fix bakcwards compatibility issue with imported lb

aemada-aws · aemada-aws · commit 25de6392a290 · 2025-05-21T20:41:44.000+02:00
diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts
@@ -532,24 +532,22 @@ export abstract class ApplicationLoadBalancedServiceBase extends Construct {
     }
 
     if (props.redirectHTTP) {
-      // Check if the load balancer was created by this construct
+      this.redirectListener = loadBalancer.addListener('PublicRedirectListener', {
+        protocol: ApplicationProtocol.HTTP,
+        port: 80,
+        open: props.openListener ?? true,
+        defaultAction: ListenerAction.redirect({
+          protocol: ApplicationProtocol.HTTPS,
+          port: props.listenerPort?.toString() || '443',
+          permanent: true,
+        }),
+      });
+
+      // Ensure the redirect listener is created after the main listener
+      this.redirectListener.node.addDependency(this.listener);
+
+      // Validate that there are no conflicting port 80 listeners during synth for owned load balancers.
       if (loadBalancer instanceof ApplicationLoadBalancer) {
-        // Create a new HTTP listener on port 80 that redirects to HTTPS
-        this.redirectListener = loadBalancer.addListener('PublicRedirectListener', {
-          protocol: ApplicationProtocol.HTTP,
-          port: 80,
-          open: props.openListener ?? true,
-          defaultAction: ListenerAction.redirect({
-            protocol: ApplicationProtocol.HTTPS,
-            port: props.listenerPort?.toString() || '443',
-            permanent: true,
-          }),
-        });
-
-        // Ensure the redirect listener is created after the main listener
-        this.redirectListener.node.addDependency(this.listener);
-
-        // Validate that there are no conflicting port 80 listeners during synth
         loadBalancer.node.addValidation({
           validate: () => {
             const port80Listeners = loadBalancer.listeners.filter(listener =>
@@ -565,7 +563,7 @@ export abstract class ApplicationLoadBalancedServiceBase extends Construct {
           },
         });
       } else {
-        // If the ALB was imported then we cannot reliably add the redirect action as we can't find the port 80 listener.
+        // If the ALB was imported then we cannot reliably add or validate the redirect action as we can't access the existing listeners.
         Annotations.of(this).addWarning(
           'Cannot automatically configure port 80 HTTP redirect with redirectHTTP: ' +
           'The construct cannot reliably determine if a port 80 listener already exists. ' +
diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts b/packages/aws-cdk-lib/aws-ecs-patterns/test/fargate/load-balanced-fargate-service.test.ts
@@ -1220,7 +1220,7 @@ describe('ApplicationLoadBalancedFargateService', () => {
     }).toThrow('Validation failed with the following errors:\n  [Default/ALB] Cannot automatically configure redirectHTTP: A listener already exists on port 80.');
   });
 
-  test('adds warning for imported load balancers', () => {
+  test('adds warning for imported load balancers with redirectHTTP and creates the redirect listener', () => {
     // GIVEN
     const stack = new cdk.Stack();
     const vpc = new ec2.Vpc(stack, 'VPC');
@@ -1253,6 +1253,31 @@ describe('ApplicationLoadBalancedFargateService', () => {
     // Verify that a warning is added
     const annotations = Annotations.fromStack(stack);
     annotations.hasWarning('/Default/Service', 'Cannot automatically configure port 80 HTTP redirect with redirectHTTP: The construct cannot reliably determine if a port 80 listener already exists. Please configure the redirect manually on the port 80 listener.');
+
+    // Verify that we have two listeners - one for HTTPS and one for HTTP redirect
+    Template.fromStack(stack).resourceCountIs('AWS::ElasticLoadBalancingV2::Listener', 2);
+
+    // Verify the HTTPS listener is on port 8443
+    Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', {
+      Port: 443,
+      Protocol: 'HTTPS',
+    });
+
+    // Verify the HTTP redirect listener is on port 80
+    Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', {
+      Port: 80,
+      Protocol: 'HTTP',
+      DefaultActions: [
+        Match.objectLike({
+          Type: 'redirect',
+          RedirectConfig: {
+            Protocol: 'HTTPS',
+            Port: '443',
+            StatusCode: 'HTTP_301',
+          },
+        }),
+      ],
+    });
   });
 
   test('errors when setting HTTPS protocol but not domain name', () => {
