Aws-cdk: Creating an alias record for an existing hosted zone in Route53, does not find the zone with Python bindings
(I asked the below on https://stackoverflow.com/q/57691646/4556546, but did not have much luck.)
I am using the AWS CDK (with Python as my deployment language) and I am trying to add an alias record of an existing cloudfront distribution to an existing hosted zone. While I can get cdk synth to work, cdk deploy fails not finding the hosted zone.
I tested with AWS CDK version 1.5.0 (build c020efa) and 1.6.0 (build 3a0cde0).
I tried finding the zone like so:
zone = route53.HostedZone.from_hosted_zone_attributes(
self,
'MyHostedZone',
zone_name = props.domainName,
hosted_zone_id = 'Z1XXXXXXXXXS1'
)
And like so (also tried with PublicHostedZone):
zone = route53.HostedZone.from_lookup(
self,
'MyHostedZone',
domain_name = props.domainName
)
And using it with (which works if a new hosted zone is created):
route53.ARecord(
self,
'SiteAliasRecord',
record_name = siteDomain,
target = route53.RecordTarget(alias_target=target),
zone = zone
)
In both cases, the error message is:
StaticSiteHTTPS/SiteAliasRecord
(StaticSiteHTTPSSiteAliasRecord9BXXXXX) No hosted zone found with ID:
Z2XXX6BQ9TEB5H (Service: AmazonRoute53; Status Code: 404; Error Code:
NoSuchHostedZone; Request ID:
I do not know where ID Z2XXX6BQ9TEB5H comes from it is not in my template and I do not have a hosted zone with this ID.
Both generate a .template.json that contains:
"StaticSiteHTTPSSiteAliasRecord9BXXXXX": {
"Type": "AWS::Route53::RecordSet",
"Properties": {
"Name": "dev.mydomain.com.",
"Type": "A",
"AliasTarget": {
"DNSName": {
"Fn::GetAtt": [
"StaticSiteHTTPSSiteDistributionCFDistribution3BXXXXX",
"DomainName"
]
},
"HostedZoneId": "Z2YYYYYYYYYW2"
},
"HostedZoneId": "Z1XXXXXXXXXXS1"
},
from_lookup generates "HostedZoneId": "/hostedzone/Z1XXXXXXXXXXS1", while from_hosted_zone_attributes generates "HostedZoneId": "Z1XXXXXXXXXXS1" in template.json but either way deploy does not find the hosted zone. However, this seems to suggest that synth finds the hosted zone OK, running cdk context entries are created there by synth, too.
I also tried getting the hosted zone via from_hosted_zone_id and from_hosted_zone_attributes which also throw errors, but my understanding is that they do not actually look anything up in my account.
On a side note, creating a new hosted zone with the CDK works and it contains the alias record.
How can I debug this further? Should I be using a different mechanism to provide or lookup my hosted zone?
helzich
All 11 comments
Are you running cdk deploy... with a profile? Can you verify that the profile used has the correct Route53 permissions? Can you verify that the hosted zone exists in that account? I think hosted zones are supposed to end with a . and that's bitten me a few times.
I was able to get it to work with this python code on 1.5.0
rhboyd
on 3 Sep 2019
@rhboyd many thanks for taking a look! I tried with the code you linked, with the same results, unfortunately.
Regarding your questions:
- I am running both synth and deploy with the same account and credentials residing in the default credentials file.
- Yes, the profile has correct Route53 permissions, I can add the alias manually when logged in.
- Yes the hosted zone exists, I double checked the ID and I tried with and without a
.in the end (same result).
The wired bit is that deploy complains about a hosted zone with an ID that I do not know anything about, so I am not surprised it cannot find it, from above:
I do not know where ID
Z2XXX6BQ9TEB5Hcomes from it is not in my template and I do not have a hosted zone with this ID.
Any idea how to debug this?
helzich
on 3 Sep 2019
What do you see when you run aws route53 list-hosted-zones from the command line?
rhboyd
on 3 Sep 2019
@rhboyd, somthing like the below. The first hosted zone is unrelated. The second is the one in question. Neither have the ID the error message complains about.
{
"HostedZones": [
{
"Id": "/hostedzone/Z2XXXXXXXXXXYV",
"Name": "another_domain.com.",
"CallerReference": "46...81",
"Config": {
"PrivateZone": false
},
"ResourceRecordSetCount": 5
},
{
"Id": "/hostedzone/Z1XXXXXXXXXXS1",
"Name": "domain_in_question.com.",
"CallerReference": "90...08",
"Config": {
"PrivateZone": false
},
"ResourceRecordSetCount": 7
}
]
}
@helzich Did got this fixed it? if yes, how?
salsa2k
on 2 Jul 2020
@helzich Did got this fixed it? if yes, how?
@salsa2k no I have not. Tom at stackoverflow (https://stackoverflow.com/a/60971592/4556546) says that the code he pasted there is working (it was not working for me at the time), but I have not tried again since April.
helzich
on 2 Jul 2020
@salsa2k are you running into this issue? I think it's a stale issue, but would love to get help in coming up with a minimal repro
shivlaks
on 27 Aug 2020
I'm facing this issue as well. CDK version: 1.60.0 (build 8e3f53a) Node version: v13.14.0
What I tried apart from the recommendations above:
- Delete and create a different hosted zone (with a different subdomain)
Here's what I get when running aws route53 list-hosted-zones:
{
"HostedZones": [
{
"Id": "/hostedzone/xxxxxxxxx",
"Name": "domain1.com.",
"CallerReference": "RISWorkflow-xxxxx",
"Config": {
"Comment": "HostedZone created by Route53 Registrar",
"PrivateZone": false
},
"ResourceRecordSetCount": 9
},
{
"Id": "/hostedzone/xxxxxxxxx",
"Name": "domain2.com.",
"CallerReference": "RISWorkflow-RD:xxxxx",
"Config": {
"Comment": "HostedZone created by Route53 Registrar",
"PrivateZone": false
},
"ResourceRecordSetCount": 5
},
{
"Id": "/hostedzone/xxxxxxxxx",
"Name": "domain3.com.",
"CallerReference": "RISWorkflow-RD:xxxxx",
"Config": {
"Comment": "HostedZone created by Route53 Registrar",
"PrivateZone": false
},
"ResourceRecordSetCount": 5
},
{
"Id": "/hostedzone/xxxxxxxxx",
"Name": "subdomain.target-domain.",
"CallerReference": "xxxxx",
"Config": {
"Comment": "",
"PrivateZone": false
},
"ResourceRecordSetCount": 3
},
{
"Id": "/hostedzone/xxxxxxxxx",
"Name": "domain4.com.",
"CallerReference": "RISWorkflow-RD:xxxxx",
"Config": {
"Comment": "HostedZone created by Route53 Registrar",
"PrivateZone": false
},
"ResourceRecordSetCount": 10
},
{
"Id": "/hostedzone/xxxxxxxxx",
"Name": "local.",
"CallerReference": "xxxxx",
"Config": {
"Comment": "Created by AWS Cloud Map namespace with ARN arn:aws:servicediscovery:us-east-1:xxxxx:namespace/xxxxx",
"PrivateZone": true
},
"ResourceRecordSetCount": 2,
"LinkedService": {
"ServicePrincipal": "servicediscovery.amazonaws.com",
"Description": "arn:aws:servicediscovery:us-east-1:xxxxx:namespace/xxxxx"
}
}
]
}
The file cdk.context.json has the correct HostedZone id, but the deployment fails because it tries to find a differrent one.
CDK seems to pick up the default credentials, which are fine: Resolving default credentials
bahrmichael
on 29 Aug 2020
This is not just a python issue. I'm facing this problem with typescript.
bahrmichael
on 29 Aug 2020
Tried it with a different account and it worked without problems.
bahrmichael
on 29 Aug 2020
Today, I tried in antoher account and for a different domain. I still have the problem, now synth produces the correct zone ID, but deploy still tries to use a different one, so I am not surprised it fails. I have no idea why deploy would use a different zone ID.
helzich
on 20 Oct 2020
Related issues
kawamoto
路
3Comments
pepastach
路
3Comments
eladb
路
3Comments
PaulMaddox
路
3Comments
ababra
路
3Comments
Most helpful comment
Today, I tried in antoher account and for a different domain. I still have the problem, now synth produces the correct zone ID, but deploy still tries to use a different one, so I am not surprised it fails. I have no idea why deploy would use a different zone ID.