Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: additional_rules.alias not creating route53 alias records #6016

Open
joshgoodson opened this issue Mar 19, 2025 · 0 comments
Open

[Bug]: additional_rules.alias not creating route53 alias records #6016

joshgoodson opened this issue Mar 19, 2025 · 0 comments
Labels
type/bug Issues that are bugs.

Comments

@joshgoodson
Copy link

joshgoodson commented Mar 19, 2025
edited
Loading

Description:

Trying to create a LB web service with an ALB and specify many aliases. Only the hosted zone is updated with the original alias list. Additional rules don't get pulled into the LoadBalancerDNSAlias resource.

Details:

Copilot version latest binary from https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux
v1.34.0
us-west-2

Service manifest with the following alias configuration:

http:
      alias: 
        - name: example1.test.domain.com
          hosted_zone: (redacted)
        - name: example2.test.domain.com
          hosted_zone: (redacted)
        - name: example3.test.domain.com
          hosted_zone: (redacted)
        - name: example4.test.domain.com
          hosted_zone: (redacted)
        # limit 5 aliases per rule, there is an invisible default rule here for anything that doesn't match aliases defined on the ALB
      additional_rules:
        - path: /
          alias:
            - name: example5.test.domain.com
              hosted_zone: (redacted)
            - name: example6.test.domain.com
              hosted_zone: (redacted)

The comment in the middle is because it seems like even with 5 in that first alias list I run up against the validation recommendation to split. EDIT: Something tells me this is because 4 HTTP host header conditions and 1 path condition.

Observed result:

No aliases are created in the hosted zone for the additional rule aliases, but all the listener rules are created appropriately.

Our LoadBalancerDNSAlias resource looks like this in template:

LoadBalancerDNSAlias(redacted):
    Metadata:
      'aws:copilot:description': 'Alias records for the application load balancer in hosted zone (redacted)'
    Type: AWS::Route53::RecordSetGroup
    Properties:
      HostedZoneId: (redacted)
      Comment: !Sub "LoadBalancer aliases for service ${WorkloadName} in hosted zone (redacted)"
      RecordSets:
        - Name: "example1.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
        - Name: "example2.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
        - Name: "example3.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
        - Name: "example4.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName

The listener rules look correct:

HTTPListenerRuleWithDomain:
    Metadata:
      'aws:copilot:description': 'An HTTP listener rule for path `/` that redirects HTTP to HTTPS'
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties:
      Actions:
        - Type: redirect
          RedirectConfig:
            Protocol: HTTPS
            Port: 443
            Host: "#{host}"
            Path: "/#{path}"
            Query: "#{query}"
            StatusCode: HTTP_301
      Conditions:
        - Field: 'host-header'
          HostHeaderConfig:
            Values: ["example1.test.domain.com", "example2.test.domain.com", "example3.test.domain.com", "example4.test.domain.com"]
        - Field: 'path-pattern'
          PathPatternConfig:
            Values:
              - /*
      ListenerArn: !GetAtt EnvControllerAction.HTTPListenerArn
      Priority: !GetAtt HTTPRuleWithDomainPriorityAction.Priority
HTTPListenerRuleWithDomain1:
    Metadata:
      'aws:copilot:description': 'An HTTP listener rule for path `/` that redirects HTTP to HTTPS'
    Type: AWS::ElasticLoadBalancingV2::ListenerRule
    Properties:
      Actions:
        - Type: redirect
          RedirectConfig:
            Protocol: HTTPS
            Port: 443
            Host: "#{host}"
            Path: "/#{path}"
            Query: "#{query}"
            StatusCode: HTTP_301
      Conditions:
        - Field: 'host-header'
          HostHeaderConfig:
            Values: ["example5.test.domain.com", "example6.test.domain.com"]
        - Field: 'path-pattern'
          PathPatternConfig:
            Values:
              - /*
      ListenerArn: !GetAtt EnvControllerAction.HTTPListenerArn
      Priority: !GetAtt HTTPRuleWithDomainPriorityAction.Priority1

Expected result:

A LoadBalancerDNSAlias{HostedZoneId} resource that includes aliases for additional rule configuration:

LoadBalancerDNSAlias(redacted):
    Metadata:
      'aws:copilot:description': 'Alias records for the application load balancer in hosted zone (redacted)'
    Type: AWS::Route53::RecordSetGroup
    Properties:
      HostedZoneId: (redacted)
      Comment: !Sub "LoadBalancer aliases for service ${WorkloadName} in hosted zone (redacted)"
      RecordSets:
        - Name: "example1.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
        - Name: "example2.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
        - Name: "example3.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
        - Name: "example4.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
        - Name: "example5.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
        - Name: "example6.test.domain.com"
          Type: A
          AliasTarget:
            HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
            DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName

Debugging:

We have tried many different ways to define the multiple aliases and get around 5 per rule validation. The current config seems to deploy successfully with the observed outcome.

Are we missing something simple in this configuration that would get the aliases created? or are we needing to create the aliases ourselves outside of copilot for this case?
@joshgoodson joshgoodson added the type/bug Issues that are bugs. label Mar 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/bug Issues that are bugs.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@joshgoodson