[ERROR] InvalidChangeBatch: An error occurred (InvalidChangeBatch) when calling the ChangeResourceRecordSets operation: [RRSet with DNS name ........ is not permitted in zone ......] about terraform-aws-asg-dns-handler HOT 4 CLOSED

Hi @emiioan, it looks like the problem here is that you're not creating a fully qualified domain name inside of the asg:hostname_pattern tag, which is preventing the Route 53 record from being created. Here is an example of how this would work -

resource "aws_autoscaling_group" "asg" {
...
  tag {
    key                 = "asg:hostname_pattern"
    value               = "#instanceid.${var.vpc_name}.asg-testing.internal@${aws_route53_zone.test.id}"
    propagate_at_launch = true
  }
}

resource "aws_route53_zone" "test" {
  name          = "asg-testing.internal"

  vpc {
    vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id
  }
}

It's worth noting as well that #instanceid is interpolated by the lambda function to the instance_id of the AWS instance that is created. I will update the documentation to make this more clear.

from terraform-aws-asg-dns-handler.

Additional documentation added in 498537e.

from terraform-aws-asg-dns-handler.

Hi @cmckeen, thanks a lot for the response, yes indeed it worked after adding the FQDN including the R53 zone name in asg:hostname_pattern value.

from terraform-aws-asg-dns-handler.

I had that error, too. The module mismatches foo.id, foo.name and foo.arn at some places. Check the generated policy, I think you'll find a wrong ARN like arn:aws:route53::: arn:aws:route53:::foo/bar. (When you have fixed that, you'll find the next mistake where the module expects a zone id but the module's description says you need an ARN.
(sorry, I mismatched this with a different error.)

from terraform-aws-asg-dns-handler.