-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Route53 validation records creation fails #7918
Comments
subject_alternative_names
= '*.example.com' can not be created
In my use-case, I have an While the call for 1 region succeeds, the other call for the 2nd region fails with the error with the same errors as the OP. My aws provider version is 2.0.0 Details:
I've confirmed that with aws provider version 1.60.0 the issue doesn't happen |
Reading this suggests that the new version of this provider are working as designed/expected. This breaks the functionality of validating ACM certs using DNS validation as AWS generate the validation record data (name and value) based on the requested domain (and SANs) and the account info. |
[fix] ACM certificate route53 validation overwrite### Summary The new tf provider refuses to overwrite existing route53 records breaking previous functionality. This is a problem for acm since we need the same record for each region. Therefore, we allow route53 records to be overwritten by default. ### Test Plan unittests ### References hashicorp/terraform-provider-aws#7918
Is the only option to provide the
|
This bug is preventing me from deploying applications that utilize Certificate Manager DNS validation. I'm having the same issue as @CamelCaseNotation mentions above - |
Thank you for using Terraform and for opening up this question @ToROxI. Issues on GitHub are intended to be related to bugs or feature requests with the provider codebase. Please use https://discuss.hashicorp.com/c/terraform-providers for community discussions, and questions around Terraform. It looks as though @ayashjorden has provided an answer and reference to this question. If you believe this issue was miscategorized as a question or closed in error, please create a new issue using one of the following provided templates: bug report or feature request. Please make sure to provide us with the appropriate information so we can best determine how to assist with the given issue. |
It worked for me |
aws_route53_record.main: [ERR]: Error building changeset: InvalidChangeBatch: [Tried to create resource record set [name='_61d8ab692c2cada15a5dc3064b50fa55.apps.cyan.devpreview.agilestacks.io.', type='CNAME'] but it already exists] hashicorp/terraform-provider-aws#7918
oh well, allow_overwrite didn't work for me either... any ideas how to make it not fail on existing record?
|
by the way I am using terraform 0.12.9 I have the flag hardcoded to true:
and it still fails with the error above. Maybe there is a way to add some conditional block to avoid TF attempting the operation if record already exists? I am thinking of a way to disable that block on consequent runs.... |
oh and the so, |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Terraform Version
Terraform v0.11.11
Affected Resource(s)
aws_acm_certificate
aws_route53_record
Terraform Configuration Files
Expected Behavior
I tried to create an aws_acm_certificate for "example.com" domain name with "subject_alternative_names" set to "*.example.com". This produces two domain_validation_options with the same CNAME. It should either produce a single domain_validation_option or recognise at validation stage that the two are identical.
Actual Behavior
Steps to Reproduce
terraform apply
Important Factoids
None
References
The text was updated successfully, but these errors were encountered: