Skip to content

feat(elbv2): regex support for listener conditions #36384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
azatoth wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(elbv2): regex support for listener conditions #36384

azatoth wants to merge 1 commit into from
+5,580 −2,396

Conversation

@azatoth
Copy link
Contributor

@azatoth azatoth commented Dec 14, 2025

Issue #36363

Closes #36363

Reason for this change

AWS elbv2 now (since when?) supports regex values for host headers, http headers, and path patterns.

Description of changes

Add regex-based condition methods for ALB listener rules:

  • hostHeadersRegex() for host header pattern matching
  • httpHeaderRegex() for HTTP header pattern matching
  • pathPatternsRegex() for URL path pattern matching

These methods use the regexValues CloudFormation property instead of values, allowing for more flexible pattern matching using regular expressions.

Also add comprehensive validation for all listener condition types:

  • Maximum length validation (128 chars for most values, 40 for header names)
  • Non-empty value validation where required
  • Pattern validation for HTTP request methods
  • Maximum count validation (5 items for path patterns, same as before; unknown which number is correct because some pages are saying 3, some are saying 5 and the rest have no idea...)

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Includes unit tests and integration tests for all new functionality.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 labels Dec 14, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team December 14, 2025 19:11
@github-actions
Copy link
Contributor

github-actions bot commented Dec 14, 2025
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ☑️SkippedFailed ❌️
Security Guardian Results48 ran47 passed1 failed
TestResult
Security Guardian Results
packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.listener-conditions.js.snapshot/aws-cdk-elbv2-alb-listener-conditions-integ.template.json
ec2-no-open-security-groups.guard❌ failure

@github-actions
Copy link
Contributor

github-actions bot commented Dec 14, 2025
edited
Loading

⚠️ Experimental Feature: This security report is currently in experimental phase. Results may include false positives and the rules are being actively refined.
Please try merge from main to avoid findings unrelated to the PR.

TestsPassed ☑️SkippedFailed ❌️
Security Guardian Results with resolved templates48 ran47 passed1 failed
TestResult
Security Guardian Results with resolved templates
packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.alb.listener-conditions.js.snapshot/aws-cdk-elbv2-alb-listener-conditions-integ.template.json
ec2-no-open-security-groups.guard❌ failure

@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Dec 14, 2025
@github-actions github-actions bot mentioned this pull request Jan 1, 2026
Open
@pahud pahud mentioned this pull request Jan 6, 2026
Open
@azatoth
feat(elbv2): regex support for listener conditions
ddb0e82 
Add regex-based condition methods for ALB listener rules:
- hostHeadersRegex() for host header pattern matching
- httpHeaderRegex() for HTTP header pattern matching
- pathPatternsRegex() for URL path pattern matching

These methods use the regexValues CloudFormation property instead
of values, allowing for more flexible pattern matching using regular
expressions.

Also add comprehensive validation for all listener condition types:
- Maximum length validation (128 chars for most values, 40 for header names)
- Non-empty value validation where required
- Pattern validation for HTTP request methods
- Maximum count validation (5 items for path patterns)

Includes unit tests and integration tests for all new functionality.

closes aws#36363
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

(elasticloadbalancingv2): Allow regex path patterns

2 participants

@azatoth @aws-cdk-automation