aws_route53_record keeps wanting to change when passing aws_elb.dns_name

[hashibot]

This issue was originally opened by @deanmraz as hashicorp/terraform#10004. It was migrated here as part of the provider split. The original body of the issue is below.

---

Terraform Version

Confirmed on 0.7.9 and 0.7.10

Affected Resource(s)

• aws_elb.dns_name
• aws_route53_record.alias.name

Debug Output

Expected Behavior

Not require a change, display message: No changes...

Actual Behavior

Always requires a change. Notice the appending "." in alias.555.name compared to alias.777.name. Applying then running plan will continue this endless loop of this change.

~ module.custom-dns.aws_route53_record.red-alias
    alias.555.evaluate_target_health: "false" => "false"
    alias.555.name:                   "example-123.eu-west-1.elb.amazonaws.com." => ""
    alias.555.zone_id:                "Z44412XQLNTSW2" => ""
    alias.777.evaluate_target_health: "" => "false"
    alias.777.name:                   "" => "example-123.eu-west-1.elb.amazonaws.com"
    alias.777.zone_id:                "" => "Z3NF1Z3NOM555"

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. create aws_elb resource

resource "aws_elb" "main" {
  ...
}

2. use aws_elb output dns_name to create aws_route53_record resource

resource "aws_route53_record" "www" {
  zone_id = "${aws_route53_zone.primary.zone_id}"
  name = "example.com"
  type = "A"

  alias {
    name = "${aws_elb.main.dns_name}"
    zone_id = "${aws_elb.main.zone_id}"
    evaluate_target_health = true
  }
}

Important Factoids

• Note, aws_route53_record is actually in a module, so the aws_elb.dns_name gets passed as a variable to the aws_route53_record resource which looks more like this:

alias {
    name = "${var.public_dns}"
    zone_id = "${var.zone_id}"
    evaluate_target_health = true
  }

References

• aws_route53_record is modified with every apply terraform#9675
• AWS::Route53 perpetually changing terraform#9628
• provider/aws: Fix aws_route53_record alias perpetual diff terraform#9704

[deanmraz]

I believe this is worth mentioning:

Seems like AWS automatically assigns the elb zone_id and terraform is fighting to change it. Manually configuring zone_id resolves this issue.

For example, when seeing this issue

~ module.custom-dns.aws_route53_record.red-alias
    alias.555.evaluate_target_health: "false" => "false"
    alias.555.name:                   "example-123.eu-west-1.elb.amazonaws.com." => ""
    alias.555.zone_id:                "Z44412XQLNTSW2" => ""
    alias.777.evaluate_target_health: "" => "false"
    alias.777.name:                   "" => "example-123.eu-west-1.elb.amazonaws.com"
    alias.777.zone_id:                "" => "Z3NF1Z3NOM555"

manually set the zone_id.

alias {
    name = "${aws_elb.main.dns_name}"
    zone_id = "Z44412XQLNTSW2"
    evaluate_target_health = true
  }

This isn't ideal, wondering if alias zone_id should be required when assigning it to elb? Or is this an AWS issue not revealing the right zone_id?

[spanktar]

Ours is not fighting with the Zone ID, just recreating all the time:

aws_route53_record.rt53_alb_backend: Modifying... (ID: Z3SBZOP31WHSD4_sandbox-spanky_A)
  alias.1075331504.evaluate_target_health: "true" => "false"
  alias.1075331504.name:                   "spanky-elb-frontend-943739151.us-east-1.elb.amazonaws.com" => ""
  alias.1075331504.zone_id:                "Z35SXDOTRQ7X7K" => ""
  alias.128963778.evaluate_target_health:  "" => "false"
  alias.128963778.name:                    "" => "internal-spanky-alb-backend-303633289.us-east-1.elb.amazonaws.com"
  alias.128963778.zone_id:                 "" => "Z35SXDOTRQ7X7K"

[rickard-von-essen]

We got a similar issue and it turned out to be the casing was different.

  ~ aws_route53_record.jenkins
      alias.1489143538.evaluate_target_health: "" => "false"
      alias.1489143538.name:                   "" => "internal-build-Main-922925609.eu-west-1.elb.amazonaws.com"
      alias.1489143538.zone_id:                "" => "Z32O12XQLNTSW2"
      alias.3211552905.evaluate_target_health: "false" => "false"
      alias.3211552905.name:                   "internal-build-main-922925609.eu-west-1.elb.amazonaws.com" => ""
      alias.3211552905.zone_id:                "Z32O12XQLNTSW2" => ""

  alias {
    name                   = "${aws_alb.build.dns_name}"
    zone_id                = "${aws_alb.build.zone_id}"
    evaluate_target_health = "false"
  }

aws_alb.build.dns_name gives internal-build-Main-922925609.eu-west-1.elb.amazonaws.com but the Route53 API reports internal-build-main-922925609.eu-west-1.elb.amazonaws.com (different casing on Main).

Adding a lower() work arounds this issue.

[jmehnle]

We're seeing this with the ELB name being entirely lowercase, so forcing the ELB name through lower() is unable to fix this for us. This must be a deeper issue.

[erkkah]

Seeing this as well on version 0.9.10.
The issue is the trailing dot.

Investigating further, I have found what is causing this for us. It seems to be an inconsistency in how AWS reports zone id from the EC2 side compared to Route53.

In the AWS console, looking at our EC2 load balancer details, they seem to be spread between two different hosted zones. Looking at the corresponding Route53 entries, however, consistently lists just one of these zones as the "Alias Hosted Zone ID".

In the cases where they differ, Terraform will try to change them, over and over.

[ghost]

@rickard-von-essen confirmed, lower() helps.

[plentz]

@jmehnle your ELB name and tags are also lowercase?

[bflad]

The uppercase alias name difference issue should be resolved since v1.8.0 of the AWS provider (via #3119).

As for any plans showing the zone ID as a difference perpertually, does using the aws_elb_hosted_zone_id data source help?

data "aws_elb_hosted_zone_id" "example" {}

resource "aws_route53_record" "example" {
  # ... other configuration ...
  alias {
    name                   = "${aws_elb.example.dns_name}"
    zone_id                = "${data.aws_elb_hosted_zone_id.example.id}"
    evaluate_target_health = true
  }
}

[tomfotherby]

This problem occurs for us too, on our older ELBs. In the AWS web-console the Route53 "Alias Hosted Zone ID" value shows one thing ("Z35SXDOTRQ7X7K") and the ELB "Hosted zone" shows another ("Z3DZXE0Q79N41H"). Terraform constantly tries to "fix" the Route53 record but AWS is always re-writing it back. This is a AWS quirk, I can't really blame terraform.

• Short term workaround: Manually hardcode the zone_id in terraform rather than using a reference to the elb zone_id.
• Long term workaround: Re-create the ELB.

Relevant reference: hashicorp/terraform#9289 (comment).

[bflad]

Closing this as the previous two comments should have all the details necessary here. If you are continuing to have some sort of perpetual difference in this regard, please open a new issue with all the details of the issue template. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!