Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using Amplify managed HTTPS Certificate creates DNS verification record and leaves it after termination #18

Open
goruha opened this issue Jan 22, 2025 · 0 comments
Open

Using Amplify managed HTTPS Certificate creates DNS verification record and leaves it after termination #18

goruha opened this issue Jan 22, 2025 · 0 comments
Labels
bug 🐛 An issue with the system

Comments

@goruha
Copy link
Contributor

goruha commented Jan 22, 2025

Describe the Bug

Using an Amplify-managed HTTPS Certificate creates a DNS verification record and leaves it after removing the component.
The DNS record prevents deleting the route53 zone so make troubles correctly teardown infrastracture.

Expected Behavior

All resources created explicitly or implicitly should be under terraform control

Steps to Reproduce

  1. Deploy
components:
  terraform:
    dns-delegated:
      metadata:
        component: dns-delegated
      vars:
        zone_config:
          - subdomain: test
            zone_name: example.net
        request_acm_certificate: false
  1. Deploy
components:
  terraform:
    amplify/basic:
      metadata:
        component: amplify
      vars:
        enabled: true
        github_personal_access_token_secret_path: "/amplify/github_personal_access_token"
        platform: "WEB"
        dns_delegated_component_name: "dns-delegated"
        dns_delegated_environment_name: "ue2"

        name: "example"
        description: "example Amplify App"
        repository: "https://github.com/cloudposse-tests/amplify"

        environments:
          main:
            branch_name: "main"
            enable_auto_build: true
            backend_enabled: false
            enable_performance_mode: false
            enable_pull_request_preview: false
            framework: "Next.js - SSR"
            stage: "PRODUCTION"
            environment_variables: {}
        domain_config:
          sub_domain:
            - branch_name: "main"
              prefix: "example-prod"
        subdomains_dns_records_enabled: true
        certificate_verification_dns_record_enabled: false
  1. Remove amplify/basic component
  2. Remove dns-delegated component
  3. See the error that dns-delegated zone can not be removed because there are 3 DNS records (expected to be 2)

Possible solutions

  1. Document this side effect
  2. Create an HTTPS certificate with Terraform and pass it (arn, etc) as a managed certificate to amplify the app.
@goruha goruha added the bug 🐛 An issue with the system label Jan 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 An issue with the system
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@goruha