fix(elbv2): boolean ALB attributes not reflected in CloudFormation when set to false

When boolean ALB properties like dropInvalidHeaderFields,
preserveHostHeader, xAmznTlsVersionAndCipherSuiteHeaders,
preserveXffClientPort, and wafFailOpen were explicitly set to false,
they were omitted from the CloudFormation template because the code
used truthy checks (if (props.x)) instead of undefined checks
(if (props.x !== undefined)). This meant changing these properties
from true to false would not update the ALB configuration.

Now all boolean ALB attributes use !== undefined checks and emit
both 'true' and 'false' values, consistent with how http2Enabled
was already handled.

Closes #36409

Author: syukawa-dev

packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/alb/application-load-balancer.ts

@@ -228,13 +228,13 @@ export class ApplicationLoadBalancer extends BaseLoadBalancer implements IApplic
 
     if (props.http2Enabled !== undefined) { this.setAttribute('routing.http2.enabled', props.http2Enabled ? 'true' : 'false'); }
     if (props.idleTimeout !== undefined) { this.setAttribute('idle_timeout.timeout_seconds', props.idleTimeout.toSeconds().toString()); }
-    if (props.dropInvalidHeaderFields) { this.setAttribute('routing.http.drop_invalid_header_fields.enabled', 'true'); }
+    if (props.dropInvalidHeaderFields !== undefined) { this.setAttribute('routing.http.drop_invalid_header_fields.enabled', props.dropInvalidHeaderFields ? 'true' : 'false'); }
     if (props.desyncMitigationMode !== undefined) { this.setAttribute('routing.http.desync_mitigation_mode', props.desyncMitigationMode); }
-    if (props.preserveHostHeader) { this.setAttribute('routing.http.preserve_host_header.enabled', 'true'); }
-    if (props.xAmznTlsVersionAndCipherSuiteHeaders) { this.setAttribute('routing.http.x_amzn_tls_version_and_cipher_suite.enabled', 'true'); }
-    if (props.preserveXffClientPort) { this.setAttribute('routing.http.xff_client_port.enabled', 'true'); }
+    if (props.preserveHostHeader !== undefined) { this.setAttribute('routing.http.preserve_host_header.enabled', props.preserveHostHeader ? 'true' : 'false'); }
+    if (props.xAmznTlsVersionAndCipherSuiteHeaders !== undefined) { this.setAttribute('routing.http.x_amzn_tls_version_and_cipher_suite.enabled', props.xAmznTlsVersionAndCipherSuiteHeaders ? 'true' : 'false'); }
+    if (props.preserveXffClientPort !== undefined) { this.setAttribute('routing.http.xff_client_port.enabled', props.preserveXffClientPort ? 'true' : 'false'); }
     if (props.xffHeaderProcessingMode !== undefined) { this.setAttribute('routing.http.xff_header_processing.mode', props.xffHeaderProcessingMode); }
-    if (props.wafFailOpen) { this.setAttribute('waf.fail_open.enabled', 'true'); }
+    if (props.wafFailOpen !== undefined) { this.setAttribute('waf.fail_open.enabled', props.wafFailOpen ? 'true' : 'false'); }
     if (props.clientKeepAlive !== undefined) {
       const clientKeepAliveInMillis = props.clientKeepAlive.toMilliseconds();
       if (clientKeepAliveInMillis < 1000) {

packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts

@@ -173,6 +173,48 @@ describe('tests', () => {
     });
   });
 
+  test('Boolean attributes explicitly set to false are included in CloudFormation', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'Stack');
+
+    // WHEN
+    new elbv2.ApplicationLoadBalancer(stack, 'LB', {
+      vpc,
+      dropInvalidHeaderFields: false,
+      preserveHostHeader: false,
+      xAmznTlsVersionAndCipherSuiteHeaders: false,
+      preserveXffClientPort: false,
+      wafFailOpen: false,
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+      LoadBalancerAttributes: Match.arrayWith([
+        {
+          Key: 'routing.http.drop_invalid_header_fields.enabled',
+          Value: 'false',
+        },
+        {
+          Key: 'routing.http.preserve_host_header.enabled',
+          Value: 'false',
+        },
+        {
+          Key: 'routing.http.x_amzn_tls_version_and_cipher_suite.enabled',
+          Value: 'false',
+        },
+        {
+          Key: 'routing.http.xff_client_port.enabled',
+          Value: 'false',
+        },
+        {
+          Key: 'waf.fail_open.enabled',
+          Value: 'false',
+        },
+      ]),
+    });
+  });
+
   test.each([59, 604801])('throw error for invalid clientKeepAlive in seconds', (duration) => {
     // GIVEN
     const stack = new cdk.Stack();