How do I troubleshoot the errors I get when I use AWS CloudFormation to create Route 53 record sets?

Resolution

Here are some common errors that you might encounter when you try to create Route 53 record sets using AWS CloudFormation templates. To resolve the issues, follow the guidelines provided for each error.
Note: If you receive errors when you run the AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Error: "No hosted zones named "domain.com" found"

This error occurs when CloudFormation can't identify the hosted zone name defined for the HostedZoneName property. To resolve this error, check the following steps:

• Check the value passed to the HostedZoneName property and make sure that it includes a trailing period (.). The hosted zone name (such as domain.com ) requires a trailing period for it to be valid.
  For example:

   SampleRecordSet:
      Type: AWS::Route53::RecordSet
      Properties:
        HostedZoneName: "domain.com."  #note trailing dot 
        Name: image1.domain.com
        Type: CNAME
        TTL: '60'
        ResourceRecords: 
         - new.example

  If the hosted zone name already contains a trailing period, then check whether a hosted zone with that name already exists in your AWS account. Before you try to create the record sets, use the following AWS CLI command to verify that the hosted zone name is available.

  aws route53 list-hosted-zones \                                                   
   --query 'HostedZones[?Name==`YOUR-HOSTED-ZONE-NAME`]'

  Note: Replace YOUR-HOSTED-ZONE-NAME in the above command with the value passed to the HostedZoneName property in your CloudFormation stack.

• If the above command doesn't return any records, then the hosted zone isn't available in your account. To resolve this error, create the hosted zone before you create the RecordSet .

Error: "RRSet with DNS name a.domain.com is not permitted in zone domain-test.com."

You receive this error if the DNS value passed to the Name property of the AWS::Route53::RecordSet resource doesn't match the hosted zone. To resolve the issue, check the following options.

• The value passed to the Name property in the AWS::Route53::RecordSet resource must be a fully qualified domain name . Check that you are passing a fully qualified name for your DNS record set. For example, if your domain is domain.com, then the name must be something like a.domain.com. Passing just "a" might cause it to fail with an error, as it's not a fully qualified domain name.
• The DNS name must be a subdomain of the hosted zone. For example, if the hosted zone name is domain-test.com. then, the Name property for your record set must be something like xxxxx.domain-test.com. 

Error: "No hosted zone found with ID: Z1234567XXXXXXXXXX"

You see this error message if the value passed to the HostedZoneId property can't be found to be associated with your account. To resolve this error, check the following options:

• Validate that the hosted zone ID value provided to the stack for the AWS::Route53::RecordSet resource is correct and exists in your AWS account.

• Use the following AWS CLI command to check if the hosted zone ID is available in your account:

   aws route53 get-hosted-zone --id Z1234567XXXXXXXXXX

• If the above command returns an error, then the hosted zone ID isn't available in your AWS account. Try creating the stack again by passing a valid hosted zone ID value to the HostedZoneId property of the AWS::Route53::RecordSet resource. This associates the record set with an actual hosted zone that exists in Route 53.

Error: "Duplicate hosted zones for hosted zone name domain.com."

You can create multiple hosted zones in Route 53 with the same name. Try to create an AWS::Route53::RecordSet resource by passing the HostedZoneName property. However, if there are multiple hosted zones with that same name, then you receive an error message.

To fix this error, don't define the HostedZoneName property for the AWS::Route53::RecordSet resource. Instead, define the HostedZoneId property. Then, pass the zone ID where you want to create the record set. For example:

 SampleRecordSet:
    Type: AWS::Route53::RecordSet
    Properties:
      HostedZoneId: "Z1234567XXXXXXXXXX"
      Name: image1.domain.com
      Type: CNAME
      TTL: '60'
      ResourceRecords: 
       - new.example

Error: "Expected exactly one of [AliasTarget, all of [TTL, and ResourceRecords], or TrafficPolicyInstanceId], but found none in Change with [Action=CREATE, Name=a.domain.com., Type=A, SetIdentifier=null]"

You see this error if you didn't define all the required properties for the AWS::Route53::RecordSet resource in your template. Every Route 53 RecordSet resource requires you to set certain configuration properties. An error occurs when these required properties are missing from your template. To resolve this error, check the following options:

• Define either the AliasTarget property or both the TTL and the ResourceRecords properties for your AWS::Route53::RecordSet resource.

• If you defined the AliasTarget property for your AWS::Route53::RecordSet , then DON'T define the TTL or the ResourceRecords properties in the same resource.

  See the following example to define only the AliasTarget property but not the TTL and the ResourceRecords properties:

  SampleR53AliasRecord:
      Type: AWS::Route53::RecordSet
      Properties:
        Name: 'abc.domain.com'
        Type: A
        AliasTarget:
          DNSName: !GetAtt MyELB.DNSName
          HostedZoneId: !GetAtt MyELB.CanonicalHostedZoneNameID
        HostedZoneId: "Z1234567XXXXXXXXXX"

• If you didn't define the AliasTarget property, then check whether you defined both TTL and the ResourceRecords properties.

• You also get an error if you define only one of these properties. If you define the ResourceRecords property, you must also define the TTL property in your template. Similarly, if you define TTL , you must also define ResourceRecords .

  The following example shows you how to define only the TTL and ResourceRecords properties:

  SampleRecordSet:
      Type: AWS::Route53::RecordSet
      Properties:
        HostedZoneId: "Z1234567XXXXXXXXXX"
        Name: image1.domain.com
        Type: CNAME
        TTL: '60'
        ResourceRecords: 
         - new.example

Error: "Tried to create resource record set [name='a.domain.com.', type='A', set-identifier='null'] but it already exists"

You tried to create an alias record set in a hosted zone that already contains an alias record set with the same name. To resolve this error, check the following options

• Check that you are creating the alias record set within the correct hosted zone. Verify that the hosted zone ID or name matches the zone where you want to create the alias record set.
• Check if the A or CNAME record type that you are trying to create using CloudFormation already exists in the hosted zone. You can use the following AWS CLI command to verify whether the resource record is already available in the hosted zone:

  aws route53 list-resource-record-sets \
  --hosted-zone-id YOUR-HOSTED-ZONE-NAME \
  --query 'ResourceRecordSets[?(Name==`YOUR-RESOURCE-RECORD-NAME` && Type==`YOUR-TYPE-OF-RECORD`)]

  Note: Replace YOUR-HOSTED-ZONE-NAME, YOUR-RESOURCE-RECORD-NAME, and YOUR-TYPE-OF-RECORD in the above command with the exact values listed in the error message.
• If the above command returns a value, then use CloudFormation to delete this record from your hosted zone before creating it. Conduct an impact assessment for your application before manually deleting this record from your hosted zone. Carefully consider how removing this record might affect your application before taking that step.

Related information

Errors

AWS::Route53::RecordSet