From 64d26cc22b1fe456777c3367769ddbe860f26cf3 Mon Sep 17 00:00:00 2001
From: Cory Hall <43035978+corymhall@users.noreply.github.com>
Date: Mon, 21 Feb 2022 05:04:42 -0500
Subject: [PATCH] fix(elasticloadbalancingv2): validate port/protocol are not
 provided for lambda targets (#19043)

When creating a target group with the targetType = `LAMBDA` you should
not provide the port or protocol. If protocol is provided then
CloudFormation will throw an error message. If you provide the port to
CDK, CDK will figure out and provide the protocol as well.

This PR adds validation and throws an error if either port or protocol
is provided when the target type is Lambda.

fixes #12514


----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 .../lib/alb/application-target-group.ts       | 11 +++++++
 .../test/alb/target-group.test.ts             | 29 +++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts
index cf34ee5a7857e..98bfdc90796bb 100644
--- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts
+++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts
@@ -134,6 +134,17 @@ export class ApplicationTargetGroup extends TargetGroupBase implements IApplicat
     this.protocol = protocol;
     this.port = port;
 
+    // this.targetType is lazy
+    this.node.addValidation({
+      validate: () => {
+        if (this.targetType === TargetType.LAMBDA && (this.port || this.protocol)) {
+          return ['port/protocol should not be specified for Lambda targets'];
+        } else {
+          return [];
+        }
+      },
+    });
+
     this.connectableMembers = [];
     this.listeners = [];
 
diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/target-group.test.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/target-group.test.ts
index 98c25a1e5cb70..57a3aabe6a11b 100644
--- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/target-group.test.ts
+++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/target-group.test.ts
@@ -48,6 +48,35 @@ describe('tests', () => {
     expect(Object.keys(matches).length).toBe(0);
   });
 
+  test('Lambda target should not have port set', () => {
+    const app = new cdk.App();
+    const stack = new cdk.Stack(app, 'Stack');
+
+    const tg = new elbv2.ApplicationTargetGroup(stack, 'TG2', {
+      protocol: elbv2.ApplicationProtocol.HTTPS,
+    });
+    tg.addTarget({
+      attachToApplicationTargetGroup(_targetGroup: elbv2.IApplicationTargetGroup): elbv2.LoadBalancerTargetProps {
+        return {
+          targetType: elbv2.TargetType.LAMBDA,
+          targetJson: { id: 'arn:aws:lambda:eu-west-1:123456789012:function:myFn' },
+        };
+      },
+    });
+    expect(() => app.synth()).toThrow(/port\/protocol should not be specified for Lambda targets/);
+  });
+
+  test('Lambda target should not have protocol set', () => {
+    const app = new cdk.App();
+    const stack = new cdk.Stack(app, 'Stack');
+
+    new elbv2.ApplicationTargetGroup(stack, 'TG', {
+      port: 443,
+      targetType: elbv2.TargetType.LAMBDA,
+    });
+    expect(() => app.synth()).toThrow(/port\/protocol should not be specified for Lambda targets/);
+  });
+
   test('Can add self-registering target to imported TargetGroup', () => {
     // GIVEN
     const app = new cdk.App();