aws-cloudformation
Stack resource AWS::ElasticLoadBalancingV2::Listener property MutualAuthentication Mode: passthrough got drifted.
Name of the resource
AWS::ElasticLoadBalancingV2::Listener
Resource Name
AWS::ElasticLoadBalancingV2::Listener
Issue Description
When creating a cloudformation resource AWS::ElasticLoadBalancingV2::Listener with property MutualAuthentication Mode: passthrough and stack resource got false drifted.
Expected Behavior
The resource "AWS::ElasticLoadBalancingV2::Listener" should show IN_SYNC and should consider MutualAuthentication Mode: passthrough in the drift detection.
Observed Behavior
Resource property got MutualAuthentication | REMOVE | {"Mode":"passthrough"} modified.
Test Cases
Deployed stack ap-southeast-2 with following template and performed the drift detection and resource got AWS::ElasticLoadBalancingV2::Listener MODIFIED with
Parameters:
PublicSubnets:
Type: List<AWS::EC2::Subnet::Id>
Resources:
AppLoadBalancer:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
IpAddressType: ipv4
LoadBalancerAttributes:
- Key: idle_timeout.timeout_seconds
Value: '30'
Name: app-mtls
Type: application
Scheme: internet-facing
IpAddressType: ipv4
Subnets: !Ref PublicSubnets
AppALBListener:
Type: AWS::ElasticLoadBalancingV2::Listener
Properties:
LoadBalancerArn: !Ref AppLoadBalancer
Port: 443
Protocol: HTTPS
Certificates:
- CertificateArn: 'certificateARN'
MutualAuthentication:
Mode: passthrough
DefaultActions:
- Type: "fixed-response"
FixedResponseConfig:
ContentType: "text/plain"
StatusCode: "403"
MessageBody: "Access Forbidden"
drift results :
MutualAuthentication | REMOVE | {"Mode":"passthrough"} | -
Other Details
No response
Hello Team,
I am also experiencing the same issue above where the AWS::ElasticLoadBalancingV2::Listener resource with property MutualAuthentication having Mode: passthrough is showing as a Drift on creation. No manual changes were made outside of CFN. Please advise.
