尝试创建 aws_route53_record 以指向负载均衡器，但使用 terraform 不断出现错误

Posted 2023-02-19

【中文标题】尝试创建 aws_route53_record 以指向负载均衡器，但使用 terraform 不断出现错误

【英文标题】：trying to create an aws_route53_record to point to a load balancer but keep getting an error using terraform

【发布时间】：2021-01-29 22:52:26

【问题描述】：

由于域已经存在，我将区域导入到我的配置中：

resource "aws_route53_zone" "example_hosted_zone" 
  name = "example.club"

53 号公路记录：

resource "aws_route53_record" "us-battasks" 
  zone_id = aws_route53_zone.example_hosted_zone.zone_id
  name    = "us-battasks"
  type    = "CNAME"
  ttl     = "60"
  records = [aws_lb.restricted_access_lb.id]


resource "aws_route53_record" "us-battasksapi" 
  zone_id = aws_route53_zone.example_hosted_zone.zone_id
  name    = "us-battasksapi"
  type    = "CNAME"
  ttl     = "60"
  records = [aws_lb.restricted_access_lb.id]

Terraform 计划显示它将创建资源，但是当我申请时，我收到以下错误：

Error: [ERR]: Error building changeset: InvalidChangeBatch: [Invalid Resource Record: FATAL problem: DomainLabelTooLong (Domain label is too long) encountered with 'arn:aws:elasticloadbalancing:us-east-1:221124075124:loadbalancer', Unparseable CNAME encountered]
    status code: 400, request id: e43e5ced-957f-4bcd-83d2-1e7eaea7665b



Error: [ERR]: Error building changeset: InvalidChangeBatch: [Invalid Resource Record: FATAL problem: DomainLabelTooLong (Domain label is too long) encountered with 'arn:aws:elasticloadbalancing:us-east-1:221124075124:loadbalancer', Unparseable CNAME encountered]
    status code: 400, request id: 33d3340e-f2f2-4c95-bc96-a9de1349afc4

如果有帮助，这里是负载均衡器的 Terraform 代码：​​

resource "aws_lb" "restricted_access_lb" 
  name               = "restricted-access-lb"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.swarm_node_sg.id, aws_security_group.monolaunch_instance_sg.id, aws_security_group.restricted_access_sg.id]
  subnets            = [aws_subnet.public_subnet_b.id, aws_subnet.public_subnet_a.id]

  enable_deletion_protection = true   

【参考方案1】：

aws_lb resource 的 id 是 ARN，这就是为什么您在尝试创建 Route53 记录时看到错误中显示的负载均衡器的 ARN。

您应该改用dns_name attribute，它将映射到负载平衡器的地址。

resource "aws_route53_record" "us-battasksapi" 
  zone_id = aws_route53_zone.example_hosted_zone.zone_id
  name    = "us-battasksapi"
  type    = "CNAME"
  ttl     = "60"
  records = [aws_lb.restricted_access_lb.dns_name]

如果您想使用 alias A record 来避免第二次 DNS 查找（加上 issues around apex records in a zone），则改为使用以下内容：

resource "aws_route53_record" "us-battasksapi" 
  zone_id = aws_route53_zone.example_hosted_zone.zone_id
  name    = "us-battasksapi"
  type    = "A"

  alias 
    name                   = aws_lb.restricted_access_lb.dns_name
    zone_id                = aws_lb.restricted_access_lb.zone_id
    evaluate_target_health = true
  

【参考方案2】：

在您使用的aws_route53_record 中：

records = [aws_lb.restricted_access_lb.id]

这将尝试将 CNAME 设置为负载均衡器的 ARN。相反，您应该使用

records = [aws_lb.restricted_access_lb.dns_name]

理想情况下，它也应该是 A Alias 记录，而不是 CNAME，如 docs 所示。