aws-cdk icon indicating copy to clipboard operation
aws-cdk copied to clipboard

Published 20 hours ago verified publisher icon aws

route53: DomainLabelEmpty error when adding certificate cname record to hosted zone

Open andreprawira opened this issue 1 year ago • 2 comments

Describe the bug

I'm trying to add certificate cname name and value into r53 hosted zone to validate the certificate. I know we can solve this problem by creating the certificate and hosted zone at the same time, but in our project we cant do that. Below is our code:

hosted_zone = route53.PublicHostedZone(
    self,
    "hosted_zone",
    zone_name=f"{props.endpoint_prefix}.{props.hosted_zone}",
)

# Using custom resource to get Certificate CNAME name
get_cname_name = cr.AwsCustomResource(
    self, "GetCNAMEName",
    on_update=cr.AwsSdkCall(
        service="SSM",
        action="getParameter",
        parameters={
            "Name": "certificate_cname_name"
        },
        region="us-east-1",
        physical_resource_id=cr.PhysicalResourceId.of(
            "cname-name-ssm-cross-region")),
    policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
        resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
    )
)

cname_name = get_cname_name.get_response_field("Parameter.Value")

# Using custom resource to get Certificate CNAME value 
get_cname_value = cr.AwsCustomResource(
    self, "GetCNAMEValue",
    on_update=cr.AwsSdkCall(
        service="SSM",
        action="getParameter",
        parameters={
            "Name": "certificate_cname_value"
        },
        region="us-east-1",
        physical_resource_id=cr.PhysicalResourceId.of(
            "cname-value-ssm-cross-region")),
    policy=cr.AwsCustomResourcePolicy.from_sdk_calls(
        resources=cr.AwsCustomResourcePolicy.ANY_RESOURCE
    )
)

cname_value = get_cname_value.get_response_field("Parameter.Value") # acm-validation.aws goes to domain_name

# Create Route53 CNAME record to validate the certificate
# Code below will cause error:
# FATAL problem: DomainLabelEmpty (Domain label is empty) encountered with '_90c9f34d5e7f23e01de3960.test.search.acme.com..test.search.acme.com'
# (Service: AmazonRoute53; Status Code: 400; Error Code: InvalidInput;
route53.CnameRecord(
    self,
    "CNAME",
    record_name=cname_name,
    zone=hosted_zone,
    domain_name=cname_value
)

As you can see in the comments, when I run the code i get an error where CFN automatically appends ".test.search.acme.com" as a suffix. FYI, if i check parameter store cname_name and cname_value, they do not have ".test.search.acme.com" appended. The values are correct (_90c9f34d5e7f23e01de3960.test.search.acme.com. and _849ec97ff1b033b54fe424d.pmgyk.acm-validations.aws.) It just when i pass it when creating CnameRecord that is when the automatic append happens.

Expected Behavior

Route53 correctly creates CNAME name as '_90c9f34d5e7f23e01de3960.test.search.acme.com.and CNAME value as_849ec97ff1b033b54fe424d.pmgyk.acm-validations.aws.in the hosted zone and not automatically appends .test.search.acme.com` as a suffix

Current Behavior

Route53 incorrectly creates CNAME name as '_90c9f34d5e7f23e01de3960.test.search.acme.com..test.search.acme.comand CNAME value as_849ec97ff1b033b54fe424d.pmgyk.acm-validations.aws..test.search.acme.com`

Reproduction Steps

View the code above

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.117.0 (build 59d9b23)

Framework Version

No response

Node.js Version

v18.18.0

OS

Windows

Language

Python

Language Version

Python 3.11.5

Other information

No response

andreprawira avatar Feb 17 '24 15:02 andreprawira

I can't reproduce this

Can you just create a CnameRecord with all static props like this sample below:

    new route53.CnameRecord(this, 'CNAME', {
      recordName: 'demo',
      zone: route53.HostedZone.fromHostedZoneAttributes(this, 'ImportedHostedZone', {
        hostedZoneId: 'Z011017311H5GG2PURK9N',
        zoneName: 'foo.cc',
      }),
      domainName: 'bar.cc'
    });

(I am setting a CNAME for demo.foo.cc to bar.cc and when I run npx cdk synth I get

Resources:
  CNAMEC70A2D52:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneId: Z011017311H5GG2PURK9N
      Name: demo.foo.cc.
      ResourceRecords:
        - bar.cc
      TTL: "1800"
      Type: CNAME

And I didn't see any suffix string appended and it deployed with no error as I can verify it from console.

Can you check the synthesized YAML output and verify if it is correctly synthesized? I don't think CFN would append the suffix like that. Also, would you please test the latest CDK version as well?

pahud avatar Feb 20 '24 16:02 pahud

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

github-actions[bot] avatar Feb 22 '24 20:02 github-actions[bot]