Terraform: InvalidChangeBatch error when creating a r53 record with alias pointing to s3 bucket

Created on 16 Apr 2019  ยท  3Comments  ยท  Source: hashicorp/terraform

Terraform Version

Terraform v0.11.10
+ provider.aws v1.59.0
+ provider.template v2.0.0

Terraform Configuration Files

resource "aws_route53_record" "public_entry_US" {
  zone_id = "${aws_route53_zone.sub_domain_zone.zone_id}"
  name    = "${var.sub_domain}.${var.domain_name}"
  type    = "A"

  set_identifier = "From the US"

  geolocation_routing_policy {
    country = "US"
  }

  alias {
    name                   = "${aws_s3_bucket.website.bucket_domain_name}"
    zone_id                = "${aws_s3_bucket.website.hosted_zone_id}"
    evaluate_target_health = false
  }
}

resource "aws_s3_bucket" "website" {
  bucket = "website"
  acl    = "public-read"

  website {
    index_document = "index.html"
  }
}

resource "aws_s3_bucket_object" "index" {
  bucket = "${aws_s3_bucket.website.id}"
  key    = "index.html"
  acl    = "public-read"
  source = "${path.module}/index.html"
}

Expected Behavior

Terraform should create (or modify) the route53 record with an alias to the s3 bucket

Actual Behavior

Terraform throws the following error from AWS:

* aws_route53_record.public_entry_US: [ERR]: Error building changeset: InvalidChangeBatch: [Tried to create an alias that targets website.s3.amazonaws.com., type A in zone Z1BKCTXD74EZPE, but the alias target name does not lie within the target zone]
        status code: 400, request id: 884107ac-601a-11e9-b82a-d9ff23a9c307

Steps to Reproduce

  1. Create a tf file with the resources listed above
  2. Apply & Approve

Additional Context

I'm unable to find much useful information pertaining to this error in general at all.

If I use Terraform to create the resources (S3 Bucket and R53 record) and then manually link them via the AWS Console, it works fine. However, when I link them through Terraform using an alias, it fails with the error above.

picture egee-irl

Most helpful comment

Thank you for coming back and posting about how you fixed! I've spent 3 days trying to figure out what the heck was going wrong. Really appreciate it!

picture KameronKales on 21 Apr 2019
👍3

All 3 comments

Of course, right after I post this issue I figure out the problem. The alias record should use the website endpoint, not the domain name (which I saw in a code snippet somewhere :roll_eyes: ).

The alias record should look like this:

  alias {
    name                   = "${aws_s3_bucket.website.website_endpoint}"
    zone_id                = "${aws_s3_bucket.website.hosted_zone_id}"
    evaluate_target_health = false
  }

Not like this:

  alias {
    name                   = "${aws_s3_bucket.website.bucket_domain_name}"
    zone_id                = "${aws_s3_bucket.website.hosted_zone_id}"
    evaluate_target_health = false
  }
egee-irl picture egee-irl on 16 Apr 2019
👍1

Thank you for coming back and posting about how you fixed! I've spent 3 days trying to figure out what the heck was going wrong. Really appreciate it!

KameronKales picture KameronKales on 21 Apr 2019
👍3

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 26 Jul 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sprokopiak picture sprokopiak  ยท  3Comments
thebenwaters picture thebenwaters  ยท  3Comments
c4milo picture c4milo  ยท  3Comments
larstobi picture larstobi  ยท  3Comments
darron picture darron  ยท  3Comments