aws-cdk-lib.aws_ecs_patterns: unable to set value of idle_timeout to value greater than Duration.seconds(400)

[emossman]

Describe the bug

I have an ALB created via the aws_ecs_patterns.ApplicationLoadBalancedFargateService class with a default idle_timeout that I would like to modify to 700 seconds.

Given the following sanitized fargate service:

        fargate_service = aws_ecs_patterns.ApplicationLoadBalancedFargateService(
            self,
            f"ecs-{props['remote_namespace']}ecs-service",
            cluster=cluster,
            task_definition=task_def,
            load_balancer_name=f"alb-{props['remote_namespace']}-{props['environments'][props['current_env']]['shortname']}",
            public_load_balancer=False,
            desired_count=3,
            protocol = aws_elasticloadbalancingv2.ApplicationProtocol.HTTP,
            domain_name = f"{props['environments'][props['current_env']]['zone_name']}",
            domain_zone = hosted_zone,
            idle_timeout = Duration.seconds(700)
        )

I get the following trimmed output:

(.venv) ➜  cdk_remote git:(stg) ✗ cdk diff
jsii.errors.JavaScriptError: 
  Error: Load balancer idle timeout must be between 1 and 4000 seconds.
      at new ApplicationLoadBalancedServiceBase (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/jsii-kernel-dl3Hpa/node_modules/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.js:1:2216)
      at new ApplicationLoadBalancedFargateService (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/jsii-kernel-dl3Hpa/node_modules/aws-cdk-lib/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.js:1:601)
      at Kernel._create (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:8223:29)
      at Kernel.create (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:7961:29)
      at KernelHost.processRequest (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:9596:36)
      at KernelHost.run (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:9559:22)
      at Immediate._onImmediate (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:9560:46)
      at process.processImmediate (node:internal/timers:471:21)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "REDACTED/cdk_remote/app.py", line 60, in <module>
    app_dep = ApplicationDependencies(app, f"cf-{props['remote_namespace']}-app-dep", props, sm_props, env = env_US_E1)
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_runtime.py", line 86, in __call__
    inst = super().__call__(*args, **kwargs)
  File "REDACTED/cdk_remote/ApplicationDependencies.py", line 365, in __init__
    fargate_service = aws_ecs_patterns.ApplicationLoadBalancedFargateService(
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_runtime.py", line 86, in __call__
    inst = super().__call__(*args, **kwargs)
  File "REDACTED/.venv/lib/python3.9/site-packages/aws_cdk/aws_ecs_patterns/__init__.py", line 7687, in __init__
    jsii.create(self.__class__, self, [scope, id, props])
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_kernel/__init__.py", line 290, in create
    response = self.provider.create(
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_kernel/providers/process.py", line 344, in create
    return self._process.send(request, CreateResponse)
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_kernel/providers/process.py", line 326, in send
    raise JSIIError(resp.error) from JavaScriptError(resp.stack)
jsii.errors.JSIIError: Load balancer idle timeout must be between 1 and 4000 seconds.

This same error is observed for any values > Duration.seconds(400).

Expected Behavior

I expected the idle_timeout of my load balancer to be set to 700 seconds.

Current Behavior

A JSII error is thrown:

  Error: Load balancer idle timeout must be between 1 and 4000 seconds.
      at new ApplicationLoadBalancedServiceBase (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/jsii-kernel-dl3Hpa/node_modules/aws-cdk-lib/aws-ecs-patterns/lib/base/application-load-balanced-service-base.js:1:2216)
      at new ApplicationLoadBalancedFargateService (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/jsii-kernel-dl3Hpa/node_modules/aws-cdk-lib/aws-ecs-patterns/lib/fargate/application-load-balanced-fargate-service.js:1:601)
      at Kernel._create (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:8223:29)
      at Kernel.create (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:7961:29)
      at KernelHost.processRequest (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:9596:36)
      at KernelHost.run (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:9559:22)
      at Immediate._onImmediate (/private/var/folders/v4/4qvspy996kdg5s152pjb_1q00000gq/T/tmpfn0vyya3/lib/program.js:9560:46)
      at process.processImmediate (node:internal/timers:471:21)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "REDACTED/cdk_remote/app.py", line 60, in <module>
    app_dep = ApplicationDependencies(app, f"cf-{props['remote_namespace']}-app-dep", props, sm_props, env = env_US_E1)
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_runtime.py", line 86, in __call__
    inst = super().__call__(*args, **kwargs)
  File "REDACTED/cdk_remote/ApplicationDependencies.py", line 365, in __init__
    fargate_service = aws_ecs_patterns.ApplicationLoadBalancedFargateService(
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_runtime.py", line 86, in __call__
    inst = super().__call__(*args, **kwargs)
  File "REDACTED/.venv/lib/python3.9/site-packages/aws_cdk/aws_ecs_patterns/__init__.py", line 7687, in __init__
    jsii.create(self.__class__, self, [scope, id, props])
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_kernel/__init__.py", line 290, in create
    response = self.provider.create(
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_kernel/providers/process.py", line 344, in create
    return self._process.send(request, CreateResponse)
  File "REDACTED/.venv/lib/python3.9/site-packages/jsii/_kernel/providers/process.py", line 326, in send
    raise JSIIError(resp.error) from JavaScriptError(resp.stack)
jsii.errors.JSIIError: Load balancer idle timeout must be between 1 and 4000 seconds.

Reproduction Steps

from aws_cdk import (
    Stack,
    aws_ecs_patterns,
    aws_ecs,
    aws_ec2,
    aws_iam,
    aws_elasticloadbalancingv2,
    aws_route53,
    Duration
)
from constructs import Construct


class DebugStack(Stack):
    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        vpc = aws_ec2.Vpc(self, "debug-vpc", cidr="10.0.0.0/16")

        cluster = aws_ecs.Cluster(
            self,
            "ecs-cluster",
            cluster_name=f"ecs-debug-ecs-cluster",
            vpc=vpc,
        )

        task_role = aws_iam.Role(
            self,
            f"iam-debug-ecs-taskRole",
            role_name=f"iam-debug-ecs-taskRole",
            assumed_by=aws_iam.ServicePrincipal('ecs-tasks.amazonaws.com')
        )     

        task_def = aws_ecs.FargateTaskDefinition(
            self,
            f"td-debug-ecs-taskdef",
            task_role=task_role,
            cpu=2048,
            family = f"td-debug-ecs-taskdef",
            memory_limit_mib=12288,
        )

        hosted_zone = aws_route53.HostedZone(self, "MyHostedZone", zone_name="example.com")

        container = task_def.add_container(
            "debug",
            image=aws_ecs.ContainerImage.from_registry(
               "public.ecr.aws/aws-observability/"),
            logging=aws_ecs.AwsLogDriver(
            stream_prefix="debug-ecs-logs"
        ),
        )

        container.add_port_mappings(
            aws_ecs.PortMapping(
                container_port=2020,
                protocol=aws_ecs.Protocol.TCP
            )
        )

        fargate_service = aws_ecs_patterns.ApplicationLoadBalancedFargateService(
            self,
            f"ecs-debug-ecs-service",
            cluster=cluster,
            task_definition=task_def,
            load_balancer_name=f"alb-debug",
            public_load_balancer=False,
            desired_count=3,
            protocol=aws_elasticloadbalancingv2.ApplicationProtocol.HTTP,
            domain_name="debug.example.com",
            domain_zone=hosted_zone,
            idle_timeout = Duration.seconds(401)
        )

Possible Solution

This upper limit of 400 seconds is 10% of the actual upper limit of idle timeout, which suggests a zero was omitted somwehere.

Looking at this commit 546581a#diff-bc0826ed8167fb2e85180ae376629e966a9d26b7205641b5ca1f51a1a6f3d150R446 it seems that the upper limit of idle_timeout was set properly, but there could be something else I'm running into.

Additional Information/Context

Setting the value of idle_timeout to a Duration.minutes(int) also gives the same error.

Using the workaround specified in this comment #12913 (comment) works for me.

CDK CLI Version

2.37.0 (build aba5ef6)

Framework Version

No response

Node.js Version

v18.4.0

OS

macOS 12.5 (21G72)

Language

Python

Language Version

3.9.13

Other information

#12913

#21261

[peterwoodworth]

I think this is because the duration isn't getting converted. I've submitted a PR for this, thanks for reporting!