aws_route53_record keeps wanting to change when passing aws_elb.dns_name

[deanmraz]

Terraform Version

Confirmed on 0.7.9 and 0.7.10

Affected Resource(s)

• aws_elb.dns_name
• aws_route53_record.alias.name

Debug Output

Expected Behavior

Not require a change, display message: No changes...

Actual Behavior

Always requires a change. Notice the appending "." in alias.555.name compared to alias.777.name. Applying then running plan will continue this endless loop of this change.

~ module.custom-dns.aws_route53_record.red-alias
    alias.555.evaluate_target_health: "false" => "false"
    alias.555.name:                   "example-123.eu-west-1.elb.amazonaws.com." => ""
    alias.555.zone_id:                "Z44412XQLNTSW2" => ""
    alias.777.evaluate_target_health: "" => "false"
    alias.777.name:                   "" => "example-123.eu-west-1.elb.amazonaws.com"
    alias.777.zone_id:                "" => "Z3NF1Z3NOM555"

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. create aws_elb resource

resource "aws_elb" "main" {
  ...
}

2. use aws_elb output dns_name to create aws_route53_record resource

resource "aws_route53_record" "www" {
  zone_id = "${aws_route53_zone.primary.zone_id}"
  name = "example.com"
  type = "A"

  alias {
    name = "${aws_elb.main.dns_name}"
    zone_id = "${aws_elb.main.zone_id}"
    evaluate_target_health = true
  }
}

Important Factoids

• Note, aws_route53_record is actually in a module, so the aws_elb.dns_name gets passed as a variable to the aws_route53_record resource which looks more like this:

alias {
    name = "${var.public_dns}"
    zone_id = "${var.zone_id}"
    evaluate_target_health = true
  }

References

• aws_route53_record is modified with every apply #9675
• AWS::Route53 perpetually changing #9628
• provider/aws: Fix aws_route53_record alias perpetual diff #9704

[bdruth]

Having this issue, too.

[bdruth]

I'm seeing, based on a comment from #9628, that there is a difference in the to/from DNS names - namely a dot at the end. However, it's the Route53 record that apparently has the dot? Not what is calculated from the aws_elb.dns_name. Even if I manually inject a '.' in the alias.name, it isn't coming through to the plan.

[bdruth]

So - I don't know what's going on with the '.' in the record. I have 26 Route53 resources defined, all identically. I've added a lower(...) on the aws_elb.name reference, because the ELB has uppercase characters and Route53 internally converts to lower. However, 5/26 (only 5!) still have this "dot at the end" churn between what the internal state is and what's defined in the config. If I add a . manually in the config, terraform doesn't appear to care - what comes through in the plan still shows the difference.

[joshuaspence]

We are also seeing this issue in Terraform 0.7.13.

[wr0ngway]

Seeing this as well. I think it has something to do with elb zone_id - In looking at my ELBs, I see one zone_id across all my internal ELBs and a different one across all my external ELBs. For a diff that I see on an route53 record for an internal ELB, the diff seems to indicate that it needs to change from the external zone_id back to the internal one - no idea why it has the external one in the state.

[ligustah]

I'm seeing the same problem on Terraform 0.7.13 as well.

[adamgotterer]

I'm still seeing this issue in Terraform v0.8.2

[deanmraz]

@wr0ngway is right.

Seems like AWS automatically assigns the elb zone_id and terraform is fighting to change it. Manually configuring zone_id resolves this issue.

For example, when seeing this issue

~ module.custom-dns.aws_route53_record.red-alias
    alias.555.evaluate_target_health: "false" => "false"
    alias.555.name:                   "example-123.eu-west-1.elb.amazonaws.com." => ""
    alias.555.zone_id:                "Z44412XQLNTSW2" => ""
    alias.777.evaluate_target_health: "" => "false"
    alias.777.name:                   "" => "example-123.eu-west-1.elb.amazonaws.com"
    alias.777.zone_id:                "" => "Z3NF1Z3NOM555"

manually set the zone_id.

alias {
    name = "${aws_elb.main.dns_name}"
    zone_id = "Z44412XQLNTSW2"
    evaluate_target_health = true
  }

This isn't ideal, wondering if alias zone_id should be required when assigning it to elb? Or is this an AWS issue not revealing the right zone_id?

[rts-rob]

I struggled with this exact same issue for quite a while before discovering that there's a case-sensitive compare between the load balancer name and the Route53 record that can cause this. I had used a capital letter in naming my load balancer Example and that was causing a reworking of the alias record on every plan.

Using the example provided by @deanmraz Route53 always wanted to make the following changes:
alias.555.name: "Example-123.eu-west-1.elb.amazonaws.com." => ""
(note the capital 'E' carried in from the LB) was becoming
alias.777.name: "" => "example-123.eu-west-1.elb.amazonaws.com"

Making the name of the load balancer all lowercase in Terraform resolved the issue for me.

[sheeley]

@rts-rob you've also got the . appended at the end, not sure if that means that case isn't actually important or if they are both issues

[CpuID]

Confirmed on TF 0.9.2. Our ELB has an all lowercase name already.

[oferzi23]

i installed 0.9.4 but i still get this issue...can someone please post a fix method that was verified...

[deanmraz]

@CpuID The name isn't the issue. Its the zone_id.

After the first terraform apply, state's get updated with a zone id that is not used on subsequence requests. Updating to the zone id to the "changed" value manual resolves the issue, so maybe terraform isn't storing the right zone id?

Also, wondering if private VPC layers are causing this issue for a few and not for others.

[CpuID]

After the first terraform apply, state's get updated with a zone id that is not used on subsequence requests. Updating to the zone id to the "changed" value manual resolves the issue, so maybe terraform isn't storing the right zone id?

@deanmraz seems legit, haven't traced the code but sounds logical.

[albanf]

Use the zone_id property of the ALB/ELB:

alias {
    evaluate_target_health = true
    name = "${lower(aws_alb.MyALB.dns_name)}"
    zone_id = "${aws_alb.MyALB.zone_id}"
}

Also use the built-in lower() function if you ALB/ELB name is not lowercase.

[jmcvetta]

Using the lower() function, as described above, fixed this issues for me.

[ecbrodie]

@albanf please edit your recent comment to use Markdown code blocks. Thank you.

[mhorbul]

Terraform Version

Terraform v0.11.7
+ provider.aws v1.21.0
+ provider.template v1.0.0

I am still experiencing the issue. lower() did not help, but set zone_id manually did. It's not ideal though.

   alias {
     name                   = "${module.elb-production.elb_dns_name}"
-    zone_id                = "${module.elb-production.elb_zone_id}"
+    zone_id                = "XXXXXXXXXX"   # "${module.elb-production.elb_zone_id}"
     evaluate_target_health = true
   }

[RulerOf]

I had this problem too. Turned out that the same DNS entry was being created twice, each pointing to a different thing. Naturally, one of the entries would always see that it had been overwritten every time I ran a terraform plan.

[cdmontgo]

I'm also having this issue. I'm on 0.11.8.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.