Search code examples
amazon-web-servicesamazon-route53

AWS Changing a Cname record to an A record with the cli

My organization has a couple of different hosted zones in route53 with multiple CNAME records resolving to the DNS names of our load balancers. I'm looking to change those records to point to the IP addresses of our fancy new global accelerators. I created a json file and went to upload it with the cli and received the following error:

An error occurred (InvalidChangeBatch) when calling the ChangeResourceRecordSets operation: [RRSet of type A with DNS name Foo.Bar.com. is not permitted because a conflicting RRSet of type CNAME with the same DNS name already exists in zone Bar.com., ...]

The Troubleshooting guide I found states "The UPSERT is successful only if you originally had a CNAME record and UPSERT to another CNAME record." My next thought is to create a file to DELETE the CNAME record and CREATE an A record in the same change (or run them back to back, even), but I'm worried this might create an interrupt in service. I'm still new to administering AWS, so any pointers are welcome.

Is there a better way to change a CNAME record to an A record?

Solution

  • In my opinion, here is the safest way to do this:

    1. Set the TTL of all the CNAME records that point to the DNS name of the ELB to a reasonable value that the migration is expected to be completed in, for example, 3600 (an hour). The idea here is that you don't want this value to be too low. If you can't complete the migration (i.e. delete and re-create an A record) in this amount of time, users might get Unable to resolve DNS error.

    2. Wait for the new TTL to take affect.

    3. Prepare your CLI commands in advance.

      1. Delete commands that delete all the old CNAME records
      2. Create commands that create all the new A records with TTL of 300 (5 minutes).

    4. Execute the delete commands first, wait till they finishes, then execute the create commands.

    5. Test your change and make sure the new record is working. If it's not working as intended, debug and change the DNS immediately util the system works.

    6. Increase the TTL of the A record to something bigger, like 3600.

    7. Wait for another day or two just to be safe in case some resolvers don't respect the TTL. In the meantime, keep the old ELB to which the original CNAME records were pointing. Monitor the traffic of the ELB that comes from the user directly.

    8. When the metrics tell you that almost all the traffic are coming from the GA, you can safely terminate the ELB if it's needed to.