Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Route53 failed to specify region #9052

Closed
shengbo66 opened this issue Jun 19, 2019 · 6 comments · Fixed by #9060
Closed

Route53 failed to specify region #9052

shengbo66 opened this issue Jun 19, 2019 · 6 comments · Fixed by #9060
Assignees
@bflad
Labels
bug Addresses a defect in current functionality. partition/aws-cn Pertains to the aws-cn partition. service/route53 Issues and PRs that pertain to the route53 service.
Milestone
v2.16.0

Comments

@shengbo66
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

terraform -v
Terraform v0.12.2

Affected Resource(s)

resourceAwsRoute53DelegationSet(),
resourceAwsRoute53QueryLog(),
resourceAwsRoute53Record(),
resourceAwsRoute53ZoneAssociation(),
resourceAwsRoute53Zone(),
resourceAwsRoute53HealthCheck(),

Terraform Configuration Files

# configure AWS provider for China region. 
provider "aws" {
  region 	= "cn-northwest-1"
  access_key	= AK
  secret_key	= SK
  
  endpoints {
    route53	= "https://api.route53.cn"
  }
}

# create a route 53 pub zone
resource "aws_route53_zone" "test" {
  
  name = "bobtest3.cn"
  comment = "try to create a pub zone with terraform in China region v2!"
}

Debug Output

2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: 2019/06/15 12:15:49 [DEBUG] Creating Route53 hosted zone: {
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: CallerReference: "terraform-20190615041549099100000001",
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: HostedZoneConfig: {
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Comment: "try to create a pub zone with terraform in China region"
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: },
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Name: "bobtest2.cn"
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: }
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: 2019/06/15 12:15:49 [DEBUG] [aws-sdk-go] DEBUG: Request route53/CreateHostedZone Details:
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: ---[ REQUEST POST-SIGN ]-----------------------------
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: POST /2013-04-01/hostedzone HTTP/1.1
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Host: api.route53.cn
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: User-Agent: aws-sdk-go/1.19.42 (go1.12.5; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.1
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Content-Length: 311
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Authorization: AWS4-HMAC-SHA256 Credential=AKIA2SY65VLYF3DK2EHK/20190615/us-east-1/route53/aws4_request, SignedHeaders=content-length;host;x-amz-date, Signature=75b091758077c471fdda8d42b9a436955c0bbc59a23f5ca8b433c26c9ee43beb
2019-06-15T12:15:49.099+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: X-Amz-Date: 20190615T041549Z
2019-06-15T12:15:49.100+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Accept-Encoding: gzip
2019-06-15T12:15:49.100+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:
2019-06-15T12:15:49.100+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: try to create a pub zone with terraform in China regionbobtest2.cnterraform-20190615041549099100000001
2019-06-15T12:15:49.100+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: -----------------------------------------------------
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: 2019/06/15 12:15:49 [DEBUG] [aws-sdk-go] DEBUG: Response route53/CreateHostedZone Details:
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: ---[ RESPONSE ]--------------------------------------
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: HTTP/1.1 403 Forbidden
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Connection: close
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Content-Length: 317
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Content-Type: text/xml
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: Date: Sat, 15 Jun 2019 04:15:48 GMT
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: X-Amzn-Requestid: 40d95499-8f24-11e9-b1d3-27c91871b3b6
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4:
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: -----------------------------------------------------
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: 2019/06/15 12:15:49 [DEBUG] [aws-sdk-go]
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: SenderSignatureDoesNotMatchCredential should be scoped to a valid region, not 'us-east-1'. 40d95499-8f24-11e9-b1d3-27c91871b3b6
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: 2019/06/15 12:15:49 [DEBUG] [aws-sdk-go] DEBUG: Validate Response route53/CreateHostedZone failed, not retrying, error SignatureDoesNotMatch: Credential should be scoped to a valid region, not 'us-east-1'.
2019-06-15T12:15:49.667+0800 [DEBUG] plugin.terraform-provider-aws_v2.14.0_x4: status code: 403, request id: 40d95499-8f24-11e9-b1d3-27c91871b3b6
2019/06/15 12:15:49 [DEBUG] aws_route53_zone.test: apply errored, but we're indicating that via the Error pointer rather than returning it: error creating Route53 Hosted Zone: SignatureDoesNotMatch: Credential should be scoped to a valid region, not 'us-east-1'.
status code: 403, request id: 40d95499-8f24-11e9-b1d3-27c91871b3b6
2019/06/15 12:15:49 [TRACE] : eval: *terraform.EvalMaybeTainted
2019/06/15 12:15:49 [ERROR] : eval: *terraform.EvalSequence, err: error creating Route53 Hosted Zone: SignatureDoesNotMatch: Credential should be scoped to a valid region, not 'us-east-1'.
status code: 403, request id: 40d95499-8f24-11e9-b1d3-27c91871b3b6
2019/06/15 12:15:49 [TRACE] [walkApply] Exiting eval tree: aws_route53_zone.test
2019-06-15T12:15:49.691+0800 [DEBUG] plugin: plugin process exited: path=/Users/shengbo/ssh/terra/.terraform/plugins/darwin_amd64/terraform-provider-aws_v2.14.0_x4 pid=1801
2019-06-15T12:15:49.691+0800 [DEBUG] plugin: plugin exited

Panic Output

Expected Behavior

In China region, we have to specify the region as "cn-northwest-1" for route53 service

Actual Behavior

the region is hard code to "us-east-1" in config.go;

r53conn: route53.New(sess.Copy(&aws.Config{Region: aws.String("us-east-1"), Endpoint: aws.String(c.Endpoints["route53"])})),

Steps to Reproduce

  1. terraform apply

Important Factoids

References
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Jun 19, 2019
@bflad bflad added bug Addresses a defect in current functionality. partition/aws-cn Pertains to the aws-cn partition. service/route53 Issues and PRs that pertain to the route53 service. and removed needs-triage Waiting for first response or review from a maintainer. labels Jun 19, 2019
@bflad
Copy link
Contributor

bflad commented Jun 19, 2019
edited
Loading

Hi @shengbo66 👋 Thank you for reporting this and sorry for the trouble.

The hardcoded us-east-1 region for the Route 53 service within the Terraform AWS Provider was just fixed today (#9010) and that change will release with version 2.16.0, likely tomorrow. This will prevent the SignatureDoesNotMatch error and allow the custom Route 53 endpoint to properly work in AWS China.

Is there United States viewable documentation for the Route 53 service in AWS China available? It is not currently listed in the English version of the AWS China services documentation: https://www.amazonaws.cn/en/about-aws/regional-product-services/ but I was able to find some recent Chinese articles that seem to confirm the https://api.route53.cn endpoint and cn-northwest-1 region.

I will go ahead and submit the change to automatically set the AWS China Route 53 endpoint since the AWS Go SDK does not currently include this information.

bflad added a commit that referenced this issue Jun 19, 2019
@bflad
provider: Automatically configure AWS China Route 53 region and endpoint
cd01ed5 
Reference: #9052
@bflad bflad mentioned this issue Jun 19, 2019
Merged
@bflad
Copy link
Contributor

bflad commented Jun 19, 2019

Pull request submitted: #9060

@bflad bflad self-assigned this Jun 19, 2019
@nywilken nywilken added this to the v2.16.0 milestone Jun 20, 2019
@bflad
Copy link
Contributor

bflad commented Jun 20, 2019

The automatic configuration of the AWS China endpoint and region for the Route 53 service client within the Terraform AWS Provider has been merged and will release with version 2.16.0, likely tomorrow. 👍

@shengbo66
Copy link
Author

Hi @shengbo66 👋 Thank you for reporting this and sorry for the trouble.

The hardcoded us-east-1 region for the Route 53 service within the Terraform AWS Provider was just fixed today (#9010) and that change will release with version 2.16.0, likely tomorrow. This will prevent the SignatureDoesNotMatch error and allow the custom Route 53 endpoint to properly work in AWS China.

Is there United States viewable documentation for the Route 53 service in AWS China available? It is not currently listed in the English version of the AWS China services documentation: https://www.amazonaws.cn/en/about-aws/regional-product-services/ but I was able to find some recent Chinese articles that seem to confirm the https://api.route53.cn endpoint and cn-northwest-1 region.

I will go ahead and submit the change to automatically set the AWS China Route 53 endpoint since the AWS Go SDK does not currently include this information.

Hi @bflad Very happy for your quick response. The route53 in China region is in preview phase and will be reach GA soon. we are helping customer doing testing with Terraform. Thanks again for your strong support!

@bflad
Copy link
Contributor

bflad commented Jun 20, 2019

This has been released in version 2.16.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

@eriksw eriksw mentioned this issue Jul 26, 2019
Open
@ghost
Copy link

ghost commented Nov 3, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Nov 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bflad bflad

Labels
bug Addresses a defect in current functionality. partition/aws-cn Pertains to the aws-cn partition. service/route53 Issues and PRs that pertain to the route53 service.
Projects
None yet
Milestone
v2.16.0
3 participants
@bflad @nywilken @shengbo66