Closed aaron-ballard-530 closed 3 weeks ago
On mobile so I'll have to look further tomorrow - but you won't be able to let this module create the R53 records or certificate, you'll need to supply those yourself
Correct, I don't need the module to create the record just assign the custom domain and acm to the API.
do you have a reproduction? are you setting:
...
create_domain_records = false
create_certificate = false
...
I was only setting create_domain_records = false
since that is acting as a master switch.
I'll try and get you a reproduction today as I had to revert to 4.0.
Running this on an existing resources created by the 4.0.0 module, the following will remove the custom domain and certificate.
module "codepipeline_trigger" {
source = "terraform-aws-modules/apigateway-v2/aws"
version = "5.0.0"
name = "codepipeline-trigger"
description = "Trigger the lambda"
protocol_type = "HTTP"
cors_configuration = {
allow_headers = ["content-type", "x-amz-date", "authorization", "x-api-key", "x-amz-security-token", "x-amz-user-agent", "x-hub-signature"]
allow_methods = ["*"]
allow_origins = ["*"]
}
# Custom domain
domain_name = "example.com"
subdomains = ["github"]
domain_name_certificate_arn = aws_acm_certificate.this[local.default_external_domain].arn
create_domain_name = false
disable_execute_api_endpoint = false
# Access logs
stage_access_log_settings = {
destination_arn = aws_cloudwatch_log_group.lambda_codepipeline_trigger.arn
format = "$context.identity.sourceIp - - [$context.requestTime] \"$context.httpMethod $context.routeKey $context.protocol\" $context.status $context.responseLength $context.requestId $context.integrationErrorMessage"
}
create_stage = true # to control creation of "$default" stage
# Routes and integrations
routes = {
"ANY /" = {
integration = {
uri = module.lambda_codepipeline_trigger.lambda_function_arn
payload_format_version = "2.0"
timeout_milliseconds = 12000
}
}
"$default" = {
integration = {
uri = module.lambda_codepipeline_trigger.lambda_function_arn
}
}
}
}
By setting the property create_domain_name=true
I get the error
Error: no matching Route 53 Hosted Zone found
Because the zone is owned by another AWS account.
what is name for your route53 hosted zone - is it example.com
or github.example.com
?
you shouldn't use the subdomains
variable unless you are creating alias records with the module, so I believe your scenario would simply be:
module "codepipeline_trigger" {
source = "terraform-aws-modules/apigateway-v2/aws"
version = "5.0.0"
# Custom domain
domain_name = "github.example.com"
domain_name_certificate_arn = aws_acm_certificate.this[local.default_external_domain].arn
create_domain_records = false
...
Ah I missed the existence of that variable as well as the certificate and log group. I was able to get it working correctly by setting
create_certificate = false
create_domain_records = false
stage_access_log_settings = {
create_log_group = false
Description
When using a custom domain if the hosted zone is managed by another account the data resource looking for that zone will return
Error: no matching Route 53 Hosted Zone found
Versions
Module version [Required]: 5.0
Terraform version: Terraform v1.8.2
Provider version(s):
provider registry.terraform.io/hashicorp/aws v5.52.0
provider registry.terraform.io/hashicorp/external v2.3.3
provider registry.terraform.io/hashicorp/local v2.5.1
provider registry.terraform.io/hashicorp/null v3.2.2
provider registry.terraform.io/hashicorp/template v2.2.0
Steps to reproduce the behavior:
Reference a Route 53 zone that is not owned by the AWS account you are trying to apply the module to
Expected behavior
Be able to assign a custom domain and certificate to the API without the account needing to host the Route 53 zone
Actual behavior
Thoses an error on line 134 on main.tf
Terminal Output Screenshot(s)
on .terraform/modules/github_codepipeline_trigger/main.tf line 134, in data "aws_route53_zone" "this": │ 134: data "aws_route53_zone" "this" {
Additional context