feat(elbv2): regex support for listener conditions

[azatoth]

Issue #36363

Closes #36363

Reason for this change

AWS elbv2 now (since when?) supports regex values for host headers, http headers, and path patterns.

Description of changes

Add regex-based condition methods for ALB listener rules:

• hostHeadersRegex() for host header pattern matching
• httpHeaderRegex() for HTTP header pattern matching
• pathPatternsRegex() for URL path pattern matching

These methods use the regexValues CloudFormation property instead of values, allowing for more flexible pattern matching using regular expressions.

Also add comprehensive validation for all listener condition types:

• Maximum length validation (128 chars for most values, 40 for header names)
• Non-empty value validation where required
• Pattern validation for HTTP request methods
• Maximum count validation (5 items for path patterns, same as before; unknown which number is correct because some pages are saying 3, some are saying 5 and the rest have no idea...)

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Includes unit tests and integration tests for all new functionality.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.

---

	Tests	Passed ✅	Skipped	Failed
Security Guardian Results	48 ran	48 passed

Test	Result
No test annotations available

• View Security Guardian Results

[github-actions]

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
This security report is NOT a review blocker. Please try merge from main to avoid findings unrelated to the PR.

---

	Tests	Passed ✅	Skipped	Failed
Security Guardian Results with resolved templates	48 ran	48 passed

Test	Result
No test annotations available

• View Security Guardian Results with resolved templates

[azatoth]

@pahud I've problem figuring out how to resolve the Security Guardian failure, not sure what to do. Any help would be appreciated.

[pahud]

@pahud I've problem figuring out how to resolve the Security Guardian failure, not sure what to do. Any help would be appreciated.

Hi

You don't need to deal with the security guardian issues for now. Just make sure the CodeBulid CI passes, which at this moment is failing.

https://github.com/aws/aws-cdk/actions/runs/20754299612/job/59591898496?pr=36384

As long as the CodeBuild CI passes, this PR will be queued for review and more inputs will be provided from the maintainers.

Thank you.

[azatoth]

@pahud I've problem figuring out how to resolve the Security Guardian failure, not sure what to do. Any help would be appreciated.

Hi

You don't need to deal with the security guardian issues for now. Just make sure the CodeBulid CI passes, which at this moment is failing.

https://github.com/aws/aws-cdk/actions/runs/20754299612/job/59591898496?pr=36384

As long as the CodeBuild CI passes, this PR will be queued for review and more inputs will be provided from the maintainers.

Thank you.

Ah, I thought it was blocking review from the maintainers as it was the only test that failed then; I've have to look into if any of my changes to fix the security guarding issue has caused the error you pointed out; copilot's "explain error" doesn't really point me in any direction I've been poking around in.

[azatoth]

@pahud the error seems to be unrelated to my PR:

@aws-cdk-testing/framework-integ:   CHANGED    aws-lambda-nodejs/test/integ.latest 57.754s
@aws-cdk-testing/framework-integ:       Resources
@aws-cdk-testing/framework-integ:       [~] AWS::Lambda::Function latestFE0D80B6
@aws-cdk-testing/framework-integ:        └─ [~] Code
@aws-cdk-testing/framework-integ:            └─ [~] .S3Key:
@aws-cdk-testing/framework-integ:                ├─ [-] 2729d9b4af60cbbbe3182f0002dec1747647eedd8de3761325aa38f7ddf73f24.zip
@aws-cdk-testing/framework-integ:                └─ [+] 069f8376d0e4e8d1eb295d84e1d084c6b79c239097010bc64a3874e37e4a38e6.zip
@aws-cdk-testing/framework-integ:       
@aws-cdk-testing/framework-integ:       
@aws-cdk-testing/framework-integ: Snapshot Results: 
@aws-cdk-testing/framework-integ: Tests:    1 failed, 1333 total
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3908876137/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ.latest.js
@aws-cdk-testing/framework-integ: Error: Some tests failed!

[pahud]

@pahud the error seems to be unrelated to my PR:

@aws-cdk-testing/framework-integ:   CHANGED    aws-lambda-nodejs/test/integ.latest 57.754s
@aws-cdk-testing/framework-integ:       Resources
@aws-cdk-testing/framework-integ:       [~] AWS::Lambda::Function latestFE0D80B6
@aws-cdk-testing/framework-integ:        └─ [~] Code
@aws-cdk-testing/framework-integ:            └─ [~] .S3Key:
@aws-cdk-testing/framework-integ:                ├─ [-] 2729d9b4af60cbbbe3182f0002dec1747647eedd8de3761325aa38f7ddf73f24.zip
@aws-cdk-testing/framework-integ:                └─ [+] 069f8376d0e4e8d1eb295d84e1d084c6b79c239097010bc64a3874e37e4a38e6.zip
@aws-cdk-testing/framework-integ:       
@aws-cdk-testing/framework-integ:       
@aws-cdk-testing/framework-integ: Snapshot Results: 
@aws-cdk-testing/framework-integ: Tests:    1 failed, 1333 total
@aws-cdk-testing/framework-integ: Failed: /codebuild/output/src3908876137/src/actions-runner/_work/aws-cdk/aws-cdk/packages/@aws-cdk-testing/framework-integ/test/aws-lambda-nodejs/test/integ.latest.js
@aws-cdk-testing/framework-integ: Error: Some tests failed!

click Update branch to merge the latest changes from main, git pull and try again. It might be due to some previous merged commits.

[azatoth]

click Update branch to merge the latest changes from main, git pull and try again. It might be due to some previous merged commits.

I've updated the branch again now (rebase); I did do this several times before, hoping it had been fixed.

[azatoth]

@pahud I noticed I had updated yarn.lock, and reverting that seems to solve the issue.

[hoegertn]

LGTM; looking forward to the feature.