search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.84k stars 9.19k forks source link

[Bug]: aws_lightsail_domain_entry seems broken #39213

Open majkelcc opened 2 months ago

majkelcc commented 2 months ago

Terraform Core Version

1.9.5

AWS Provider Version

5.66.0

Affected Resource(s)

I'm running into several issues with aws_lightsail_domain_entry, which seems unusable at this stage.

Expected Behavior

On the first run domain entries are created without errors and consecutive plans show no changes when no changes were introduced.

Actual Behavior

  1. A type entry:
    • is created correctly on the first run, but terraform tries to recreate it on consecutive runs
    • terraform, when recreating, fails to delete the aws_lightsail_domain_entry relevant A record when is_alias = true
  2. CNAME type entry fails to create in terraform on each run, but the record gets correctly created in AWS, causing record already exists error in next runs.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource aws_lightsail_domain terraform {
  domain_name = "terraform.com"
}

resource aws_lightsail_domain_entry terraform {
  type        = "A"
  name        = "terraform.com"
  is_alias    = true
  target      = "aws-lb-example.elb.us-east-1.amazonaws.com"
  domain_name = aws_lightsail_domain.terraform.domain_name
}

resource aws_lightsail_domain_entry terraform-wildcard {
  type        = "CNAME"
  name        = "*.terraform.com"
  target      = "terraform.com"
  domain_name = aws_lightsail_domain.terraform.domain_name
}

Steps to Reproduce

Run terraform apply two times, one after another.

Debug Output

First run

Terraform v1.9.5
on linux_amd64
Initializing plugins and modules...
aws_lightsail_domain.terraform: Creating...
aws_lightsail_domain.terraform: Creation complete after 1s [id=terraform.com]
aws_lightsail_domain_entry.terraform-wildcard: Creating...
aws_lightsail_domain_entry.terraform: Creating...
aws_lightsail_domain_entry.terraform: Creation complete after 6s [id=terraform.com,terraform.com,A,aws-lb-example.elb.us-east-1.amazonaws.com]
╷
│ Error: reading AWS Lightsail DomainEntry (*.terraform.com,terraform.com,CNAME,terraform.com): empty result
│ 
│   with aws_lightsail_domain_entry.terraform-wildcard,
│   on terraform.com.tf line 13, in resource "aws_lightsail_domain_entry" "terraform-wildcard":
│   13: resource aws_lightsail_domain_entry terraform-wildcard {
│ 
Operation failed: failed running terraform apply (exit 1)

Second run

Terraform v1.9.5
on linux_amd64
Initializing plugins and modules...
aws_lightsail_domain_entry.terraform: Destroying... [id=terraform.com,terraform.com,A,aws-lb-example.elb.us-east-1.amazonaws.com]
aws_lightsail_domain_entry.terraform-wildcard: Creating...
╷
│ Error: deleting AWS Lightsail DomainEntry (terraform.com,terraform.com,A,aws-lb-example.elb.us-east-1.amazonaws.com): operation error Lightsail: DeleteDomainEntry, https response error StatusCode: 400, RequestID: f0218231-157f-4abc-9f2a-817b813514ee, InvalidInputException: Input error: The format of the target is not a valid IPv4 address: aws-lb-example.elb.us-east-1.amazonaws.com.
│ 
│ 
╵
╷
│ Error: CreateDomain AWS Lightsail DomainEntry (*.terraform.com): operation error Lightsail: CreateDomainEntry, https response error StatusCode: 400, RequestID: 94613eec-3567-4420-a328-d87b82e5ad88, OperationFailureException: Input error: A domain record already exists for this name/type/target combination.
│ 
│   with aws_lightsail_domain_entry.terraform-wildcard,
│   on terraform.com.tf line 13, in resource "aws_lightsail_domain_entry" "terraform-wildcard":
│   13: resource aws_lightsail_domain_entry terraform-wildcard {
│

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

github-actions[bot] commented 2 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

irodriguez-nebustream commented 4 weeks ago

Running into the same issue on our end. It will in fact create the A record, but terraform doesn't seem to recognize that and gives the error saying :

│ Error: reading AWS Lightsail DomainEntry (@,domain.org,A,url.us-east-1.cs.amazonlightsail.com): empty result
│ 
│   with aws_lightsail_domain_entry.oe_domain_entry,
│   on main.tf line 45, in resource "aws_lightsail_domain_entry" "oe_domain_entry":
│   45: resource "aws_lightsail_domain_entry" "oe_domain_entry" {
│ 
╵
Error: Terraform exited with code 1.
Error: Process completed with exit code 1.

Terraform version: ">= 1.2.0" AWS provider version: ">= 4.59.0"

More context. Trying to import the resource manually also fails:

 aws lightsail get-domain --domain-name mydomain.org --region us-east-1
{
    "domain": {
        "name": "mydomain.org",
        "arn": "arn:aws:lightsail:global:xxxxxxx:Domain/c6063fa0-3eb8-4e70-94cb-3121199e96a6",
        "supportCode": "XXXXXXX//hostedzone/XXXXXXXXA",
        "createdAt": "2024-10-18T22:36:43.252000-05:00",
        "location": {
            "availabilityZone": "all",
            "regionName": "global"
        },
        "resourceType": "Domain",
        "tags": [],
        "domainEntries": [
                    {
                "id": "1240386878",
                "name": "\\100.mydomain.org",
                "target": "xxxxxx.us-east-1.cs.amazonlightsail.com",
                "isAlias": true,
                "type": "A"
            },
        ],
}

after running terraform import command:

terraform import aws_lightsail_domain_entry.oe_domain_entry 1240386878

│ Error: Cannot import non-existent remote object │ │ While attempting to import an existing object to "aws_lightsail_domain_entry.oe_domain_entry", the provider detected that no object │ exists with the given id. Only pre-existing objects can be imported; check that the id is correct and that it is associated with the │ provider's configured region or endpoint, or use "terraform apply" to create a new remote object for this resource. ╵