Terraform-provider-aws: aws_route53_zone imports with a trailing dot

Created on 13 Jun 2017 · 12Comments · Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @TaiSHiNet as hashicorp/terraform#8511. It was migrated here as part of the provider split. The original body of the issue is below._

Hi,

I'm on version 0.7.1 and when running an aws_route_53 import it'll end up in the state file with a trailing dot (as in bind, and as shown in the console).
This causes the resource to try and be recreated due to a mismatch with the terraform file.
How to reproduce:

Create a Route53 zone manually
Create the TF resource in a file
Import Route53 zone into your state
Run terraform plan

I could have just bypassed this by by adding a trailing dot to the resource, but documentation shows an example without it and it might be misleading to have both ways.

Bests

bug servicroute53

Source

hashibot

👍10

Most helpful comment

Reopening this issue as it appears this issue was errantly closed by #3321 which fixed the behavior for aws_route53_record, but not aws_route53_zone. 😅

bflad on 4 Sep 2018

👍2

All 12 comments

Hi, do we have any update on this?

godfried on 15 Jun 2017

@godfried Look at corresponding pull request https://github.com/hashicorp/terraform/pull/8517: it's a WIP & not migrated to this repository, yet.

Dominik-K on 30 Jun 2017

I ran into the same issue. According to hasicorp/terraform#8517 a solution is to remove the trailing dot from the state file directly.

samlee64 on 12 Jul 2017

Hitting the same thing here. I created an aws_route53_record resource through Terraform without a trailing dot in the name...

resource "aws_route53_record" "foo" {
  zone_id = "${var.zone_id}"
  name    = "foo.drew.example"
  type    = "A"
  ttl     = "300"
  records = [ "foo.com" ]
}

I then remove that resource from my state and reimport it with a dot...

$ terraform state rm aws_route53_record.foo
$ terraform import aws_route53_record.foo ${MY_ZONE_ID}_foo.drew.example._CNAME

And even though the import's successful, subsequent terraform plans want to recreate the resource:

-/+ aws_route53_record.foo (new resource required)
      fqdn:               "foo.drew.example" => "<computed>"
      name:               "foo.drew.example." => "foo.drew.example" (forces new resource)
      records.#:          "1" => "1"
      records.3464609096: "foo.drew.example" => "foo.com"
      ttl:                "300" => "300"
      type:               "CNAME" => "CNAME"
      zone_id:            "${MY_ZONE_ID}" => "${MY_ZONE_ID}"

It'd be nice if this could be fixed, because it makes me wonder what'll happen if I import a bunch of existing records with or without the trailing dots and whether it'll cause me any problems down the line.

Terraform version: v0.10.2

hybby on 21 Aug 2017

This has been released in version 1.10.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

bflad on 27 Feb 2018

Reopening this issue as it appears this issue was errantly closed by #3321 which fixed the behavior for aws_route53_record, but not aws_route53_zone. 😅

bflad on 4 Sep 2018

👍2

also running into this issue with ACM.
Terraform v0.11.10

provider.aws v1.43.2

resource "aws_acm_certificate" "foo" {
  domain_name       = "${data.aws_route53_zone.foo.name}"
  validation_method = "DNS"
  subject_alternative_names = ["*.${data.aws_route53_zone.foo.name}"]
}

aws_acm_certificate.foo: Error requesting certificate: ValidationException: 2 validation errors detected: Value '[*.foo.com.]' at 'subjectAlternativeNames' failed to satisfy constraint: Member must satisfy constraint: [Member must have length less than or equal to 253, Member must have length greater than or equal to 1, Member must satisfy regular expression pattern: ^(*.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9]).)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$]; Value 'foo.com.' at 'domainName' failed to satisfy constraint: Member must satisfy regular expression pattern: ^(*.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9]).)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$

clarlam on 14 Nov 2018

Workaround in the meantime, search for trailing "." with regex and replace

variable "search_period" {default = "/\\.$/"}
variable "replace_period" {default = ""}

resource "aws_acm_certificate" "foo" {
  domain_name       = "${replace(data.aws_route53_zone.foo.name, var.search_period , var.replace_period)}"
  validation_method = "DNS"
  subject_alternative_names = ["*.${replace(data.aws_route53_zone.foo.name, var.search_period, var.replace_period)}"]
}

clarlam on 14 Nov 2018

This issue also appears for aws_cloudfront_distribution, for origin -> domain_name, the terraform apply errors out when trying to create the resource as it doesn't consider it to be a valid domain_name.

@clarlam workaround fixes the issue for now.

terraform --version
Terraform v0.11.10
+ provider.aws v1.50.0

victorkabdebon on 1 Dec 2018

😕2

Yep. Still an issue.

Another part of the problem is that this is changed upon apply, but the plan doesn't respect that it has a change.

jufemaiz on 11 Feb 2020

👍1

I've not actually worked with Go before, so this might be a bit silly, but...

The schema for name uses suppressRoute53ZoneNameWithTrailingDot for it's DiffSuppressFunc - doesn't that mean it should ignore trailing dots when diffing?

If so: does that mean the bug lies with DiffSuppressFunc or suppressRoute53ZoneNameWithTrailingDot?

If not: does that mean that the fix for this is to just do what was done in #3321? i.e stick zoneName = strings.TrimSuffix(zoneName, ".") somewhere?

If it's the latter, I'm happy to stick my toe into the water as this seems like a relatively easy fix, but if it's the former that sounds to me like a bigger issue :/