[Bug]: `aws_route53_{zone,record}` can't handle the escaped chars properly

[nabeken]

Terraform Core Version

1.9.8

AWS Provider Version

5.76.0

Affected Resource(s)

• aws_route53_zone.reverse_zone
• aws_route53_record

Expected Behavior

Route53 hosted zone and records with / should be recognized by Terraform properly

Actual Behavior

Terraform can't recognize a hosted zone and records when the name contains an escaped characters like / and repeatedly shows diff.

Relevant Error/Panic Output Snippet

# For hosted zone
# aws_route53_zone.reverse_zone must be replaced
-/+ resource "aws_route53_zone" "reverse_zone" {
      ~ arn                 = "arn:aws:route53:::hostedzone/<REDACTED>" -> (known after apply)
      ~ id                  = "Z09866972E4U1I70FKE2C" -> (known after apply)
      ~ name                = "0\\05724.0.168.192.in-addr.arpa" -> "0/24.0.168.192.in-addr.arpa" # forces replacement
      ~ name_servers        = [
        <REDACTED>
        ] -> (known after apply)
      ~ primary_name_server = "<REDACTED>" -> (known after apply)
      - tags                = {} -> null
      ~ tags_all            = {} -> (known after apply)
      ~ zone_id             = "<REDACTED>" -> (known after apply)
        # (3 unchanged attributes hidden)
    }

# For records
╷
│ Error: reading Route 53 Record (<REDACTED>_0_PTR): empty result
│
│   with aws_route53_record.ptr,
│   on main.tf line 70, in resource "aws_route53_record" "ptr":
│   70: resource "aws_route53_record" "ptr" {
│
╵

Terraform Configuration Files

The problem will be reproduced for aws_route53_zone and/or aws_route53_record.

resource "aws_route53_zone" "reverse_zone" {
  // Classless IN-ADDR.ARPA delegation
  // https://datatracker.ietf.org/doc/html/rfc2317
  // Example: 192.168.0.0/24
  name = "0/24.0.168.192.in-addr.arpa"
}

resource "aws_route53_record" "ptr" {
  // Classless IN-ADDR.ARPA delegation
  // https://datatracker.ietf.org/doc/html/rfc2317
  // Example: 0.0/24.0.168.192.in-addr.arpa
  zone_id = local.zone_id
  name    = "0"
  type    = "PTR"
  records = ["test.example.com"]
  ttl     = "60"
}

Steps to Reproduce

1. Create a resources with terraform apply

   As for the zone, apply worked. As for the record, apply failed with the error message above.

2. Execute terraform plan again to confirm no diff but we saw the diff

Debug Output

No response

Panic Output

No response

Important Factoids

Normally, people do not use / but it could be possible to configure "Classless IN-ADDR.ARPA delegation" (aka "reverse DNS zone")

References

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html says:

If the domain name includes any characters other than a to z, 0 to 9, - (hyphen), or _ (underscore), Route 53 API actions return the characters as escape codes. This is true whether you specify the characters as characters or as escape codes when you create the entity. The Route 53 console displays the characters as characters, not as escape codes.

Would you like to implement a fix?

Yes

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.