ElasticLoadBalancingv2 / Client / modify_load_balancer_attributes
modify_load_balancer_attributes#
- ElasticLoadBalancingv2.Client.modify_load_balancer_attributes(**kwargs)#
Modifies the specified attributes of the specified Application Load Balancer, Network Load Balancer, or Gateway Load Balancer.
If any of the specified attributes can’t be modified as requested, the call fails. Any existing attributes that you do not modify retain their current values.
See also: AWS API Documentation
Request Syntax
response = client.modify_load_balancer_attributes( LoadBalancerArn='string', Attributes=[ { 'Key': 'string', 'Value': 'string' }, ] )
- Parameters:
LoadBalancerArn (string) –
[REQUIRED]
The Amazon Resource Name (ARN) of the load balancer.
Attributes (list) –
[REQUIRED]
The load balancer attributes.
(dict) –
Information about a load balancer attribute.
Key (string) –
The name of the attribute.
The following attributes are supported by all load balancers:
deletion_protection.enabled
- Indicates whether deletion protection is enabled. The value istrue
orfalse
. The default isfalse
.load_balancing.cross_zone.enabled
- Indicates whether cross-zone load balancing is enabled. The possible values aretrue
andfalse
. The default for Network Load Balancers and Gateway Load Balancers isfalse
. The default for Application Load Balancers istrue
, and cannot be changed.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
access_logs.s3.enabled
- Indicates whether access logs are enabled. The value istrue
orfalse
. The default isfalse
.access_logs.s3.bucket
- The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.access_logs.s3.prefix
- The prefix for the location in the S3 bucket for the access logs.ipv6.deny_all_igw_traffic
- Blocks internet gateway (IGW) access to the load balancer. It is set tofalse
for internet-facing load balancers andtrue
for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.
The following attributes are supported by only Application Load Balancers:
idle_timeout.timeout_seconds
- The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.client_keep_alive.seconds
- The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.connection_logs.s3.enabled
- Indicates whether connection logs are enabled. The value istrue
orfalse
. The default isfalse
.connection_logs.s3.bucket
- The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.connection_logs.s3.prefix
- The prefix for the location in the S3 bucket for the connection logs.routing.http.desync_mitigation_mode
- Determines how the load balancer handles requests that might pose a security risk to your application. The possible values aremonitor
,defensive
, andstrictest
. The default isdefensive
.routing.http.drop_invalid_header_fields.enabled
- Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true
) or routed to targets (false
). The default isfalse
.routing.http.preserve_host_header.enabled
- Indicates whether the Application Load Balancer should preserve theHost
header in the HTTP request and send it to the target without any change. The possible values aretrue
andfalse
. The default isfalse
.routing.http.x_amzn_tls_version_and_cipher_suite.enabled
- Indicates whether the two headers (x-amzn-tls-version
andx-amzn-tls-cipher-suite
), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Thex-amzn-tls-version
header has information about the TLS protocol version negotiated with the client, and thex-amzn-tls-cipher-suite
header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute aretrue
andfalse
. The default isfalse
.routing.http.xff_client_port.enabled
- Indicates whether theX-Forwarded-For
header should preserve the source port that the client used to connect to the load balancer. The possible values aretrue
andfalse
. The default isfalse
.routing.http.xff_header_processing.mode
- Enables you to modify, preserve, or remove theX-Forwarded-For
header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values areappend
,preserve
, andremove
. The default isappend
.If the value is
append
, the Application Load Balancer adds the client IP address (of the last hop) to theX-Forwarded-For
header in the HTTP request before it sends it to targets.If the value is
preserve
the Application Load Balancer preserves theX-Forwarded-For
header in the HTTP request, and sends it to targets without any change.If the value is
remove
, the Application Load Balancer removes theX-Forwarded-For
header in the HTTP request before it sends it to targets.
routing.http2.enabled
- Indicates whether HTTP/2 is enabled. The possible values aretrue
andfalse
. The default istrue
. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.waf.fail_open.enabled
- Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values aretrue
andfalse
. The default isfalse
.
The following attributes are supported by only Network Load Balancers:
dns_record.client_routing_policy
- Indicates how traffic is distributed among the load balancer Availability Zones. The possible values areavailability_zone_affinity
with 100 percent zonal affinity,partial_availability_zone_affinity
with 85 percent zonal affinity, andany_availability_zone
with 0 percent zonal affinity.
Value (string) –
The value of the attribute.
- Return type:
dict
- Returns:
Response Syntax
{ 'Attributes': [ { 'Key': 'string', 'Value': 'string' }, ] }
Response Structure
(dict) –
Attributes (list) –
Information about the load balancer attributes.
(dict) –
Information about a load balancer attribute.
Key (string) –
The name of the attribute.
The following attributes are supported by all load balancers:
deletion_protection.enabled
- Indicates whether deletion protection is enabled. The value istrue
orfalse
. The default isfalse
.load_balancing.cross_zone.enabled
- Indicates whether cross-zone load balancing is enabled. The possible values aretrue
andfalse
. The default for Network Load Balancers and Gateway Load Balancers isfalse
. The default for Application Load Balancers istrue
, and cannot be changed.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
access_logs.s3.enabled
- Indicates whether access logs are enabled. The value istrue
orfalse
. The default isfalse
.access_logs.s3.bucket
- The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.access_logs.s3.prefix
- The prefix for the location in the S3 bucket for the access logs.ipv6.deny_all_igw_traffic
- Blocks internet gateway (IGW) access to the load balancer. It is set tofalse
for internet-facing load balancers andtrue
for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.
The following attributes are supported by only Application Load Balancers:
idle_timeout.timeout_seconds
- The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.client_keep_alive.seconds
- The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.connection_logs.s3.enabled
- Indicates whether connection logs are enabled. The value istrue
orfalse
. The default isfalse
.connection_logs.s3.bucket
- The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.connection_logs.s3.prefix
- The prefix for the location in the S3 bucket for the connection logs.routing.http.desync_mitigation_mode
- Determines how the load balancer handles requests that might pose a security risk to your application. The possible values aremonitor
,defensive
, andstrictest
. The default isdefensive
.routing.http.drop_invalid_header_fields.enabled
- Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true
) or routed to targets (false
). The default isfalse
.routing.http.preserve_host_header.enabled
- Indicates whether the Application Load Balancer should preserve theHost
header in the HTTP request and send it to the target without any change. The possible values aretrue
andfalse
. The default isfalse
.routing.http.x_amzn_tls_version_and_cipher_suite.enabled
- Indicates whether the two headers (x-amzn-tls-version
andx-amzn-tls-cipher-suite
), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. Thex-amzn-tls-version
header has information about the TLS protocol version negotiated with the client, and thex-amzn-tls-cipher-suite
header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute aretrue
andfalse
. The default isfalse
.routing.http.xff_client_port.enabled
- Indicates whether theX-Forwarded-For
header should preserve the source port that the client used to connect to the load balancer. The possible values aretrue
andfalse
. The default isfalse
.routing.http.xff_header_processing.mode
- Enables you to modify, preserve, or remove theX-Forwarded-For
header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values areappend
,preserve
, andremove
. The default isappend
.If the value is
append
, the Application Load Balancer adds the client IP address (of the last hop) to theX-Forwarded-For
header in the HTTP request before it sends it to targets.If the value is
preserve
the Application Load Balancer preserves theX-Forwarded-For
header in the HTTP request, and sends it to targets without any change.If the value is
remove
, the Application Load Balancer removes theX-Forwarded-For
header in the HTTP request before it sends it to targets.
routing.http2.enabled
- Indicates whether HTTP/2 is enabled. The possible values aretrue
andfalse
. The default istrue
. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens.waf.fail_open.enabled
- Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values aretrue
andfalse
. The default isfalse
.
The following attributes are supported by only Network Load Balancers:
dns_record.client_routing_policy
- Indicates how traffic is distributed among the load balancer Availability Zones. The possible values areavailability_zone_affinity
with 100 percent zonal affinity,partial_availability_zone_affinity
with 85 percent zonal affinity, andany_availability_zone
with 0 percent zonal affinity.
Value (string) –
The value of the attribute.
Exceptions
ElasticLoadBalancingv2.Client.exceptions.LoadBalancerNotFoundException
ElasticLoadBalancingv2.Client.exceptions.InvalidConfigurationRequestException
Examples
This example enables deletion protection for the specified load balancer.
response = client.modify_load_balancer_attributes( Attributes=[ { 'Key': 'deletion_protection.enabled', 'Value': 'true', }, ], LoadBalancerArn='arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188', ) print(response)
Expected Output:
{ 'Attributes': [ { 'Key': 'deletion_protection.enabled', 'Value': 'true', }, { 'Key': 'access_logs.s3.enabled', 'Value': 'false', }, { 'Key': 'idle_timeout.timeout_seconds', 'Value': '60', }, { 'Key': 'access_logs.s3.prefix', 'Value': '', }, { 'Key': 'access_logs.s3.bucket', 'Value': '', }, ], 'ResponseMetadata': { '...': '...', }, }
This example changes the idle timeout value for the specified load balancer.
response = client.modify_load_balancer_attributes( Attributes=[ { 'Key': 'idle_timeout.timeout_seconds', 'Value': '30', }, ], LoadBalancerArn='arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188', ) print(response)
Expected Output:
{ 'Attributes': [ { 'Key': 'idle_timeout.timeout_seconds', 'Value': '30', }, { 'Key': 'access_logs.s3.enabled', 'Value': 'false', }, { 'Key': 'access_logs.s3.prefix', 'Value': '', }, { 'Key': 'deletion_protection.enabled', 'Value': 'true', }, { 'Key': 'access_logs.s3.bucket', 'Value': '', }, ], 'ResponseMetadata': { '...': '...', }, }
This example enables access logs for the specified load balancer. Note that the S3 bucket must exist in the same region as the load balancer and must have a policy attached that grants access to the Elastic Load Balancing service.
response = client.modify_load_balancer_attributes( Attributes=[ { 'Key': 'access_logs.s3.enabled', 'Value': 'true', }, { 'Key': 'access_logs.s3.bucket', 'Value': 'my-loadbalancer-logs', }, { 'Key': 'access_logs.s3.prefix', 'Value': 'myapp', }, ], LoadBalancerArn='arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188', ) print(response)
Expected Output:
{ 'Attributes': [ { 'Key': 'access_logs.s3.enabled', 'Value': 'true', }, { 'Key': 'access_logs.s3.bucket', 'Value': 'my-load-balancer-logs', }, { 'Key': 'access_logs.s3.prefix', 'Value': 'myapp', }, { 'Key': 'idle_timeout.timeout_seconds', 'Value': '60', }, { 'Key': 'deletion_protection.enabled', 'Value': 'false', }, ], 'ResponseMetadata': { '...': '...', }, }