Tried to create resource record set...but it already exists

Question

Tried to create resource record set...but it already exists

mabushey opened this issue 6 years ago · 4 comments

aws_route53_record.validation.1: [ERR]: Error building changeset: InvalidChangeBatch: [Tried to create resource record set [name='_c5b842e75809145c11acf8a651595aea.example.com.', type='CNAME'] but it already exists]
status code: 400, request id: fc24fa85-81e0-11e9-becc-010152381b5e

module "my_acm_certificate" {
  source = "modules/aws_acm_certificate" 
  domain_names = ["example.com", "*.example.com"]
  zone_id = "${aws_route53_zone.example.zone_id}"
  providers = {
    "aws.acm" = "aws"
    "aws.route53" = "aws"
  }
}

What I think is the issue is under ACM both example.com and *.example.com have the exact same record of
_c5b842e75809145c11acf8a651595aea.example.com. CNAME _d30e37cdff7e37b3a49d6ac69b67b567.ltfvzjuylp.acm-validations.aws....
Seems like they should be different.

Answer 1 · 2019-05-29T07:33:22.000Z

I was able to get Terraform to apply cleanly with this change:

 resource "aws_route53_record" "validation" {
   provider = "aws.route53"
-  count = "${length(var.domain_names)}"
+#  count = "${length(var.domain_names)}"
+  count = 1
   name = "${lookup(aws_acm_certificate.main.domain_validation_options[count.index], "resource_record_name")}"
   type = "${lookup(aws_acm_certificate.main.domain_validation_options[count.index], "resource_record_type")}"
   # default required for zone_ids lookup because https://github.com/hashicorp/terraform/issues/11574

Answer 2 · 2020-02-06T00:19:32.000Z

Just ran into this myself. AWS has the validation CNAME behavior documented here: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html:

Note that the first two _x values in the table are the same. That is, the random string created by ACM for the wild card name *.example.com is the same as that created for the base domain name example.com. Note also that ACM creates different CNAME records for example.com and www.example.com.

Answer 3 · 2020-08-05T15:10:59.000Z

Happening to us too. Terraform v 0.11 aws provider v 2.70, it destroys the DNS record, try to create, but it says that already exist and we end up having our app DOWN because there is no record replacement.

Answer 4 · 2021-01-26T12:56:53.000Z

We are getting this issue as well. Any workarounds? We are in Terraform v0.13.5 and AWS Provider 3.15.0.