[AWS::ElasticLoadBalancingV2::Listener] - [BUG] - False-positive drift for ListenerAttributes/tcp.idle_timeout.seconds

[r-heimann]

Name of the resource

AWS::ElasticLoadBalancingV2::Listener

Resource Name

No response

Issue Description

We found a false-positive CloudFormation drift for

  Listener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      LoadBalancerArn: !GetAtt NLB.LoadBalancerArn
      Port: 8080
      Protocol: TCP
      DefaultActions:
        - Type: forward
          TargetGroupArn: !GetAtt TargetGroup.TargetGroupArn
      ListenerAttributes:
        - Key: tcp.idle_timeout.seconds # <-
          Value: 6000

Property	Change	Expected value	Current value
ListenerAttributes	REMOVE	[{"Key":"tcp.idle_timeout.seconds","Value":6000}]	-

Expected Behavior

CloudFormation Drift Detection is able to find the configuration.

Observed Behavior

It doesn't work.

Test Cases

AWSTemplateFormatVersion: 2010-09-09
Description: Test

Resources:
  NLB:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      IpAddressType: ipv4
      Scheme: internal
      Type: network
      Subnets:
        - <subnet1>

  Listener:
    Type: AWS::ElasticLoadBalancingV2::Listener
    Properties:
      LoadBalancerArn: !GetAtt NLB.LoadBalancerArn
      Port: 8080
      Protocol: TCP
      DefaultActions:
        - Type: forward
          TargetGroupArn: !GetAtt TargetGroup.TargetGroupArn
      ListenerAttributes:
        - Key: tcp.idle_timeout.seconds
          Value: 6000

  TargetGroup:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      VpcId: <vpc-id>
      Port: 8080
      Protocol: TCP
      TargetType: ip
      TargetGroupAttributes:
        - Key: deregistration_delay.timeout_seconds
          Value: 300
        - Key: preserve_client_ip.enabled
          Value: true

### Other Details

_No response_

[greg5123334]

Confirmed.

vpc = ec2.Vpc(self, "VPC", max_azs=2)

lb = elbv2.NetworkLoadBalancer(
    self,
    "LB",
    vpc=vpc,
    internet_facing=True,
)

# Add a listener on a particular port.
listener = lb.add_listener(
    "Listener", port=8080, tcp_idle_timeout=Duration.seconds(300)
)

asg = autoscaling.AutoScalingGroup(
    self,
    "ASG",
    vpc=vpc,
    instance_type=ec2.InstanceType.of(
        ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MEDIUM
    ),
    machine_image=ec2.AmazonLinuxImage(),
)
listener.add_targets("AppFleet", port=8080, targets=[asg])

Expected

{
  "DefaultActions": [
    {
      "TargetGroupArn": "arn:aws:elasticloadbalancing:eu-west-1:000000000000:targetgroup/Sandbo-LBLis-xxxxxxxx/xxxxxxxx",
      "Type": "forward"
    }
  ],
  "ListenerAttributes": [
    {
      "Key": "tcp.idle_timeout.seconds",
      "Value": 300
    }
  ],
  "LoadBalancerArn": "arn:aws:elasticloadbalancing:eu-west-1:000000000000:loadbalancer/net/Sandbo-LB8A1-xxxxxxxx/xxxxxxxx",
  "Port": 8080,
  "Protocol": "TCP"
}

Actual

{
  "DefaultActions": [
    {
      "TargetGroupArn": "arn:aws:elasticloadbalancing:eu-west-1:000000000000:targetgroup/Sandbo-LBLis-xxxxxxxx/xxxxxxxx",
      "Type": "forward"
    }
  ],
  "LoadBalancerArn": "arn:aws:elasticloadbalancing:eu-west-1:000000000000:loadbalancer/net/Sandbo-LB8A1-xxxxxxxx/xxxxxxxx",
  "Port": 8080,
  "Protocol": "TCP"
}