Terraform setting Route53 NS record never completes

Question

resource "aws_route53_record" "fix-ns" {
  zone_id = aws_route53_zone.main.zone_id
  name    = var.domain_name
  type    = "NS"
  ttl     = "30"
  records = ["ns-1999.awsdns-57.co.uk", "ns-1031.awsdns-00.org", "ns-688.awsdns-22.net", "ns-325.awsdns-40.com"]
}

I want my Route53 NS record to match a known set of DNS NS records, so I've added the above resource. My automation IAM user has AmazonRoute53FullAccess. We get as far as aws_route53_record.fix-ns: Creating... ok, it throws no errors, but it never completes.

Suggestions as to why?

Edit: It's just occurred to me that I never see a Still creating... message for this resource, it just block further resource creations down the line.

Answer 1

I needed to add allow_overwrite = true to the resource.

resource "aws_route53_record" "fix-ns" {
  allow_overwrite = true
  zone_id = aws_route53_zone.main.zone_id
  name    = var.domain_name
  type    = "NS"
  ttl     = "30"
  records = ["ns-1999.awsdns-57.co.uk", "ns-1031.awsdns-00.org", "ns-688.awsdns-22.net", "ns-325.awsdns-40.com"]
}

Weirdly I worked this out by doing a targeted deploy terraform apply -target=aws_route53_record.fix-ns. The resource was failing but the error did not surface in the full apply run, the targeted run allowed the error to surface. Which feels like a bug report :o

Answer 2

A bit of a stab in the dark, but...

I suspect it's actually failing for you, but the default retry count max_retries = 25 kicks in and you don't see the error message. The retry mechanism there has exponential back-off (which is good for other reasons), so the 25 retries take several minutes to conclude.

Try setting max_retries to 1 or 2 and observe the outcome (which I guess will be an error).