aws_elb_hosted_zone_id data source doesn't support Network Load Balancers

[mjarosie]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

aws_elb_hosted_zone_id data source supports Application Load Balancers and Classic Load Balancers (which use the same hosted zone id), but not Network Load Balancers (their hosted zone ids are different, see: https://docs.aws.amazon.com/general/latest/gr/rande.html#elb_region).

As an example, the configuration defined below will return "Z32O12XQLNTSW2" as hosted ID zone, but it's impossible to retrieve network load balancer equivalent: "Z2IFOLAFXWLO4F".

Potential Terraform Configuration

data "aws_elb_hosted_zone_id" "main" {
    region = "eu-west-1"
}

References

• https://docs.aws.amazon.com/general/latest/gr/rande.html#elb_region
• Support for network load balancer #1618

[jukie]

I'd like to work on this, it's currently just a hardcoded map so what's the best way to add nlb zone id's without breaking things?
https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/data_source_aws_elb_hosted_zone_id.go#L10

var elbHostedZoneIdPerRegionMap = map[string]string{
	"ap-northeast-1": "Z14GRHDCWA56QT",
	"ap-northeast-2": "ZWKZPGTI48KDX",
	"ap-northeast-3": "Z5LXEXXYW11ES",
	"ap-south-1":     "ZP97RAFLXTNZK",
	"ap-southeast-1": "Z1LMS91P8CMLE5",
	"ap-southeast-2": "Z1GM3OXH4ZPM65",
	"ca-central-1":   "ZQSVJUPU6J1EY",
	"cn-north-1":     "638102146993",
	"eu-central-1":   "Z215JYRZR1TBD5",
	"eu-north-1":     "Z23TAZ6LKFMNIO",
	"eu-west-1":      "Z32O12XQLNTSW2",
	"eu-west-2":      "ZHURV8PSTC4K8",
	"eu-west-3":      "Z3Q77PNBQS71R4",
	"sa-east-1":      "Z2P70J7HTTTPLU",
	"us-east-1":      "Z35SXDOTRQ7X7K",
	"us-east-2":      "Z3AADJGX6KTTL2",
	"us-gov-west-1":  "048591011584",
	"us-west-1":      "Z368ELLRRE2KJ0",
	"us-west-2":      "Z1H1FL5HABSF5",
}

[jukie]

So I've decided to use the following and then I'm adding a "type" (application, classic, or network). argument to aws_elb_hosted_zone_id which will be assigned to either index. application/classic will get the first, network get's the second.

var elbHostedZoneIdPerRegionMap = map[string][]string{
	"ap-northeast-1": {"Z14GRHDCWA56QT", "Z31USIVHYNEOWT"},
	"ap-northeast-2": {"ZWKZPGTI48KDX", "ZIBE1TIR4HY56"},
	"ap-northeast-3": {"Z5LXEXXYW11ES", "Z1GWIQ4HH19I5X"},
	"ap-south-1":     {"ZP97RAFLXTNZK", "ZVDDRBQ08TROA"},
	"ap-southeast-1": {"Z1LMS91P8CMLE5", "ZKVM4W9LS7TM"},
	"ap-southeast-2": {"Z1GM3OXH4ZPM65", "ZCT6FZBF4DROD"},
	"ca-central-1":   {"ZQSVJUPU6J1EY", "Z2EPGBW3API2WT"},
	"cn-north-1":     {"638102146993", "Z3QFB96KMJ7ED6"},
	"eu-central-1":   {"Z215JYRZR1TBD5", "ZQEIKTCZ8352D"},
	"eu-north-1":     {"Z23TAZ6LKFMNIO", "Z3F0SRJ5LGBH90"},
	"eu-west-1":      {"Z32O12XQLNTSW2", "Z1UDT6IFJ4EJM"},
	"eu-west-2":      {"ZHURV8PSTC4K8", "Z2IFOLAFXWLO4F"},
	"eu-west-3":      {"Z3Q77PNBQS71R4", "ZD4D7Y8KGAS4G"},
	"sa-east-1":      {"Z2P70J7HTTTPLU", "Z1CMS0P5QUZ6D5"},
	"us-east-1":      {"Z35SXDOTRQ7X7K", "ZTK26PT1VY4CU"},
	"us-east-2":      {"Z3AADJGX6KTTL2", "Z26RNL4JYFTOTI"},
	"us-gov-west-1":  {"048591011584", "ZLMOA37VPKANP"},
	"us-west-1":      {"Z368ELLRRE2KJ0", "Z24FKFUX50B4VW"},
	"us-west-2":      {"Z1H1FL5HABSF5", "Z18D5FSROUN65G"},
}

I'll validate in a similar fashion as https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_lambda_function.go#L24 but I think I'll need to hardcode the value options unless someone can suggest a better option. It appears that elb and elbv2 only list application and network as a const and I'd like to also list a "classic" option but I can't find any reference.
https://github.com/aws/aws-sdk-go/blob/master/service/elbv2/api.go#L8832

Any ideas?

[PatMyron]

GovCloud regions aren't documented for either yet:
#12976
https://docs.aws.amazon.com/general/latest/gr/elb.html#elb_region

Their Route 53 Hosted Zone IDs (Network Load Balancers) in case anyone picks this up:

	"us-gov-east-1":  "Z1ZSMQQ6Q24QQ8",
	"us-gov-west-1":  "ZMG1MZ2THAWF1",

[jukie]

Thanks @PatMyron I'll pick this back up.

[aSapien]

Is there any workaround?
My NLB is created by nginx-ingress-controller and I couldn't find a trivial way to get the zone_id from the created resource post-creation using Terraform.

Also, I'm hosted in us-east-1 but according to the map at #7988 (comment) the zone_id of my NLB is at hosted in us-east-2, which seems to be wrong. Maybe I'm missing something?

[uhari03]

@jukie What is currently blocking #8384 from going through?
This is a very useful (and I would say important) feature to get merged in.

[jukie]

I think it just never got looked at. If @bflad has any input I can update with any desired changes.

[jukie]

Obviously will fix any conflicts as well, currently on mobile.

[watsonjm]

Is there any workaround?
My NLB is created by nginx-ingress-controller and I couldn't find a trivial way to get the zone_id from the created resource post-creation using Terraform.

Also, I'm hosted in us-east-1 but according to the map at #7988 (comment) the zone_id of my NLB is at hosted in us-east-2, which seems to be wrong. Maybe I'm missing something?

It's not as nice as the aws_elb_hosted_zone_id data source, but for anyone using nginx ingress you can get your zone_id this way:

data "kubernetes_service" "nginx_nlb" {
  metadata {
    name      = "ingress-nginx-controller"
  }
}

data "aws_lb" "nginx_nlb" {
  name = split("-", data.kubernetes_service.nginx_lb.status.0.load_balancer.0.ingress.0.hostname).0
}

resource "aws_route53_record" "nginx_nlb" {
  ...
  alias {
    ...
    zone_id = data.aws_lb.nginx_nlb.zone_id
    ...
  }
}

[github-actions]

This functionality has been released in v4.15.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.