Describe the bug
When changing the dropInvalidHeaderFields property of an Application Load Balancer (ALB) from true to false in AWS CDK (e.g. I'd like to do a rollback of the setting) , the property is not included in the resulting CloudFormation template. This is because dropInvalidHeaderFields has a default value of false. As a result, the property is omitted from the template when explicitly set to false, and the ALB configuration is not updated accordingly during a stack update.
Regression Issue
Last Known Working CDK Library Version
No response
Expected Behavior
When the dropInvalidHeaderFields property is explicitly set to false in the CDK code, it should appear in the CloudFormation template (as routing.http.drop_invalid_header_fields.enabled), regardless of its default value. This ensures that CloudFormation detects the property and performs the necessary update to the ALB configuration when the stack is updated.
Current Behavior
When changing the dropInvalidHeaderFields property from true to false in the CDK code, it is omitted from the CloudFormation template. As a result:
- The change from
true to false is not applied to the ALB (property routing.http.drop_invalid_header_fields.enabled).
- During a stack update, CloudFormation does not recognize the change, and the ALB configuration remains unchanged because the property is omitted from the template.
Reproduction Steps
- Create a new
cdk init app --language=typescript CDK project.
- Create/Update the
bin-file, like this:
#!/usr/bin/env node
import * as cdk from 'aws-cdk-lib';
import { RogoAlbTestStack } from '../lib/rogo-alb-test-stack';
const app = new cdk.App();
new RogoAlbTestStack(app, 'RogoAlbTestStack', {
env: {
region: 'eu-central-1',
account: '1234567890' // change here your aws account id.
}
});
- Create the
lib-file, which is simple ALB and set dropInvalidHeaderFields to true. Run cdk synth and check the CloudFormation output:
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ApplicationLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
import { Vpc } from 'aws-cdk-lib/aws-ec2';
export class RogoAlbTestStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const vpc = Vpc.fromLookup(this, 'MyExistingVpc', {
vpcId: 'vpc-0i1l2i3k4e5c6f7n8' // change here you vpc-id.
});
const loadBalancer = new ApplicationLoadBalancer(this, 'MyALB', {
vpc,
internetFacing: false,
dropInvalidHeaderFields: true, // <---
});
}
}$ cdk synth
Resources:
MyALB911A8556:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
LoadBalancerAttributes:
- Key: deletion_protection.enabled
Value: "false"
- Key: routing.http.drop_invalid_header_fields.enabled
Value: "true"
# dropInvalidHeaderFields=true ==> routing.http.drop_invalid_header_fields.enabled
Scheme: internal
...
- Imagine we've now deployed the ALB. Now we want to roll back the setting, so we set it to
false. Update the lib-file:
import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { ApplicationLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2';
import { Vpc } from 'aws-cdk-lib/aws-ec2';
export class RogoAlbTestStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
const vpc = Vpc.fromLookup(this, 'MyExistingVpc', {
vpcId: 'vpc-0i1l2i3k4e5c6f7n8' // change here you vpc-id.
});
const loadBalancer = new ApplicationLoadBalancer(this, 'MyALB', {
vpc,
internetFacing: false,
dropInvalidHeaderFields: false, // <--- we switch from true to false
});
}
}Resources:
MyALB911A8556:
Type: AWS::ElasticLoadBalancingV2::LoadBalancer
Properties:
LoadBalancerAttributes:
- Key: deletion_protection.enabled
Value: "false"
# routing.http.drop_invalid_header_fields.enabled is missing, even though we define it as false in CDK.
Scheme: internal
...
- If we now deploy the stack again, we would expect the setting to be rolled back, but the ALB will not be updated.
Possible Solution
No response
Additional Information/Context
No response
AWS CDK Library version (aws-cdk-lib)
2.1034.0
AWS CDK CLI version
2.32.16
Node.js Version
v24.12.0
OS
Linux/Fedora Workstation
Language
TypeScript
Language Version
No response
Other information
No response
Describe the bug
When changing the
dropInvalidHeaderFieldsproperty of an Application Load Balancer (ALB) fromtruetofalsein AWS CDK (e.g. I'd like to do a rollback of the setting) , the property is not included in the resulting CloudFormation template. This is becausedropInvalidHeaderFieldshas a default value of false. As a result, the property is omitted from the template when explicitly set tofalse, and the ALB configuration is not updated accordingly during a stack update.Regression Issue
Last Known Working CDK Library Version
No response
Expected Behavior
When the
dropInvalidHeaderFieldsproperty is explicitly set to false in the CDK code, it should appear in the CloudFormation template (asrouting.http.drop_invalid_header_fields.enabled), regardless of its default value. This ensures that CloudFormation detects the property and performs the necessary update to the ALB configuration when the stack is updated.Current Behavior
When changing the
dropInvalidHeaderFieldsproperty from true to false in the CDK code, it is omitted from the CloudFormation template. As a result:truetofalseis not applied to the ALB (propertyrouting.http.drop_invalid_header_fields.enabled).Reproduction Steps
cdk init app --language=typescriptCDK project.bin-file, like this:lib-file, which is simple ALB and set dropInvalidHeaderFields totrue. Run cdk synth and check the CloudFormation output:false. Update thelib-file:Possible Solution
No response
Additional Information/Context
No response
AWS CDK Library version (aws-cdk-lib)
2.1034.0
AWS CDK CLI version
2.32.16
Node.js Version
v24.12.0
OS
Linux/Fedora Workstation
Language
TypeScript
Language Version
No response
Other information
No response