Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

route53: DomainLabelEmpty error when adding certificate cname record to hosted zone #29149

Closed
andreprawira opened this issue Feb 17, 2024 · 2 comments
Closed

route53: DomainLabelEmpty error when adding certificate cname record to hosted zone #29149

andreprawira opened this issue Feb 17, 2024 · 2 comments
Labels
@aws-cdk/aws-route53 Related to Amazon Route 53 bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@andreprawira
Copy link

Describe the bug

I'm trying to add certificate cname name and value into r53 hosted zone to validate the certificate. I know we can solve this problem by creating the certificate and hosted zone at the same time, but in our project we cant do that. Below is our code:

hosted_zone = route53.PublicHostedZone(
    self,
    "hosted_zone",
    zone_name=f"{props.endpoint_prefix}.{props.hosted_zone}",
)

# Using custom resource to get Certificate CNAME name
get_cname_name = cr.AwsCustomResource(
    self, "GetCNAMEName",
    on_update=cr.AwsSdkCall(
        service="SSM",
        action="getParameter",
        parameters={
            "Name": "certificate_cname_name"
        },
        region="us-east-1",
        physical_resource_id=cr.PhysicalResourceId.of(
            "cname-name-ssm-cross-region")),
    policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
        resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
    )
)

cname_name = get_cname_name.get_response_field("Parameter.Value")

# Using custom resource to get Certificate CNAME value 
get_cname_value = cr.AwsCustomResource(
    self, "GetCNAMEValue",
    on_update=cr.AwsSdkCall(
        service="SSM",
        action="getParameter",
        parameters={
            "Name": "certificate_cname_value"
        },
        region="us-east-1",
        physical_resource_id=cr.PhysicalResourceId.of(
            "cname-value-ssm-cross-region")),
    policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
        resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
    )
)

cname_value = get_cname_value.get_response_field("Parameter.Value") # acm-validation.aws goes to domain_name

# Create Route53 CNAME record to validate the certificate
# Code below will cause error:
# FATAL problem: DomainLabelEmpty (Domain label is empty) encountered with '_90c9f34d5e7f23e01de3960.test.search.acme.com..test.search.acme.com'
# (Service: AmazonRoute53; Status Code: 400; Error Code: InvalidInput;
route53.CnameRecord(
    self,
    "CNAME",
    record_name=cname_name,
    zone=hosted_zone,
    domain_name=cname_value
)

As you can see in the comments, when I run the code i get an error where CFN automatically appends ".test.search.acme.com" as a suffix. FYI, if i check parameter store cname_name and cname_value, they do not have ".test.search.acme.com" appended. The values are correct (_90c9f34d5e7f23e01de3960.test.search.acme.com. and _849ec97ff1b033b54fe424d.pmgyk.acm-validations.aws.) It just when i pass it when creating CnameRecord that is when the automatic append happens.

Expected Behavior

Route53 correctly creates CNAME name as '_90c9f34d5e7f23e01de3960.test.search.acme.com.and CNAME value as_849ec97ff1b033b54fe424d.pmgyk.acm-validations.aws.in the hosted zone and not automatically appends .test.search.acme.com` as a suffix

Current Behavior

Route53 incorrectly creates CNAME name as '_90c9f34d5e7f23e01de3960.test.search.acme.com..test.search.acme.comand CNAME value as_849ec97ff1b033b54fe424d.pmgyk.acm-validations.aws..test.search.acme.com`

Reproduction Steps

View the code above

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.117.0 (build 59d9b23)

Framework Version

No response

Node.js Version

v18.18.0

OS

Windows

Language

Python

Language Version

Python 3.11.5

Other information

No response
@andreprawira andreprawira added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 17, 2024
@github-actions github-actions bot added the @aws-cdk/aws-route53 Related to Amazon Route 53 label Feb 17, 2024
@pahud
Copy link
Contributor

pahud commented Feb 20, 2024

I can't reproduce this

Can you just create a CnameRecord with all static props like this sample below:

    new route53.CnameRecord(this, 'CNAME', {
      recordName: 'demo',
      zone: route53.HostedZone.fromHostedZoneAttributes(this, 'ImportedHostedZone', {
        hostedZoneId: 'Z011017311H5GG2PURK9N',
        zoneName: 'foo.cc',
      }),
      domainName: 'bar.cc'
    });

(I am setting a CNAME for demo.foo.cc to bar.cc and when I run npx cdk synth I get

Resources:
  CNAMEC70A2D52:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneId: Z011017311H5GG2PURK9N
      Name: demo.foo.cc.
      ResourceRecords:
        - bar.cc
      TTL: "1800"
      Type: CNAME

And I didn't see any suffix string appended and it deployed with no error as I can verify it from console.

Can you check the synthesized YAML output and verify if it is correctly synthesized? I don't think CFN would append the suffix like that. Also, would you please test the latest CDK version as well?

@pahud pahud added p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 20, 2024
@github-actions GitHub Actions
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Feb 22, 2024
@github-actions github-actions bot mentioned this issue Mar 1, 2024
Closed
@bongardino bongardino mentioned this issue Dec 18, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-route53 Related to Amazon Route 53 bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @andreprawira