AWS::ElasticLoadBalancingV2::TargetGroup - False-positive drift if ProtocolVersion is set in template

[rgoltz]

Name of the resource

AWS::ElasticLoadBalancingV2::TargetGroup

Resource Name

No response

Issue Description

Once you create a stack containing a AWS::ElasticLoadBalancingV2::TargetGroup and ProtocolVersion for TargetGroup, the CloudFormation drift detection reporting such stack as drifted - Even the ProtocolVersion is set correctly on the created TargetGroup (details see "Observed Behavior").

Expected Behavior

Stack is in state IN_SYNC, since template and resource have the same, correct setting.

Observed Behavior

Following #713 the setting ProtocolVersion is supported since Feb 2021. The CFN docs https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html#cfn-elasticloadbalancingv2-targetgroup-protocolversion reflect this as well.

If you set ProtocolVersion in your CFN template (e.g. to HTTP1 or HTTP2), you stack / this resource is in state DRIFTED after running CFN Drift detection - Details see: "Test Case".

Test Cases

** Create new Stack using following example (please mind to adjust VpcId fitting your account) in eu-central-1

---
AWSTemplateFormatVersion: '2010-09-09'
Description: CFN Drift detection - TargetGroup - ProtocolVersion issue - case 10896395411

Resources:
  TargetGroupWithProtocolVersionSet:
    Type: AWS::ElasticLoadBalancingV2::TargetGroup
    Properties:
      HealthCheckEnabled: true
      HealthCheckIntervalSeconds: 120
      HealthCheckPath: "/alive.html"
      HealthCheckPort: '443'
      HealthCheckProtocol: HTTPS
      HealthCheckTimeoutSeconds: 60
      HealthyThresholdCount: 2
      Matcher:
        HttpCode: '200'
      Name: rogo-test1-dev-TGrp
      Port: 443
      Protocol: HTTPS
      ProtocolVersion: HTTP2
      Tags:
      - Key: Environment
        Value: dev
      - Key: ReferenceName
        Value: 10896395411
      TargetGroupAttributes:
      - Key: stickiness.enabled
        Value: 'false'
      TargetType: instance
      UnhealthyThresholdCount: 2
      VpcId: vpc-xxHERE-YOU-IDxx

** After stack is created, please check your TargetGroup resource in Console for ProtocolVersion - Here in the example it's set to HTTP2 correctly.

** Go to CFN Console and run CFN Drift detection via: (in Console using "Stack actions" => "Detect drift". After you triggered this process, please wait for ca. 1 min and check again the Drift status: Stack went in state DRIFTED. Check the Drift-Details - You will that ProtocolVersion is not listed under "Actual", even it's in place within the TargetGroup:

Other Details

No response

[rgoltz]

Hey CFN-team, did you already fix this issue with ProtocolVersion as propety of AWS::ElasticLoadBalancingV2::TargetGroup? - In case of, I can ran a re-test on my end :)

[abenetad]

@rgoltz CFN team here. Thank you for reporting this issue and for your patience. Yes we have a fix for this issue. ETA Feb 1st, 2023. I will update here once everything is completed

[abenetad]

@rgoltz this issue is fixed. Thank you again for your patience.

[rgoltz]

@abenetad - Thanks for the update and the information. I've re-tested the bugfix successfully. I'll go ahead and close this issue as successfully resolved.