Description
Description:
Trying to create a LB web service with an ALB and specify many aliases. Only the hosted zone is updated with the original alias list. Additional rules don't get pulled into the LoadBalancerDNSAlias resource.
Details:
Copilot version latest binary from https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux
v1.34.0
us-west-2
Service manifest with the following alias configuration:
http:
alias:
- name: example1.test.domain.com
hosted_zone: (redacted)
- name: example2.test.domain.com
hosted_zone: (redacted)
- name: example3.test.domain.com
hosted_zone: (redacted)
- name: example4.test.domain.com
hosted_zone: (redacted)
# limit 5 aliases per rule, there is an invisible default rule here for anything that doesn't match aliases defined on the ALB
additional_rules:
- path: /
alias:
- name: example5.test.domain.com
hosted_zone: (redacted)
- name: example6.test.domain.com
hosted_zone: (redacted)
The comment in the middle is because it seems like even with 5 in that first alias list I run up against the validation recommendation to split. EDIT: Something tells me this is because 4 HTTP host header conditions and 1 path condition.
Observed result:
No aliases are created in the hosted zone for the additional rule aliases, but all the listener rules are created appropriately.
Our LoadBalancerDNSAlias resource looks like this in template:
LoadBalancerDNSAlias(redacted):
Metadata:
'aws:copilot:description': 'Alias records for the application load balancer in hosted zone (redacted)'
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: (redacted)
Comment: !Sub "LoadBalancer aliases for service ${WorkloadName} in hosted zone (redacted)"
RecordSets:
- Name: "example1.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- Name: "example2.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- Name: "example3.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- Name: "example4.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
The listener rules look correct:
HTTPListenerRuleWithDomain:
Metadata:
'aws:copilot:description': 'An HTTP listener rule for path `/` that redirects HTTP to HTTPS'
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: 443
Host: "#{host}"
Path: "/#{path}"
Query: "#{query}"
StatusCode: HTTP_301
Conditions:
- Field: 'host-header'
HostHeaderConfig:
Values: ["example1.test.domain.com", "example2.test.domain.com", "example3.test.domain.com", "example4.test.domain.com"]
- Field: 'path-pattern'
PathPatternConfig:
Values:
- /*
ListenerArn: !GetAtt EnvControllerAction.HTTPListenerArn
Priority: !GetAtt HTTPRuleWithDomainPriorityAction.Priority
HTTPListenerRuleWithDomain1:
Metadata:
'aws:copilot:description': 'An HTTP listener rule for path `/` that redirects HTTP to HTTPS'
Type: AWS::ElasticLoadBalancingV2::ListenerRule
Properties:
Actions:
- Type: redirect
RedirectConfig:
Protocol: HTTPS
Port: 443
Host: "#{host}"
Path: "/#{path}"
Query: "#{query}"
StatusCode: HTTP_301
Conditions:
- Field: 'host-header'
HostHeaderConfig:
Values: ["example5.test.domain.com", "example6.test.domain.com"]
- Field: 'path-pattern'
PathPatternConfig:
Values:
- /*
ListenerArn: !GetAtt EnvControllerAction.HTTPListenerArn
Priority: !GetAtt HTTPRuleWithDomainPriorityAction.Priority1
Expected result:
A LoadBalancerDNSAlias{HostedZoneId} resource that includes aliases for additional rule configuration:
LoadBalancerDNSAlias(redacted):
Metadata:
'aws:copilot:description': 'Alias records for the application load balancer in hosted zone (redacted)'
Type: AWS::Route53::RecordSetGroup
Properties:
HostedZoneId: (redacted)
Comment: !Sub "LoadBalancer aliases for service ${WorkloadName} in hosted zone (redacted)"
RecordSets:
- Name: "example1.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- Name: "example2.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- Name: "example3.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- Name: "example4.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- Name: "example5.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
- Name: "example6.test.domain.com"
Type: A
AliasTarget:
HostedZoneId: !GetAtt EnvControllerAction.PublicLoadBalancerHostedZone
DNSName: !GetAtt EnvControllerAction.PublicLoadBalancerDNSName
Debugging:
We have tried many different ways to define the multiple aliases and get around 5 per rule validation. The current config seems to deploy successfully with the observed outcome.
Are we missing something simple in this configuration that would get the aliases created? or are we needing to create the aliases ourselves outside of copilot for this case?