aws-cdk-lib/aws-elasticloadbalancingv2: custom health check timeouts sould be supported for Network Load Balancer health checks

[tmyoda]

Describe the bug

After NLB updating November 2022, We can change HealthCheckTimeoutSeconds between 2–120 seconds

Elastic Load Balancing capabilities for application availability
https://aws.amazon.com/about-aws/whats-new/2022/11/elastic-load-balancing-capabilities-application-availability/

Network Load Balancer (NLB) Health Check Improvements: NLB allows customers to define health check intervals, specify HTTP response codes that determine target health, and configure the number of consecutive health check responses before a target is either health or unhealthy. For details, see the NLB health check documentation here.

Health checks for your target groups - Elastic Load Balancing
https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-health-checks.html

HealthCheckTimeoutSeconds

The amount of time, in seconds, during which no response from a target means a failed health check. The range is 2–120 seconds. The default values are 6 seconds for HTTP and 10 seconds for TCP and HTTPS health checks.

6 seconds for HTTP health checks and 10 seconds for TCP and HTTPS health checks.

However the latest CDK is still not updated yet.
https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-target-group.ts#L283-L288

if (healthCheck.timeout && healthCheck.timeout.toSeconds() !== NLB_HEALTH_CHECK_TIMEOUTS[healthCheck.protocol]) {
      ret.push([
        'Custom health check timeouts are not supported for Network Load Balancer health checks.',
        `Expected ${NLB_HEALTH_CHECK_TIMEOUTS[healthCheck.protocol]} seconds for ${healthCheck.protocol}, got ${healthCheck.timeout.toSeconds()}`,
      ].join(' '));
    }

Expected Behavior

The option HealthCheckTimeoutSeconds should be available.

Current Behavior

When I tried to deploy using custom health check timeout, It cause following error.

$ cdk deploy

Error: Validation failed with the following errors:
  [NlbStack/NLB/NLBListener/NLBTargetsGroup] Custom health check timeouts are not supported for Network Load Balancer health checks. Expected 10 seconds for TCP, got 2
    at validateTree (/home/ec2-user/nlb/node_modules/aws-cdk-lib/core/lib/private/synthesis.js:3:12)
    at synthesize (/home/ec2-user/nlb/node_modules/aws-cdk-lib/core/lib/private/synthesis.js:1:953)
    at App.synth (/home/ec2-user/nlb/node_modules/aws-cdk-lib/core/lib/stage.js:1:2052)
    at process.<anonymous> (/home/ec2-user/nlb/node_modules/aws-cdk-lib/core/lib/app.js:1:1448)
    at Object.onceWrapper (node:events:628:26)
    at process.emit (node:events:513:28)
    at process.emit (node:domain:489:12)
    at process.emit.sharedData.processEmitHook.installedValue [as emit] (/home/ec2-user/nlb/node_modules/@cspotcode/source-map-support/source-map-support.js:745:40)

Reproduction Steps

import { Construct } from 'constructs'
import { App, Stack, StackProps } from 'aws-cdk-lib'
import * as cdk from 'aws-cdk-lib'
import * as ec2 from 'aws-cdk-lib/aws-ec2'
import * as elbv2 from 'aws-cdk-lib/aws-elasticloadbalancingv2'
import * as elbv2Targtes from 'aws-cdk-lib/aws-elasticloadbalancingv2-targets'

export class NlbStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props);

    const vpc = new ec2.Vpc(this, 'VPC', {
      maxAzs: 2,
      natGateways: 0,
      subnetConfiguration: [{
        name: 'PublicSubnet',
        subnetType: ec2.SubnetType.PUBLIC,
      }],
    })

    const securityGroup = new ec2.SecurityGroup(this, 'SecurityGroup', {
      vpc,
      allowAllOutbound: true,
    })
    securityGroup.addIngressRule(
        ec2.Peer.anyIpv4(),
        ec2.Port.tcp(80),
    )
    const bastion = new ec2.BastionHostLinux(this, 'EC2', {
      vpc,
      securityGroup,
      instanceType: ec2.InstanceType.of(
          ec2.InstanceClass.BURSTABLE4_GRAVITON,
          ec2.InstanceSize.MICRO,
      ),
    })

    const nlb = new elbv2.NetworkLoadBalancer(this, 'NLB', {
      vpc,
      internetFacing: true,
      vpcSubnets: {
        subnetType: ec2.SubnetType.PUBLIC,
      },
    })
    const nlbListener = nlb.addListener(
        'NLBListener',
        {
          port: 80
        },
    )
    nlbListener.addTargets('NLBTargets', {
      protocol: elbv2.Protocol.TCP,
      port: 80,
      targets: [
          new elbv2Targtes.InstanceTarget(
              bastion.instance,
              80
          )
      ],
      healthCheck: {
        protocol: elbv2.Protocol.TCP,
        port: '80',
        interval: cdk.Duration.seconds(6),
        timeout: cdk.Duration.seconds(2),   //  Custom health check timeouts should be supported.
        healthyThresholdCount: 2,
        unhealthyThresholdCount: 2,
      },
    })
  }
}

const app = new App();
new NlbStack(app, 'my-test-stack', {
    env: { account: '', region: '' },
});

Possible Solution

https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/nlb/network-target-group.ts#L283-L288

It seems that we need to modify the validation for the URL above.

Additional Information/Context

No response

CDK CLI Version

2.84.0 (build f7c792f)

Framework Version

No response

Node.js Version

v16.20.0

OS

Amazon Linux 2

Language

Typescript

Language Version

No response

Other information

No response

[tmyoda]

I plan to work on a fix for this issue and will submit a pull request once it's ready.

[peterwoodworth]

Thanks for reporting and for working on this @tmyoda!

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.