers, you can specify values between 200 and 499, and the default value is 200. You can specify multiple values (for example, "200,202") or a range of values (for example, "200-299").
-        :param healthy_threshold_count: The number of consecutive health checks successes required before considering an unhealthy target healthy. For Application Load Balancers, the default is 5. For Network Load Balancers, the default is 3. Default: 5 for ALBs, 3 for NLBs
-        :param interval: The approximate number of seconds between health checks for an individual target. Must be 5 to 300 seconds Default: 10 seconds if protocol is ``GENEVE``, 35 seconds if target type is ``lambda``, else 30 seconds
+        :param healthy_threshold_count: The number of consecutive health checks successes required before considering an unhealthy target healthy. For Application Load Balancers, the default is 5. For Network Load Balancers, the default is 3. Default: - 5 for ALBs, 3 for NLBs
+        :param interval: The approximate number of seconds between health checks for an individual target. Must be 5 to 300 seconds Default: - 10 seconds if protocol is ``GENEVE``, 35 seconds if target type is ``lambda``, else 30 seconds
         :param path: The ping path destination where Elastic Load Balancing sends health check requests. Default: /
         :param port: The port that the load balancer uses when performing health checks on the targets. Default: 'traffic-port'
-        :param protocol: The protocol the load balancer uses when performing health checks on targets. The TCP protocol is supported for health checks only if the protocol of the target group is TCP, TLS, UDP, or TCP_UDP. The TLS, UDP, and TCP_UDP protocols are not supported for health checks. Default: HTTP for ALBs, TCP for NLBs
-        :param timeout: The amount of time, in seconds, during which no response from a target means a failed health check. Must be 2 to 120 seconds. Default: 6 seconds if the protocol is HTTP, 5 seconds if protocol is ``GENEVE``, 30 seconds if target type is ``lambda``, 10 seconds for TCP, TLS, or HTTPS
-        :param unhealthy_threshold_count: The number of consecutive health check failures required before considering a target unhealthy. For Application Load Balancers, the default is 2. For Network Load Balancers, this value must be the same as the healthy threshold count. Default: 2
+        :param protocol: The protocol the load balancer uses when performing health checks on targets. The TCP protocol is supported for health checks only if the protocol of the target group is TCP, TLS, UDP, or TCP_UDP. The TLS, UDP, and TCP_UDP protocols are not supported for health checks. Default: - HTTP for ALBs, TCP for NLBs
+        :param timeout: The amount of time, in seconds, during which no response from a target means a failed health check. Must be 2 to 120 seconds. Default: - 6 seconds if the protocol is HTTP, 5 seconds if protocol is ``GENEVE``, 30 seconds if target type is ``lambda``, 10 seconds for TCP, TLS, or HTTPS
+        :param unhealthy_threshold_count: The number of consecutive health check failures required before considering a target unhealthy. For Application Load Balancers, the default is 2. For Network Load Balancers, the range is between 2-10 and can be set accordingly. Default: 2
 
         :exampleMetadata: infused
 
@@ -11369,7 +11578,7 @@ class HealthCheck:
         You can specify values between 0 and 99. You can specify multiple values
         (for example, "0,1") or a range of values (for example, "0-5").
 
-        :default: - 12
+        :default: 12
         '''
         result = self._values.get("healthy_grpc_codes")
         return typing.cast(typing.Optional[builtins.str], result)
@@ -11391,7 +11600,7 @@ class HealthCheck:
 
         For Application Load Balancers, the default is 5. For Network Load Balancers, the default is 3.
 
-        :default: 5 for ALBs, 3 for NLBs
+        :default: - 5 for ALBs, 3 for NLBs
         '''
         result = self._values.get("healthy_threshold_count")
         return typing.cast(typing.Optional[jsii.Number], result)
@@ -11402,7 +11611,7 @@ class HealthCheck:
 
         Must be 5 to 300 seconds
 
-        :default: 10 seconds if protocol is ``GENEVE``, 35 seconds if target type is ``lambda``, else 30 seconds
+        :default: - 10 seconds if protocol is ``GENEVE``, 35 seconds if target type is ``lambda``, else 30 seconds
         '''
         result = self._values.get("interval")
         return typing.cast(typing.Optional[_Duration_4839e8c3], result)
@@ -11432,7 +11641,7 @@ class HealthCheck:
         The TCP protocol is supported for health checks only if the protocol of the target group is TCP, TLS, UDP, or TCP_UDP.
         The TLS, UDP, and TCP_UDP protocols are not supported for health checks.
 
-        :default: HTTP for ALBs, TCP for NLBs
+        :default: - HTTP for ALBs, TCP for NLBs
         '''
         result = self._values.get("protocol")
         return typing.cast(typing.Optional["Protocol"], result)
@@ -11443,7 +11652,7 @@ class HealthCheck:
 
         Must be 2 to 120 seconds.
 
-        :default: 6 seconds if the protocol is HTTP, 5 seconds if protocol is ``GENEVE``, 30 seconds if target type is ``lambda``, 10 seconds for TCP, TLS, or HTTPS
+        :default: - 6 seconds if the protocol is HTTP, 5 seconds if protocol is ``GENEVE``, 30 seconds if target type is ``lambda``, 10 seconds for TCP, TLS, or HTTPS
         '''
         result = self._values.get("timeout")
         return typing.cast(typing.Optional[_Duration_4839e8c3], result)
@@ -11453,7 +11662,7 @@ class HealthCheck:
         '''The number of consecutive health check failures required before considering a target unhealthy.
 
         For Application Load Balancers, the default is 2. For Network Load
-        Balancers, this value must be the same as the healthy threshold count.
+        Balancers, the range is between 2-10 and can be set accordingly.
 
         :default: 2
         '''
@@ -15273,9 +15482,15 @@ class IpAddressType(enum.Enum):
         # vpc: ec2.Vpc
         
         
-        lb = elbv2.ApplicationLoadBalancer(self, "LB",
+        lb = elbv2.NetworkLoadBalancer(self, "LB",
             vpc=vpc,
-            ip_address_type=elbv2.IpAddressType.DUAL_STACK
+            ip_address_type=elbv2.IpAddressType.DUAL_STACK,
+            enable_prefix_for_ipv6_source_nat=True
+        )
+        
+        listener = lb.add_listener("Listener",
+            port=1229,
+            protocol=elbv2.Protocol.UDP
         )
     '''
 
@@ -16573,18 +16788,18 @@ class NetworkLoadBalancer(
 
     Example::
 
-        from aws_cdk.aws_apigatewayv2_integrations import HttpNlbIntegration
+        # vpc: ec2.Vpc
         
         
-        vpc = ec2.Vpc(self, "VPC")
-        lb = elbv2.NetworkLoadBalancer(self, "lb", vpc=vpc)
-        listener = lb.add_listener("listener", port=80)
-        listener.add_targets("target",
-            port=80
+        lb = elbv2.NetworkLoadBalancer(self, "LB",
+            vpc=vpc,
+            ip_address_type=elbv2.IpAddressType.DUAL_STACK,
+            enable_prefix_for_ipv6_source_nat=True
         )
         
-        http_endpoint = apigwv2.HttpApi(self, "HttpProxyPrivateApi",
-            default_integration=HttpNlbIntegration("DefaultIntegration", listener)
+        listener = lb.add_listener("Listener",
+            port=1229,
+            protocol=elbv2.Protocol.UDP
         )
     '''
 
@@ -16594,6 +16809,7 @@ class NetworkLoadBalancer(
         id: builtins.str,
         *,
         client_routing_policy: typing.Optional[ClientRoutingPolicy] = None,
+        enable_prefix_for_ipv6_source_nat: typing.Optional[builtins.bool] = None,
         enforce_security_group_inbound_rules_on_private_link_traffic: typing.Optional[builtins.bool] = None,
         ip_address_type: typing.Optional[IpAddressType] = None,
         security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
@@ -16610,6 +16826,7 @@ class NetworkLoadBalancer(
         :param scope: -
         :param id: -
         :param client_routing_policy: The AZ affinity routing policy. Default: - AZ affinity is disabled.
+        :param enable_prefix_for_ipv6_source_nat: Indicates whether to use an IPv6 prefix from each subnet for source NAT. The IP address type must be IpAddressType.DUALSTACK. Default: undefined - NLB default behavior is false
         :param enforce_security_group_inbound_rules_on_private_link_traffic: Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink. Default: true
         :param ip_address_type: The type of IP addresses to use. If you want to add a UDP or TCP_UDP listener to the load balancer, you must choose IPv4. Default: IpAddressType.IPV4
         :param security_groups: Security groups to associate with this load balancer. Default: - No security groups associated with the load balancer.
@@ -16628,6 +16845,7 @@ class NetworkLoadBalancer(
             check_type(argname="argument id", value=id, expected_type=type_hints["id"])
         props = NetworkLoadBalancerProps(
             client_routing_policy=client_routing_policy,
+            enable_prefix_for_ipv6_source_nat=enable_prefix_for_ipv6_source_nat,
             enforce_security_group_inbound_rules_on_private_link_traffic=enforce_security_group_inbound_rules_on_private_link_traffic,
             ip_address_type=ip_address_type,
             security_groups=security_groups,
@@ -17380,6 +17598,7 @@ class NetworkLoadBalancerLookupOptions(BaseLoadBalancerLookupOptions):
         "load_balancer_name": "loadBalancerName",
         "vpc_subnets": "vpcSubnets",
         "client_routing_policy": "clientRoutingPolicy",
+        "enable_prefix_for_ipv6_source_nat": "enablePrefixForIpv6SourceNat",
         "enforce_security_group_inbound_rules_on_private_link_traffic": "enforceSecurityGroupInboundRulesOnPrivateLinkTraffic",
         "ip_address_type": "ipAddressType",
         "security_groups": "securityGroups",
@@ -17398,6 +17617,7 @@ class NetworkLoadBalancerProps(BaseLoadBalancerProps):
         load_balancer_name: typing.Optional[builtins.str] = None,
         vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,
         client_routing_policy: typing.Optional[ClientRoutingPolicy] = None,
+        enable_prefix_for_ipv6_source_nat: typing.Optional[builtins.bool] = None,
         enforce_security_group_inbound_rules_on_private_link_traffic: typing.Optional[builtins.bool] = None,
         ip_address_type: typing.Optional[IpAddressType] = None,
         security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
@@ -17413,6 +17633,7 @@ class NetworkLoadBalancerProps(BaseLoadBalancerProps):
         :param load_balancer_name: Name of the load balancer. Default: - Automatically generated name.
         :param vpc_subnets: Which subnets place the load balancer in. Default: - the Vpc default strategy.
         :param client_routing_policy: The AZ affinity routing policy. Default: - AZ affinity is disabled.
+        :param enable_prefix_for_ipv6_source_nat: Indicates whether to use an IPv6 prefix from each subnet for source NAT. The IP address type must be IpAddressType.DUALSTACK. Default: undefined - NLB default behavior is false
         :param enforce_security_group_inbound_rules_on_private_link_traffic: Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink. Default: true
         :param ip_address_type: The type of IP addresses to use. If you want to add a UDP or TCP_UDP listener to the load balancer, you must choose IPv4. Default: IpAddressType.IPV4
         :param security_groups: Security groups to associate with this load balancer. Default: - No security groups associated with the load balancer.
@@ -17422,18 +17643,18 @@ class NetworkLoadBalancerProps(BaseLoadBalancerProps):
 
         Example::
 
-            from aws_cdk.aws_apigatewayv2_integrations import HttpNlbIntegration
+            # vpc: ec2.Vpc
             
             
-            vpc = ec2.Vpc(self, "VPC")
-            lb = elbv2.NetworkLoadBalancer(self, "lb", vpc=vpc)
-            listener = lb.add_listener("listener", port=80)
-            listener.add_targets("target",
-                port=80
+            lb = elbv2.NetworkLoadBalancer(self, "LB",
+                vpc=vpc,
+                ip_address_type=elbv2.IpAddressType.DUAL_STACK,
+                enable_prefix_for_ipv6_source_nat=True
             )
             
-            http_endpoint = apigwv2.HttpApi(self, "HttpProxyPrivateApi",
-                default_integration=HttpNlbIntegration("DefaultIntegration", listener)
+            listener = lb.add_listener("Listener",
+                port=1229,
+                protocol=elbv2.Protocol.UDP
             )
         '''
         if isinstance(vpc_subnets, dict):
@@ -17448,6 +17669,7 @@ class NetworkLoadBalancerProps(BaseLoadBalancerProps):
             check_type(argname="argument load_balancer_name", value=load_balancer_name, expected_type=type_hints["load_balancer_name"])
             check_type(argname="argument vpc_subnets", value=vpc_subnets, expected_type=type_hints["vpc_subnets"])
             check_type(argname="argument client_routing_policy", value=client_routing_policy, expected_type=type_hints["client_routing_policy"])
+            check_type(argname="argument enable_prefix_for_ipv6_source_nat", value=enable_prefix_for_ipv6_source_nat, expected_type=type_hints["enable_prefix_for_ipv6_source_nat"])
             check_type(argname="argument enforce_security_group_inbound_rules_on_private_link_traffic", value=enforce_security_group_inbound_rules_on_private_link_traffic, expected_type=type_hints["enforce_security_group_inbound_rules_on_private_link_traffic"])
             check_type(argname="argument ip_address_type", value=ip_address_type, expected_type=type_hints["ip_address_type"])
             check_type(argname="argument security_groups", value=security_groups, expected_type=type_hints["security_groups"])
@@ -17469,6 +17691,8 @@ class NetworkLoadBalancerProps(BaseLoadBalancerProps):
             self._values["vpc_subnets"] = vpc_subnets
         if client_routing_policy is not None:
             self._values["client_routing_policy"] = client_routing_policy
+        if enable_prefix_for_ipv6_source_nat is not None:
+            self._values["enable_prefix_for_ipv6_source_nat"] = enable_prefix_for_ipv6_source_nat
         if enforce_security_group_inbound_rules_on_private_link_traffic is not None:
             self._values["enforce_security_group_inbound_rules_on_private_link_traffic"] = enforce_security_group_inbound_rules_on_private_link_traffic
         if ip_address_type is not None:
@@ -17555,6 +17779,17 @@ class NetworkLoadBalancerProps(BaseLoadBalancerProps):
         result = self._values.get("client_routing_policy")
         return typing.cast(typing.Optional[ClientRoutingPolicy], result)
 
+    @builtins.property
+    def enable_prefix_for_ipv6_source_nat(self) -> typing.Optional[builtins.bool]:
+        '''Indicates whether to use an IPv6 prefix from each subnet for source NAT.
+
+        The IP address type must be IpAddressType.DUALSTACK.
+
+        :default: undefined - NLB default behavior is false
+        '''
+        result = self._values.get("enable_prefix_for_ipv6_source_nat")
+        return typing.cast(typing.Optional[builtins.bool], result)
+
     @builtins.property
     def enforce_security_group_inbound_rules_on_private_link_traffic(
         self,
@@ -17617,6 +17852,7 @@ class NetworkLoadBalancerProps(BaseLoadBalancerProps):
         "cross_zone_enabled": "crossZoneEnabled",
         "deregistration_delay": "deregistrationDelay",
         "health_check": "healthCheck",
+        "ip_address_type": "ipAddressType",
         "target_group_name": "targetGroupName",
         "target_type": "targetType",
         "vpc": "vpc",
@@ -17635,6 +17871,7 @@ class NetworkTargetGroupProps(BaseTargetGroupProps):
         cross_zone_enabled: typing.Optional[builtins.bool] = None,
         deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
         health_check: typing.Optional[typing.Union[HealthCheck, typing.Dict[builtins.str, typing.Any]]] = None,
+        ip_address_type: typing.Optional["TargetGroupIpAddressType"] = None,
         target_group_name: typing.Optional[builtins.str] = None,
         target_type: typing.Optional["TargetType"] = None,
         vpc: typing.Optional[_IVpc_f30d5663] = None,
@@ -17650,6 +17887,7 @@ class NetworkTargetGroupProps(BaseTargetGroupProps):
         :param cross_zone_enabled: Indicates whether cross zone load balancing is enabled. Default: - use load balancer configuration
         :param deregistration_delay: The amount of time for Elastic Load Balancing to wait before deregistering a target. The range is 0-3600 seconds. Default: 300
         :param health_check: Health check configuration. Default: - The default value for each property in this configuration varies depending on the target.
+        :param ip_address_type: The type of IP addresses of the targets registered with the target group. Default: undefined - ELB defaults to IPv4
         :param target_group_name: The name of the target group. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. Default: - Automatically generated.
         :param target_type: The type of targets registered to this TargetGroup, either IP or Instance. All targets registered into the group must be of this type. If you register targets to the TargetGroup in the CDK app, the TargetType is determined automatically. Default: - Determined automatically.
         :param vpc: The virtual private cloud (VPC). only if ``TargetType`` is ``Ip`` or ``InstanceId`` Default: - undefined
@@ -17660,45 +17898,39 @@ class NetworkTargetGroupProps(BaseTargetGroupProps):
         :param proxy_protocol_v2: Indicates whether Proxy Protocol version 2 is enabled. Default: false
         :param targets: The targets to add to this target group. Can be ``Instance``, ``IPAddress``, or any self-registering load balancing target. If you use either ``Instance`` or ``IPAddress`` as targets, all target must be of the same type. Default: - No targets.
 
-        :exampleMetadata: fixture=_generated
+        :exampleMetadata: infused
 
         Example::
 
-            # The code below shows an example of how to instantiate this type.
-            # The values are placeholders you should change.
-            import aws_cdk as cdk
-            from aws_cdk import aws_ec2 as ec2
-            from aws_cdk import aws_elasticloadbalancingv2 as elbv2
-            
-            # network_load_balancer_target: elbv2.INetworkLoadBalancerTarget
             # vpc: ec2.Vpc
             
-            network_target_group_props = elbv2.NetworkTargetGroupProps(
-                port=123,
             
-                # the properties below are optional
-                connection_termination=False,
-                cross_zone_enabled=False,
-                deregistration_delay=cdk.Duration.minutes(30),
-                health_check=elbv2.HealthCheck(
-                    enabled=False,
-                    healthy_grpc_codes="healthyGrpcCodes",
-                    healthy_http_codes="healthyHttpCodes",
-                    healthy_threshold_count=123,
-                    interval=cdk.Duration.minutes(30),
-                    path="path",
-                    port="port",
-                    protocol=elbv2.Protocol.HTTP,
-                    timeout=cdk.Duration.minutes(30),
-                    unhealthy_threshold_count=123
-                ),
-                preserve_client_ip=False,
-                protocol=elbv2.Protocol.HTTP,
-                proxy_protocol_v2=False,
-                target_group_name="targetGroupName",
-                targets=[network_load_balancer_target],
+            ipv4_application_target_group = elbv2.ApplicationTargetGroup(self, "IPv4ApplicationTargetGroup",
+                vpc=vpc,
+                port=80,
                 target_type=elbv2.TargetType.INSTANCE,
-                vpc=vpc
+                ip_address_type=elbv2.TargetGroupIpAddressType.IPV4
+            )
+            
+            ipv6_application_target_group = elbv2.ApplicationTargetGroup(self, "Ipv6ApplicationTargetGroup",
+                vpc=vpc,
+                port=80,
+                target_type=elbv2.TargetType.INSTANCE,
+                ip_address_type=elbv2.TargetGroupIpAddressType.IPV6
+            )
+            
+            ipv4_network_target_group = elbv2.NetworkTargetGroup(self, "IPv4NetworkTargetGroup",
+                vpc=vpc,
+                port=80,
+                target_type=elbv2.TargetType.INSTANCE,
+                ip_address_type=elbv2.TargetGroupIpAddressType.IPV4
+            )
+            
+            ipv6_network_target_group = elbv2.NetworkTargetGroup(self, "Ipv6NetworkTargetGroup",
+                vpc=vpc,
+                port=80,
+                target_type=elbv2.TargetType.INSTANCE,
+                ip_address_type=elbv2.TargetGroupIpAddressType.IPV6
             )
         '''
         if isinstance(health_check, dict):
@@ -17708,6 +17940,7 @@ class NetworkTargetGroupProps(BaseTargetGroupProps):
             check_type(argname="argument cross_zone_enabled", value=cross_zone_enabled, expected_type=type_hints["cross_zone_enabled"])
             check_type(argname="argument deregistration_delay", value=deregistration_delay, expected_type=type_hints["deregistration_delay"])
             check_type(argname="argument health_check", value=health_check, expected_type=type_hints["health_check"])
+            check_type(argname="argument ip_address_type", value=ip_address_type, expected_type=type_hints["ip_address_type"])
             check_type(argname="argument target_group_name", value=target_group_name, expected_type=type_hints["target_group_name"])
             check_type(argname="argument target_type", value=target_type, expected_type=type_hints["target_type"])
             check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
@@ -17726,6 +17959,8 @@ class NetworkTargetGroupProps(BaseTargetGroupProps):
             self._values["deregistration_delay"] = deregistration_delay
         if health_check is not None:
             self._values["health_check"] = health_check
+        if ip_address_type is not None:
+            self._values["ip_address_type"] = ip_address_type
         if target_group_name is not None:
             self._values["target_group_name"] = target_group_name
         if target_type is not None:
@@ -17776,6 +18011,15 @@ class NetworkTargetGroupProps(BaseTargetGroupProps):
         result = self._values.get("health_check")
         return typing.cast(typing.Optional[HealthCheck], result)
 
+    @builtins.property
+    def ip_address_type(self) -> typing.Optional["TargetGroupIpAddressType"]:
+        '''The type of IP addresses of the targets registered with the target group.
+
+        :default: undefined - ELB defaults to IPv4
+        '''
+        result = self._values.get("ip_address_type")
+        return typing.cast(typing.Optional["TargetGroupIpAddressType"], result)
+
     @builtins.property
     def target_group_name(self) -> typing.Optional[builtins.str]:
         '''The name of the target group.
@@ -17966,85 +18210,18 @@ class Protocol(enum.Enum):
 
     Example::
 
-        from aws_cdk.aws_certificatemanager import Certificate
-        from aws_cdk.aws_ec2 import InstanceType
-        from aws_cdk.aws_ecs import Cluster, ContainerImage
-        from aws_cdk.aws_elasticloadbalancingv2 import ApplicationProtocol, Protocol, SslPolicy
-        from aws_cdk.aws_route53 import PublicHostedZone
+        # vpc: ec2.Vpc
         
-        vpc = ec2.Vpc(self, "Vpc", max_azs=1)
         
-        load_balanced_fargate_service = ecs_patterns.ApplicationMultipleTargetGroupsFargateService(self, "myService",
-            cluster=ecs.Cluster(self, "EcsCluster", vpc=vpc),
-            memory_limit_mi_b=256,
-            task_image_options=ecsPatterns.ApplicationLoadBalancedTaskImageProps(
-                image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample")
-            ),
-            enable_execute_command=True,
-            load_balancers=[ecsPatterns.ApplicationLoadBalancerProps(
-                name="lb",
-                idle_timeout=Duration.seconds(400),
-                domain_name="api.example.com",
-                domain_zone=PublicHostedZone(self, "HostedZone", zone_name="example.com"),
-                listeners=[ecsPatterns.ApplicationListenerProps(
-                    name="listener",
-                    protocol=ApplicationProtocol.HTTPS,
-                    certificate=Certificate.from_certificate_arn(self, "Cert", "helloworld"),
-                    ssl_policy=SslPolicy.TLS12_EXT
-                )
-                ]
-            ), ecsPatterns.ApplicationLoadBalancerProps(
-                name="lb2",
-                idle_timeout=Duration.seconds(120),
-                domain_name="frontend.com",
-                domain_zone=PublicHostedZone(self, "HostedZone", zone_name="frontend.com"),
-                listeners=[ecsPatterns.ApplicationListenerProps(
-                    name="listener2",
-                    protocol=ApplicationProtocol.HTTPS,
-                    certificate=Certificate.from_certificate_arn(self, "Cert2", "helloworld"),
-                    ssl_policy=SslPolicy.TLS12_EXT
-                )
-                ]
-            )
-            ],
-            target_groups=[ecsPatterns.ApplicationTargetProps(
-                container_port=80,
-                listener="listener"
-            ), ecsPatterns.ApplicationTargetProps(
-                container_port=90,
-                path_pattern="a/b/c",
-                priority=10,
-                listener="listener"
-            ), ecsPatterns.ApplicationTargetProps(
-                container_port=443,
-                listener="listener2"
-            ), ecsPatterns.ApplicationTargetProps(
-                container_port=80,
-                path_pattern="a/b/c",
-                priority=10,
-                listener="listener2"
-            )
-            ]
-        )
-        
-        load_balanced_fargate_service.target_groups[0].configure_health_check(
-            port="8050",
-            protocol=Protocol.HTTP,
-            healthy_threshold_count=2,
-            unhealthy_threshold_count=2,
-            timeout=Duration.seconds(10),
-            interval=Duration.seconds(30),
-            healthy_http_codes="200"
+        lb = elbv2.NetworkLoadBalancer(self, "LB",
+            vpc=vpc,
+            ip_address_type=elbv2.IpAddressType.DUAL_STACK,
+            enable_prefix_for_ipv6_source_nat=True
         )
         
-        load_balanced_fargate_service.target_groups[1].configure_health_check(
-            port="8050",
-            protocol=Protocol.HTTP,
-            healthy_threshold_count=2,
-            unhealthy_threshold_count=2,
-            timeout=Duration.seconds(10),
-            interval=Duration.seconds(30),
-            healthy_http_codes="200"
+        listener = lb.add_listener("Listener",
+            port=1229,
+            protocol=elbv2.Protocol.UDP
         )
     '''
 
@@ -18508,9 +18685,9 @@ class SslPolicy(enum.Enum):
     '''
 
     RECOMMENDED_TLS = "RECOMMENDED_TLS"
-    '''The recommended security policy for TLS listeners.
+    '''The recommended security policy for TLS listeners. This is the default policy for listeners created using the AWS Management Console.
 
-    This is the default policy for listeners created using the AWS Management Console
+    This policy includes TLS 1.3, and is backwards compatible with TLS 1.2
     '''
     RECOMMENDED = "RECOMMENDED"
     '''The recommended policy for http listeners.
@@ -18703,15 +18880,15 @@ class TargetGroupBase(
         '''Set/replace the target group's health check.
 
         :param enabled: Indicates whether health checks are enabled. If the target type is lambda, health checks are disabled by default but can be enabled. If the target type is instance or ip, health checks are always enabled and cannot be disabled. Default: - Determined automatically.
-        :param healthy_grpc_codes: GRPC code to use when checking for a successful response from a target. You can specify values between 0 and 99. You can specify multiple values (for example, "0,1") or a range of values (for example, "0-5"). Default: - 12
+        :param healthy_grpc_codes: GRPC code to use when checking for a successful response from a target. You can specify values between 0 and 99. You can specify multiple values (for example, "0,1") or a range of values (for example, "0-5"). Default: 12
         :param healthy_http_codes: HTTP code to use when checking for a successful response from a target. For Application Load Balancers, you can specify values between 200 and 499, and the default value is 200. You can specify multiple values (for example, "200,202") or a range of values (for example, "200-299").
-        :param healthy_threshold_count: The number of consecutive health checks successes required before considering an unhealthy target healthy. For Application Load Balancers, the default is 5. For Network Load Balancers, the default is 3. Default: 5 for ALBs, 3 for NLBs
-        :param interval: The approximate number of seconds between health checks for an individual target. Must be 5 to 300 seconds Default: 10 seconds if protocol is ``GENEVE``, 35 seconds if target type is ``lambda``, else 30 seconds
+        :param healthy_threshold_count: The number of consecutive health checks successes required before considering an unhealthy target healthy. For Application Load Balancers, the default is 5. For Network Load Balancers, the default is 3. Default: - 5 for ALBs, 3 for NLBs
+        :param interval: The approximate number of seconds between health checks for an individual target. Must be 5 to 300 seconds Default: - 10 seconds if protocol is ``GENEVE``, 35 seconds if target type is ``lambda``, else 30 seconds
         :param path: The ping path destination where Elastic Load Balancing sends health check requests. Default: /
         :param port: The port that the load balancer uses when performing health checks on the targets. Default: 'traffic-port'
-        :param protocol: The protocol the load balancer uses when performing health checks on targets. The TCP protocol is supported for health checks only if the protocol of the target group is TCP, TLS, UDP, or TCP_UDP. The TLS, UDP, and TCP_UDP protocols are not supported for health checks. Default: HTTP for ALBs, TCP for NLBs
-        :param timeout: The amount of time, in seconds, during which no response from a target means a failed health check. Must be 2 to 120 seconds. Default: 6 seconds if the protocol is HTTP, 5 seconds if protocol is ``GENEVE``, 30 seconds if target type is ``lambda``, 10 seconds for TCP, TLS, or HTTPS
-        :param unhealthy_threshold_count: The number of consecutive health check failures required before considering a target unhealthy. For Application Load Balancers, the default is 2. For Network Load Balancers, this value must be the same as the healthy threshold count. Default: 2
+        :param protocol: The protocol the load balancer uses when performing health checks on targets. The TCP protocol is supported for health checks only if the protocol of the target group is TCP, TLS, UDP, or TCP_UDP. The TLS, UDP, and TCP_UDP protocols are not supported for health checks. Default: - HTTP for ALBs, TCP for NLBs
+        :param timeout: The amount of time, in seconds, during which no response from a target means a failed health check. Must be 2 to 120 seconds. Default: - 6 seconds if the protocol is HTTP, 5 seconds if protocol is ``GENEVE``, 30 seconds if target type is ``lambda``, 10 seconds for TCP, TLS, or HTTPS
+        :param unhealthy_threshold_count: The number of consecutive health check failures required before considering a target unhealthy. For Application Load Balancers, the default is 2. For Network Load Balancers, the range is between 2-10 and can be set accordingly. Default: 2
         '''
         health_check = HealthCheck(
             enabled=enabled,
@@ -18862,6 +19039,52 @@ class _TargetGroupBaseProxy(TargetGroupBase):
 typing.cast(typing.Any, TargetGroupBase).__jsii_proxy_class__ = lambda : _TargetGroupBaseProxy
 
 
+@jsii.enum(jsii_type="aws-cdk-lib.aws_elasticloadbalancingv2.TargetGroupIpAddressType")
+class TargetGroupIpAddressType(enum.Enum):
+    '''The IP address type of targets registered with a target group.
+
+    :exampleMetadata: infused
+
+    Example::
+
+        # vpc: ec2.Vpc
+        
+        
+        ipv4_application_target_group = elbv2.ApplicationTargetGroup(self, "IPv4ApplicationTargetGroup",
+            vpc=vpc,
+            port=80,
+            target_type=elbv2.TargetType.INSTANCE,
+            ip_address_type=elbv2.TargetGroupIpAddressType.IPV4
+        )
+        
+        ipv6_application_target_group = elbv2.ApplicationTargetGroup(self, "Ipv6ApplicationTargetGroup",
+            vpc=vpc,
+            port=80,
+            target_type=elbv2.TargetType.INSTANCE,
+            ip_address_type=elbv2.TargetGroupIpAddressType.IPV6
+        )
+        
+        ipv4_network_target_group = elbv2.NetworkTargetGroup(self, "IPv4NetworkTargetGroup",
+            vpc=vpc,
+            port=80,
+            target_type=elbv2.TargetType.INSTANCE,
+            ip_address_type=elbv2.TargetGroupIpAddressType.IPV4
+        )
+        
+        ipv6_network_target_group = elbv2.NetworkTargetGroup(self, "Ipv6NetworkTargetGroup",
+            vpc=vpc,
+            port=80,
+            target_type=elbv2.TargetType.INSTANCE,
+            ip_address_type=elbv2.TargetGroupIpAddressType.IPV6
+        )
+    '''
+
+    IPV4 = "IPV4"
+    '''IPv4 addresses.'''
+    IPV6 = "IPV6"
+    '''IPv6 addresses.'''
+
+
 @jsii.enum(
     jsii_type="aws-cdk-lib.aws_elasticloadbalancingv2.TargetGroupLoadBalancingAlgorithmType"
 )
@@ -18901,11 +19124,15 @@ class TargetType(enum.Enum):
         # vpc: ec2.Vpc
         
         
-        # Target group with slow start mode enabled
         tg = elbv2.ApplicationTargetGroup(self, "TG",
-            target_type=elbv2.TargetType.INSTANCE,
-            slow_start=Duration.seconds(60),
-            port=80,
+            target_type=elbv2.TargetType.IP,
+            port=50051,
+            protocol=elbv2.ApplicationProtocol.HTTP,
+            protocol_version=elbv2.ApplicationProtocolVersion.GRPC,
+            health_check=elbv2.HealthCheck(
+                enabled=True,
+                healthy_grpc_codes="0-99"
+            ),
             vpc=vpc
         )
     '''
@@ -20889,6 +21116,7 @@ class ApplicationLoadBalancerProps(BaseLoadBalancerProps):
         "cross_zone_enabled": "crossZoneEnabled",
         "deregistration_delay": "deregistrationDelay",
         "health_check": "healthCheck",
+        "ip_address_type": "ipAddressType",
         "target_group_name": "targetGroupName",
         "target_type": "targetType",
         "vpc": "vpc",
@@ -20910,6 +21138,7 @@ class ApplicationTargetGroupProps(BaseTargetGroupProps):
         cross_zone_enabled: typing.Optional[builtins.bool] = None,
         deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
         health_check: typing.Optional[typing.Union[HealthCheck, typing.Dict[builtins.str, typing.Any]]] = None,
+        ip_address_type: typing.Optional[TargetGroupIpAddressType] = None,
         target_group_name: typing.Optional[builtins.str] = None,
         target_type: typing.Optional[TargetType] = None,
         vpc: typing.Optional[_IVpc_f30d5663] = None,
@@ -20928,6 +21157,7 @@ class ApplicationTargetGroupProps(BaseTargetGroupProps):
         :param cross_zone_enabled: Indicates whether cross zone load balancing is enabled. Default: - use load balancer configuration
         :param deregistration_delay: The amount of time for Elastic Load Balancing to wait before deregistering a target. The range is 0-3600 seconds. Default: 300
         :param health_check: Health check configuration. Default: - The default value for each property in this configuration varies depending on the target.
+        :param ip_address_type: The type of IP addresses of the targets registered with the target group. Default: undefined - ELB defaults to IPv4
         :param target_group_name: The name of the target group. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. Default: - Automatically generated.
         :param target_type: The type of targets registered to this TargetGroup, either IP or Instance. All targets registered into the group must be of this type. If you register targets to the TargetGroup in the CDK app, the TargetType is determined automatically. Default: - Determined automatically.
         :param vpc: The virtual private cloud (VPC). only if ``TargetType`` is ``Ip`` or ``InstanceId`` Default: - undefined
@@ -20948,11 +21178,15 @@ class ApplicationTargetGroupProps(BaseTargetGroupProps):
             # vpc: ec2.Vpc
             
             
-            # Target group with slow start mode enabled
             tg = elbv2.ApplicationTargetGroup(self, "TG",
-                target_type=elbv2.TargetType.INSTANCE,
-                slow_start=Duration.seconds(60),
-                port=80,
+                target_type=elbv2.TargetType.IP,
+                port=50051,
+                protocol=elbv2.ApplicationProtocol.HTTP,
+                protocol_version=elbv2.ApplicationProtocolVersion.GRPC,
+                health_check=elbv2.HealthCheck(
+                    enabled=True,
+                    healthy_grpc_codes="0-99"
+                ),
                 vpc=vpc
             )
         '''
@@ -20963,6 +21197,7 @@ class ApplicationTargetGroupProps(BaseTargetGroupProps):
             check_type(argname="argument cross_zone_enabled", value=cross_zone_enabled, expected_type=type_hints["cross_zone_enabled"])
             check_type(argname="argument deregistration_delay", value=deregistration_delay, expected_type=type_hints["deregistration_delay"])
             check_type(argname="argument health_check", value=health_check, expected_type=type_hints["health_check"])
+            check_type(argname="argument ip_address_type", value=ip_address_type, expected_type=type_hints["ip_address_type"])
             check_type(argname="argument target_group_name", value=target_group_name, expected_type=type_hints["target_group_name"])
             check_type(argname="argument target_type", value=target_type, expected_type=type_hints["target_type"])
             check_type(argname="argument vpc", value=vpc, expected_type=type_hints["vpc"])
@@ -20982,6 +21217,8 @@ class ApplicationTargetGroupProps(BaseTargetGroupProps):
             self._values["deregistration_delay"] = deregistration_delay
         if health_check is not None:
             self._values["health_check"] = health_check
+        if ip_address_type is not None:
+            self._values["ip_address_type"] = ip_address_type
         if target_group_name is not None:
             self._values["target_group_name"] = target_group_name
         if target_type is not None:
@@ -21040,6 +21277,15 @@ class ApplicationTargetGroupProps(BaseTargetGroupProps):
         result = self._values.get("health_check")
         return typing.cast(typing.Optional[HealthCheck], result)
 
+    @builtins.property
+    def ip_address_type(self) -> typing.Optional[TargetGroupIpAddressType]:
+        '''The type of IP addresses of the targets registered with the target group.
+
+        :default: undefined - ELB defaults to IPv4
+        '''
+        result = self._values.get("ip_address_type")
+        return typing.cast(typing.Optional[TargetGroupIpAddressType], result)
+
     @builtins.property
     def target_group_name(self) -> typing.Optional[builtins.str]:
         '''The name of the target group.
@@ -21975,30 +22221,18 @@ class NetworkListener(
 
     Example::
 
-        # vpc: ec2.Vpc
-        # asg: autoscaling.AutoScalingGroup
-        # sg1: ec2.ISecurityGroup
-        # sg2: ec2.ISecurityGroup
-        
+        from aws_cdk.aws_apigatewayv2_integrations import HttpNlbIntegration
         
-        # Create the load balancer in a VPC. 'internetFacing' is 'false'
-        # by default, which creates an internal load balancer.
-        lb = elbv2.NetworkLoadBalancer(self, "LB",
-            vpc=vpc,
-            internet_facing=True,
-            security_groups=[sg1]
-        )
-        lb.add_security_group(sg2)
         
-        # Add a listener on a particular port.
-        listener = lb.add_listener("Listener",
-            port=443
+        vpc = ec2.Vpc(self, "VPC")
+        lb = elbv2.NetworkLoadBalancer(self, "lb", vpc=vpc)
+        listener = lb.add_listener("listener", port=80)
+        listener.add_targets("target",
+            port=80
         )
         
-        # Add targets on a particular port.
-        listener.add_targets("AppFleet",
-            port=443,
-            targets=[asg]
+        http_endpoint = apigwv2.HttpApi(self, "HttpProxyPrivateApi",
+            default_integration=HttpNlbIntegration("DefaultIntegration", listener)
         )
     '''
 
@@ -22271,6 +22505,7 @@ class NetworkTargetGroup(
         cross_zone_enabled: typing.Optional[builtins.bool] = None,
         deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
         health_check: typing.Optional[typing.Union[HealthCheck, typing.Dict[builtins.str, typing.Any]]] = None,
+        ip_address_type: typing.Optional[TargetGroupIpAddressType] = None,
         target_group_name: typing.Optional[builtins.str] = None,
         target_type: typing.Optional[TargetType] = None,
         vpc: typing.Optional[_IVpc_f30d5663] = None,
@@ -22287,6 +22522,7 @@ class NetworkTargetGroup(
         :param cross_zone_enabled: Indicates whether cross zone load balancing is enabled. Default: - use load balancer configuration
         :param deregistration_delay: The amount of time for Elastic Load Balancing to wait before deregistering a target. The range is 0-3600 seconds. Default: 300
         :param health_check: Health check configuration. Default: - The default value for each property in this configuration varies depending on the target.
+        :param ip_address_type: The type of IP addresses of the targets registered with the target group. Default: undefined - ELB defaults to IPv4
         :param target_group_name: The name of the target group. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. Default: - Automatically generated.
         :param target_type: The type of targets registered to this TargetGroup, either IP or Instance. All targets registered into the group must be of this type. If you register targets to the TargetGroup in the CDK app, the TargetType is determined automatically. Default: - Determined automatically.
         :param vpc: The virtual private cloud (VPC). only if ``TargetType`` is ``Ip`` or ``InstanceId`` Default: - undefined
@@ -22305,6 +22541,7 @@ class NetworkTargetGroup(
             cross_zone_enabled=cross_zone_enabled,
             deregistration_delay=deregistration_delay,
             health_check=health_check,
+            ip_address_type=ip_address_type,
             target_group_name=target_group_name,
             target_type=target_type,
             vpc=vpc,
@@ -24230,6 +24467,7 @@ class ApplicationTargetGroup(
         cross_zone_enabled: typing.Optional[builtins.bool] = None,
         deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
         health_check: typing.Optional[typing.Union[HealthCheck, typing.Dict[builtins.str, typing.Any]]] = None,
+        ip_address_type: typing.Optional[TargetGroupIpAddressType] = None,
         target_group_name: typing.Optional[builtins.str] = None,
         target_type: typing.Optional[TargetType] = None,
         vpc: typing.Optional[_IVpc_f30d5663] = None,
@@ -24249,6 +24487,7 @@ class ApplicationTargetGroup(
         :param cross_zone_enabled: Indicates whether cross zone load balancing is enabled. Default: - use load balancer configuration
         :param deregistration_delay: The amount of time for Elastic Load Balancing to wait before deregistering a target. The range is 0-3600 seconds. Default: 300
         :param health_check: Health check configuration. Default: - The default value for each property in this configuration varies depending on the target.
+        :param ip_address_type: The type of IP addresses of the targets registered with the target group. Default: undefined - ELB defaults to IPv4
         :param target_group_name: The name of the target group. This name must be unique per region per account, can have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. Default: - Automatically generated.
         :param target_type: The type of targets registered to this TargetGroup, either IP or Instance. All targets registered into the group must be of this type. If you register targets to the TargetGroup in the CDK app, the TargetType is determined automatically. Default: - Determined automatically.
         :param vpc: The virtual private cloud (VPC). only if ``TargetType`` is ``Ip`` or ``InstanceId`` Default: - undefined
@@ -24270,6 +24509,7 @@ class ApplicationTargetGroup(
             cross_zone_enabled=cross_zone_enabled,
             deregistration_delay=deregistration_delay,
             health_check=health_check,
+            ip_address_type=ip_address_type,
             target_group_name=target_group_name,
             target_type=target_type,
             vpc=vpc,
@@ -24942,6 +25182,7 @@ __all__ = [
     "SslPolicy",
     "TargetGroupAttributes",
     "TargetGroupBase",
+    "TargetGroupIpAddressType",
     "TargetGroupLoadBalancingAlgorithmType",
     "TargetType",
     "TrustStore",
@@ -25180,6 +25421,7 @@ def _typecheckingstub__b5e7f5d87f70cb030d7ac44f4637a5d73814a6c8b1c1bff9adf19ede8
     cross_zone_enabled: typing.Optional[builtins.bool] = None,
     deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
     health_check: typing.Optional[typing.Union[HealthCheck, typing.Dict[builtins.str, typing.Any]]] = None,
+    ip_address_type: typing.Optional[TargetGroupIpAddressType] = None,
     target_group_name: typing.Optional[builtins.str] = None,
     target_type: typing.Optional[TargetType] = None,
     vpc: typing.Optional[_IVpc_f30d5663] = None,
@@ -25350,6 +25592,7 @@ def _typecheckingstub__0e09ea6213c5fb2125f07b2f54d7fe6ee24307939dcc06580928b2ef0
 
 def _typecheckingstub__07605e87f763c352d3e6705d69aa07723ad3c005493c1fdef02b175f49d53ee0(
     *,
+    advertise_trust_store_ca_names: typing.Optional[builtins.str] = None,
     ignore_client_certificate_expiry: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
     mode: typing.Optional[builtins.str] = None,
     trust_store_arn: typing.Optional[builtins.str] = None,
@@ -25671,6 +25914,7 @@ def _typecheckingstub__907e1e3e88136a6a7bdcdac293563447ed893c77b9f7b1e7154fb1749
     enforce_security_group_inbound_rules_on_private_link_traffic: typing.Optional[builtins.str] = None,
     ip_address_type: typing.Optional[builtins.str] = None,
     load_balancer_attributes: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnLoadBalancer.LoadBalancerAttributeProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    minimum_load_balancer_capacity: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnLoadBalancer.MinimumLoadBalancerCapacityProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     name: typing.Optional[builtins.str] = None,
     scheme: typing.Optional[builtins.str] = None,
     security_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
@@ -25718,6 +25962,12 @@ def _typecheckingstub__8b18943454864026c64dd9c2bc7fdaf60ac5114bf771f7304a82e9bdf
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__102164e78a5cf61e67908e476a27971c19e5604c38d90ddca6b4b346581d0209(
+    value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnLoadBalancer.MinimumLoadBalancerCapacityProperty]],
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__153ca4a32dcbf43c1076bdc45b59a5463ab49120f83591bcbf13f84ce3fffa0e(
     value: typing.Optional[builtins.str],
 ) -> None:
@@ -25768,6 +26018,13 @@ def _typecheckingstub__981f45ac63ed8e62237b89c4cadf7d8f1c042e4534c384c148e58bad2
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__bd0d2d4a891c02fabab09ae876b5f738a440bf3402f1db5dc28e3cdd47b733bc(
+    *,
+    capacity_units: jsii.Number,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__5362b7e1b57cc75205d80d2c4a4798301f16a110c6add8b836265fc95f89ec11(
     *,
     subnet_id: builtins.str,
@@ -25785,6 +26042,7 @@ def _typecheckingstub__6b1eb30cea756dc45f625ec82ab8cba6ea31d24595a925a4aabceb7e6
     enforce_security_group_inbound_rules_on_private_link_traffic: typing.Optional[builtins.str] = None,
     ip_address_type: typing.Optional[builtins.str] = None,
     load_balancer_attributes: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnLoadBalancer.LoadBalancerAttributeProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
+    minimum_load_balancer_capacity: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnLoadBalancer.MinimumLoadBalancerCapacityProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
     name: typing.Optional[builtins.str] = None,
     scheme: typing.Optional[builtins.str] = None,
     security_groups: typing.Optional[typing.Sequence[builtins.str]] = None,
@@ -26481,6 +26739,7 @@ def _typecheckingstub__e1c7a4c1332bdc807d1e25aa5d69eea6e1f3bf6a88ddd30dac9a64c93
     id: builtins.str,
     *,
     client_routing_policy: typing.Optional[ClientRoutingPolicy] = None,
+    enable_prefix_for_ipv6_source_nat: typing.Optional[builtins.bool] = None,
     enforce_security_group_inbound_rules_on_private_link_traffic: typing.Optional[builtins.bool] = None,
     ip_address_type: typing.Optional[IpAddressType] = None,
     security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
@@ -26584,6 +26843,7 @@ def _typecheckingstub__195ab659ca9cd1c401d6d2d1a1f5cb0aaf7dd80f06dbc724020ac0cc3
     load_balancer_name: typing.Optional[builtins.str] = None,
     vpc_subnets: typing.Optional[typing.Union[_SubnetSelection_e57d76df, typing.Dict[builtins.str, typing.Any]]] = None,
     client_routing_policy: typing.Optional[ClientRoutingPolicy] = None,
+    enable_prefix_for_ipv6_source_nat: typing.Optional[builtins.bool] = None,
     enforce_security_group_inbound_rules_on_private_link_traffic: typing.Optional[builtins.bool] = None,
     ip_address_type: typing.Optional[IpAddressType] = None,
     security_groups: typing.Optional[typing.Sequence[_ISecurityGroup_acf8a799]] = None,
@@ -26597,6 +26857,7 @@ def _typecheckingstub__5f1086cffe813b24d7b8ff7c124bffc37ca7e22afda9f6af7ad869d92
     cross_zone_enabled: typing.Optional[builtins.bool] = None,
     deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
     health_check: typing.Optional[typing.Union[HealthCheck, typing.Dict[builtins.str, typing.Any]]] = None,
+    ip_address_type: typing.Optional[TargetGroupIpAddressType] = None,
     target_group_name: typing.Optional[builtins.str] = None,
     target_type: typing.Optional[TargetType] = None,
     vpc: typing.Optional[_IVpc_f30d5663] = None,
@@ -26854,6 +27115,7 @@ def _typecheckingstub__0fbf37aa0a91cb985ce7a336a6188364cc38400538c1653e53453287c
     cross_zone_enabled: typing.Optional[builtins.bool] = None,
     deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
     health_check: typing.Optional[typing.Union[HealthCheck, typing.Dict[builtins.str, typing.Any]]] = None,
+    ip_address_type: typing.Optional[TargetGroupIpAddressType] = None,
     target_group_name: typing.Optional[builtins.str] = None,
     target_type: typing.Optional[TargetType] = None,
     vpc: typing.Optional[_IVpc_f30d5663] = None,
@@ -27081,6 +27343,7 @@ def _typecheckingstub__eebfbf2a20edd0baf4d455f02dd34d748c5eccfa9a5268e5e2ebec245
     cross_zone_enabled: typing.Optional[builtins.bool] = None,
     deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
     health_check: typing.Optional[typing.Union[HealthCheck, typing.Dict[builtins.str, typing.Any]]] = None,
+    ip_address_type: typing.Optional[TargetGroupIpAddressType] = None,
     target_group_name: typing.Optional[builtins.str] = None,
     target_type: typing.Optional[TargetType] = None,
     vpc: typing.Optional[_IVpc_f30d5663] = None,
@@ -27354,6 +27617,7 @@ def _typecheckingstub__e179515c9d6138007cc1b74835b75f10a179c1f5ef977cbe4188c778c
     cross_zone_enabled: typing.Optional[builtins.bool] = None,
     deregistration_delay: typing.Optional[_Duration_4839e8c3] = None,
     health_check: typing.Optional[typing.Union[HealthCheck, typing.Dict[builtins.str, typing.Any]]] = None,
+    ip_address_type: typing.Optional[TargetGroupIpAddressType] = None,
     target_group_name: typing.Optional[builtins.str] = None,
     target_type: typing.Optional[TargetType] = None,
     vpc: typing.Optional[_IVpc_f30d5663] = None,