--- layout: "aws" page_title: "AWS: aws_elb" sidebar_current: "docs-aws-resource-elb" description: |- Provides an Elastic Load Balancer resource. --- # aws\_elb Provides an Elastic Load Balancer resource. ~> **NOTE on ELB Instances and ELB Attachments:** Terraform currently provides both a standalone [ELB Attachment resource](elb_attachment.html) (describing an instance attached to an ELB), and an ELB resource with `instances` defined in-line. At this time you cannot use an ELB with in-line instances in conjunction with a ELB Attachment resources. Doing so will cause a conflict and will overwrite attachments. ## Example Usage ``` # Create a new load balancer resource "aws_elb" "bar" { name = "foobar-terraform-elb" availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] access_logs { bucket = "foo" bucket_prefix = "bar" interval = 60 } listener { instance_port = 8000 instance_protocol = "http" lb_port = 80 lb_protocol = "http" } listener { instance_port = 8000 instance_protocol = "http" lb_port = 443 lb_protocol = "https" ssl_certificate_id = "arn:aws:iam::123456789012:server-certificate/certName" } health_check { healthy_threshold = 2 unhealthy_threshold = 2 timeout = 3 target = "HTTP:8000/" interval = 30 } instances = ["${aws_instance.foo.id}"] cross_zone_load_balancing = true idle_timeout = 400 connection_draining = true connection_draining_timeout = 400 tags { Name = "foobar-terraform-elb" } } ``` ## Argument Reference The following arguments are supported: * `name` - (Optional) The name of the ELB. By default generated by terraform. * `access_logs` - (Optional) An Access Logs block. Access Logs documented below. * `availability_zones` - (Required for an EC2-classic ELB) The AZ's to serve traffic in. * `security_groups` - (Optional) A list of security group IDs to assign to the ELB. Only valid if creating an ELB within a VPC * `subnets` - (Required for a VPC ELB) A list of subnet IDs to attach to the ELB. * `instances` - (Optional) A list of instance ids to place in the ELB pool. * `internal` - (Optional) If true, ELB will be an internal ELB. * `listener` - (Required) A list of listener blocks. Listeners documented below. * `health_check` - (Optional) A health_check block. Health Check documented below. * `cross_zone_load_balancing` - (Optional) Enable cross-zone load balancing. Default: `true` * `idle_timeout` - (Optional) The time in seconds that the connection is allowed to be idle. Default: 60. * `connection_draining` - (Optional) Boolean to enable connection draining. * `connection_draining_timeout` - (Optional) The time in seconds to allow for connections to drain. * `tags` - (Optional) A mapping of tags to assign to the resource. Exactly one of `availability_zones` or `subnets` must be specified: this determines if the ELB exists in a VPC or in EC2-classic. Access Logs (`access_logs`) support the following: * `bucket` - (Required) The S3 bucket name to store the logs in. * `bucket_prefix` - (Optional) The S3 bucket prefix. Logs are stored in the root if not configured. * `interval` - (Optional) The publishing interval in minutes. Default: 60 minutes. * `enabled` - (Optional) Boolean to enable / disable `access_logs`. Default is `true` Listeners (`listener`) support the following: * `instance_port` - (Required) The port on the instance to route to * `instance_protocol` - (Required) The protocol to use to the instance. Valid values are `HTTP`, `HTTPS`, `TCP`, or `SSL` * `lb_port` - (Required) The port to listen on for the load balancer * `lb_protocol` - (Required) The protocol to listen on. Valid values are `HTTP`, `HTTPS`, `TCP`, or `SSL` * `ssl_certificate_id` - (Optional) The ARN of an SSL certificate you have uploaded to AWS IAM. **Note ECDSA-specific restrictions below. Only valid when `lb_protocol` is either HTTPS or SSL** Health Check (`health_check`) supports the following: * `healthy_threshold` - (Required) The number of checks before the instance is declared healthy. * `unhealthy_threshold` - (Required) The number of checks before the instance is declared unhealthy. * `target` - (Required) The target of the check. Valid pattern is "${PROTOCOL}:${PORT}${PATH}", where PROTOCOL values are: * `HTTP`, `HTTPS` - PORT and PATH are required * `TCP`, `SSL` - PORT is required, PATH is not supported * `interval` - (Required) The interval between checks. * `timeout` - (Required) The length of time before the check times out. ## Note on ECDSA Key Algorithm If the ARN of the `ssl_certificate_id` that is pointed to references a certificate that was signed by an ECDSA key, note that ELB only supports the P256 and P384 curves. Using a certificate signed by a key using a different curve could produce the error `ERR_SSL_VERSION_OR_CIPHER_MISMATCH` in your browser. ## Attributes Reference The following attributes are exported: * `id` - The name of the ELB * `name` - The name of the ELB * `dns_name` - The DNS name of the ELB * `instances` - The list of instances in the ELB * `source_security_group` - The name of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances. Use this for Classic or Default VPC only. * `source_security_group_id` - The ID of the security group that you can use as part of your inbound rules for your load balancer's back-end application instances. Only available on ELBs launched in a VPC. * `zone_id` - The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record) ## Import ELBs can be imported using the `name`, e.g. ``` $ terraform import aws_elb.bar elb-production-12345 ```