diff --git a/docs/reference/modules/terraform-aws-load-balancer/acm-tls-certificate/acm-tls-certificate.md b/docs/reference/modules/terraform-aws-load-balancer/acm-tls-certificate/acm-tls-certificate.md
index 6fbfa3928..22a07b267 100644
--- a/docs/reference/modules/terraform-aws-load-balancer/acm-tls-certificate/acm-tls-certificate.md
+++ b/docs/reference/modules/terraform-aws-load-balancer/acm-tls-certificate/acm-tls-certificate.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# ACM TLS Certificate
-View Source
+View Source
Release Notes
@@ -232,7 +232,7 @@ In this example, the `acm-tls-certificates` module will "wait" until your `aws_r
module "acm_tls_certificate" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/acm-tls-certificate?ref=v1.2.1"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/acm-tls-certificate?ref=v1.3.1"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -290,7 +290,7 @@ module "acm_tls_certificate" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/acm-tls-certificate?ref=v1.2.1"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/acm-tls-certificate?ref=v1.3.1"
}
inputs = {
@@ -553,11 +553,11 @@ Global tags to apply to all ACM certificates issued via this module. These globa
diff --git a/docs/reference/modules/terraform-aws-load-balancer/alb/alb.md b/docs/reference/modules/terraform-aws-load-balancer/alb/alb.md
index 3f6e567f2..8072a88f3 100644
--- a/docs/reference/modules/terraform-aws-load-balancer/alb/alb.md
+++ b/docs/reference/modules/terraform-aws-load-balancer/alb/alb.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Application Load Balancer (ALB) Module
-View Source
+View Source
Release Notes
@@ -191,7 +191,7 @@ There are two ways for you to override this behavior:
module "alb" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/alb?ref=v1.2.1"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/alb?ref=v1.3.1"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -438,7 +438,7 @@ module "alb" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/alb?ref=v1.2.1"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/alb?ref=v1.3.1"
}
inputs = {
@@ -1417,11 +1417,11 @@ A map from port to the AWS ARNs of the listeners for the ALB that has been deplo
diff --git a/docs/reference/modules/terraform-aws-load-balancer/lb-listener-rules/lb-listener-rules.md b/docs/reference/modules/terraform-aws-load-balancer/lb-listener-rules/lb-listener-rules.md
index 2d28f3436..b878e26d5 100644
--- a/docs/reference/modules/terraform-aws-load-balancer/lb-listener-rules/lb-listener-rules.md
+++ b/docs/reference/modules/terraform-aws-load-balancer/lb-listener-rules/lb-listener-rules.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Load Balancer Listener Rules
-View Source
+View Source
-Release Notes
+Release Notes
This Terraform Module provides a simpler, more declarative interface for creating
[Load Balancer Listener Rules](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html)
@@ -28,10 +28,7 @@ This module currently supports:
* Most major rule types: forward rules, redirect rules, fixed-response
* Most condition types: host header, HTTP header, request method, path pattern, query string, source IP.
-
-This module does NOT currently support:
-
-* `authenticate_cognito` and `authenticate_oidc` rules
+* Pre-routing action types: `authenticate_cognito`, `authenticate_oidc`, and `jwt_validation`
This feature may be added later, but if you need them now, you should use the
[`lb_listener_rule`](https://www.terraform.io/docs/providers/aws/r/lb_listener_rule.html) resource directly.
@@ -95,7 +92,7 @@ Note that in most cases, your path definitions should be mutually exclusive and
module "lb_listener_rules" {
- source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/lb-listener-rules?ref=v1.2.1"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/lb-listener-rules?ref=v1.3.1"
# ----------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
@@ -154,7 +151,7 @@ module "lb_listener_rules" {
# ------------------------------------------------------------------------------------------------------
terraform {
- source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/lb-listener-rules?ref=v1.2.1"
+ source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/lb-listener-rules?ref=v1.3.1"
}
inputs = {
@@ -366,6 +363,8 @@ Any types represent complex values of variable type. For details, please consult
- authenticate_cognito map(object) : Cognito authentication configuration. Only applies, if not null.
+ - jwt_validation map(object) : JWT validation configuration. Only applies, if not null.
+
```
@@ -442,6 +441,23 @@ Any types represent complex values of variable type. For details, please consult
```
+
+
+
+```hcl
+
+ JWT Validation Blocks:
+ jwt_validation:
+ - issuer string : (Required) The issuer of the JWT tokens. Must be a valid URL (e.g., https://token.example.com).
+ - jwks_endpoint string : (Required) The URL of the JSON Web Key Set (JWKS) endpoint used to validate token signatures.
+ - additional_claims list(map(object)) : (Optional) Additional JWT claims to validate beyond issuer.
+ - format string : (Required) The format of the claim value. Supported values are: iss, sub, aud, jti, nbf, exp, iat, string, string_list.
+ - name string : (Required) The name of the JWT claim to validate.
+ - values list(string) : (Required) The list of allowed values for the claim.
+
+```
+
+
@@ -459,63 +475,6 @@ Any types represent complex values of variable type. For details, please consult
-
-
- Example
-
-
-```hcl
- {
- "foo" = {
- priority = 120
-
- host_headers = ["www.foo.com", "*.foo.com"]
- path_patterns = ["/foo/*"]
- source_ips = ["127.0.0.1/32"]
- http_request_methods = ["GET"]
- query_strings = [
- {
- key = "foo" Key is optional, this can be ommited.
- value = "bar"
- }, {
- value = "hello"
- }
- ]
- },
- "bar" = {
- priority = 127
- listener_ports = ["443"]
-
- host_headers = ["example.com", "www.example.com"]
- path_patterns = ["/super_secure_path", "/another_path"]
- http_headers = [
- {
- http_header_name = "X-Forwarded-For"
- values = ["127.0.0.1"]
- }
- ]
- },
- "auth" = {
- priority = 128
- listener_ports = ["443"]
-
- host_headers = ["intern.example.com]
- path_patterns = ["/admin", "/admin/*]
- authenticate_oidc = {
- authorization_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/authorize"
- client_id = "0123456789aBcDeFgHiJ"
- client_secret = "clientsecret"
- issuer = "https://myaccount.oktapreview.com"
- token_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/token"
- user_info_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/userinfo"
- }
- }
- }
-
-```
-
-
-
@@ -539,6 +498,8 @@ Any types represent complex values of variable type. For details, please consult
- authenticate_cognito map(object) : Cognito authentication configuration. Only applies, if not null.
+ - jwt_validation map(object) : JWT validation configuration. Only applies, if not null.
+
```
@@ -623,6 +584,98 @@ Any types represent complex values of variable type. For details, please consult
```
+
+
+
+```hcl
+
+ JWT Validation Blocks:
+ jwt_validation:
+ - issuer string : (Required) The issuer of the JWT tokens. Must be a valid URL (e.g., https://token.example.com).
+ - jwks_endpoint string : (Required) The URL of the JSON Web Key Set (JWKS) endpoint used to validate token signatures.
+ - additional_claims list(map(object)) : (Optional) Additional JWT claims to validate beyond issuer.
+ - format string : (Required) The format of the claim value. Supported values are: iss, sub, aud, jti, nbf, exp, iat, string, string_list.
+ - name string : (Required) The name of the JWT claim to validate.
+ - values list(string) : (Required) The list of allowed values for the claim.
+
+```
+
+
+
+
+
+```hcl
+
+
+ Example:
+ {
+ "foo" = {
+ priority = 120
+
+ host_headers = ["www.foo.com", "*.foo.com"]
+ path_patterns = ["/foo/*"]
+ source_ips = ["127.0.0.1/32"]
+ http_request_methods = ["GET"]
+ query_strings = [
+ {
+ key = "foo" Key is optional, this can be ommited.
+ value = "bar"
+ }, {
+ value = "hello"
+ }
+ ]
+ },
+ "bar" = {
+ priority = 127
+ listener_ports = ["443"]
+
+ host_headers = ["example.com", "www.example.com"]
+ path_patterns = ["/super_secure_path", "/another_path"]
+ http_headers = [
+ {
+ http_header_name = "X-Forwarded-For"
+ values = ["127.0.0.1"]
+ }
+ ]
+ },
+ "auth" = {
+ priority = 128
+ listener_ports = ["443"]
+
+ host_headers = ["intern.example.com"]
+ path_patterns = ["/admin", "/admin/*"]
+ authenticate_oidc = {
+ authorization_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/authorize"
+ client_id = "0123456789aBcDeFgHiJ"
+ client_secret = "clientsecret"
+ issuer = "https://myaccount.oktapreview.com"
+ token_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/token"
+ user_info_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/userinfo"
+ }
+ }
+ "jwt-auth" = {
+ priority = 129
+ listener_ports = ["443"]
+
+ host_headers = ["api.example.com"]
+ path_patterns = ["/api/*"]
+ jwt_validation = {
+ issuer = "https://myaccount.oktapreview.com"
+ jwks_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/keys"
+ additional_claims = [
+ {
+ format = "string"
+ name = "aud"
+ values = ["my-api"]
+ }
+ ]
+ }
+ }
+ }
+
+```
+
+
@@ -719,6 +772,8 @@ Any types represent complex values of variable type. For details, please consult
- authenticate_cognito map(object) : Cognito authentication configuration. Only applies, if not null.
+ - jwt_validation map(object) : JWT validation configuration. Only applies, if not null.
+
```
@@ -805,6 +860,23 @@ Any types represent complex values of variable type. For details, please consult
```
+
+
+
+```hcl
+
+ JWT Validation Blocks:
+ jwt_validation:
+ - issuer string : (Required) The issuer of the JWT tokens. Must be a valid URL (e.g., https://token.example.com).
+ - jwks_endpoint string : (Required) The URL of the JSON Web Key Set (JWKS) endpoint used to validate token signatures.
+ - additional_claims list(map(object)) : (Optional) Additional JWT claims to validate beyond issuer.
+ - format string : (Required) The format of the claim value. Supported values are: iss, sub, aud, jti, nbf, exp, iat, string, string_list.
+ - name string : (Required) The name of the JWT claim to validate.
+ - values list(string) : (Required) The list of allowed values for the claim.
+
+```
+
+
@@ -849,11 +921,11 @@ The ARNs of the rules of type redirect. The key is the same key of the rule from
diff --git a/docs/reference/modules/terraform-aws-load-balancer/nlb/nlb.md b/docs/reference/modules/terraform-aws-load-balancer/nlb/nlb.md
index 2277fd916..d4f755482 100644
--- a/docs/reference/modules/terraform-aws-load-balancer/nlb/nlb.md
+++ b/docs/reference/modules/terraform-aws-load-balancer/nlb/nlb.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
-
+
# Network Load Balancer (NLB) Module
-View Source
+View Source
Release Notes
@@ -28,11 +28,11 @@ For information on why the module was removed, refer to the discussion in [PR