The allow_overwrite=true in aws_route53_record updates the existing record but not the state

dsantanu · October 25, 2024, 11:36am

I’m seeing this when I create white-labled name servers (using reusable delegation set) for a sub-domain and then create a NS-Record in the main-domain zone with those white-labled records, terraform still display/apply the default name servers.

// sub-domain hosted zone
resource "aws_route53_zone" "arz_test" {
  name          = "ibx.zzzdevops.co.uk"
  comment       = "TEST Hosted Zone"
  force_destroy = true

  delegation_set_id = "NO53847633UQIJ2PQ47CM"
}

// A-Record(s) for white-lable Name servers
resource "aws_route53_record" "test_wl_a" {
  for_each = toset([for ix in range(1, 5) : tostring(ix)])
  zone_id  = aws_route53_zone.arz_test.zone_id
  name     = "ns${each.value}"
  records  = [local.delegation_set_ips["zzzdevops-secondary"][(each.value - 1)]]
  type     = "A"
  ttl      = "300"
}

// Update NS with white-label name servers
resource "aws_route53_record" "test_wl_ns" {
  allow_overwrite = true
  name            = aws_route53_zone.arz_test.name
  ttl             = 7200
  type            = "NS"
  zone_id         = aws_route53_zone.arz_test.zone_id

  records = [
    for idx in range(1, 5) :
    aws_route53_record.test_wl_a["${idx}"].fqdn
  ]
}

Here, if I chk the NS record for ibx.zzzdevops.co.uk hosted-zone, I see it has been updated with the white-labled ones (that was created by applying aws_route53_record.test_wl_a) but if I check in the terraform console, I get the default name-servers automatically created by AWS:

> aws_route53_zone.arz_test.name_servers
tolist([
  "ns-1475.awsdns-56.org",
  "ns-1843.awsdns-38.co.uk",
  "ns-461.awsdns-57.com",
  "ns-968.awsdns-57.net",
])

And the very same thing happens, when I try to apply below resouce:

#### Add sub-domain NS-record in the parent-zone ####
resource "aws_route53_record" "test_sub_ns" {
  name       = aws_route53_zone.arz_test.name
  ttl        = "50"
  type       = "NS"
  zone_id    = "ZO24E812PQO08DUTIXL0"
  records    = aws_route53_zone.arz_test.name_servers
  depends_on = [aws_route53_record.test_wl_ns]
}

which returns:

  # aws_route53_record.test_sub_ns will be created
  + resource "aws_route53_record" "test_sub_ns" {
      + allow_overwrite = (known after apply)
      + fqdn            = (known after apply)
      + id              = (known after apply)
      + name            = "ibx.zzzdevops.co.uk"
      + records         = [
          + "ns-1475.awsdns-56.org",
          + "ns-1843.awsdns-38.co.uk",
          + "ns-461.awsdns-57.com",
          + "ns-968.awsdns-57.net",
        ]
      + ttl             = 50
      + type            = "NS"
      + zone_id         = "ZO24E812PQO08DUTIXL0"
    }

Does anyone know if I’m missing something here or it’s a bug in the provider?
I have reported it here.

Any heads up will be very much appreciated.