gruntwork-io · docs-sourcer · May 22, 2026
diff --git a/.../modules/terraform-aws-load-balancer/acm-tls-certificate/acm-tls-certificate.md b/.../modules/terraform-aws-load-balancer/acm-tls-certificate/acm-tls-certificate.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
 import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
 import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
 
-<VersionBadge repoTitle="Load Balancer Modules" version="1.2.1" lastModifiedVersion="1.2.1"/>
+<VersionBadge repoTitle="Load Balancer Modules" version="1.3.1" lastModifiedVersion="1.2.1"/>
 
 # ACM TLS Certificate
 
-<a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/acm-tls-certificate" className="link-button" title="View the source code for this module in GitHub.">View Source</a>
+<a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/acm-tls-certificate" className="link-button" title="View the source code for this module in GitHub.">View Source</a>
 
 <a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/releases/tag/v1.2.1" className="link-button" title="Release notes for only versions which impacted this module.">Release Notes</a>
 
@@ -232,7 +232,7 @@ In this example, the `acm-tls-certificates` module will "wait" until your `aws_r
 
 module "acm_tls_certificate" {
 
-  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/acm-tls-certificate?ref=v1.2.1"
+  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/acm-tls-certificate?ref=v1.3.1"
 
   # ----------------------------------------------------------------------------------------------------
   # REQUIRED VARIABLES
@@ -290,7 +290,7 @@ module "acm_tls_certificate" {
 # ------------------------------------------------------------------------------------------------------
 
 terraform {
-  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/acm-tls-certificate?ref=v1.2.1"
+  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/acm-tls-certificate?ref=v1.3.1"
 }
 
 inputs = {
@@ -553,11 +553,11 @@ Global tags to apply to all ACM certificates issued via this module. These globa
 <!-- ##DOCS-SOURCER-START
 {
   "originalSources": [
-    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/acm-tls-certificate/readme.md",
-    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/acm-tls-certificate/variables.tf",
-    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/acm-tls-certificate/outputs.tf"
+    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/acm-tls-certificate/readme.md",
+    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/acm-tls-certificate/variables.tf",
+    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/acm-tls-certificate/outputs.tf"
   ],
   "sourcePlugin": "module-catalog-api",
-  "hash": "76ff1a8cbbe72c8d4f5d05309ea5494d"
+  "hash": "68d226c5bb2dbd7f85a9bdc331d504dd"
 }
 ##DOCS-SOURCER-END -->
diff --git a/docs/reference/modules/terraform-aws-load-balancer/alb/alb.md b/docs/reference/modules/terraform-aws-load-balancer/alb/alb.md
@@ -9,11 +9,11 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
 import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
 import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
 
-<VersionBadge repoTitle="Load Balancer Modules" version="1.2.1" lastModifiedVersion="1.1.1"/>
+<VersionBadge repoTitle="Load Balancer Modules" version="1.3.1" lastModifiedVersion="1.1.1"/>
 
 # Application Load Balancer (ALB) Module
 
-<a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/alb" className="link-button" title="View the source code for this module in GitHub.">View Source</a>
+<a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/alb" className="link-button" title="View the source code for this module in GitHub.">View Source</a>
 
 <a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/releases/tag/v1.1.1" className="link-button" title="Release notes for only versions which impacted this module.">Release Notes</a>
 
@@ -191,7 +191,7 @@ There are two ways for you to override this behavior:
 
 module "alb" {
 
-  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/alb?ref=v1.2.1"
+  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/alb?ref=v1.3.1"
 
   # ----------------------------------------------------------------------------------------------------
   # REQUIRED VARIABLES
@@ -438,7 +438,7 @@ module "alb" {
 # ------------------------------------------------------------------------------------------------------
 
 terraform {
-  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/alb?ref=v1.2.1"
+  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/alb?ref=v1.3.1"
 }
 
 inputs = {
@@ -1417,11 +1417,11 @@ A map from port to the AWS ARNs of the listeners for the ALB that has been deplo
 <!-- ##DOCS-SOURCER-START
 {
   "originalSources": [
-    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/alb/readme.md",
-    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/alb/variables.tf",
-    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/alb/outputs.tf"
+    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/alb/readme.md",
+    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/alb/variables.tf",
+    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/alb/outputs.tf"
   ],
   "sourcePlugin": "module-catalog-api",
-  "hash": "8e053498a413870182ceb6b5918d0d08"
+  "hash": "804002a5ec7bafaddcd7e4c086e6ac57"
 }
 ##DOCS-SOURCER-END -->
diff --git a/...ence/modules/terraform-aws-load-balancer/lb-listener-rules/lb-listener-rules.md b/...ence/modules/terraform-aws-load-balancer/lb-listener-rules/lb-listener-rules.md
@@ -9,13 +9,13 @@ import VersionBadge from '../../../../../src/components/VersionBadge.tsx';
 import { HclListItem, HclListItemDescription, HclListItemTypeDetails, HclListItemDefaultValue, HclGeneralListItem } from '../../../../../src/components/HclListItem.tsx';
 import { ModuleUsage } from "../../../../../src/components/ModuleUsage";
 
-<VersionBadge repoTitle="Load Balancer Modules" version="1.2.1" lastModifiedVersion="1.1.0"/>
+<VersionBadge repoTitle="Load Balancer Modules" version="1.3.1" lastModifiedVersion="1.3.0"/>
 
 # Load Balancer Listener Rules
 
-<a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/lb-listener-rules" className="link-button" title="View the source code for this module in GitHub.">View Source</a>
+<a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/lb-listener-rules" className="link-button" title="View the source code for this module in GitHub.">View Source</a>
 
-<a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/releases/tag/v1.1.0" className="link-button" title="Release notes for only versions which impacted this module.">Release Notes</a>
+<a href="https://github.com/gruntwork-io/terraform-aws-load-balancer/releases/tag/v1.3.0" className="link-button" title="Release notes for only versions which impacted this module.">Release Notes</a>
 
 This Terraform Module provides a simpler, more declarative interface for creating
 [Load Balancer Listener Rules](https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html)
@@ -28,10 +28,7 @@ This module currently supports:
 
 *   Most major rule types: forward rules, redirect rules, fixed-response
 *   Most condition types: host header, HTTP header, request method, path pattern, query string, source IP.
-
-This module does NOT currently support:
-
-*   `authenticate_cognito` and `authenticate_oidc` rules
+*   Pre-routing action types: `authenticate_cognito`, `authenticate_oidc`, and `jwt_validation`
 
 This feature may be added later, but if you need them now, you should use the
 [`lb_listener_rule`](https://www.terraform.io/docs/providers/aws/r/lb_listener_rule.html) resource directly.
@@ -95,7 +92,7 @@ Note that in most cases, your path definitions should be mutually exclusive and
 
 module "lb_listener_rules" {
 
-  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/lb-listener-rules?ref=v1.2.1"
+  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/lb-listener-rules?ref=v1.3.1"
 
   # ----------------------------------------------------------------------------------------------------
   # REQUIRED VARIABLES
@@ -154,7 +151,7 @@ module "lb_listener_rules" {
 # ------------------------------------------------------------------------------------------------------
 
 terraform {
-  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/lb-listener-rules?ref=v1.2.1"
+  source = "git::git@github.com:gruntwork-io/terraform-aws-load-balancer.git//modules/lb-listener-rules?ref=v1.3.1"
 }
 
 inputs = {
@@ -366,6 +363,8 @@ Any types represent complex values of variable type. For details, please consult
 
    - authenticate_cognito map(object)  : Cognito authentication configuration. Only applies, if not null.
 
+   - jwt_validation       map(object)  : JWT validation configuration. Only applies, if not null.
+
 
 ```
 </details>
@@ -442,6 +441,23 @@ Any types represent complex values of variable type. For details, please consult
 ```
 </details>
 
+<details>
+
+
+```hcl
+
+   JWT Validation Blocks:
+   jwt_validation:
+   - issuer                              string            : (Required) The issuer of the JWT tokens. Must be a valid URL (e.g., https://token.example.com).
+   - jwks_endpoint                       string            : (Required) The URL of the JSON Web Key Set (JWKS) endpoint used to validate token signatures.
+   - additional_claims                   list(map(object)) : (Optional) Additional JWT claims to validate beyond issuer.
+     - format                            string            : (Required) The format of the claim value. Supported values are: iss, sub, aud, jti, nbf, exp, iat, string, string_list.
+     - name                              string            : (Required) The name of the JWT claim to validate.
+     - values                            list(string)      : (Required) The list of allowed values for the claim.
+
+```
+</details>
+
 </HclGeneralListItem>
 </HclListItem>
 
@@ -459,63 +475,6 @@ Any types represent complex values of variable type. For details, please consult
 
 </HclListItemTypeDetails>
 <HclListItemDefaultValue defaultValue="{}"/>
-<HclGeneralListItem title="Examples">
-<details>
-  <summary>Example</summary>
-
-
-```hcl
-    {
-      "foo" = {
-        priority = 120
-
-        host_headers         = ["www.foo.com", "*.foo.com"]
-        path_patterns        = ["/foo/*"]
-        source_ips           = ["127.0.0.1/32"]
-        http_request_methods = ["GET"]
-        query_strings = [
-          {
-             key   = "foo"   Key is optional, this can be ommited.
-            value = "bar"
-          }, {
-            value = "hello"
-          }
-       ]
-     },
-     "bar" = {
-       priority       = 127
-       listener_ports = ["443"]
-
-       host_headers   = ["example.com", "www.example.com"]
-       path_patterns  = ["/super_secure_path", "/another_path"]
-       http_headers   = [
-         {
-           http_header_name = "X-Forwarded-For"
-           values           = ["127.0.0.1"]
-         }
-       ]
-     },
-     "auth" = {
-       priority       = 128
-       listener_ports = ["443"]
-
-       host_headers      = ["intern.example.com]
-       path_patterns     = ["/admin", "/admin/*]
-       authenticate_oidc = {
-         authorization_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/authorize"
-         client_id              = "0123456789aBcDeFgHiJ"
-         client_secret          = "clientsecret"
-         issuer                 = "https://myaccount.oktapreview.com"
-         token_endpoint         = "https://myaccount.oktapreview.com/oauth2/v1/token"
-         user_info_endpoint     = "https://myaccount.oktapreview.com/oauth2/v1/userinfo"
-       }
-     }
-   }
-
-```
-</details>
-
-</HclGeneralListItem>
 <HclGeneralListItem title="More Details">
 <details>
 
@@ -539,6 +498,8 @@ Any types represent complex values of variable type. For details, please consult
 
    - authenticate_cognito map(object)               : Cognito authentication configuration. Only applies, if not null.
 
+   - jwt_validation       map(object)  : JWT validation configuration. Only applies, if not null.
+
 
 ```
 </details>
@@ -623,6 +584,98 @@ Any types represent complex values of variable type. For details, please consult
 ```
 </details>
 
+<details>
+
+
+```hcl
+
+   JWT Validation Blocks:
+   jwt_validation:
+   - issuer                              string            : (Required) The issuer of the JWT tokens. Must be a valid URL (e.g., https://token.example.com).
+   - jwks_endpoint                       string            : (Required) The URL of the JSON Web Key Set (JWKS) endpoint used to validate token signatures.
+   - additional_claims                   list(map(object)) : (Optional) Additional JWT claims to validate beyond issuer.
+     - format                            string            : (Required) The format of the claim value. Supported values are: iss, sub, aud, jti, nbf, exp, iat, string, string_list.
+     - name                              string            : (Required) The name of the JWT claim to validate.
+     - values                            list(string)      : (Required) The list of allowed values for the claim.
+
+```
+</details>
+
+<details>
+
+
+```hcl
+
+
+   Example:
+    {
+      "foo" = {
+        priority = 120
+
+        host_headers         = ["www.foo.com", "*.foo.com"]
+        path_patterns        = ["/foo/*"]
+        source_ips           = ["127.0.0.1/32"]
+        http_request_methods = ["GET"]
+        query_strings = [
+          {
+             key   = "foo"   Key is optional, this can be ommited.
+            value = "bar"
+          }, {
+            value = "hello"
+          }
+       ]
+     },
+     "bar" = {
+       priority       = 127
+       listener_ports = ["443"]
+
+       host_headers   = ["example.com", "www.example.com"]
+       path_patterns  = ["/super_secure_path", "/another_path"]
+       http_headers   = [
+         {
+           http_header_name = "X-Forwarded-For"
+           values           = ["127.0.0.1"]
+         }
+       ]
+     },
+     "auth" = {
+       priority       = 128
+       listener_ports = ["443"]
+
+       host_headers      = ["intern.example.com"]
+       path_patterns     = ["/admin", "/admin/*"]
+       authenticate_oidc = {
+         authorization_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/authorize"
+         client_id              = "0123456789aBcDeFgHiJ"
+         client_secret          = "clientsecret"
+         issuer                 = "https://myaccount.oktapreview.com"
+         token_endpoint         = "https://myaccount.oktapreview.com/oauth2/v1/token"
+         user_info_endpoint     = "https://myaccount.oktapreview.com/oauth2/v1/userinfo"
+       }
+     }
+     "jwt-auth" = {
+       priority       = 129
+       listener_ports = ["443"]
+
+       host_headers   = ["api.example.com"]
+       path_patterns  = ["/api/*"]
+       jwt_validation = {
+         issuer        = "https://myaccount.oktapreview.com"
+         jwks_endpoint = "https://myaccount.oktapreview.com/oauth2/v1/keys"
+         additional_claims = [
+           {
+             format = "string"
+             name   = "aud"
+             values = ["my-api"]
+           }
+         ]
+       }
+     }
+   }
+
+```
+</details>
+
 </HclGeneralListItem>
 </HclListItem>
 
@@ -719,6 +772,8 @@ Any types represent complex values of variable type. For details, please consult
 
    - authenticate_cognito map(object)    : Cognito authentication configuration. Only applies, if not null.
 
+   - jwt_validation       map(object)  : JWT validation configuration. Only applies, if not null.
+
 
 ```
 </details>
@@ -805,6 +860,23 @@ Any types represent complex values of variable type. For details, please consult
 ```
 </details>
 
+<details>
+
+
+```hcl
+
+   JWT Validation Blocks:
+   jwt_validation:
+   - issuer                              string            : (Required) The issuer of the JWT tokens. Must be a valid URL (e.g., https://token.example.com).
+   - jwks_endpoint                       string            : (Required) The URL of the JSON Web Key Set (JWKS) endpoint used to validate token signatures.
+   - additional_claims                   list(map(object)) : (Optional) Additional JWT claims to validate beyond issuer.
+     - format                            string            : (Required) The format of the claim value. Supported values are: iss, sub, aud, jti, nbf, exp, iat, string, string_list.
+     - name                              string            : (Required) The name of the JWT claim to validate.
+     - values                            list(string)      : (Required) The list of allowed values for the claim.
+
+```
+</details>
+
 </HclGeneralListItem>
 </HclListItem>
 
@@ -849,11 +921,11 @@ The ARNs of the rules of type redirect. The key is the same key of the rule from
 <!-- ##DOCS-SOURCER-START
 {
   "originalSources": [
-    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/lb-listener-rules/readme.md",
-    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/lb-listener-rules/variables.tf",
-    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.2.1/modules/lb-listener-rules/outputs.tf"
+    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/lb-listener-rules/readme.md",
+    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/lb-listener-rules/variables.tf",
+    "https://github.com/gruntwork-io/terraform-aws-load-balancer/tree/v1.3.1/modules/lb-listener-rules/outputs.tf"
   ],
   "sourcePlugin": "module-catalog-api",
-  "hash": "09fcd2e21a6eb9b5a6bcba678568cb39"
+  "hash": "3910b4a52fd74c546222230c11a93dde"
 }
 ##DOCS-SOURCER-END -->