I am using AWS CloudFormation to manage my site DNS records in AWS Route53. To define the SPF records, up until now I have been using the following template snippet:
RecordSetGroup:
Type: "AWS::Route53::RecordSetGroup"
Properties:
HostedZoneId: !Ref HostedZone
RecordSets:
- Name: !Sub '${DomainName}.'
TTL: 3600
Type: SPF
ResourceRecords:
- '"v=spf1 include:_spf.google.com ~all"'
- Name: !Sub '*.${DomainName}.'
TTL: 3600
Type: SPF
ResourceRecords:
- '"v=spf1 include:_spf.google.com ~all"'
I've read in several places that the SPF DNS record type is deprecated and that TXT records should be used instead to advertise SPF info (including in the CloudFormation documentation). So I tried the following CloudFormation snippet instead:
RecordSetGroup:
Type: "AWS::Route53::RecordSetGroup"
Properties:
HostedZoneId: !Ref HostedZone
RecordSets:
- Name: !Sub '${DomainName}.'
TTL: 3600
Type: TXT
ResourceRecords:
- '"v=spf1 include:_spf.google.com ~all"'
- Name: !Sub '*.${DomainName}.'
TTL: 3600
Type: TXT
ResourceRecords:
- '"v=spf1 include:_spf.google.com ~all"'
But when I try to update my stack using this template I get the following error from CloudFormation:
UPDATE_FAILED [The request contains an invalid set of changes for a resource record set 'TXT domain.com.', The request contains an invalid set of changes for a resource record set 'TXT \052.domain.com.']
Any idea why CloudFormation is unhappy with these TXT records?
Thanks in advance for your help!
