As the domain already existed I imported the zone into my configuration:
resource "aws_route53_zone" "example_hosted_zone" {
name = ""
Route 53 record:
resource "aws_route53_record" "us-battasks" {
zone_id = aws_route53_zone.example_hosted_zone.zone_id
name = "us-battasks"
type = "CNAME"
ttl = "60"
records = []
resource "aws_route53_record" "us-battasksapi" {
zone_id = aws_route53_zone.example_hosted_zone.zone_id
name = "us-battasksapi"
type = "CNAME"
ttl = "60"
records = []
The Terraform plan shows it will create the resource but when I apply I get this following error:
Error: [ERR]: Error building changeset: InvalidChangeBatch: [Invalid Resource Record: FATAL problem: DomainLabelTooLong (Domain label is too long) encountered with 'arn:aws:elasticloadbalancing:us-east-1:221124075124:loadbalancer', Unparseable CNAME encountered]
status code: 400, request id: e43e5ced-957f-4bcd-83d2-1e7eaea7665b
Error: [ERR]: Error building changeset: InvalidChangeBatch: [Invalid Resource Record: FATAL problem: DomainLabelTooLong (Domain label is too long) encountered with 'arn:aws:elasticloadbalancing:us-east-1:221124075124:loadbalancer', Unparseable CNAME encountered]
status code: 400, request id: 33d3340e-f2f2-4c95-bc96-a9de1349afc4
Here is the Terraform code for the load balancer if it helps:
resource "aws_lb" "restricted_access_lb" {
name = "restricted-access-lb"
internal = false
load_balancer_type = "application"
security_groups = [,,]
subnets = [,]
enable_deletion_protection = true
The id
of the aws_lb
resource is the ARN which is why you see the ARN for the load balancer shown in the error when it's trying to create a Route53 record.
Instead you should be using the dns_name
attribute instead which will map to the address of the load balancer.
resource "aws_route53_record" "us-battasksapi" {
zone_id = aws_route53_zone.example_hosted_zone.zone_id
name = "us-battasksapi"
type = "CNAME"
ttl = "60"
records = [aws_lb.restricted_access_lb.dns_name]
If, instead, you wanted to use an alias A record to avoid the second DNS lookup (plus issues around apex records in a zone) you would instead use the following:
resource "aws_route53_record" "us-battasksapi" {
zone_id = aws_route53_zone.example_hosted_zone.zone_id
name = "us-battasksapi"
type = "A"
alias {
name = aws_lb.restricted_access_lb.dns_name
zone_id = aws_lb.restricted_access_lb.zone_id
evaluate_target_health = true