InvalidChangeBatch 400: "" is not a valid hosted zone id. is not a valid encrypted identifier when attempting to add A record to existing domain

Question

I am attempting to point my domain to my S3 bucket

When I attempt to create an A record on my domain I get the following error in Route53 console:

Error occurred
Alias Target contains an invalid value.
(InvalidChangeBatch 400: "" is not a valid hosted zone id. is not a valid encrypted identifier)

I note that when I select "ap-southeast-2" my "bowls-holdingpage" bucket doesn't pre-populate even although it's definitely in that region and setup to host a static site. It is hosting the site on the default S3 endpoint URL, but I am trying to switch it over to add an A record on my domain.

Where am I going wrong here?

score 6 · Answer 1 · answered Mar 09 '22 at 18:23

I got this error message when trying to create a Route53 DNS A Record that points to a CloudFront distribution. (This is currently the top Google result for that error message.)

I had assumed (incorrectly) that one needed to put the Hosted Zone of the CloudFront distribution into the Record, because the Record expects a Hosted Zone in its AliasTarget. But actually I needed to put in a special magic value (!) of Z2FDTNDATAQYW2 from the Route53 documentation:

session = aioboto3.Session(...)
async with session.client('route53') as route53:
    route53_response = await route53.change_resource_record_sets(
        HostedZoneId=route53_hosted_zone_id,  # ex: A9E7TNDATAW749
        ChangeBatch={
            'Comment': f'CloudFront distribution for {domain_name}',
            'Changes': [
                {
                    'Action': 'CREATE',
                    'ResourceRecordSet': {
                        'Name': domain_name,  # ex: mysubdomain.example.com
                        'Type': 'A',
                        'AliasTarget': {
                            # https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/route53.html
                            'HostedZoneId': 'Z2FDTNDATAQYW2',  #  magic, for a CloudFront distribution
                            'DNSName': cloudfront_distribution_domain_name,  # ex: q1a91r2o7y8g32.cloudfront.net
                            'EvaluateTargetHealth': False,
                        },
                    },
                },
            ],
        },
    )

This worked for me and I'm very surprised that this was fix. I tried multiple things and removing the HostedZoneId but only this worked. — sdbol, Feb 07 '23 at 07:49

score 4 · Accepted Answer · answered Jan 06 '21 at 22:52

4

I had this problem as well. I did have the bucket named the same as the domain.

What I found was about an hour after I had created the bucket, it suddenly became available in the 'Choose S3 bucket' drop down.

Another thing I missed on the bucket set up was at first I didn't enable static website hosting in 'Static website hosting'.

answered Jan 06 '21 at 22:52

Henry

7,721
2
38
38

Thanks for this comment, i'll try this out this weekend and come back and confirm. – crmpicco Jan 07 '21 at 01:35
1

I confirm that the "static website hosting" setting is indeed needed. – MrTJ Feb 25 '21 at 22:49
tl;dr "Wait" :-) – crmpicco Mar 26 '21 at 03:01

score 2 · Answer 3 · answered Dec 06 '20 at 04:55

2

To use R53 for buckets, the bucket name must match your domain. From docs:

Amazon S3 bucket – The name of the record must match the name of your Amazon S3 bucket. For example, if the name of your bucket is acme.example.com, the name of this record must also be acme.example.com. In addition, you must configure the bucket for website hosting.

So your bucket should be called bowls.com.au

answered Dec 06 '20 at 04:55

Marcin

215,873
14
235
294

Hi Marcin, thanks for this. This helps, and I have resolved the error by using the full endpoint of the bucket. But the domain is still no resolving in the browser. rockybowls.com.au A record routes traffic to rockybowls.com.au.s3-website-ap-southeast-2.amazonaws.com. in Route 53 which is correctly setup as a static website in S3 as this URL is accessible: http://rockybowls.com.au.s3-website-ap-southeast-2.amazonaws.com. Am I forgot about something here? – crmpicco Dec 06 '20 at 06:15
@crmpicco That should be enough. Is the domain `rockybowls.com.au` managed by R53, or you got it outside of AWS? – Marcin Dec 06 '20 at 06:25
@crmpicco On the screenshot, you have `bowls.com.au`, but in the comment you wrote about `rockybowls.com.au`? Are these same, or different? – Marcin Dec 06 '20 at 07:00
Yes, sorry for the confusion. I was attempting to obfuscate the domain to begin with. rockybowls.com.au is the real domain. – crmpicco Dec 06 '20 at 07:02
@crmpicco Don't know what else could be wrong. The only thing I recommend is to double check all the settings for the domain. You could also make new question with details specific to this new issue. – Marcin Dec 06 '20 at 07:13

InvalidChangeBatch 400: "" is not a valid hosted zone id. is not a valid encrypted identifier when attempting to add A record to existing domain

3 Answers3