I'm at a loss on this one.
99% of the time CloudFormation is pretty good at giving you some kind of debug message you can work with, but "Invalid request" has left me stumped, especially when the resource is pretty simple to begin with.
This is said resource that is giving me issues (template generated by Ansible, hence {{ ... }} notations),
"DatabaseDNSRecord": {
"Type": "AWS::Route53::RecordSet",
"Properties": {
"HostedZoneId": "HOSTED_ZONE_ID",
"Name": "db.{{ item.env_name|lower }}v2.<DOMAIN>.com.",
"ResourceRecords": [
{
"Fn::GetAtt": [ "Database", "Endpoint.Address" ]
}
],
"Type": "CNAME"
},
"DependsOn": "Database"
}
From what I can tell from the docs, everything that is required is present, correct, and in the right format.
The only thing I can think of is I'm adding this resource to an existing CloudFormation stack I created earlier that already created the Database
resource, which for the record is a AWS::RDS::DBInstance
(happy to post the resource template for that too if required, nothing special).
Any ideas why I'm getting "Invalid request"?
Thanks.
Edit: I tried this with and without a TTL
, same error.
Turns out I didn't try
TTL
andDependsOn
.Works with both of those.
Beyond TTL and DependsOn, the main idea is to make sure that the system does not attempt to create the recordset using references that do not exist.
As such, DependsOn must not only exist, but it must list all the resources that are referenced in the RecordSetGroup definition (Load Balancers, other DNS entries, ENIs, etc). This will ensure that cloudformation delays the creation of the DNS records until the prerequisites are met.
I have the similar issue, I've just set the
TTL
property and it works fine, seems likeTTL
property is a must for such record sets.I'm not using
DependsOn
as the record set depends on"ResourceRecords" : [ { "Fn::GetAtt" : [ "ApplicationRds" , "Endpoint.Address" ] } ],
from the "ApplicationRds" resource, so I don't see any gain to useDependsOn
If the same error is happening when creating records that do have a
TTL
set, check if they are notALIAS
-type records, as they must not have a TLL (as it is copied from theAliasTarget
).