
438 lines
11 KiB

package aws
import (
func resourceAwsRoute53Record() *schema.Resource {
return &schema.Resource{
Create: resourceAwsRoute53RecordCreate,
Read: resourceAwsRoute53RecordRead,
Update: resourceAwsRoute53RecordUpdate,
Delete: resourceAwsRoute53RecordDelete,
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
"fqdn": &schema.Schema{
Type: schema.TypeString,
Computed: true,
"type": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
"zone_id": &schema.Schema{
Type: schema.TypeString,
Required: true,
ForceNew: true,
"ttl": &schema.Schema{
Type: schema.TypeInt,
Optional: true,
ConflictsWith: []string{"alias"},
"weight": &schema.Schema{
Type: schema.TypeInt,
Optional: true,
"set_identifier": &schema.Schema{
Type: schema.TypeString,
Optional: true,
ForceNew: true,
"alias": &schema.Schema{
Type: schema.TypeSet,
Optional: true,
ConflictsWith: []string{"records", "ttl"},
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"zone_id": &schema.Schema{
Type: schema.TypeString,
Required: true,
"name": &schema.Schema{
Type: schema.TypeString,
Required: true,
"evaluate_target_health": &schema.Schema{
Type: schema.TypeBool,
Required: true,
Set: resourceAwsRoute53AliasRecordHash,
"records": &schema.Schema{
Type: schema.TypeSet,
ConflictsWith: []string{"alias"},
Elem: &schema.Schema{Type: schema.TypeString},
Optional: true,
Set: schema.HashString,
func resourceAwsRoute53RecordUpdate(d *schema.ResourceData, meta interface{}) error {
// Route 53 supports CREATE, DELETE, and UPSERT actions. We use UPSERT, and
// AWS dynamically determines if a record should be created or updated.
// Amazon Route 53 can update an existing resource record set only when all
// of the following values match: Name, Type
// (and SetIdentifier, which we don't use yet).
// See http://docs.aws.amazon.com/Route53/latest/APIReference/API_ChangeResourceRecordSets_Requests.html#change-rrsets-request-action
// Because we use UPSERT, for resouce update here we simply fall through to
// our resource create function.
return resourceAwsRoute53RecordCreate(d, meta)
func resourceAwsRoute53RecordCreate(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).r53conn
zone := cleanZoneID(d.Get("zone_id").(string))
var err error
zoneRecord, err := conn.GetHostedZone(&route53.GetHostedZoneInput{ID: aws.String(zone)})
if err != nil {
return err
// Get the record
rec, err := resourceAwsRoute53RecordBuildSet(d, *zoneRecord.HostedZone.Name)
if err != nil {
return err
// Create the new records. We abuse StateChangeConf for this to
// retry for us since Route53 sometimes returns errors about another
// operation happening at the same time.
changeBatch := &route53.ChangeBatch{
Comment: aws.String("Managed by Terraform"),
Changes: []*route53.Change{
Action: aws.String("UPSERT"),
ResourceRecordSet: rec,
req := &route53.ChangeResourceRecordSetsInput{
HostedZoneID: aws.String(cleanZoneID(*zoneRecord.HostedZone.ID)),
ChangeBatch: changeBatch,
log.Printf("[DEBUG] Creating resource records for zone: %s, name: %s",
zone, *rec.Name)
wait := resource.StateChangeConf{
Pending: []string{"rejected"},
Target: "accepted",
Timeout: 5 * time.Minute,
MinTimeout: 1 * time.Second,
Refresh: func() (interface{}, string, error) {
resp, err := conn.ChangeResourceRecordSets(req)
if err != nil {
if r53err, ok := err.(awserr.Error); ok {
if r53err.Code() == "PriorRequestNotComplete" {
// There is some pending operation, so just retry
// in a bit.
return nil, "rejected", nil
return nil, "failure", err
return resp, "accepted", nil
respRaw, err := wait.WaitForState()
if err != nil {
return err
changeInfo := respRaw.(*route53.ChangeResourceRecordSetsOutput).ChangeInfo
// Generate an ID
vars := []string{
if v, ok := d.GetOk("set_identifier"); ok {
vars = append(vars, v.(string))
d.SetId(strings.Join(vars, "_"))
// Wait until we are done
wait = resource.StateChangeConf{
Delay: 30 * time.Second,
Pending: []string{"PENDING"},
Target: "INSYNC",
Timeout: 30 * time.Minute,
MinTimeout: 5 * time.Second,
Refresh: func() (result interface{}, state string, err error) {
changeRequest := &route53.GetChangeInput{
ID: aws.String(cleanChangeID(*changeInfo.ID)),
return resourceAwsGoRoute53Wait(conn, changeRequest)
_, err = wait.WaitForState()
if err != nil {
return err
return nil
func resourceAwsRoute53RecordRead(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).r53conn
zone := cleanZoneID(d.Get("zone_id").(string))
// get expanded name
zoneRecord, err := conn.GetHostedZone(&route53.GetHostedZoneInput{ID: aws.String(zone)})
if err != nil {
return err
en := expandRecordName(d.Get("name").(string), *zoneRecord.HostedZone.Name)
log.Printf("[DEBUG] Expanded record name: %s", en)
d.Set("fqdn", en)
lopts := &route53.ListResourceRecordSetsInput{
HostedZoneID: aws.String(cleanZoneID(zone)),
StartRecordName: aws.String(en),
StartRecordType: aws.String(d.Get("type").(string)),
if v, ok := d.GetOk("set_identifier"); ok {
lopts.StartRecordIdentifier = aws.String(v.(string))
resp, err := conn.ListResourceRecordSets(lopts)
if err != nil {
return err
// Scan for a matching record
found := false
for _, record := range resp.ResourceRecordSets {
name := cleanRecordName(*record.Name)
if FQDN(name) != FQDN(*lopts.StartRecordName) {
if strings.ToUpper(*record.Type) != strings.ToUpper(*lopts.StartRecordType) {
if lopts.StartRecordIdentifier != nil && *record.SetIdentifier != *lopts.StartRecordIdentifier {
found = true
err := d.Set("records", flattenResourceRecords(record.ResourceRecords))
if err != nil {
return fmt.Errorf("[DEBUG] Error setting records for: %s, error: %#v", en, err)
d.Set("ttl", record.TTL)
d.Set("weight", record.Weight)
d.Set("set_identifier", record.SetIdentifier)
if !found {
return nil
func resourceAwsRoute53RecordDelete(d *schema.ResourceData, meta interface{}) error {
conn := meta.(*AWSClient).r53conn
zone := cleanZoneID(d.Get("zone_id").(string))
log.Printf("[DEBUG] Deleting resource records for zone: %s, name: %s",
zone, d.Get("name").(string))
var err error
zoneRecord, err := conn.GetHostedZone(&route53.GetHostedZoneInput{ID: aws.String(zone)})
if err != nil {
return err
// Get the records
rec, err := resourceAwsRoute53RecordBuildSet(d, *zoneRecord.HostedZone.Name)
if err != nil {
return err
// Create the new records
changeBatch := &route53.ChangeBatch{
Comment: aws.String("Deleted by Terraform"),
Changes: []*route53.Change{
Action: aws.String("DELETE"),
ResourceRecordSet: rec,
req := &route53.ChangeResourceRecordSetsInput{
HostedZoneID: aws.String(cleanZoneID(zone)),
ChangeBatch: changeBatch,
wait := resource.StateChangeConf{
Pending: []string{"rejected"},
Target: "accepted",
Timeout: 5 * time.Minute,
MinTimeout: 1 * time.Second,
Refresh: func() (interface{}, string, error) {
_, err := conn.ChangeResourceRecordSets(req)
if err != nil {
if r53err, ok := err.(awserr.Error); ok {
if r53err.Code() == "PriorRequestNotComplete" {
// There is some pending operation, so just retry
// in a bit.
return 42, "rejected", nil
if r53err.Code() == "InvalidChangeBatch" {
// This means that the record is already gone.
return 42, "accepted", nil
return 42, "failure", err
return 42, "accepted", nil
if _, err := wait.WaitForState(); err != nil {
return err
return nil
func resourceAwsRoute53RecordBuildSet(d *schema.ResourceData, zoneName string) (*route53.ResourceRecordSet, error) {
// get expanded name
en := expandRecordName(d.Get("name").(string), zoneName)
// Create the RecordSet request with the fully expanded name, e.g.
// sub.domain.com. Route 53 requires a fully qualified domain name, but does
// not require the trailing ".", which it will itself, so we don't call FQDN
// here.
rec := &route53.ResourceRecordSet{
Name: aws.String(en),
Type: aws.String(d.Get("type").(string)),
if v, ok := d.GetOk("ttl"); ok {
rec.TTL = aws.Long(int64(v.(int)))
// Resource records
if v, ok := d.GetOk("records"); ok {
recs := v.(*schema.Set).List()
rec.ResourceRecords = expandResourceRecords(recs, d.Get("type").(string))
// Alias record
if v, ok := d.GetOk("alias"); ok {
aliases := v.(*schema.Set).List()
if len(aliases) > 1 {
return nil, fmt.Errorf("You can only define a single alias target per record")
alias := aliases[0].(map[string]interface{})
rec.AliasTarget = &route53.AliasTarget{
DNSName: aws.String(alias["name"].(string)),
EvaluateTargetHealth: aws.Boolean(alias["evaluate_target_health"].(bool)),
HostedZoneID: aws.String(alias["zone_id"].(string)),
log.Printf("[DEBUG] Creating alias: %#v", alias)
if v, ok := d.GetOk("weight"); ok {
rec.Weight = aws.Long(int64(v.(int)))
if v, ok := d.GetOk("set_identifier"); ok {
rec.SetIdentifier = aws.String(v.(string))
return rec, nil
func FQDN(name string) string {
n := len(name)
if n == 0 || name[n-1] == '.' {
return name
} else {
return name + "."
// Route 53 stores the "*" wildcard indicator as ASCII 42 and returns the
// octal equivalent, "\\052". Here we look for that, and convert back to "*"
// as needed.
func cleanRecordName(name string) string {
str := name
if strings.HasPrefix(name, "\\052") {
str = strings.Replace(name, "\\052", "*", 1)
log.Printf("[DEBUG] Replacing octal \\052 for * in: %s", name)
return str
// Check if the current record name contains the zone suffix.
// If it does not, add the zone name to form a fully qualified name
// and keep AWS happy.
func expandRecordName(name, zone string) string {
rn := strings.TrimSuffix(name, ".")
zone = strings.TrimSuffix(zone, ".")
if !strings.HasSuffix(rn, zone) {
rn = strings.Join([]string{name, zone}, ".")
return rn
func resourceAwsRoute53AliasRecordHash(v interface{}) int {
var buf bytes.Buffer
m := v.(map[string]interface{})
buf.WriteString(fmt.Sprintf("%s-", m["name"].(string)))
buf.WriteString(fmt.Sprintf("%s-", m["zone_id"].(string)))
buf.WriteString(fmt.Sprintf("%t-", m["evaluate_target_health"].(bool)))
return hashcode.String(buf.String())