Error when add Cloudwatch alarm to aws_route53_health_check

[teddylear]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.0.11 Aws Provider v3.70.0

Affected Resource(s)

• aws_route53_health_check

Terraform Configuration Files

resource "aws_route53_health_check" "record" {
    ... other fields
    cloudwatch_alarm_name = "testAlarm"
    cloudwatch_alarm_region = "us-east-1
}

Assume testAlarm Cloudwatch metric alarm already exists in us-east-1

Panic Output

Error updating Route53 health check (): InvalidInput: Invalid parameter : Basic health checks must not have an metric region specified. status code: 400

Expected Behavior

Alarm would attach to route53 health checks cleanly

Actual Behavior

We get this panic error output in terraform, but in AWS these have attached to records and a follow up terraform plan shows no changes

Steps to Reproduce

1. Create test Cloudwatch alarm in AWS
2. terraform init and terraform plan
3. terraform apply and see error
4. validate health check now has Cloudwatch alarm attached
5. validate terraform plan now shows no changes.

Important Factoids

This may be an issue with the AWS API, but figured this would be the best place to start. It appears that it is doing what is expected when the next plan is running when validating the resource in AWS and then running a plan again gives a clean plan. Also note that this only works in us-east-1, as you cannot health checks to alarms in other regions (not sure if in official AWS docs, but trial and error has shown that). That might a future improvement for the provider with validation which I'm more than happy to add.

[justinretzolk]

Hey @teddylear 👋 Thank you for taking the time to raise this! I've done a bit of poking around and haven't quite been able to determine why the apply would error but still attach the Cloudwatch alarm. I did find some indication (really, quite limited!) that this may have to do with the type that is being set for the aws_route53_health_check (from some sample requests here). Can you confirm what you're setting the type to?

[teddylear]

Hi @justinretzolk, I'm setting the route 53 record to 'A' type. Please let me know if you need more info and thanks for looking into this!

[justinretzolk]

Hey @teddylear 👋 Thank you for following up, and apologies if I was unclear. The value that I'm looking for is what you're setting for aws_route53_health_check.type, as defined here. The valid values for this argument are:

HTTP, HTTPS, HTTP_STR_MATCH, HTTPS_STR_MATCH, TCP, CALCULATED, CLOUDWATCH_METRIC and RECOVERY_CONTROL.

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[9rnt]

Hello I'm having the same issue. resource "aws_route53_health_check" "record" { ... other fields cloudwatch_alarm_name = "testAlarm" cloudwatch_alarm_region = "us-east-1 } is returning Error: updating Route53 Health Check (XX): InvalidInput: Invalid parameter : Basic health checks must not have an metric region specified when removing the cloudwatch alarm region I'm getting updating Route53 Health Check (XXX): InvalidParameter: 1 validation error(s) found. - minimum field size of 1, UpdateHealthCheckInput.AlarmIdentifier.Region.

This is not working for the following health check types: HTTPS and TCP (works fine for HTTP)