Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

route53: DomainLabelEmpty error when adding certificate cname record to hosted zone #29149

Closed
andreprawira opened this issue Feb 17, 2024 · 2 comments
Closed

route53: DomainLabelEmpty error when adding certificate cname record to hosted zone #29149

andreprawira opened this issue Feb 17, 2024 · 2 comments
Labels
@aws-cdk/aws-route53 Related to Amazon Route 53 bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.

Comments

@andreprawira
Copy link

Describe the bug

I'm trying to add certificate cname name and value into r53 hosted zone to validate the certificate. I know we can solve this problem by creating the certificate and hosted zone at the same time, but in our project we cant do that. Below is our code:

hosted_zone = route53.PublicHostedZone(
    self,
    "hosted_zone",
    zone_name=f"{props.endpoint_prefix}.{props.hosted_zone}",
)

# Using custom resource to get Certificate CNAME name
get_cname_name = cr.AwsCustomResource(
    self, "GetCNAMEName",
    on_update=cr.AwsSdkCall(
        service="SSM",
        action="getParameter",
        parameters={
            "Name": "certificate_cname_name"
        },
        region="us-east-1",
        physical_resource_id=cr.PhysicalResourceId.of(
            "cname-name-ssm-cross-region")),
    policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
        resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
    )
)

cname_name = get_cname_name.get_response_field("Parameter.Value")

# Using custom resource to get Certificate CNAME value 
get_cname_value = cr.AwsCustomResource(
    self, "GetCNAMEValue",
    on_update=cr.AwsSdkCall(
        service="SSM",
        action="getParameter",
        parameters={
            "Name": "certificate_cname_value"
        },
        region="us-east-1",
        physical_resource_id=cr.PhysicalResourceId.of(
            "cname-value-ssm-cross-region")),
    policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
        resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
    )
)

cname_value = get_cname_value.get_response_field("Parameter.Value") # acm-validation.aws goes to domain_name

# Create Route53 CNAME record to validate the certificate
# Code below will cause error:
# FATAL problem: DomainLabelEmpty (Domain label is empty) encountered with '_90c9f34d5e7f23e01de3960.test.search.acme.com..test.search.acme.com'
# (Service: AmazonRoute53; Status Code: 400; Error Code: InvalidInput;
route53.CnameRecord(
    self,
    "CNAME",
    record_name=cname_name,
    zone=hosted_zone,
    domain_name=cname_value
)

As you can see in the comments, when I run the code i get an error where CFN automatically appends ".test.search.acme.com" as a suffix. FYI, if i check parameter store cname_name and cname_value, they do not have ".test.search.acme.com" appended. The values are correct (_90c9f34d5e7f23e01de3960.test.search.acme.com. and _849ec97ff1b033b54fe424d.pmgyk.acm-validations.aws.) It just when i pass it when creating CnameRecord that is when the automatic append happens.

Expected Behavior

Route53 correctly creates CNAME name as '_90c9f34d5e7f23e01de3960.test.search.acme.com.and CNAME value as_849ec97ff1b033b54fe424d.pmgyk.acm-validations.aws.in the hosted zone and not automatically appends .test.search.acme.com` as a suffix

Current Behavior

Route53 incorrectly creates CNAME name as '_90c9f34d5e7f23e01de3960.test.search.acme.com..test.search.acme.comand CNAME value as_849ec97ff1b033b54fe424d.pmgyk.acm-validations.aws..test.search.acme.com`

Reproduction Steps

View the code above

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.117.0 (build 59d9b23)

Framework Version

No response

Node.js Version

v18.18.0

OS

Windows

Language

Python

Language Version

Python 3.11.5

Other information

No response
@andreprawira andreprawira added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Feb 17, 2024
@github-actions github-actions bot added the @aws-cdk/aws-route53 Related to Amazon Route 53 label Feb 17, 2024
@pahud
Copy link
Contributor

pahud commented Feb 20, 2024

I can't reproduce this

Can you just create a CnameRecord with all static props like this sample below:

    new route53.CnameRecord(this, 'CNAME', {
      recordName: 'demo',
      zone: route53.HostedZone.fromHostedZoneAttributes(this, 'ImportedHostedZone', {
        hostedZoneId: 'Z011017311H5GG2PURK9N',
        zoneName: 'foo.cc',
      }),
      domainName: 'bar.cc'
    });

(I am setting a CNAME for demo.foo.cc to bar.cc and when I run npx cdk synth I get

Resources:
  CNAMEC70A2D52:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneId: Z011017311H5GG2PURK9N
      Name: demo.foo.cc.
      ResourceRecords:
        - bar.cc
      TTL: "1800"
      Type: CNAME

And I didn't see any suffix string appended and it deployed with no error as I can verify it from console.

Can you check the synthesized YAML output and verify if it is correctly synthesized? I don't think CFN would append the suffix like that. Also, would you please test the latest CDK version as well?

@pahud pahud added p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. labels Feb 20, 2024
@github-actions GitHub Actions
Copy link

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

@github-actions github-actions bot added closing-soon This issue will automatically close in 4 days unless further comments are made. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. and removed closing-soon This issue will automatically close in 4 days unless further comments are made. labels Feb 22, 2024
@github-actions github-actions bot mentioned this issue Mar 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-route53 Related to Amazon Route 53 bug This issue is a bug. closed-for-staleness This issue was automatically closed because it hadn't received any attention in a while. effort/medium Medium work item – several days of effort p2 response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pahud @andreprawira