Terraform-provider-aws: aws_route53_record keeps wanting to change when passing aws_elb.dns_name
_This issue was originally opened by @deanmraz as hashicorp/terraform#10004. It was migrated here as part of the provider split. The original body of the issue is below._
Terraform Version
Confirmed on 0.7.9 and 0.7.10
Affected Resource(s)
- aws_elb.dns_name
- aws_route53_record.alias.name
Debug Output
Expected Behavior
Not require a change, display message: No changes...
Actual Behavior
Always requires a change. Notice the appending "." in alias.555.name compared to alias.777.name. Applying then running plan will continue this endless loop of this change.
~ module.custom-dns.aws_route53_record.red-alias
alias.555.evaluate_target_health: "false" => "false"
alias.555.name: "example-123.eu-west-1.elb.amazonaws.com." => ""
alias.555.zone_id: "Z44412XQLNTSW2" => ""
alias.777.evaluate_target_health: "" => "false"
alias.777.name: "" => "example-123.eu-west-1.elb.amazonaws.com"
alias.777.zone_id: "" => "Z3NF1Z3NOM555"
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
- create aws_elb resource
resource "aws_elb" "main" {
...
}
- use aws_elb output dns_name to create aws_route53_record resource
resource "aws_route53_record" "www" {
zone_id = "${aws_route53_zone.primary.zone_id}"
name = "example.com"
type = "A"
alias {
name = "${aws_elb.main.dns_name}"
zone_id = "${aws_elb.main.zone_id}"
evaluate_target_health = true
}
}
Important Factoids
- Note, aws_route53_record is actually in a module, so the aws_elb.dns_name gets passed as a variable to the aws_route53_record resource which looks more like this:
alias {
name = "${var.public_dns}"
zone_id = "${var.zone_id}"
evaluate_target_health = true
}
References
hashibot
All 11 comments
I believe this is worth mentioning:
Seems like AWS automatically assigns the elb zone_id and terraform is fighting to change it. Manually configuring zone_id resolves this issue.
For example, when seeing this issue
~ module.custom-dns.aws_route53_record.red-alias
alias.555.evaluate_target_health: "false" => "false"
alias.555.name: "example-123.eu-west-1.elb.amazonaws.com." => ""
alias.555.zone_id: "Z44412XQLNTSW2" => ""
alias.777.evaluate_target_health: "" => "false"
alias.777.name: "" => "example-123.eu-west-1.elb.amazonaws.com"
alias.777.zone_id: "" => "Z3NF1Z3NOM555"
manually set the zone_id.
alias {
name = "${aws_elb.main.dns_name}"
zone_id = "Z44412XQLNTSW2"
evaluate_target_health = true
}
This isn't ideal, wondering if alias zone_id should be required when assigning it to elb? Or is this an AWS issue not revealing the right zone_id?
deanmraz
on 14 Jun 2017
Ours is not fighting with the Zone ID, just recreating all the time:
aws_route53_record.rt53_alb_backend: Modifying... (ID: Z3SBZOP31WHSD4_sandbox-spanky_A)
alias.1075331504.evaluate_target_health: "true" => "false"
alias.1075331504.name: "spanky-elb-frontend-943739151.us-east-1.elb.amazonaws.com" => ""
alias.1075331504.zone_id: "Z35SXDOTRQ7X7K" => ""
alias.128963778.evaluate_target_health: "" => "false"
alias.128963778.name: "" => "internal-spanky-alb-backend-303633289.us-east-1.elb.amazonaws.com"
alias.128963778.zone_id: "" => "Z35SXDOTRQ7X7K"
spanktar
on 11 Jul 2017
We got a similar issue and it turned out to be the casing was different.
~ aws_route53_record.jenkins
alias.1489143538.evaluate_target_health: "" => "false"
alias.1489143538.name: "" => "internal-build-Main-922925609.eu-west-1.elb.amazonaws.com"
alias.1489143538.zone_id: "" => "Z32O12XQLNTSW2"
alias.3211552905.evaluate_target_health: "false" => "false"
alias.3211552905.name: "internal-build-main-922925609.eu-west-1.elb.amazonaws.com" => ""
alias.3211552905.zone_id: "Z32O12XQLNTSW2" => ""
alias {
name = "${aws_alb.build.dns_name}"
zone_id = "${aws_alb.build.zone_id}"
evaluate_target_health = "false"
}
aws_alb.build.dns_name gives internal-build-Main-922925609.eu-west-1.elb.amazonaws.com but the Route53 API reports internal-build-main-922925609.eu-west-1.elb.amazonaws.com (different casing on _Main_).
Adding a lower() work arounds this issue.
rickard-von-essen
on 21 Aug 2017
We're seeing this with the ELB name being entirely lowercase, so forcing the ELB name through lower() is unable to fix this for us. This must be a deeper issue.
jmehnle
on 15 Sep 2017
Seeing this as well on version 0.9.10.
The issue is the trailing dot.
Investigating further, I have found what is causing this for us. It seems to be an inconsistency in how AWS reports zone id from the EC2 side compared to Route53.
In the AWS console, looking at our EC2 load balancer details, they seem to be spread between two different hosted zones. Looking at the corresponding Route53 entries, however, consistently lists just one of these zones as the "Alias Hosted Zone ID".
In the cases where they differ, Terraform will try to change them, over and over.
erkkah
on 5 Oct 2017
@rickard-von-essen confirmed, lower() helps.
ghost
on 11 Jan 2018
@jmehnle your ELB name and tags are also lowercase?
plentz
on 13 Mar 2018
The uppercase alias name difference issue should be resolved since v1.8.0 of the AWS provider (via #3119).
As for any plans showing the zone ID as a difference perpertually, does using the aws_elb_hosted_zone_id data source help?
data "aws_elb_hosted_zone_id" "example" {}
resource "aws_route53_record" "example" {
# ... other configuration ...
alias {
name = "${aws_elb.example.dns_name}"
zone_id = "${data.aws_elb_hosted_zone_id.example.id}"
evaluate_target_health = true
}
}
bflad
on 13 Mar 2018
This problem occurs for us too, on our older ELBs. In the AWS web-console the Route53 "_Alias Hosted Zone ID_" value shows one thing ("Z35SXDOTRQ7X7K") and the ELB "_Hosted zone_" shows another ("Z3DZXE0Q79N41H"). Terraform constantly tries to "fix" the Route53 record but AWS is always re-writing it back. This is a AWS quirk, I can't really blame terraform.
- Short term workaround: Manually hardcode the
zone_idin terraform rather than using a reference to the elb zone_id. - Long term workaround: Re-create the ELB.
Relevant reference: https://github.com/hashicorp/terraform/issues/9289#issuecomment-299060509.
tomfotherby
on 11 Apr 2018
Closing this as the previous two comments should have all the details necessary here. If you are continuing to have some sort of perpetual difference in this regard, please open a new issue with all the details of the issue template. Thanks!
bflad
on 11 Apr 2018
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 6 Apr 2020
Related issues
modax
ยท
3Comments
hashibot
ยท
3Comments
ccslamstack
ยท
3Comments
andywirv
ยท
3Comments
hashibot
ยท
3Comments
Most helpful comment
We got a similar issue and it turned out to be the casing was different.
aws_alb.build.dns_namegivesinternal-build-Main-922925609.eu-west-1.elb.amazonaws.combut the Route53 API reportsinternal-build-main-922925609.eu-west-1.elb.amazonaws.com(different casing on _Main_).Adding a
lower()work arounds this issue.