AWS::ElasticLoadBalancingV2::LoadBalancer - Issue with Drift Detection when we create AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::ElasticLoadBalancingV2::TargetGroup.

[tejaboppana]

Instructions for CloudFormation Coverage New Issues Template

Quick Sample Summary:

1. Title -> AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::ElasticLoadBalancingV2::TargetGroup. -Attribute-Existing Attribute
2. Scope of request ->

• AWS::ElasticLoadBalancingV2::LoadBalancer -> When we create a network load balancer and attach EIPS to it using 'SubnetMappings' property, the resource is being shown as drifted since the EIP is being taken as the subnet ID

• AWS::ElasticLoadBalancingV2::TargetGroup. -> The tags is supported by Target group resource but still CFN is showing false drift. Also, when we add just one attribute to the Target group using 'TargetGroupAttributes ' property, it is showing false drift as shown in screenshot attached below.

3. Expected behavior -> Actual values and expected values should be same.

4. Test case recommendation (optional) -> I have attaches the template that I have used for testing ->
   testDriftBehavior.txt

5. Links to existing API doc (optional) -> https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-targetgroup.html
   https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html

6. Category tag (optional) -> Compute

7. Any additional context (optional)

[nebul4ck]

Also, AWS CloudFormation doesn't create the following stack-level tags with the prefix aws::

• aws:cloudformation:logical-id

• aws:cloudformation:stack-id

• aws:cloudformation:stack-name

neither at Load Balancer nor in TargetGroup

[Maycon-Santos-sm]

Got the same issue with Target group, drift detection results in drift because of missing Tags where the resource has them set correctly but the detection states that they are missing.

[rgoltz]

Hi CloudFormation-Team. We are still see drift-issues with resource AWS::ElasticLoadBalancingV2::TargetGroup regarding TargetGroupAttributes (at minimum in eu-central-1 region). Here are the steps to reconstruct:

Create a new stack with this simplified CFN template:

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "Testing ElasticLoadBalancingV2::TargetGroup Drifts for Fargate-UseCase",
  "Resources": {
    "LBServiceLBPublicListenerECSGroup3164F4DA": {
      "Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
      "Properties": {
        "Port": 443,
        "Protocol": "HTTPS",
        "Tags": [
          {
            "Key": "ApplicationID",
            "Value": "YY-xxxxxx"
          },
          {
            "Key": "ApplicationName",
            "Value": "cosmos-fargate-test"
          },
          {
            "Key": "CostReference",
            "Value": "managed"
          },
          {
            "Key": "Environment",
            "Value": "tst"
          },
          {
            "Key": "ReferenceID",
            "Value": "YY-xxxxxx"
          },
          {
            "Key": "ReferenceName",
            "Value": "cosmos-fargate-test"
          },
          {
            "Key": "ReferenceShortName",
            "Value": "fargate-test"
          }
        ],
        "TargetGroupAttributes": [
          {
            "Key": "stickiness.enabled",
            "Value": "false"
          }
        ],
        "TargetType": "ip",
        "VpcId": {
          "Fn::ImportValue": "VPC1-VPC-ID"
        }
      },
      "Metadata": {
        "aws:cdk:path": "tst-fargate-test/LBService/LB/PublicListener/ECSGroup/Resource"
      }
    }
  }
}

We see a drift report for TargetGroupAttributes showning ADD status within the (on regarding TargetGroupAttributes which are NOT defined within the CFN template, hence it's using the AWS default.)

⚠️ The result of the CFN Drift detection is not deterministic! ⚠️- There are no changes on the resource or template, like update of stack or resource.

It's really strange that we see one day some of not definied TargetGroupAttributes as DRIFTED and on an other day we see all TargetGroupAttributes as in IN_SYNC. It's not deterministic.

[rgoltz]

There is a new drift false-positive for AWS::ElasticLoadBalancingV2::TargetGroup if you set ProtocolVersion within your CFN template, see: #1345

[rgoltz]

@tejaboppana / @nebul4ck - That's your opinion how to proceed with this issue here? - There are most aspects resolved or evacuated to dedicated/new github issues:

• Drift-Issue: AWS::ElasticLoadBalancingV2::TargetGroup - ProtocolVersion AWS::ElasticLoadBalancingV2::TargetGroup - False-positive drift if ProtocolVersion is set in template #1345
• Missing aws built-in tags / default CFN AutoTags for AWS::ElasticLoadBalancingV2::TargetGroup: AWS::ElasticLoadBalancingV2::TargetGroup resources don’t receive the aws:cloudformation built-in tags / default AutoTags #1435
• Missing aws built-in tags / default CFN AutoTags for AWS::ElasticLoadBalancingV2::LoadBalancer: AWS::ElasticLoadBalancingV2::LoadBalancer resources don’t receive the aws:cloudformation built-in tags / default AutoTags #1434

Having this dedicated cases named above, I guess it's much better regarding viewability for the CFN ServiceTeam!
Following this status (and having this issues), you should close this issue here?