aws_route53_record can overwrite existing record not in state

[asafpelegcodes]

Running...
Terraform v0.11.7
provider.aws v1.17.0

I have a route53 record that was created manually through the AWS console. Let's say it's for a record with the name something.example.com
Assume the record is an A record with an alias to a load balanacer...

If I apply the following terraform configuration bellow the A record is overwritten. There is no notice about this in the plan about destroying anything or an error saying the record already exists...

provider "aws" {
  version = "~> 1.7"
  region  = "us-east-1"
}

# A RECORD ALIAS internal-factpages-engine-wip-1851635644.us-east-1.elb.amazonaws.com.
resource "aws_route53_record" "www" {
  zone_id = "Z123456789XX"
  name    = "something.example.com"
  type    = "A"

  alias {
    name                   = "internal-something-example-111111111.us-east-1.elb.amazonaws.com"
    zone_id                = "Z123456789XY"
    evaluate_target_health = false
  }
}

My assumption is that terraform should throw an error from AWS that there is a record uniqueness constraint being violated by attempting to create a record with an identical name. It should not silently overwrite the existing record.

[bflad]

Hi @asafpelegcodes 👋 Sorry you ran into unexpected behavior here. I'm going to repost my closing comment from #1094 (comment) and close this out as hopefully it answers any questions regarding this -- basically you can use the allow_overwrite flag today and the behavior will be fixed by default in the next major version of the AWS provider.

---

Contrary to how almost all Terraform resources work, the aws_route53_record resource was incorrectly using the UPSERT action in the Route53 ResourceRecordSet changeset during Terraform resource creation instead of the CREATE action. Its been like this since it was created a few years ago.

In #2926, released in v1.10.0 of the AWS provider, we introduced the allow_override attribute that will allow you to set false that will switch the creation action to CREATE and properly error when you try to overwrite an existing record. It defaults to true currently to not break backwards compatibility.

In the next major version of the AWS provider, we plan to switch the attribute so it defaults to false but potentially will still allow true for the corner cases where UPSERT on creation is desired.

[vivekgkwd]

allow_overwrite is deprecated , how can I UPSERT route53 records now?

[ruanxuyi]

allow_overwrite is deprecated , how can I UPSERT route53 records now?

according to https://www.terraform.io/docs/providers/aws/r/route53_record.html i believe allow_overwrite option is still valid at this point. i have no issue of using allow_overwrite option.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!