Unexpected behaviour creating AWS::ElasticLoadBalancingV2::ListenerRule using Fn::ForEach function

[fjmnav-nudge]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about the bug

If you try to create ALB Rules (AWS::ElasticLoadBalancingV2::ListenerRule) iterating over a CommaDelimitedList parameter using Fn::ForEach it creates the resources even if the parameter is empty. It looks like when the parameter is empty, the foreach iterates once with an empty value. This only happen if you use this resource, if you try to create another resource looping with the same parameter, (ie a S3 bucket) then the template is properly evaluated and no resource is generated.

Expected behavior

If an empty CommaDelimitedList parameter is used as the Foreach collection while creating a AWS::ElasticLoadBalancingV2::ListenerRule resource, nothing should be created

Observed behavior

The foreach iterates once with an empty value creating an invalid resource.

Test cases

This template has one empty CommaDelimitedList parameter, we iterate over it for creating 2 separate resources, s3 buckets and ALB listener rules (The resource that has the problem).

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Transform": "AWS::LanguageExtensions",
  "Description": "Template Sample",
  "Parameters": {
    "ResourceList": {
      "Description": "Resource to repeat",
      "Type": "CommaDelimitedList",
      "Default": ""
    }
  },
  "Resources": {
    "Fn::ForEach::PublicPaths": [
      "ResourceName",
      {
        "Ref": "ResourceList"
      },
      {
        "S3BucketName&{ResourceName}": {
          "Type": "AWS::S3::Bucket",
          "BucketName": {
            "Fn::Sub": "random-name-998989889-${ResourceName}"
          }
        }
      }
    ],
    "Fn::ForEach::PublicPaths": [
      "ResourceName",
      {
        "Ref": "ResourceList"
      },
      {
        "ALBRuleListenerRule&{ResourceName}": {
          "Type": "AWS::ElasticLoadBalancingV2::ListenerRule",
          "Properties": {
            "Actions": [
              {
                "Type": "forward",
                "TargetGroupArn": "arn:aws:elasticloadbalancing:XXXXXXXXXXXXXXXX"
              }
            ],
            "Conditions": [
              {
                "Field": "path-pattern",
                "PathPatternConfig": {
                  "Values": [
                    {
                      "Fn::Sub": "/api/${ResourceName}/*"
                    }
                  ]
                }
              }
            ],
            "ListenerArn": "arn:aws:elasticloadbalancing:XXXXXXXXXXXXXXXX",
            "Priority": {
              "Ref": "ResourceName"
            }
          }
        }
      }
    ]
  }
}

This is the processed template, where you can see how no bucket resource is created, however the rule it is present, which is wrong!

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Template Sample",
  "Parameters": {
    "ResourceList": {
      "Description": "Resource to repeat",
      "Type": "CommaDelimitedList",
      "Default": ""
    }
  },
  "Resources": {
    "ALBRuleListenerRule": {
      "Type": "AWS::ElasticLoadBalancingV2::ListenerRule",
      "Properties": {
        "Actions": [
          {
            "Type": "forward",
            "TargetGroupArn": "arn:aws:elasticloadbalancing:XXXXXXXXXXXXXXXX"
          }
        ],
        "Conditions": [
          {
            "Field": "path-pattern",
            "PathPatternConfig": {
              "Values": [
                "/api//*"
              ]
            }
          }
        ],
        "ListenerArn": "arn:aws:elasticloadbalancing:XXXXXXXXXXXXXXXX",
        "Priority": ""
      }
    }
  }
}

Additional context

Anything else we should know? It seems to be related to these issues: https://github.com/aws-cloudformation/cfn-language-discussion/issues/120 https://github.com/aws-cloudformation/cfn-language-discussion/issues/113