Can't import private Route53 Hosted Zone with more than one VPC association

[ttacon]

Terraform Version

v0.9.8

Affected Resource(s)

• aws_route53_zone

Terraform Configuration Files

None, using terraform import.

Debug Output

Full debug output not included due to this not being a bug per se.
https://gist.github.com/ttacon/1e26e775e4850211c629c02f44346e7d

Panic Output

None.

Expected Behavior

Expected it to import the private Route53 Hosted Zone.

Actual Behavior

Failed to import private Route53 Hosted Zone with error message.

Steps to Reproduce

1. terraform import aws_route53_zone.myzone $route53HostedZone

Important Factoids

None.

References

• AWS/Route53Zone - create private hosted zone associated with VPC. terraform#1526

It seems as though terraform import can't import a Route53 private hosted zone that is associated with more than one VPC. The code clearly shows that this is being explicitly disallowed, but I'm not sure why that is? I understand that there may be some difficulty/schema mis-match since creating a private hosted zone with more than one VPC associated requires some massaging (see linked terraform PR). But I was wondering if perhaps this was something on the roadmap/if I could get some clarification as to logic behind the comment in the linked section of code? I'm fairly certain it's due to the mismatch between the GetHostedZoneResponse model and the CreateHostedZoneRequest model, but I'd just like clarification.

Thanks!

[ttacon]

Just wondering if there was any update/response to this?

[boldandbusted]

Howdy. Any hope? :D

[Farhie]

@radeksimko I noticed this has been classified as an enhancement. Just wondered why this is the case? As I have run in to this and wouldn't describe it as expected behaviour?

[berniechiu]

Ummm... still can't at this time being.

[julienduchesne]

I'll work on this. Shouldn't be too long.

[julienduchesne]

Just an update on this. Making the import work wasn't the issue. The problem is that with the current import mechanism, you are going to get a zone and multiple zone_association. However, you cannot choose which vpc is going to be the main one in the zone resource.

Also, changing the vpc_id in the zone is currently a force_new condition. This behavior is really inconvenient. I am therefore working on integrating the vpc attachments in the zone resource itself. Almost got it.

[bflad]

Support for multiple VPCs associations within the aws_route53_zone resource (along with removing that restriction during import) has been merged and will release with version 1.42.0 of the AWS provider, likely today or tomorrow. 👍

Please note that using vpc_id and vpc_region within the aws_route53_zone resource is now deprecated in favor of vpc configuration blocks. An example switching your configuration will be published in the version 2 upgrade guide when 1.42.0 is released. We have also noted in the resource documentation that using the aws_route53_zone_association resource is discouraged unless necessary (e.g. for cross-account authorization ordering).

Shout out to @julienduchesne for the initial pull request and brainstorming!

[bflad]

This has been released in version 1.42.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!