Unable to import `aws_route53_record` with dash

[oba11]

Terraform Version

Terraform v0.11.13

• provider.aws v2.3.0

Affected Resource(s)

• aws_route53_record

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
resource "aws_route53_record" "this" {
  zone_id = "${aws_route53_zone.tld.id}"
  name    = "test-in.foo.example-dev.net"
  type    = "A"

  alias {
    name                   = "abcdefghijs.cloudfront.net"
    zone_id                = "SANITIZEDZONEID"
    evaluate_target_health = false
  }
}

Expected Behavior

The Route53 record is imported into Terraform successfully.

Actual Behavior

This error is printed:

aws_route53_record.this: Importing from ID "SANITIZEDZONEID_test-in.foo.example-dev.net_A"...
aws_route53_record.this: Import complete!
  Imported aws_route53_record (ID: SANITIZEDZONEID_test-in.foo.example-dev.net_A)
aws_route53_record.this: Refreshing state... (ID: SANITIZEDZONEID_test-in.foo.example-dev.net_A)

Error: aws_route53_record.this (import id: SANITIZEDZONEID_test-in.foo.example-dev.net_A): 1 error(s) occurred:

* import aws_route53_record.this result: SANITIZEDZONEID_test-in.foo.example-dev.net_A: import aws_route53_record.this (id: SANITIZEDZONEID_test-in.foo.example-dev.net_A): Terraform detected a resource with this ID doesn't
exist. Please verify the ID is correct. You cannot import non-existent
resources using Terraform import.

Steps to Reproduce

1. Create a Route53 record in AWS similar to the example dns name in the name.
2. Create a Terraform config for that record.
3. Attempt to import the record with terraform import.

[nywilken]

Hi @oba11 sorry that you're running into trouble here. Have you confirmed the resource id that you are trying to import matches the proper zone_id and record?

I've confirmed that importing records containing dashes work as expected. However, I was able to reproduce your exact issue by providing a non-existent record name. See my test output below

Import Success

> terraform import aws_route53_record.test REDACTED_test-in.test.acc_A                                                                                                                                                                                                                 aws_route53_record.test: Importing from ID "REDACTED_test-in.test.acc_A"...
aws_route53_record.test: Import complete!
  Imported aws_route53_record (ID: REDACTED_test-in.test.acc_A)
Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Import Error

> terraform import aws_route53_record.test REDACTED_testin.test.acc_A                                                                                                                                                                                                       
aws_route53_record.test: Importing from ID "REDACTED_testin.test.acc_A"...
aws_route53_record.test: Import complete!
  Imported aws_route53_record (ID: REDACTED_testin.test.acc_A)
aws_route53_record.test: Refreshing state... (ID: REDACTED_testin.test.acc_A)

Error: aws_route53_record.test (import id: REDACTED_testin.test.acc_A): 1 error(s) occurred:

* import aws_route53_record.test result: REDACTED_testin.test.acc_A: import aws_route53_record.test (id: REDACTED_testin.test.acc_A): Terraform detected a resource with this ID doesn't
exist. Please verify the ID is correct. You cannot import non-existent
resources using Terraform import.

[oba11]

@nywilken I actually tried it again with a normal record (i.e dev.example.com) which worked but not the example I shared earlier.

Tried to apply the record but got

[ERR]: Error building changeset: InvalidChangeBatch: [RRSet with DNS name test-in.foo.example-dev.net., type A cannot be created as other RRSets exist with the same name and type.]

One thing noticed is that the error message has . in the record name while the plan doesnt have the dot suffix.

Is it possible to try a record like test-in.foo.example-dev.net i.e - in the root domain and the subdomain is test-in.foo

[robinbowes]

We're seeing a similar problem.

terraform import module.alb.aws_route53_record.this ZONEID_service-default-development-eu01-eu-central-1.internal.example.com_A
Acquiring state lock. This may take a few moments...
module.alb.aws_route53_record.this: Importing from ID "ZONEID_service-default-development-eu01-eu-central-1.internal.example.com_A"...
module.alb.aws_route53_record.this: Import complete!
  Imported aws_route53_record (ID: ZONEID_service-default-development-eu01-eu-central-1.internal.example.com_A)
module.alb.aws_route53_record.this: Refreshing state... (ID: ZONEID_service-default-devel...-central-1.internal.example.com_A)

Error: module.alb.aws_route53_record.this (import id: ZONEID_service-default-development-eu01-eu-central-1.internal.example.com_A): 1 error(s) occurred:

* import module.alb.aws_route53_record.this result: ZONEID_service-default-development-eu01-eu-central-1.internal.example.com_A: import module.alb.aws_route53_record.this (id: ZONEID_service-default-development-eu01-eu-central-1.internal.example.com_A): Terraform detected a resource with this ID doesn't
exist. Please verify the ID is correct. You cannot import non-existent
resources using Terraform import.

Releasing state lock. This may take a few moments...

[cogsworth37]

I stumbled across this as I was looking at the same problem. I turned on Debug logging and found this:

2019-05-21T10:27:45.189-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: -----------------------------------------------------
2019-05-21T10:27:45.189-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: 2019/05/21 10:27:45 [DEBUG] [aws-sdk-go] <?xml version="1.0"?>
2019-05-21T10:27:45.189-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: <ListResourceRecordSetsResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ResourceRecordSets><ResourceRecordSet><Name>api-stage.example.com.</Name><Type>A</Type><SetIdentifier>United States</SetIdentifier><GeoLocation><CountryCode>US</CountryCode></GeoLocation><AliasTarget><HostedZoneId>(Redacted)</HostedZoneId><DNSName>(REDACTED)</DNSName><EvaluateTargetHealth>false</EvaluateTargetHealth></AliasTarget></ResourceRecordSet></ResourceRecordSets><IsTruncated>true</IsTruncated><NextRecordName>api-test.example.com.</NextRecordName><NextRecordType>CNAME</NextRecordType><NextRecordIdentifier>United States</NextRecordIdentifier><MaxItems>1</MaxItems></ListResourceRecordSetsResponse>
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: 2019/05/21 10:27:45 [DEBUG] [aws-sdk-go] DEBUG: Request route53/ListResourceRecordSets Details:
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: ---[ REQUEST POST-SIGN ]-----------------------------
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: GET /2013-04-01/hostedzone/(REDACTED)/rrset?identifier=United%20States&maxitems=1&name=api-test.example.com.&type=CNAME HTTP/1.1
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: Host: route53.amazonaws.com
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: User-Agent: aws-sdk-go/1.19.30 (go1.12.2; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.0-rc1
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: Authorization: AWS4-HMAC-SHA256 Credential=(REDCATED), SignedHeaders=host;x-amz-date, Signature=(REDACTED)
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: X-Amz-Date: 20190521T152745Z
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: Accept-Encoding: gzip
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: 
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: 
2019-05-21T10:27:45.190-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: -----------------------------------------------------
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: 2019/05/21 10:27:45 [DEBUG] [aws-sdk-go] DEBUG: Response route53/ListResourceRecordSets Details:
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: ---[ RESPONSE ]--------------------------------------
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: HTTP/1.1 200 OK
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: Connection: close
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: Content-Length: 686
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: Content-Type: text/xml
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: Date: Tue, 21 May 2019 15:27:44 GMT
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: X-Amzn-Requestid: fb7f5b44-7bdc-11e9-ac20-2742dafa6b04
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: 
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: 
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: -----------------------------------------------------
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: 2019/05/21 10:27:45 [DEBUG] [aws-sdk-go] <?xml version="1.0"?>
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: <ListResourceRecordSetsResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ResourceRecordSets><ResourceRecordSet><Name>api-test.example.com.</Name><Type>CNAME</Type><SetIdentifier>United States</SetIdentifier><GeoLocation><CountryCode>US</CountryCode></GeoLocation><TTL>60</TTL><ResourceRecords><ResourceRecord><Value>(REDACTED)</Value></ResourceRecord></ResourceRecords></ResourceRecordSet></ResourceRecordSets><IsTruncated>true</IsTruncated><NextRecordName>api-uat.example.com.</NextRecordName><NextRecordType>A</NextRecordType><MaxItems>1</MaxItems></ListResourceRecordSetsResponse>
2019-05-21T10:27:45.426-0500 [DEBUG] plugin.terraform-provider-aws_v2.11.0_x4: 2019/05/21 10:27:45 [DEBUG] No matching records found for: (REDACTED)_api-stage.example.com_A, removing from state file

It appears that when it does a search initially, it finds the record. But it seems to do a second search and finds a completely different record. Then it alters the ListResourceRecordSetsResponse and excludes the record it needs. Hope this helps to solve the problem.

(Maintainer Edit: Switch formatting to triple backticks code block)

[bflad]

Hi @oba11 👋 When using terraform import for Route 53 Alias Records, the hosted zone ID used in the import ID should match the top level zone_id argument (aws_route53_zone.tld.id in your example), not the alias hosted zone ID which will be different. You should be able to use terraform state show aws_route53_zone.tld to get the correct ID.

Can you please verify that using the other hosted zone ID works as expected? Thanks.

[oba11]

Hello @bflad, wasnt using the alias zone_id but the route53 zone_id. I've tested it multiple times with other records which works apart from dns names with dashes. @robinbowes encoutered thesame issue as well.

[bflad]

My apologies, I was going off the configuration in your original report:

  alias {
    name                   = "abcdefghijs.cloudfront.net"
    zone_id                = "SANITIZEDZONEID"
    evaluate_target_health = false
  }

And your console output in your original report:

aws_route53_record.this: Importing from ID "SANITIZEDZONEID_test-in.foo.example-dev.net_A"...

Which seemed to imply using the alias zone ID there and hiding the value seemed a little odd given that CloudFront has a static hosted zone ID of Z2FDTNDATAQYW2.

I think to troubleshoot this further to create a reproducing configuration, we will be wanting to see all the relevant aws_route53_zone resource configuration(s) relating to this record and output from the AWS CLI aws route53 list-resource-record-sets. e.g.

$ aws route53 list-resource-record-sets --hosted-zone-id SANITIZEDZONEID
# or more specifically from the AWS CLI documentation
$ aws route53 list-resource-record-sets --hosted-zone-id SANITIZEDZONEID --query "ResourceRecordSets[?Name == 'test-in.foo.example-dev.net.']"

[bflad]

An additional troubleshooting step you can perform to narrow down that the Terraform resource is correctly handling the import ID would be to enable Terraform debug logging, e.g.:

$ TF_LOG=debug terraform import aws_route53_record.this SANITIZEDZONEID_test-in.foo.example-dev.net_A

This will show relevant Terraform resource and AWS Go SDK logs like the below:

...
2019/06/19 02:57:41 [DEBUG] Expanded record name: test-in.foo.example-dev.net
2019/06/19 02:57:41 [DEBUG] List resource records sets for zone: Z1WQ8D9W5XDI5W, opts: {
  HostedZoneId: "Z1WQ8D9W5XDI5W",
  MaxItems: "1",
  StartRecordName: "test-in.foo.example-dev.net.",
  StartRecordType: "A"
}
...
<ListResourceRecordSetsResponse xmlns="https://route53.amazonaws.com/doc/2013-04-01/"><ResourceRecordSets><ResourceRecordSet><Name>test-in.foo.example-dev.net.</Name><Type>A</Type><AliasTarget><HostedZoneId>Z2FDTNDATAQYW2</HostedZoneId><DNSName>abcdefghijs.cloudfront.net.</DNSName><EvaluateTargetHealth>false</EvaluateTargetHealth></AliasTarget></ResourceRecordSet></ResourceRecordSets><IsTruncated>false</IsTruncated><MaxItems>1</MaxItems></ListResourceRecordSetsResponse>

[bflad]

It's been a long time since we heard from you here so we're going to close this out. If you're still having this problem, please provide the additional information requested above so that we can attempt to reproduce the problem and we'll reopen this issue. Thanks.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!