Terraform for Clerk DNS records.

Oct. 27, 2023, 11:10 p.m. GMT-4

Terraform your Clerk production DNS records into AWS Route53 🌎

data "aws_route53_zone" "selected" {
  name         = "[[DOMAIN.COM]]."
  private_zone = false
}

variable "cnames" {
  type        = map(string)
  description = "List of cnames records: key=subdomain value=record-value"
  default = {
    # Frontend API
    "clerk" = "frontend-api.clerk.services",
    # Account Portal
    "accounts" = "accounts.clerk.services",
    # Email -- these will be unique to your account
    "clk._domainkey"  = "dkim1.<hash>.clerk.services",
    "clk2._domainkey" = "dkim2.<hash>.clerk.services",
    "clkmail"         = "mail.<hash>.clerk.services"
  }
}

resource "aws_route53_record" "clerk_cnames" {
  for_each = var.cnames

  zone_id = data.aws_route53_zone.selected.zone_id
  name    = "${each.key}.${data.aws_route53_zone.selected.name}"
  type    = "CNAME"
  ttl     = 300
  records = [each.value]
}

Expect to see:

Plan: 5 to add, 0 to change, 0 to destroy.

✨

Hit an error?

Error: creating Route 53 Record: InvalidChangeBatch: [Tried to create resource record set [name='clk._domainkey.[[DOMAIN.COM]].', type='CNAME'] but it already exists]

This is most likely because you’re retroactively attemping to manage preexisting resources created unbeknownst to Terraform.

You'll have to terraform import for each of the records.

❯ terraform import 'aws_route53_record.clerk_cnames["clerk"]' "[[HOSTED_ZONE_ID]]_clerk.[[DOMAIN.COM]]_CNAME"
❯ terraform import 'aws_route53_record.clerk_cnames["accounts"]' "[[HOSTED_ZONE_ID]]_accounts.[[DOMAIN.COM]]_CNAME"
❯ terraform import 'aws_route53_record.clerk_cnames["clk._domainkey"]' "[[HOSTED_ZONE_ID]]_clk._domainkey.[[DOMAIN.COM]]_CNAME"
❯ terraform import 'aws_route53_record.clerk_cnames["clk2._domainkey"]' "[[HOSTED_ZONE_ID]]_clk2._domainkey.[[DOMAIN.COM]]_CNAME"
❯ terraform import 'aws_route53_record.clerk_cnames["clkmail"]' "[[HOSTED_ZONE_ID]]_clkmail.[[DOMAIN.COM]]_CNAME"

data.aws_route53_zone.selected: Reading...
data.aws_route53_zone.selected: Read complete after 1s [id=[[HOSTED_ZONE_ID]]]
aws_route53_record.clerk_cnames["clkmail"]: Importing from ID "[[HOSTED_ZONE_ID]]_clkmail.[[DOMAIN.COM]]_CNAME"...
aws_route53_record.clerk_cnames["clkmail"]: Import prepared!
  Prepared aws_route53_record for import
aws_route53_record.clerk_cnames["clkmail"]: Refreshing state... [id=[[HOSTED_ZONE_ID]]_clkmail.[[DOMAIN.COM]]_CNAME]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

If you can afford some potential downtime, manually deleting them and then running terraform apply is a very sane alternative as well. Think of this as allowing Terraform to start from a clean slate.