cloudformation-coverage-roadmap icon indicating copy to clipboard operation
cloudformation-coverage-roadmap copied to clipboard
verified publisher icon aws-cloudformation

AWS::ElasticLoadBalancingV2::LoadBalancer - Issue with Drift Detection when we create AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::ElasticLoadBalancingV2::TargetGroup.

Open tejaboppana opened this issue 5 years ago • 3 comments

Instructions for CloudFormation Coverage New Issues Template

Quick Sample Summary:

  1. Title -> AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::ElasticLoadBalancingV2::TargetGroup. -Attribute-Existing Attribute
  2. Scope of request ->

  • AWS::ElasticLoadBalancingV2::LoadBalancer -> When we create a network load balancer and attach EIPS to it using 'SubnetMappings' property, the resource is being shown as drifted since the EIP is being taken as the subnet ID

  • AWS::ElasticLoadBalancingV2::TargetGroup. -> The tags is supported by Target group resource but still CFN is showing false drift. Also, when we add just one attribute to the Target group using 'TargetGroupAttributes ' property, it is showing false drift as shown in screenshot attached below.

  1. Expected behavior -> Actual values and expected values should be same.

  2. Test case recommendation (optional) -> I have attaches the template that I have used for testing -> testDriftBehavior.txt

  3. Links to existing API doc (optional) -> https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html

  4. Category tag (optional) -> Compute

  5. Any additional context (optional) Screenshot 2020-05-01 at 10 27 25 AM Screenshot 2020-05-01 at 10 27 44 AM

tejaboppana avatar May 01 '20 05:05 tejaboppana

Also, AWS CloudFormation doesn't create the following stack-level tags with the prefix aws::

  • aws:cloudformation:logical-id

  • aws:cloudformation:stack-id

  • aws:cloudformation:stack-name

neither at Load Balancer nor in TargetGroup

nebul4ck avatar May 13 '20 10:05 nebul4ck

Got the same issue with Target group, drift detection results in drift because of missing Tags where the resource has them set correctly but the detection states that they are missing.

image

Maycon-Santos-sm avatar Jul 23 '20 08:07 Maycon-Santos-sm

Hi CloudFormation-Team. We are still see drift-issues with resource AWS::ElasticLoadBalancingV2::TargetGroup regarding TargetGroupAttributes (at minimum in eu-central-1 region). Here are the steps to reconstruct:

Create a new stack with this simplified CFN template:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Testing ElasticLoadBalancingV2::TargetGroup Drifts for Fargate-UseCase",
  "Resources": {
    "LBServiceLBPublicListenerECSGroup3164F4DA": {
      "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
      "Properties": {
        "Port": 443,
        "Protocol": "HTTPS",
        "Tags": [
          {
            "Key": "ApplicationID",
            "Value": "YY-xxxxxx"
          },
          {
            "Key": "ApplicationName",
            "Value": "cosmos-fargate-test"
          },
          {
            "Key": "CostReference",
            "Value": "managed"
          },
          {
            "Key": "Environment",
            "Value": "tst"
          },
          {
            "Key": "ReferenceID",
            "Value": "YY-xxxxxx"
          },
          {
            "Key": "ReferenceName",
            "Value": "cosmos-fargate-test"
          },
          {
            "Key": "ReferenceShortName",
            "Value": "fargate-test"
          }
        ],
        "TargetGroupAttributes": [
          {
            "Key": "stickiness.enabled",
            "Value": "false"
          }
        ],
        "TargetType": "ip",
        "VpcId": {
          "Fn::ImportValue": "VPC1-VPC-ID"
        }
      },
      "Metadata": {
        "aws:cdk:path": "tst-fargate-test/LBService/LB/PublicListener/ECSGroup/Resource"
      }
    }
  }
}

We see a drift report for TargetGroupAttributes showning ADD status within the (on regarding TargetGroupAttributes which are NOT defined within the CFN template, hence it's using the AWS default.) SampleDriftTargetALBAtt

⚠️ The result of the CFN Drift detection is not deterministic! ⚠️- There are no changes on the resource or template, like update of stack or resource.

It's really strange that we see one day some of not definied TargetGroupAttributes as DRIFTED and on an other day we see all TargetGroupAttributes as in IN_SYNC. It's not deterministic.

rgoltz avatar Aug 16 '22 19:08 rgoltz

There is a new drift false-positive for AWS::ElasticLoadBalancingV2::TargetGroup if you set ProtocolVersion within your CFN template, see: https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/1345

rgoltz avatar Sep 30 '22 16:09 rgoltz

@tejaboppana / @nebul4ck - That's your opinion how to proceed with this issue here? - There are most aspects resolved or evacuated to dedicated/new github issues:

  • Drift-Issue: AWS::ElasticLoadBalancingV2::TargetGroup - ProtocolVersion #1345
  • Missing aws built-in tags / default CFN AutoTags for AWS::ElasticLoadBalancingV2::TargetGroup: #1435
  • Missing aws built-in tags / default CFN AutoTags for AWS::ElasticLoadBalancingV2::LoadBalancer: #1434

Having this dedicated cases named above, I guess it's much better regarding viewability for the CFN ServiceTeam! Following this status (and having this issues), you should close this issue here?

rgoltz avatar Dec 07 '22 12:12 rgoltz