fix(ecs-patterns): add missing redirectHTTP dependency on main listener in ApplicationLoadBalancedFargateService (#34510)

aemada-aws · web-flow · commit 8e4ca1449196 · 2025-05-22T20:06:09.000+02:00
### Issue # (if applicable) Closes #34235 ### Reason for this change Fixes an issue with Cloudformation throwing `A listener already exists on this port for this load balancer` during deployments when switching from `redirectHTTP: false` to `redirectHTTP: true` on the `ApplicationLoadBalancedFargateService` construct. ### Description of changes There are 3 cases to handle: - For the default listener created by the construct and described in the reproduction stack in this issue. The bug is that when using the default listener port [here](https://github.com/aws/aws-cdk/blob/2bdc07e45f836a710bc049d43a2462806af1c75d/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts#L508), we don’t wait for it to update to 443 before adding the redirect listener from 80 -> 443, causing a race condition that sometimes tries to add 2 listeners on the same port (80). Fixed by adding an explicit dependency. - The second case would be a user having the port 80 listener added via `loadBalancer.addListener` or expliclity via the `props.listenerPort`. We let the CFN error pass through. ### Describe any new or updated permissions being added None ### Description of how you validated changes Added unit tests and updated integ tests. I'm still trying to deploy the integ tests to my account but the issue is that I need to first have a route53 domain. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.js.snapshot/aws-ecs-integ-alb-fg-https.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs-patterns/test/fargate/integ.alb-fargate-service-https.js.snapshot/aws-ecs-integ-alb-fg-https.template.json
@@ -535,7 +535,8 @@
     },
     "Port": 80,
     "Protocol": "HTTP"
-   }
+   },
+   "DependsOn": ["myServiceLBPublicListenerC78AE8A0","myServiceLBPublicListenerECSGroup17E9BBC1"]
   },
   "myServiceCertificate152F9DDA": {
    "Type": "AWS::CertificateManager::Certificate",
diff --git a/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts b/packages/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.ts
@@ -541,6 +541,9 @@ export abstract class ApplicationLoadBalancedServiceBase extends Construct {
           permanent: true,
         }),
       });
+      // Ensure the redirect listener is created after the main listener,
+      // otherwise we run into a race condition that adds 2 listeners on port 80.
+      this.redirectListener.node.addDependency(this.listener);
     }
 
     let domainName = loadBalancer.loadBalancerDnsName;

Original file line number	Diff line number	Diff line change
`@@ -541,6 +541,9 @@ export abstract class ApplicationLoadBalancedServiceBase extends Construct {`
`541`	`541`	`permanent: true,`
`542`	`542`	`}),`
`543`	`543`	`});`
	`544`	`+ // Ensure the redirect listener is created after the main listener,`
	`545`	`+ // otherwise we run into a race condition that adds 2 listeners on port 80.`
	`546`	`+ this.redirectListener.node.addDependency(this.listener);`
`544`	`547`	`}`
`545`	`548`
`546`	`549`	`let domainName = loadBalancer.loadBalancerDnsName;`