Home > front end >  Terraform "Create R53 Alias for VPC Interface Endpoint Failing on Zone Match" -- But Zone
Terraform "Create R53 Alias for VPC Interface Endpoint Failing on Zone Match" -- But Zone

Time:12-17

I'm trying to create Route53 alias records in a private hosted zone using Terraform v0.13.6 and pointing to a VPC Endpoint (vpce) and getting a fail of the nature:

Error building changeset: InvalidChangeBatch: [Tried to create an alias that targets ssm.us-west-2.amazonaws.com., type A in zone [XXXX], but the alias target name does not lie within the target zone] status code: 400

The zone I'm addressing [XXXX] is indeed the zone of the VPCe, not the zone of the DNS, so I've hopefully avoided that common error.

When I view the VPCe, either via console or command line, I see the correct zone in the results (a match to [XXXX]) so the Terraform return is literally telling me the VPCe is not in the zone that the console and CLI says it is in.

When I use the console to create the alias record it works fine!

The VPCe is in two subnets, so there are are three (3) DNS names listed in the VPCe console record (apparently a generic record and one for each specified subnet) but the DNS zones are all the same, so that shouldn't be a problem. In code I go after the 0'th record, and use the name of the generic endpoint because I want resolution across both subnets in the case of failure.

The relevant code is below. Does anybody have any insights into what might be going on?

resource "aws_route53_record" "endpoint_record" {
        for_each = var.vpce
        provider = aws.someprovider
        zone_id  = aws_route53_zone.private[each.key].zone_id
        name    = ""
        type    = "A"

         alias {
             name = each.value.url
             zone_id = aws_vpc_endpoint.ssm_endpoint[each.key].dns_entry[0].hosted_zone_id
    evaluate_target_health = true
  }
        depends_on = [
    aws_route53_zone.private,
  ]
}

The url in the alias call is of the type ssm.us-west-2.amazonaws.com as you can see in the error message.

Any ideas what might be going on?

CodePudding user response:

For name of the alias, I think you would want to use the one provided from the aws_vpc_endpoint, so:

alias {
  name = aws_vpc_endpoint.ssm_endpoint[each.key].dns_entry[0].dns_name
  zone_id = aws_vpc_endpoint.ssm_endpoint[each.key].dns_entry[0].hosted_zone_id
  evaluate_target_health = true
}

I don't know what is the value for each.value.url, but I don't think it is correct.

Page link:https//www.codepudding.com/frontend/231290.html

Prev:For loop in terraform
Next:How to make a boolean toggle using JPQL
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding