How do I troubleshoot AWS CloudFormation error "Invalid request provided AWS ElasticLoadBalancingV2 ListenerRule Validation exception"?
I want to resolve the error I receive when I create or update the stack with resource AWS::ElasticLoadBalancingV2::ListenerRule in AWS CloudFormation.
Short description
This error might be due to:
- A non-valid listener Amazon Resource Name (ARN)
- Missing or insufficient AWS Identity and Access Management (AWS IAM) permissions
- Condition values that exceed quotas for rule
- Use of a non-allowed character as field value for a condition
Resolution
The following section addresses some of the common errors.
A non-valid listener Amazon Resource Name (ARN)
Check If the listener ARN format is incorrect. The resource AWS::ElasticLoadBalancingV2::ListenerRule is attached to a listener resource that's attached to an Elastic Load Balancer. Make sure that the correct listener ARN is passed to the listener ARN property.
Example format for a listener ARN:
arn:aws:elasticloadbalancing:us-east-2:123456789012:listener/app/Application-Load-Balancer/0b761fa41d0fbe95/9e86778540dfe57b
Missing or insufficient IAM permissions
Make sure that the CloudFormation service role or the user who creates the stack has the required permissions. The permissions listed below allow the service role or user to create or modify the listener rules successfully.
- elasticloadbalancing:DescribeRules
- elasticloadbalancing:CreateRule
- elasticloadbalancing:ModifyRule
Condition values exceed quotas for rule (EDIT)
A listener rule can only have five condition values per rule. This quota can't be adjusted if the specified conditions require more than five values.
Use of a non-allowed character as field value for a condition
For listener rule conditions only the following characters are allowed for Field property :
If Field is host-header and you're not using HostHeaderConfig, specify a single host name (for example, my.example.com). A host name is case insensitive and can be up to 128 characters in length. For more information, see Host conditions in Listeners for your Application Load Balancers.
When you specify multiple host names that use HostHeaderConfig, the property must only use the characters from the allowed patterns.
If Field is path-pattern and you're not using PathPatternConfig, specify a single path pattern (for example, /img/). A path pattern is case sensitive and can be up to 128 characters in length. For more information, see Path conditions in Listeners for your Application Load Balancers.
When you specify multiple path patterns using PathPatternConfig, the property must only use the characters from the allowed patterns.
Review the following example. If the field is a host-header and the value passed to it isn't an allowed value for host-header you receive a ValidationException error. In the example below, /dev is not an allowed value for the host-header. Use a field type path-pattern for /.
Conditions: - Field: host-header Values: - "admin-test.com/dev”
Verify AWS CloudTrail
If none of the earlier options work, check the API call CreateRule, ModifyRule, or DescribeRules that was invoked during stack creation. The errors found in CloudTrail logs provide more details on why CloudFormation failed to create or update the listener rule.
Related information
Actions, resources, and condition keys for AWS Elastic Load Balancing V2
Relevant content
- Accepted Answerasked 2 years ago
- asked 5 months ago
- asked 4 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated a year ago
