search

aws-cloudformation / cloudformation-coverage-roadmap

The AWS CloudFormation Public Coverage Roadmap
https://aws.amazon.com/cloudformation/
Creative Commons Attribution Share Alike 4.0 International
1.1k stars 53 forks source link

Stack resource AWS::ElasticLoadBalancingV2::Listener property MutualAuthentication Mode: passthrough got drifted. #1897

Open gurukarn opened 6 months ago

gurukarn commented 6 months ago

Name of the resource

AWS::ElasticLoadBalancingV2::Listener

Resource Name

AWS::ElasticLoadBalancingV2::Listener

Issue Description

When creating a cloudformation resource AWS::ElasticLoadBalancingV2::Listener with property MutualAuthentication Mode: passthrough and stack resource got false drifted.

Expected Behavior

The resource "AWS::ElasticLoadBalancingV2::Listener" should show IN_SYNC and should consider MutualAuthentication Mode: passthrough in the drift detection.

Observed Behavior

Resource property got MutualAuthentication | REMOVE | {"Mode":"passthrough"} modified.

Test Cases

Deployed stack ap-southeast-2 with following template and performed the drift detection and resource got AWS::ElasticLoadBalancingV2::Listener MODIFIED with 

Parameters:
  PublicSubnets:
    Type: List<AWS::EC2::Subnet::Id>

Resources:
  AppLoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties: 
      IpAddressType: ipv4
      LoadBalancerAttributes:
        - Key: idle_timeout.timeout_seconds
          Value: '30'  
      Name: app-mtls
      Type: application
      Scheme: internet-facing
      IpAddressType: ipv4
      Subnets: !Ref PublicSubnets

  AppALBListener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      LoadBalancerArn: !Ref AppLoadBalancer
      Port: 443
      Protocol: HTTPS
      Certificates:
        - CertificateArn: 'certificateARN'
      MutualAuthentication:
          Mode: passthrough
      DefaultActions:
        - Type: "fixed-response"
          FixedResponseConfig:
            ContentType: "text/plain"
            StatusCode: "403"
            MessageBody: "Access Forbidden"

drift results :

MutualAuthentication | REMOVE | {"Mode":"passthrough"} | -

Other Details

No response

Waqiah commented 6 hours ago

Hello Team,

I am also experiencing the same issue above where the AWS::ElasticLoadBalancingV2::Listener resource with property MutualAuthentication having Mode: passthrough is showing as a Drift on creation. No manual changes were made outside of CFN. Please advise.