NS error when creating new zone

[ghost]

Terraform Version

Terraform v0.11.13
+ provider.aws v2.10.0
+ provider.terraform v1.0.2

Affected Resource(s)

• aws_route53_zone
• aws_route53_record

Terraform Configuration Files

resource "aws_route53_zone" "my-zone" {
  name = "my.zone"
}
resource "aws_route53_record" "my-ns-record" {
  zone_id = "${aws_route53_zone.my-zone.zone_id}"
  name = "my.zone"
  type = "NS"
  ttl = "3600"
  records = [
    "${aws_route53_zone.my-zone.name_servers.0}",
    "${aws_route53_zone.my-zone.name_servers.1}",
    "${aws_route53_zone.my-zone.name_servers.2}",
    "${aws_route53_zone.my-zone.name_servers.3}"
  ]
}

Output

Reported change:
https://gist.github.com/ata-sql/a8f334124118d3c7b64af03f26718b0b
After apply:

* aws_route53_record.my-ns-record: [ERR]: Error building changeset: InvalidChangeBatch: [Tried to create resource record set [name='my.zone.', type='NS'] but it already exists]
        status code: 400, request id: XXX

Expected Behavior

Nothing should happen, since terraform creates NS records when creating zone and it should be detected. It happend like that before. Don't remember when last time I created zone with terraform and it worked fine (we have 20+ zones created same way), but first wrong behaviour was about 40-50 days ago.

Actual Behavior

after each apply command, terraform "sees" new dns record and tries to create it. It fails, don't spoil anything, but reports each time.

Steps to Reproduce

Create zone with NS record (as described above) and run

1. terraform apply

[bflad]

Hi @ata-sql 👋 Thanks for reporting this and sorry you are running into trouble here.

In version 2.0.0+ of the Terraform AWS Provider, the aws_route53_record resource is now performing a CREATE operation when creating the resource instead of its previous UPSERT operation on creation. This change was made to align this resource with common Terraform resource expectations that resource creation should generally never overwrite existing infrastructure. More information about this change can be found here:

• https://www.terraform.io/docs/providers/aws/guides/version-2-upgrade.html#resource-aws_route53_record
• resource/aws_route53_record: Switch allow_overwrite default from true to false #7734

The good news here is that we do have an allow_overwrite argument on the aws_route53_record resource for exactly this situation! Updating your configuration to the below should restore the previous behavior if you would prefer to not use terraform import for these records:

resource "aws_route53_record" "my-ns-record" {
  allow_overwrite = true
  zone_id = "${aws_route53_zone.my-zone.zone_id}"
  name = "my.zone"
  type = "NS"
  ttl = "3600"
  records = [
    "${aws_route53_zone.my-zone.name_servers.0}",
    "${aws_route53_zone.my-zone.name_servers.1}",
    "${aws_route53_zone.my-zone.name_servers.2}",
    "${aws_route53_zone.my-zone.name_servers.3}"
  ]
}

Hope this helps!

[weeping-somnambulist]

This isn't really an acceptable answer. allow_overwrite should be the default here, no reason for it not to be whatsoever. It will save some other poor soul hours of troubleshooting and pain.

[farmersmurf]

Yup, just spent into the long small hours until seeing this post :(

Thanks @SwitchedToGitlab

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!