oracle.oci.oci_loadbalancer_network_security_groups – Manage a NetworkSecurityGroups resource in Oracle Cloud Infrastructure

Note

This plugin is part of the oracle.oci collection (version 4.14.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install oracle.oci.

To use it in a playbook, specify: oracle.oci.oci_loadbalancer_network_security_groups.

New in version 2.9.0: of oracle.oci

Synopsis

  • This module allows the user to update a NetworkSecurityGroups resource in Oracle Cloud Infrastructure

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter Choices/Defaults Comments
api_user
string
The OCID of the user, on whose behalf, OCI APIs are invoked. If not set, then the value of the OCI_USER_ID environment variable, if any, is used. This option is required if the user is not specified through a configuration file (See config_file_location). To get the user's OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_fingerprint
string
Fingerprint for the key pair being used. If not set, then the value of the OCI_USER_FINGERPRINT environment variable, if any, is used. This option is required if the key fingerprint is not specified through a configuration file (See config_file_location). To get the key pair's fingerprint value please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm.
api_user_key_file
string
Full path and filename of the private key (in PEM format). If not set, then the value of the OCI_USER_KEY_FILE variable, if any, is used. This option is required if the private key is not specified through a configuration file (See config_file_location). If the key is encrypted with a pass-phrase, the api_user_key_pass_phrase option must also be provided.
api_user_key_pass_phrase
string
Passphrase used by the key referenced in api_user_key_file, if it is encrypted. If not set, then the value of the OCI_USER_KEY_PASS_PHRASE variable, if any, is used. This option is required if the key passphrase is not specified through a configuration file (See config_file_location).
auth_purpose
string
    Choices:
  • service_principal
The auth purpose which can be used in conjunction with 'auth_type=instance_principal'. The default auth_purpose for instance_principal is None.
auth_type
string
    Choices:
  • api_key ←
  • instance_principal
  • instance_obo_user
  • resource_principal
The type of authentication to use for making API requests. By default auth_type="api_key" based authentication is performed and the API key (see api_user_key_file) in your config file will be used. If this 'auth_type' module option is not specified, the value of the OCI_ANSIBLE_AUTH_TYPE, if any, is used. Use auth_type="instance_principal" to use instance principal based authentication when running ansible playbooks within an OCI compute instance.
cert_bundle
string
The full path to a CA certificate bundle to be used for SSL verification. This will override the default CA certificate bundle. If not set, then the value of the OCI_ANSIBLE_CERT_BUNDLE variable, if any, is used.
config_file_location
string
Path to configuration file. If not set then the value of the OCI_CONFIG_FILE environment variable, if any, is used. Otherwise, defaults to ~/.oci/config.
config_profile_name
string
The profile to load from the config file referenced by config_file_location. If not set, then the value of the OCI_CONFIG_PROFILE environment variable, if any, is used. Otherwise, defaults to the "DEFAULT" profile in config_file_location.
load_balancer_id
string / required
The OCID of the load balancer to update the NSGs for.

aliases: id
network_security_group_ids
list / elements=string
An array of NSG OCIDs associated with the load balancer.
During the load balancer's creation, the service adds the new load balancer to the specified NSGs.
The benefits of associating the load balancer with NSGs include:
* NSGs define network security rules to govern ingress and egress traffic for the load balancer.
* The network security rules of other resources can reference the NSGs associated with the load balancer to ensure access.
This parameter is updatable.
region
string
The Oracle Cloud Infrastructure region to use for all OCI API requests. If not set, then the value of the OCI_REGION variable, if any, is used. This option is required if the region is not specified through a configuration file (See config_file_location). Please refer to https://docs.us-phoenix-1.oraclecloud.com/Content/General/Concepts/regions.htm for more information on OCI regions.
state
string
    Choices:
  • present ←
The state of the NetworkSecurityGroups.
Use state=present to update an existing a NetworkSecurityGroups.
tenancy
string
OCID of your tenancy. If not set, then the value of the OCI_TENANCY variable, if any, is used. This option is required if the tenancy OCID is not specified through a configuration file (See config_file_location). To get the tenancy OCID, please refer https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm
wait
boolean
    Choices:
  • no
  • yes ←
Whether to wait for create or delete operation to complete.
wait_timeout
integer
Time, in seconds, to wait when wait=yes. Defaults to 1200 for most of the services but some services might have a longer wait timeout.

Examples

- name: Update network_security_groups
  oci_loadbalancer_network_security_groups:
    # required
    load_balancer_id: "ocid1.loadbalancer.oc1..xxxxxxEXAMPLExxxxxx"

    # optional
    network_security_group_ids: [ "network_security_group_ids_example" ]

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
load_balancer
complex
on success
Details of the NetworkSecurityGroups resource acted upon by the current operation

Sample:
{'backend_sets': {'backends': [{'backup': True, 'drain': True, 'ip_address': 'ip_address_example', 'name': 'name_example', 'offline': True, 'port': 56, 'weight': 56}], 'health_checker': {'interval_in_millis': 56, 'port': 56, 'protocol': 'protocol_example', 'response_body_regex': 'response_body_regex_example', 'retries': 56, 'return_code': 56, 'timeout_in_millis': 56, 'url_path': 'url_path_example'}, 'lb_cookie_session_persistence_configuration': {'cookie_name': 'cookie_name_example', 'disable_fallback': True, 'domain': 'domain_example', 'is_http_only': True, 'is_secure': True, 'max_age_in_seconds': 56, 'path': 'path_example'}, 'name': 'name_example', 'policy': 'policy_example', 'session_persistence_configuration': {'cookie_name': 'cookie_name_example', 'disable_fallback': True}, 'ssl_configuration': {'certificate_ids': [], 'certificate_name': 'certificate_name_example', 'cipher_suite_name': 'cipher_suite_name_example', 'protocols': [], 'server_order_preference': 'ENABLED', 'trusted_certificate_authority_ids': [], 'verify_depth': 56, 'verify_peer_certificate': True}}, 'certificates': {'ca_certificate': '-----BEGIN CERTIFICATE----MIIBIjANBgkqhkiG9w0BA..-----END PUBLIC KEY-----', 'certificate_name': 'certificate_name_example', 'public_certificate': '-----BEGIN CERTIFICATE----MIIBIjANBgkqhkiG9w0BA..-----END PUBLIC KEY-----'}, 'compartment_id': 'ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx', 'defined_tags': {'Operations': {'CostCenter': 'US'}}, 'display_name': 'display_name_example', 'freeform_tags': {'Department': 'Finance'}, 'hostnames': {'hostname': 'hostname_example', 'name': 'name_example'}, 'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx', 'ip_addresses': [{'ip_address': 'ip_address_example', 'is_public': True, 'reserved_ip': {'id': 'ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx'}}], 'is_private': True, 'lifecycle_state': 'CREATING', 'listeners': {'connection_configuration': {'backend_tcp_proxy_protocol_version': 56, 'idle_timeout': 56}, 'default_backend_set_name': 'default_backend_set_name_example', 'hostname_names': [], 'name': 'name_example', 'path_route_set_name': 'path_route_set_name_example', 'port': 56, 'protocol': 'protocol_example', 'routing_policy_name': 'routing_policy_name_example', 'rule_set_names': [], 'ssl_configuration': {'certificate_ids': [], 'certificate_name': 'certificate_name_example', 'cipher_suite_name': 'cipher_suite_name_example', 'protocols': [], 'server_order_preference': 'ENABLED', 'trusted_certificate_authority_ids': [], 'verify_depth': 56, 'verify_peer_certificate': True}}, 'network_security_group_ids': [], 'path_route_sets': {'name': 'name_example', 'path_routes': [{'backend_set_name': 'backend_set_name_example', 'path': 'path_example', 'path_match_type': {'match_type': 'EXACT_MATCH'}}]}, 'routing_policies': {'condition_language_version': 'V1', 'name': 'name_example', 'rules': [{'actions': [{'backend_set_name': 'backend_set_name_example', 'name': 'FORWARD_TO_BACKENDSET'}], 'condition': 'condition_example', 'name': 'name_example'}]}, 'rule_sets': {'items': [{'action': 'ADD_HTTP_REQUEST_HEADER', 'allowed_methods': [], 'are_invalid_characters_allowed': True, 'conditions': [{'attribute_name': 'SOURCE_IP_ADDRESS', 'attribute_value': 'attribute_value_example', 'operator': 'EXACT_MATCH'}], 'description': 'description_example', 'header': 'header_example', 'http_large_header_size_in_kb': 56, 'prefix': 'prefix_example', 'redirect_uri': {'host': 'host_example', 'path': 'path_example', 'port': 56, 'protocol': 'protocol_example', 'query': 'query_example'}, 'response_code': 56, 'status_code': 56, 'suffix': 'suffix_example', 'value': 'value_example'}], 'name': 'name_example'}, 'shape_details': {'maximum_bandwidth_in_mbps': 56, 'minimum_bandwidth_in_mbps': 56}, 'shape_name': 'shape_name_example', 'ssl_cipher_suites': {'ciphers': [], 'name': 'name_example'}, 'subnet_ids': [], 'system_tags': {}, 'time_created': '2013-10-20T19:20:30+01:00'}
 
backend_sets
complex
on success

   
backends
complex
on success

     
backup
boolean
on success
Whether the load balancer should treat this server as a backup unit. If `true`, the load balancer forwards no ingress traffic to this backend server unless all other backend servers not marked as "backup" fail the health check policy.
**Note:** You cannot add a backend server marked as `backup` to a backend set that uses the IP Hash policy.
Example: `false`

Sample:
True
     
drain
boolean
on success
Whether the load balancer should drain this server. Servers marked "drain" receive no new incoming traffic.
Example: `false`

Sample:
True
     
ip_address
string
on success
The IP address of the backend server.
Example: `10.0.0.3`

Sample:
ip_address_example
     
name
string
on success
A read-only field showing the IP address and port that uniquely identify this backend server in the backend set.
Example: `10.0.0.3:8080`

Sample:
name_example
     
offline
boolean
on success
Whether the load balancer should treat this server as offline. Offline servers receive no incoming traffic.
Example: `false`

Sample:
True
     
port
integer
on success
The communication port for the backend server.
Example: `8080`

Sample:
56
     
weight
integer
on success
The load balancing policy weight assigned to the server. Backend servers with a higher weight receive a larger proportion of incoming traffic. For example, a server weighted '3' receives 3 times the number of new connections as a server weighted '1'. For more information on load balancing policies, see How Load Balancing Policies Work.
Example: `3`

Sample:
56
   
health_checker
complex
on success

     
interval_in_millis
integer
on success
The interval between health checks, in milliseconds. The default is 10000 (10 seconds).
Example: `10000`

Sample:
56
     
port
integer
on success
The backend server port against which to run the health check. If the port is not specified, the load balancer uses the port information from the `Backend` object.
Example: `8080`

Sample:
56
     
protocol
string
on success
The protocol the health check must use; either HTTP or TCP.
Example: `HTTP`

Sample:
protocol_example
     
response_body_regex
string
on success
A regular expression for parsing the response body from the backend server.
Example: `^((?!false).|\s)*$`

Sample:
response_body_regex_example
     
retries
integer
on success
The number of retries to attempt before a backend server is considered "unhealthy". This number also applies when recovering a server to the "healthy" state. Defaults to 3.
Example: `3`

Sample:
56
     
return_code
integer
on success
The status code a healthy backend server should return. If you configure the health check policy to use the HTTP protocol, you can use common HTTP status codes such as "200".
Example: `200`

Sample:
56
     
timeout_in_millis
integer
on success
The maximum time, in milliseconds, to wait for a reply to a health check. A health check is successful only if a reply returns within this timeout period. Defaults to 3000 (3 seconds).
Example: `3000`

Sample:
56
     
url_path
string
on success
The path against which to run the health check.
Example: `/healthcheck`

Sample:
url_path_example
    lb_cookie_session_persistence_configuration
complex
on success

      cookie_name
string
on success
The name of the cookie inserted by the load balancer. If this field is not configured, the cookie name defaults to "X-Oracle-BMC-LBS-Route".
Example: `example_cookie`
**Notes:**
* Ensure that the cookie name used at the backend application servers is different from the cookie name used at the load balancer. To minimize the chance of name collision, Oracle recommends that you use a prefix such as "X-Oracle-OCI-" for this field.
* If a backend server and the load balancer both insert cookies with the same name, the client or browser behavior can vary depending on the domain and path values associated with the cookie. If the name, domain, and path values of the `Set-cookie` generated by a backend server and the `Set-cookie` generated by the load balancer are all the same, the client or browser treats them as one cookie and returns only one of the cookie values in subsequent requests. If both `Set-cookie` names are the same, but the domain and path names are different, the client or browser treats them as two different cookies.

Sample:
cookie_name_example
      disable_fallback
boolean
on success
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false.
Example: `false`

Sample:
True
      domain
string
on success
The domain in which the cookie is valid. The `Set-cookie` header inserted by the load balancer contains a domain attribute with the specified value.
This attribute has no default value. If you do not specify a value, the load balancer does not insert the domain attribute into the `Set-cookie` header.
**Notes:**
* RFC 6265 - HTTP State Management Mechanism describes client and browser behavior when the domain attribute is present or not present in the `Set-cookie` header.
If the value of the `Domain` attribute is `example.com` in the `Set-cookie` header, the client includes the same cookie in the `Cookie` header when making HTTP requests to `example.com`, `www.example.com`, and `www.abc.example.com`. If the `Domain` attribute is not present, the client returns the cookie only for the domain to which the original request was made.
* Ensure that this attribute specifies the correct domain value. If the `Domain` attribute in the `Set-cookie` header does not include the domain to which the original request was made, the client or browser might reject the cookie. As specified in RFC 6265, the client accepts a cookie with the `Domain` attribute value `example.com` or `www.example.com` sent from `www.example.com`. It does not accept a cookie with the `Domain` attribute `abc.example.com` or `www.abc.example.com` sent from `www.example.com`.
Example: `example.com`

Sample:
domain_example
      is_http_only
boolean
on success
Whether the `Set-cookie` header should contain the `HttpOnly` attribute. If `true`, the `Set-cookie` header inserted by the load balancer contains the `HttpOnly` attribute, which limits the scope of the cookie to HTTP requests. This attribute directs the client or browser to omit the cookie when providing access to cookies through non-HTTP APIs. For example, it restricts the cookie from JavaScript channels.
Example: `true`

Sample:
True
      is_secure
boolean
on success
Whether the `Set-cookie` header should contain the `Secure` attribute. If `true`, the `Set-cookie` header inserted by the load balancer contains the `Secure` attribute, which directs the client or browser to send the cookie only using a secure protocol.
**Note:** If you set this field to `true`, you cannot associate the corresponding backend set with an HTTP listener.
Example: `true`

Sample:
True
      max_age_in_seconds
integer
on success
The amount of time the cookie remains valid. The `Set-cookie` header inserted by the load balancer contains a `Max-Age` attribute with the specified value.
The specified value must be at least one second. There is no default value for this attribute. If you do not specify a value, the load balancer does not include the `Max-Age` attribute in the `Set-cookie` header. In most cases, the client or browser retains the cookie until the current session ends, as defined by the client.
Example: `3600`

Sample:
56
      path
string
on success
The path in which the cookie is valid. The `Set-cookie header` inserted by the load balancer contains a `Path` attribute with the specified value.
Clients include the cookie in an HTTP request only if the path portion of the request-uri matches, or is a subdirectory of, the cookie's `Path` attribute.
The default value is `/`.
Example: `/example`

Sample:
path_example
   
name
string
on success
A friendly name for the backend set. It must be unique and it cannot be changed.
Valid backend set names include only alphanumeric characters, dashes, and underscores. Backend set names cannot contain spaces. Avoid entering confidential information.
Example: `example_backend_set`

Sample:
name_example
   
policy
string
on success
The load balancer policy for the backend set. To get a list of available policies, use the ListPolicies operation.
Example: `LEAST_CONNECTIONS`

Sample:
policy_example
   
session_persistence_configuration
complex
on success

     
cookie_name
string
on success
The name of the cookie used to detect a session initiated by the backend server. Use '*' to specify that any cookie set by the backend causes the session to persist.
Example: `example_cookie`

Sample:
cookie_name_example
     
disable_fallback
boolean
on success
Whether the load balancer is prevented from directing traffic from a persistent session client to a different backend server if the original server is unavailable. Defaults to false.
Example: `false`

Sample:
True
   
ssl_configuration
complex
on success

     
certificate_ids
list / elements=string
on success
Ids for OCI certificates service certificates. Currently only a single Id may be passed.
Example: `[ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]`

     
certificate_name
string
on success
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information.
Example: `example_certificate_bundle`

Sample:
certificate_name_example
     
cipher_suite_name
string
on success
The name of the cipher suite to use for HTTPS or SSL connections.
If this field is not specified, the default is `oci-default-ssl-cipher-suite-v1`.
**Notes:**
* You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the `GET` operation returns `oci-default-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the `GET` operation returns `oci-customized-ssl-cipher-suite` as the value of this field in the SSL configuration for existing listeners that predate this feature. * The `GET` operation returns `oci-wider-compatible-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the `GET` operation on a listener returns `oci-customized-ssl-cipher-suite` as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The `oci-customized-ssl-cipher-suite` Oracle reserved cipher suite name is not accepted as valid input for this field.
example: `example_cipher_suite`

Sample:
cipher_suite_name_example
     
protocols
list / elements=string
on success
A list of SSL protocols the load balancer must support for HTTPS or SSL connections.
The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private.
The Load Balancing service supports the following protocols:
* TLSv1 * TLSv1.1 * TLSv1.2
If this field is not specified, TLSv1.2 is the default.
**Warning:** All SSL listeners created on a given port must use the same set of SSL protocols.
**Notes:**
* The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the `GET` operation displays a list of SSL protocols currently used by those resources.
example: `["TLSv1.1", "TLSv1.2"]`

     
server_order_preference
string
on success
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.
**Note:** This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the `SSLConfiguration` object is associated with a backend set.

Sample:
ENABLED
     
trusted_certificate_authority_ids
list / elements=string
on success
Ids for OCI certificates service CA or CA bundles for the load balancer to trust.
Example: `[ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq]`

     
verify_depth
integer
on success
The maximum depth for peer certificate chain verification.
Example: `3`

Sample:
56
     
verify_peer_certificate
boolean
on success
Whether the load balancer listener should verify peer certificates.
Example: `true`

Sample:
True
 
certificates
complex
on success

   
ca_certificate
string
on success
The Certificate Authority certificate, or any interim certificate, that you received from your SSL certificate provider.
Example:
-----BEGIN CERTIFICATE----- MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy ... -----END CERTIFICATE-----

Sample:
-----BEGIN CERTIFICATE----MIIBIjANBgkqhkiG9w0BA..-----END PUBLIC KEY-----
   
certificate_name
string
on success
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information.
Example: `example_certificate_bundle`

Sample:
certificate_name_example
   
public_certificate
string
on success
The public certificate, in PEM format, that you received from your SSL certificate provider.
Example:
-----BEGIN CERTIFICATE----- MIIC2jCCAkMCAg38MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw ... -----END CERTIFICATE-----

Sample:
-----BEGIN CERTIFICATE----MIIBIjANBgkqhkiG9w0BA..-----END PUBLIC KEY-----
 
compartment_id
string
on success
The OCID of the compartment containing the load balancer.

Sample:
ocid1.compartment.oc1..xxxxxxEXAMPLExxxxxx
 
defined_tags
dictionary
on success
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.
Example: `{"Operations": {"CostCenter": "42"}}`

Sample:
{'Operations': {'CostCenter': 'US'}}
 
display_name
string
on success
A user-friendly name. It does not have to be unique, and it is changeable.
Example: `example_load_balancer`

Sample:
display_name_example
 
freeform_tags
dictionary
on success
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.
Example: `{"Department": "Finance"}`

Sample:
{'Department': 'Finance'}
 
hostnames
complex
on success

   
hostname
string
on success
A virtual hostname. For more information about virtual hostname string construction, see Managing Request Routing.
Example: `app.example.com`

Sample:
hostname_example
   
name
string
on success
A friendly name for the hostname resource. It must be unique and it cannot be changed. Avoid entering confidential information.
Example: `example_hostname_001`

Sample:
name_example
 
id
string
on success
The OCID of the load balancer.

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
 
ip_addresses
complex
on success
An array of IP addresses.

   
ip_address
string
on success
An IP address.
Example: `192.168.0.3`

Sample:
ip_address_example
   
is_public
boolean
on success
Whether the IP address is public or private.
If "true", the IP address is public and accessible from the internet.
If "false", the IP address is private and accessible only from within the associated VCN.

Sample:
True
   
reserved_ip
complex
on success

     
id
string
on success

Sample:
ocid1.resource.oc1..xxxxxxEXAMPLExxxxxx
 
is_private
boolean
on success
Whether the load balancer has a VCN-local (private) IP address.
If "true", the service assigns a private IP address to the load balancer.
If "false", the service assigns a public IP address to the load balancer.
A public load balancer is accessible from the internet, depending on your VCN's security list rules. For more information about public and private load balancers, see How Load Balancing Works.
Example: `true`

Sample:
True
 
lifecycle_state
string
on success
The current state of the load balancer.

Sample:
CREATING
 
listeners
complex
on success

   
connection_configuration
complex
on success

     
backend_tcp_proxy_protocol_version
integer
on success
The backend TCP Proxy Protocol version.
Example: `1`

Sample:
56
     
idle_timeout
integer
on success
The maximum idle time, in seconds, allowed between two successive receive or two successive send operations between the client and backend servers. A send operation does not reset the timer for receive operations. A receive operation does not reset the timer for send operations.
For more information, see Connection Configuration.
Example: `1200`

Sample:
56
   
default_backend_set_name
string
on success
The name of the associated backend set.
Example: `example_backend_set`

Sample:
default_backend_set_name_example
   
hostname_names
list / elements=string
on success
An array of hostname resource names.

   
name
string
on success
A friendly name for the listener. It must be unique and it cannot be changed.
Example: `example_listener`

Sample:
name_example
   
path_route_set_name
string
on success
Deprecated. Please use `routingPolicies` instead.
The name of the set of path-based routing rules, PathRouteSet, applied to this listener's traffic.
Example: `example_path_route_set`

Sample:
path_route_set_name_example
   
port
integer
on success
The communication port for the listener.
Example: `80`

Sample:
56
   
protocol
string
on success
The protocol on which the listener accepts connection requests. To get a list of valid protocols, use the ListProtocols operation.
Example: `HTTP`

Sample:
protocol_example
   
routing_policy_name
string
on success
The name of the routing policy applied to this listener's traffic.
Example: `example_routing_policy_name`

Sample:
routing_policy_name_example
   
rule_set_names
list / elements=string
on success
The names of the rule sets to apply to the listener.
Example: ["example_rule_set"]

   
ssl_configuration
complex
on success

     
certificate_ids
list / elements=string
on success
Ids for OCI certificates service certificates. Currently only a single Id may be passed.
Example: `[ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]`

     
certificate_name
string
on success
A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information.
Example: `example_certificate_bundle`

Sample:
certificate_name_example
     
cipher_suite_name
string
on success
The name of the cipher suite to use for HTTPS or SSL connections.
If this field is not specified, the default is `oci-default-ssl-cipher-suite-v1`.
**Notes:**
* You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. Clients cannot perform an SSL handshake if there is an incompatible configuration. * You must ensure compatibility between the ciphers configured in the cipher suite and the configured certificates. For example, RSA-based ciphers require RSA certificates and ECDSA-based ciphers require ECDSA certificates. * If the cipher configuration is not modified after load balancer creation, the `GET` operation returns `oci-default-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing listeners that predate this feature. * If the cipher configuration was modified using Oracle operations after load balancer creation, the `GET` operation returns `oci-customized-ssl-cipher-suite` as the value of this field in the SSL configuration for existing listeners that predate this feature. * The `GET` operation returns `oci-wider-compatible-ssl-cipher-suite-v1` as the value of this field in the SSL configuration for existing backend sets that predate this feature. * If the `GET` operation on a listener returns `oci-customized-ssl-cipher-suite` as the value of this field, you must specify an appropriate predefined or custom cipher suite name when updating the resource. * The `oci-customized-ssl-cipher-suite` Oracle reserved cipher suite name is not accepted as valid input for this field.
example: `example_cipher_suite`

Sample:
cipher_suite_name_example
     
protocols
list / elements=string
on success
A list of SSL protocols the load balancer must support for HTTPS or SSL connections.
The load balancer uses SSL protocols to establish a secure connection between a client and a server. A secure connection ensures that all data passed between the client and the server is private.
The Load Balancing service supports the following protocols:
* TLSv1 * TLSv1.1 * TLSv1.2
If this field is not specified, TLSv1.2 is the default.
**Warning:** All SSL listeners created on a given port must use the same set of SSL protocols.
**Notes:**
* The handshake to establish an SSL connection fails if the client supports none of the specified protocols. * You must ensure compatibility between the specified SSL protocols and the ciphers configured in the cipher suite. * For all existing load balancer listeners and backend sets that predate this feature, the `GET` operation displays a list of SSL protocols currently used by those resources.
example: `["TLSv1.1", "TLSv1.2"]`

     
server_order_preference
string
on success
When this attribute is set to ENABLED, the system gives preference to the server ciphers over the client ciphers.
**Note:** This configuration is applicable only when the load balancer is acting as an SSL/HTTPS server. This field is ignored when the `SSLConfiguration` object is associated with a backend set.

Sample:
ENABLED
     
trusted_certificate_authority_ids
list / elements=string
on success
Ids for OCI certificates service CA or CA bundles for the load balancer to trust.
Example: `[ocid1.cabundle.oc1.us-ashburn-1.amaaaaaaav3bgsaagl4zzyqdop5i2vuwoqewdvauuw34llqa74otq2jdsfyq]`

     
verify_depth
integer
on success
The maximum depth for peer certificate chain verification.
Example: `3`

Sample:
56
     
verify_peer_certificate
boolean
on success
Whether the load balancer listener should verify peer certificates.
Example: `true`

Sample:
True
 
network_security_group_ids
list / elements=string
on success
An array of NSG OCIDs associated with the load balancer.
During the load balancer's creation, the service adds the new load balancer to the specified NSGs.
The benefits of associating the load balancer with NSGs include:
* NSGs define network security rules to govern ingress and egress traffic for the load balancer.
* The network security rules of other resources can reference the NSGs associated with the load balancer to ensure access.
Example: ["ocid1.nsg.oc1.phx.unique_ID"]

 
path_route_sets
complex
on success

   
name
string
on success
The unique name for this set of path route rules. Avoid entering confidential information.
Example: `example_path_route_set`

Sample:
name_example
   
path_routes
complex
on success
The set of path route rules.

     
backend_set_name
string
on success
The name of the target backend set for requests where the incoming URI matches the specified path.
Example: `example_backend_set`

Sample:
backend_set_name_example
     
path
string
on success
The path string to match against the incoming URI path.
* Path strings are case-insensitive.
* Asterisk (*) wildcards are not supported.
* Regular expressions are not supported.
Example: `/example/video/123`

Sample:
path_example
     
path_match_type
complex
on success
The type of matching to apply to incoming URIs.

       
match_type
string
on success
Specifies how the load balancing service compares a PathRoute object's `path` string against the incoming URI.
* **EXACT_MATCH** - Looks for a `path` string that exactly matches the incoming URI path.
* **FORCE_LONGEST_PREFIX_MATCH** - Looks for the `path` string with the best, longest match of the beginning portion of the incoming URI path.
* **PREFIX_MATCH** - Looks for a `path` string that matches the beginning portion of the incoming URI path.
* **SUFFIX_MATCH** - Looks for a `path` string that matches the ending portion of the incoming URI path.
For a full description of how the system handles `matchType` in a path route set containing multiple rules, see Managing Request Routing.

Sample:
EXACT_MATCH
 
routing_policies
complex
on success

   
condition_language_version
string
on success
The version of the language in which `condition` of `rules` are composed.

Sample:
V1
   
name
string
on success
The unique name for this list of routing rules. Avoid entering confidential information.
Example: `example_routing_policy`

Sample:
name_example
   
rules
complex
on success
The ordered list of routing rules.

     
actions
complex
on success
A list of actions to be applied when conditions of the routing rule are met.

       
backend_set_name
string
on success
Name of the backend set the listener will forward the traffic to.
Example: `backendSetForImages`

Sample:
backend_set_name_example
       
name
string
on success

Sample:
FORWARD_TO_BACKENDSET
     
condition
string
on success
A routing rule to evaluate defined conditions against the incoming HTTP request and perform an action.

Sample:
condition_example
     
name
string
on success
A unique name for the routing policy rule. Avoid entering confidential information.

Sample:
name_example
 
rule_sets
complex
on success

   
items
complex
on success
An array of rules that compose the rule set.

     
action
string
on success

Sample:
ADD_HTTP_REQUEST_HEADER
     
allowed_methods
list / elements=string
on success
The list of HTTP methods allowed for this listener.
By default, you can specify only the standard HTTP methods defined in the HTTP Method Registry. You can also see a list of supported standard HTTP methods in the Load Balancing service documentation at Managing Rule Sets.
Your backend application must be able to handle the methods specified in this list.
The list of HTTP methods is extensible. If you need to configure custom HTTP methods, contact My Oracle Support to remove the restriction for your tenancy.
Example: ["GET", "PUT", "POST", "PROPFIND"]

     
are_invalid_characters_allowed
boolean
on success
Indicates whether or not invalid characters in client header fields will be allowed. Valid names are composed of English letters, digits, hyphens and underscores. If "true", invalid characters are allowed in the HTTP header. If "false", invalid characters are not allowed in the HTTP header

Sample:
True
     
conditions
complex
on success

       
attribute_name
string
on success

Sample:
SOURCE_IP_ADDRESS
       
attribute_value
string
on success
The path string that the redirection rule applies to.
Example: `/example`

Sample:
attribute_value_example
       
operator
string
on success
A string that specifies how to compare the PathMatchCondition object's `attributeValue` string to the incoming URI.
* **EXACT_MATCH** - The incoming URI path must exactly and completely match the `attributeValue` string.
* **FORCE_LONGEST_PREFIX_MATCH** - The system looks for the `attributeValue` string with the best, longest match of the beginning portion of the incoming URI path.
* **PREFIX_MATCH** - The beginning portion of the incoming URI path must exactly match the `attributeValue` string.
* **SUFFIX_MATCH** - The ending portion of the incoming URI path must exactly match the `attributeValue` string.

Sample:
EXACT_MATCH
     
description
string
on success
A brief description of the access control rule. Avoid entering confidential information.
example: `192.168.0.0/16 and 2001:db8::/32 are trusted clients. Whitelist them.`

Sample:
description_example
     
header
string
on success
A header name that conforms to RFC 7230.
Example: `example_header_name`

Sample:
header_example
     
http_large_header_size_in_kb
integer
on success
The maximum size of each buffer used for reading http client request header. This value indicates the maximum size allowed for each buffer. The allowed values for buffer size are 8, 16, 32 and 64.

Sample:
56
     
prefix
string
on success
A string to prepend to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain `$` * value cannot contain patterns like `{variable_name}`. They are reserved for future extensions. Currently, such values are invalid.
Example: `example_prefix_value`

Sample:
prefix_example
     
redirect_uri
complex
on success

       
host
string
on success
The valid domain name (hostname) or IP address to use in the redirect URI.
When this value is null, not set, or set to `{host}`, the service preserves the original domain name from the incoming HTTP request URI.
All RedirectUri tokens are valid for this property. You can use any token more than once.
Curly braces are valid in this property only to surround tokens, such as `{host}`
Examples:
* **example.com** appears as `example.com` in the redirect URI.
* **in{host}** appears as `inexample.com` in the redirect URI if `example.com` is the hostname in the incoming HTTP request URI.
* **{port}{host}** appears as `8081example.com` in the redirect URI if `example.com` is the hostname and the port is `8081` in the incoming HTTP request URI.

Sample:
host_example
       
path
string
on success
The HTTP URI path to use in the redirect URI.
When this value is null, not set, or set to `{path}`, the service preserves the original path from the incoming HTTP request URI. To omit the path from the redirect URI, set this value to an empty string, "".
All RedirectUri tokens are valid for this property. You can use any token more than once.
The path string must begin with `/` if it does not begin with the `{path}` token.
Examples:
* __/example/video/123__ appears as `/example/video/123` in the redirect URI.
* __/example{path}__ appears as `/example/video/123` in the redirect URI if `/video/123` is the path in the incoming HTTP request URI.
* __{path}/123__ appears as `/example/video/123` in the redirect URI if `/example/video` is the path in the incoming HTTP request URI.
* __{path}123__ appears as `/example/video123` in the redirect URI if `/example/video` is the path in the incoming HTTP request URI.
* __/{host}/123__ appears as `/example.com/123` in the redirect URI if `example.com` is the hostname in the incoming HTTP request URI.
* __/{host}/{port}__ appears as `/example.com/123` in the redirect URI if `example.com` is the hostname and `123` is the port in the incoming HTTP request URI.
* __/{query}__ appears as `/lang=en` in the redirect URI if the query is `lang=en` in the incoming HTTP request URI.

Sample:
path_example
       
port
integer
on success
The communication port to use in the redirect URI.
Valid values include integers from 1 to 65535.
When this value is null, the service preserves the original port from the incoming HTTP request URI.
Example: `8081`

Sample:
56
       
protocol
string
on success
The HTTP protocol to use in the redirect URI.
When this value is null, not set, or set to `{protocol}`, the service preserves the original protocol from the incoming HTTP request URI. Allowed values are:
* HTTP * HTTPS * {protocol}
`{protocol}` is the only valid token for this property. It can appear only once in the value string.
Example: `HTTPS`

Sample:
protocol_example
       
query
string
on success
The query string to use in the redirect URI.
When this value is null, not set, or set to `{query}`, the service preserves the original query parameters from the incoming HTTP request URI.
All `RedirectUri` tokens are valid for this property. You can use any token more than once.
If the query string does not begin with the `{query}` token, it must begin with the question mark (?) character.
You can specify multiple query parameters as a single string. Separate each query parameter with an ampersand (&) character. To omit all incoming query parameters from the redirect URI, set this value to an empty string, "".
If the specified query string results in a redirect URI ending with `?` or `&`, the last character is truncated. For example, if the incoming URI is `http://host.com:8080/documents` and the query property value is `?lang=en&{query}`, the redirect URI is `http://host.com:8080/documents?lang=en`. The system truncates the final ampersand (&) because the incoming URI included no value to replace the {query} token.
Examples: * **lang=en&time_zone=PST** appears as `lang=en&time_zone=PST` in the redirect URI.
* **{query}** appears as `lang=en&time_zone=PST` in the redirect URI if `lang=en&time_zone=PST` is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, the `{query}` token renders as an empty string.
* **lang=en&{query}&time_zone=PST** appears as `lang=en&country=us&time_zone=PST` in the redirect URI if `country=us` is the query string in the incoming HTTP request. If the incoming HTTP request has no query parameters, this value renders as `lang=en&time_zone=PST`.
* **protocol={protocol}&hostname={host}** appears as `protocol=http&hostname=example.com` in the redirect URI if the protocol is `HTTP` and the hostname is `example.com` in the incoming HTTP request.
* **port={port}&hostname={host}** appears as `port=8080&hostname=example.com` in the redirect URI if the port is `8080` and the hostname is `example.com` in the incoming HTTP request URI.

Sample:
query_example
     
response_code
integer
on success
The HTTP status code to return when the incoming request is redirected.
The status line returned with the code is mapped from the standard HTTP specification. Valid response codes for redirection are:
* 301 * 302 * 303 * 307 * 308
The default value is `302` (Found).
Example: `301`

Sample:
56
     
status_code
integer
on success
The HTTP status code to return when the requested HTTP method is not in the list of allowed methods. The associated status line returned with the code is mapped from the standard HTTP specification. The default value is `405 (Method Not Allowed)`.
Example: 403

Sample:
56
     
suffix
string
on success
A string to append to the header value. The resulting header value must conform to RFC 7230. With the following exceptions: * value cannot contain `$` * value cannot contain patterns like `{variable_name}`. They are reserved for future extensions. Currently, such values are invalid.
Example: `example_suffix_value`

Sample:
suffix_example
     
value
string
on success
A header value that conforms to RFC 7230. With the following exceptions: * value cannot contain `$` * value cannot contain patterns like `{variable_name}`. They are reserved for future extensions. Currently, such values are invalid.
Example: `example_value`

Sample:
value_example
   
name
string
on success
The name for this set of rules. It must be unique and it cannot be changed. Avoid entering confidential information.
Example: `example_rule_set`

Sample:
name_example
 
shape_details
complex
on success

   
maximum_bandwidth_in_mbps
integer
on success
Bandwidth in Mbps that determines the maximum bandwidth (ingress plus egress) that the load balancer can achieve. This bandwidth cannot be always guaranteed. For a guaranteed bandwidth use the minimumBandwidthInMbps parameter.
The values must be between minimumBandwidthInMbps and 8000 (8Gbps).
Example: `1500`

Sample:
56
   
minimum_bandwidth_in_mbps
integer
on success
Bandwidth in Mbps that determines the total pre-provisioned bandwidth (ingress plus egress). The values must be between 10 and the maximumBandwidthInMbps.
Example: `150`

Sample:
56
 
shape_name
string
on success
A template that determines the total pre-provisioned bandwidth (ingress plus egress). To get a list of available shapes, use the ListShapes operation.
Example: `100Mbps`

Sample:
shape_name_example
 
ssl_cipher_suites
complex
on success

   
ciphers
list / elements=string
on success
A list of SSL ciphers the load balancer must support for HTTPS or SSL connections.
The following ciphers are valid values for this property:
* __TLSv1.2 ciphers__
"AES128-GCM-SHA256" "AES128-SHA256" "AES256-GCM-SHA384" "AES256-SHA256" "DH-DSS-AES128-GCM-SHA256" "DH-DSS-AES128-SHA256" "DH-DSS-AES256-GCM-SHA384" "DH-DSS-AES256-SHA256" "DH-RSA-AES128-GCM-SHA256" "DH-RSA-AES128-SHA256" "DH-RSA-AES256-GCM-SHA384" "DH-RSA-AES256-SHA256" "DHE-DSS-AES128-GCM-SHA256" "DHE-DSS-AES128-SHA256" "DHE-DSS-AES256-GCM-SHA384" "DHE-DSS-AES256-SHA256" "DHE-RSA-AES128-GCM-SHA256" "DHE-RSA-AES128-SHA256" "DHE-RSA-AES256-GCM-SHA384" "DHE-RSA-AES256-SHA256" "ECDH-ECDSA-AES128-GCM-SHA256" "ECDH-ECDSA-AES128-SHA256" "ECDH-ECDSA-AES256-GCM-SHA384" "ECDH-ECDSA-AES256-SHA384" "ECDH-RSA-AES128-GCM-SHA256" "ECDH-RSA-AES128-SHA256" "ECDH-RSA-AES256-GCM-SHA384" "ECDH-RSA-AES256-SHA384" "ECDHE-ECDSA-AES128-GCM-SHA256" "ECDHE-ECDSA-AES128-SHA256" "ECDHE-ECDSA-AES256-GCM-SHA384" "ECDHE-ECDSA-AES256-SHA384" "ECDHE-RSA-AES128-GCM-SHA256" "ECDHE-RSA-AES128-SHA256" "ECDHE-RSA-AES256-GCM-SHA384" "ECDHE-RSA-AES256-SHA384"
* __TLSv1 ciphers also supported by TLSv1.2__
"AES128-SHA" "AES256-SHA" "CAMELLIA128-SHA" "CAMELLIA256-SHA" "DES-CBC3-SHA" "DH-DSS-AES128-SHA" "DH-DSS-AES256-SHA" "DH-DSS-CAMELLIA128-SHA" "DH-DSS-CAMELLIA256-SHA" "DH-DSS-DES-CBC3-SHAv" "DH-DSS-SEED-SHA" "DH-RSA-AES128-SHA" "DH-RSA-AES256-SHA" "DH-RSA-CAMELLIA128-SHA" "DH-RSA-CAMELLIA256-SHA" "DH-RSA-DES-CBC3-SHA" "DH-RSA-SEED-SHA" "DHE-DSS-AES128-SHA" "DHE-DSS-AES256-SHA" "DHE-DSS-CAMELLIA128-SHA" "DHE-DSS-CAMELLIA256-SHA" "DHE-DSS-DES-CBC3-SHA" "DHE-DSS-SEED-SHA" "DHE-RSA-AES128-SHA" "DHE-RSA-AES256-SHA" "DHE-RSA-CAMELLIA128-SHA" "DHE-RSA-CAMELLIA256-SHA" "DHE-RSA-DES-CBC3-SHA" "DHE-RSA-SEED-SHA" "ECDH-ECDSA-AES128-SHA" "ECDH-ECDSA-AES256-SHA" "ECDH-ECDSA-DES-CBC3-SHA" "ECDH-ECDSA-RC4-SHA" "ECDH-RSA-AES128-SHA" "ECDH-RSA-AES256-SHA" "ECDH-RSA-DES-CBC3-SHA" "ECDH-RSA-RC4-SHA" "ECDHE-ECDSA-AES128-SHA" "ECDHE-ECDSA-AES256-SHA" "ECDHE-ECDSA-DES-CBC3-SHA" "ECDHE-ECDSA-RC4-SHA" "ECDHE-RSA-AES128-SHA" "ECDHE-RSA-AES256-SHA" "ECDHE-RSA-DES-CBC3-SHA" "ECDHE-RSA-RC4-SHA" "IDEA-CBC-SHA" "KRB5-DES-CBC3-MD5" "KRB5-DES-CBC3-SHA" "KRB5-IDEA-CBC-MD5" "KRB5-IDEA-CBC-SHA" "KRB5-RC4-MD5" "KRB5-RC4-SHA" "PSK-3DES-EDE-CBC-SHA" "PSK-AES128-CBC-SHA" "PSK-AES256-CBC-SHA" "PSK-RC4-SHA" "RC4-MD5" "RC4-SHA" "SEED-SHA"
example: `["ECDHE-RSA-AES256-GCM-SHA384","ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES128-GCM-SHA256"]`

   
name
string
on success
A friendly name for the SSL cipher suite. It must be unique and it cannot be changed.
**Note:** The name of your user-defined cipher suite must not be the same as any of Oracle's predefined or reserved SSL cipher suite names:
* oci-default-ssl-cipher-suite-v1 * oci-modern-ssl-cipher-suite-v1 * oci-compatible-ssl-cipher-suite-v1 * oci-wider-compatible-ssl-cipher-suite-v1 * oci-customized-ssl-cipher-suite
example: `example_cipher_suite`

Sample:
name_example
 
subnet_ids
list / elements=string
on success
An array of subnet OCIDs.

 
system_tags
dictionary
on success
System tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. System tags can be viewed by users, but can only be created by the system.
Example: `{"orcl-cloud": {"free-tier-retained": "true"}}`

 
time_created
string
on success
The date and time the load balancer was created, in the format defined by RFC3339.
Example: `2016-08-25T21:10:29.600Z`

Sample:
2013-10-20T19:20:30+01:00


Authors

  • Oracle (@oracle)