1.10.5
5.88.0
aws_route53_resolver_rule
The AWS API has sensible/intelligent default behavior. For example, running aws route53resolver create-resolver-rule --creator-request-id foo --rule-type FORWARD --domain-name example.com --target-ips Ip=1.1.1.1,Protocol=DoH --resolver-endpoint-id rslvr-out-exampleexample will create the rule with the Port set to 443, as that's the default port for DoH. Also, running aws route53resolver create-resolver-rule --creator-request-id foo --rule-type FORWARD --domain-name example.com --target-ips Ip=1.1.1.1 --resolver-endpoint-id rslvr-out-exampleexample will create the rule with protocol DoH if the resolver endpoint only supports DoH and not Do53. The provider should refrain from providing default values for parameters that the AWS API considers optional and provides conditional defaults for, and if not specified they should simply not be sent.
The provider (https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/route53resolver/rule.go#L107, https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/route53resolver/rule.go#L112) specifies default values of port=53 and protocol=Do53 for those values, which can cause errors and unexpected behavior when those are the wrong values.
resource "aws_route53_resolver_rule" "demo" {
domain_name = "example.com"
rule_type = "FORWARD"
resolver_endpoint_id = aws_route53_resolver_endpoint.i_am_doh.id
target_ip {
ip = "1.1.1.1"
}
}
Attempt to apply the configuration, observe that the rule is attempted to be created while explicitly setting the protocol to Do53, resulting in an error (unlike the AWS CLI, SDKs, etc. which simply Do The Right Thing).
No response
No response
No response
No response
No