aws_route53_resource with alias to ELB has changed after 0.7.5 upgrade

[hashibot]

This issue was originally opened by @mioi as hashicorp/terraform#9289. It was migrated here as part of the provider split. The original body of the issue is below.

---

Terraform Version

Terraform v0.7.5

Affected Resource(s)

• aws_route53_resource
• aws_elb

Terraform Configuration Files

resource "aws_elb" "foobar-elb" {
  name            = "foobar-elb"
  security_groups = ["sg-foobaz"]

  subnets = ["subnet-foobaz"]

  listener {
    instance_port     = 443
    instance_protocol = "tcp"
    lb_port           = 443
    lb_protocol       = "tcp"
  }

  health_check {
    healthy_threshold   = 2
    unhealthy_threshold = 2
    timeout             = 5
    target              = "TCP:443"
    interval            = 30
  }

  instances = ["i-1234567"]

  cross_zone_load_balancing   = true
  idle_timeout                = 400
  connection_draining         = true
  connection_draining_timeout = 400
}

resource "aws_route53_record" "foo" {
  zone_id = "ZREDACTED0"
  name    = "foo.bar.baz"
  type    = "A"

  alias {
    name                   = "${aws_elb.foobar-elb.dns_name}"
    zone_id                = "${aws_elb.foobar-elb.zone_id}"
    evaluate_target_health = true
  }
}

Debug Output

(too much to redact)

Panic Output

n/a

Expected Behavior

It should return the No changes. Infrastructure is up-to-date. message when running terraform plan.

Actual Behavior

It shows that it wants to do this:

~ aws_route53_record.foo
    alias.123456789.evaluate_target_health: "true" => "false"
    alias.123456789.name:                   "dualstack.foobar-elb-89012345.us-west-1.elb.amazonaws.com" => ""
    alias.123456789.zone_id:                "ZREDACTED1" => ""
    alias.567890123.evaluate_target_health:  "" => "true"
    alias.567890123.name:                    "" => "foobar-elb-89012345.us-west-1.elb.amazonaws.com"
    alias.567890123.zone_id:                 "" => "ZREDACTED2"

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. upgrade from 0.7.4 to 0.7.5 version of Terraform.
2. run terraform plan

Important Factoids

it seems like the main difference (as shown in the terraform plan is that previously, with 0.7.4, it prepended dualstack. to the alias name of the route53 record when you ran terraform apply. However, the .tfstate file did not reflect this. With 0.7.5, it seems to want to remove the dualstack. prefix from the ELB name.

References

n/a

[adhodgson1]

I am also facing this issue, any ideas on whether a fix is in the works?

[dnk8n]

Any progress on this one? The following config attempts to recreate the route53 record each time, despite no changes. What is causing this?

data "aws_lb" "example" {
  arn  = "arn:aws:elasticloadbalancing:us-east-1:***:loadbalancer/app/example/***"
}

data "aws_route53_zone" "internal_dns" {
  name = "company.internal"
  private_zone = true
}

resource "aws_route53_record" "company-service" {
  zone_id = "${data.aws_route53_zone.internal_dns.zone_id}"
  name = "${var.name}"
  type = "A"
  alias {
    evaluate_target_health = false
    name = "${data.aws_lb.example.dns_name}"
    zone_id = "${data.aws_lb.example.zone_id}"
  }
}

[dnk8n]

I just noticed the following in the console upon terraform apply:

Terraform will perform the following actions:

  ~ aws_route53_record.company-service
      alias.***56.evaluate_target_health: "false" => "false"
      alias.***56.name:                   "internal-example-***12.us-east-1.elb.amazonaws.com" => ""
      alias.***56.zone_id:                "Z3***7K" => ""
      alias.***48.evaluate_target_health: "" => "false"
      alias.***48.name:                   "" => "internal-EXAMPLE-***12.us-east-1.elb.amazonaws.com"
      alias.***48.zone_id:                "" => "Z3***7K"

Is it the case difference in internal-example-*** vs internal-EXAMPLE-*** that is causing this?

[dnk8n]

So re-reading the issue after finding a solution to my own issue, I realise that despite similar behaviour... what I was describing is unrelated to this issue (does anyone know of the issue number where mine belongs?).

For what it was worth, I was able to work around my issue by specifying alias name = "${lower(data.aws_lb.example.dns_name)}". My issue is that when elb is named with capital letters, the dns name terraform gets back includes capitals in the data source, however when refreshing state it gets back lowercase and therefore wants to change from lowercase to uppercase each time.

[bflad]

Hey @dnk8n, sorry you're running into trouble. What version of the AWS provider are you on? The uppercase alias name issue should have been resolved with #3119 in v1.8.0.

[dnk8n]

Oh nice. You guys release so fast! (That is a good thing). I should have checked if I was on the latest. I am on version 1.7.1 (terraform 0.11.2).

Once all my work is done. I'll do an upgrade of terraform and all its plugins. In my templates, I pin to specific versions because in the past I have been bitten by not doing that.

Thanks for redirecting me. Sorry about the off-topic posts.

[harmanbirdi]

Not sure, if this is the right place for this, but I am facing the same issue when working with aws instances, instead of elb. If I create an instance and then later update the count from 1 to 2, then terraform plan, shows that it will delete and add the Route 53 entries again, even though nothing about the first instance has changed. I have just downloaded v0.11.4 (latest as of now), and it shows the same thing.

I have no dependency defined in my module at all, so why is it telling me that it will re-create the
Route 53 DNS entry again. It shows update-in-place for the forward record, but destroy-and-create for the reverse (PTR) record.

$ terraform --version
Terraform v0.11.4
+ provider.aws v1.9.0
+ provider.null v1.0.0

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.aws_route53_zone.forward_zone: Refreshing state...
data.aws_route53_zone.reverse_zone: Refreshing state...
data.aws_ami.ubuntu: Refreshing state...
aws_instance.coper[0]: Refreshing state... (ID: i-083ff2c5c79e8c395)
aws_route53_record.forward_record[0]: Refreshing state... (ID: Z1*********46D_server01)
aws_route53_record.reverse_record[0]: Refreshing state... (ID: Z2*********7YI_177.42.50.10.in-addr.arpa._PTR)

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  + module.coper.aws_instance.coper[1]
      id:                                <computed>
      ami:                               "ami-4e79ed36"
      associate_public_ip_address:       <computed>
      availability_zone:                 <computed>
      ebs_block_device.#:                <computed>
      ephemeral_block_device.#:          <computed>
      iam_instance_profile:              "my-iam-instance-profile"
      instance_state:                    <computed>
      instance_type:                     "t2.micro"
      ipv6_address_count:                <computed>
      ipv6_addresses.#:                  <computed>
      key_name:                          "my-key-pair"
      network_interface.#:               <computed>
      network_interface_id:              <computed>
      placement_group:                   <computed>
      primary_network_interface_id:      <computed>
      private_dns:                       <computed>
      private_ip:                        <computed>
      public_dns:                        <computed>
      public_ip:                         <computed>
      root_block_device.#:               <computed>
      security_groups.#:                 <computed>
      source_dest_check:                 "true"
      subnet_id:                         "subnet-*******"
      tags.%:                            "3"
      tags.Dept:                         "Dev"
      tags.Name:                         "server02.mydomain.com"
      tags.Role:                         "servers"
      tenancy:                           <computed>
      volume_tags.%:                     <computed>
      vpc_security_group_ids.#:          "1"
      vpc_security_group_ids.20******93: "sg-********"

  ~ module.coper.aws_route53_record.forward_record[0]
      records.#:                         "" => <computed>

  + module.coper.aws_route53_record.forward_record[1]
      id:                                <computed>
      fqdn:                              <computed>
      name:                              "server02"
      records.#:                         <computed>
      ttl:                               "30"
      type:                              "A"
      zone_id:                           "Z1*********46D"

-/+ module.coper.aws_route53_record.reverse_record[0] (new resource required)
      id:                                "Z2*********7YI_177.42.50.10.in-addr.arpa._PTR" => <computed> (forces new resource)
      fqdn:                              "177.42.50.10.in-addr.arpa" => <computed>
      name:                              "177.42.50.10.in-addr.arpa" => "${element(split(\".\", element(aws_instance.coper.*.private_ip, count.index)), 3)}.${element(split(\".\", element(aws_instance.coper.*.private_ip, count.index)), 2)}.${data.aws_route53_zone.reverse_zone.name}" (forces new resource)
      records.#:                         "1" => <computed>
      ttl:                               "30" => "30"
      type:                              "PTR" => "PTR"
      zone_id:                           "Z2*********7YI" => "Z2*********7YI"

  + module.coper.aws_route53_record.reverse_record[1]
      id:                                <computed>
      fqdn:                              <computed>
      name:                              "${element(split(\".\", element(aws_instance.coper.*.private_ip, count.index)), 3)}.${element(split(\".\", element(aws_instance.coper.*.private_ip, count.index)), 2)}.${data.aws_route53_zone.reverse_zone.name}"
      records.#:                         <computed>
      ttl:                               "30"
      type:                              "PTR"
      zone_id:                           "Z2*********7YI"


Plan: 4 to add, 1 to change, 1 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

$ 

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!