[Bug]: aws_route53_record alias.zone_id should not be required

[vomitHatSteve]

Terraform Core Version

1.4.5

AWS Provider Version

4.63.0

Affected Resource(s)

route53_record With alias defined The alias contains a name directed to an AWS apigateway domain The alias does not define a zone_id

Expected Behavior

An A alias record should be created in the hosted zone

Actual Behavior

Terraform raises a "Missing required argument" error

Relevant Error/Panic Output Snippet

Error: Missing required argument

  on FILENAME.tf line ##, in resource "aws_route53_record" "example":
 ##:  alias {

 The argument "zone_id" is required, but no definition was found.

Terraform Configuration Files

resource "aws_apigatewayv2_api" "my_api" {
  name = "my-api"
  protocol_type = "HTTP"
}

resource "aws_vpc" "my_vpc" {
  cidr_block = "172.1.128.0/32"
  enable_dns_support = true
  enable_dns_hostnames = true
}

resource "aws_route53_zone" "my_zone" {
  name = "example.com"
  comment = "Some internal domain"
  vpc {
    vpc_id = aws_vpc.my_vpc.id
  }
}

resource "aws_route53_record" "example" {
  zone_id = aws_route53_zone.my_zone.zone_id
  name    = "mysubdomain.example.com"
  type      = "A"
  alias {
    name = "${aws_apigatewayv2_api.my_api}.execute-api.us-east1.amazonaws.com"
    evaluate_target_health = false
  }
}

Steps to Reproduce

Run terraform apply with a resource configuration similar to the above

Debug Output

No response

Panic Output

No response

Important Factoids

The Terraform documentation does describe this as an invalid configuration (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record#alias)

But the AWS documentation (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-api-gateway.html) does not.

Further, such a configuration can be created in the AWS console, so it clearly is valid.

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[jbg]

The Terraform documentation does describe this as an invalid configuration (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record#alias) But the AWS documentation (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-api-gateway.html) does not.

The linked documentation doesn't say that this is a valid configuration. It only discusses what happens when you use the AWS Console, which often diverges from the actual underlying API to make things easier.

In this case, the console is aware of the predefined API Gateway zone IDs and just sets them on your behalf.

The relevant reference is the AliasTarget object in the Route53 API reference, which documents HostedZoneId as a required field, and explains the value that should be used for different types of target, including API Gateway.

The situation here is similar to with load balancers, there is a set of predefined zone IDs (one per region) that are used for aliasing to the service.

You can get the zone ID using the AWS CLI with aws apigateway get-domain-names or aws apigatewayv2 get-domain-names or from the Amazon API Gateway endpoints and quotas page in the AWS documentation.

It's also available as the cloudfront_zone_id (for edge-optimized) and regional_zone_id (for regional) output attributes on the api_gateway_domain_name resource. Seems missing on the v2 resources, unless I'm missing it.

[vomitHatSteve]

Ah yep. You are correct. Thank you for clarifying.

I'm not using an api_gateway_domain_name (or the v2 equivalent) for this, so it's not relevant to my case, but I suppose if the zone_id fields are missing from the v2 version, that might be worth bugging.

From some more research, I have found that the *.amazonaws.com zones are consistent and don't appear to be explicitly exposed by any API. But they are documented: https://docs.aws.amazon.com/general/latest/gr/apigateway.html

So... I guess, can we pivot this ticket to be a feature request to include these mappings automatically? I can create a workaround for my immediate needs, but it would be nice if Terraform could do some of the same managing of defaults for us that the console does.

[crenus]

Is this applicable to all situations? Im running into the situation right now where i am migrating zones and records, and trying to get the existing records up first. These are alias records that point to cloudfront instances in that account. Since I am doing cross account referencing, I dont technically have the zone id. And even if I try copy and pasting, Tf throws and error that it doesnt exist. But again to the above, I can go into console and just paste the cloudfront domain and it works