Enable route 53 alias records to support weighted routing policy

OlamideOl1 · OlamideOl1 · commit d9dc76326f16 · 2026-05-07T12:27:37.000+01:00
diff --git a/README.md b/README.md
@@ -176,6 +176,27 @@ module "ingress" {
 }
 ```
 
+To create weighted Route 53 aliases, set `alias_weighted_routing`. This applies
+to every alias created by the module instance, and is intended for coordinating
+peer weighted records created from separate Terraform states or applies.
+
+``` terraform
+module "ingress" {
+  source = "..."
+
+  primary_domain_name = "www.example.com"
+  hosted_zone_name    = "example.com"
+
+  alias_weighted_routing = {
+    weight         = 10
+    set_identifier = "primary"
+  }
+}
+```
+
+For a given Route 53 weighted record set, `set_identifier` must be unique for
+the combination of hosted zone, record name, and record type.
+
 <!-- BEGIN_TF_DOCS -->
 ## Requirements
 
@@ -216,6 +237,7 @@ module "ingress" {
 | <a name="input_alarm_evaluation_minutes"></a> [alarm\_evaluation\_minutes](#input\_alarm\_evaluation\_minutes) | Number of minutes of alarm state until triggering an alarm | `number` | `2` | no |
 | <a name="input_allow_overwrite"></a> [allow\_overwrite](#input\_allow\_overwrite) | Allow overwriting of existing DNS records | `bool` | `false` | no |
 | <a name="input_attach_certificate_domains"></a> [attach\_certificate\_domains](#input\_attach\_certificate\_domains) | Additional existing certificates which should be attached | `list(string)` | `[]` | no |
+| <a name="input_alias_weighted_routing"></a> [alias\_weighted\_routing](#input\_alias\_weighted\_routing) | Optional weighted routing configuration for Route 53 aliases | <pre>object({<br>    weight         = number<br>    set_identifier = string<br>  })</pre> | `null` | no |
 | <a name="input_certificate_types"></a> [certificate\_types](#input\_certificate\_types) | Types of certificates to look for (default: AMAZON\_ISSUED) | `list(string)` | <pre>[<br>  "AMAZON_ISSUED"<br>]</pre> | no |
 | <a name="input_create_domain_aliases"></a> [create\_domain\_aliases](#input\_create\_domain\_aliases) | List of domains for which alias records should be created | `list(string)` | n/a | yes |
 | <a name="input_description"></a> [description](#input\_description) | Human description for this load balancer | `string` | n/a | yes |
diff --git a/main.tf b/main.tf
@@ -61,11 +61,12 @@ module "alias" {
   providers = { aws = aws.route53 }
   source    = "./modules/alb-route53-alias"
 
-  alb_dns_name     = module.alb.dns_name
-  alb_zone_id      = module.alb.zone_id
-  allow_overwrite  = var.allow_overwrite
-  hosted_zone_name = var.hosted_zone_name
-  name             = each.value
+  alb_dns_name           = module.alb.dns_name
+  alb_zone_id            = module.alb.zone_id
+  alias_weighted_routing = var.alias_weighted_routing
+  allow_overwrite        = var.allow_overwrite
+  hosted_zone_name       = var.hosted_zone_name
+  name                   = each.value
 }
 
 module "target_group" {
diff --git a/modules/alb-route53-alias/README.md b/modules/alb-route53-alias/README.md
@@ -21,6 +21,7 @@ No modules.
 | Name | Type |
 |------|------|
 | [aws_route53_record.load_balancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
+| [aws_route53_record.weighted_load_balancer](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_record) | resource |
 | [aws_route53_zone.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
 
 ## Inputs
@@ -30,6 +31,7 @@ No modules.
 | <a name="input_alb_dns_name"></a> [alb\_dns\_name](#input\_alb\_dns\_name) | DNS name for the ALB for which an alias should be created | `string` | n/a | yes |
 | <a name="input_alb_zone_id"></a> [alb\_zone\_id](#input\_alb\_zone\_id) | Route53 zone for the ALB for which an alias should be created | `string` | n/a | yes |
 | <a name="input_allow_overwrite"></a> [allow\_overwrite](#input\_allow\_overwrite) | Allow overwriting of existing DNS records | `bool` | `false` | no |
+| <a name="input_alias_weighted_routing"></a> [alias\_weighted\_routing](#input\_alias\_weighted\_routing) | Optional weighted routing configuration for the Route 53 alias | <pre>object({<br>    weight         = number<br>    set_identifier = string<br>  })</pre> | `null` | no |
 | <a name="input_hosted_zone_name"></a> [hosted\_zone\_name](#input\_hosted\_zone\_name) | Hosted zone for AWS Route53 | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name of the Route 53 alias (example: www) | `string` | n/a | yes |
 
diff --git a/modules/alb-route53-alias/main.tf b/modules/alb-route53-alias/main.tf
@@ -1,5 +1,9 @@
 resource "aws_route53_record" "load_balancer" {
-  for_each = toset(var.hosted_zone_name == null ? [] : [var.hosted_zone_name])
+  for_each = toset(
+    var.hosted_zone_name == null || var.alias_weighted_routing != null ?
+    [] :
+    [var.hosted_zone_name]
+  )
 
   allow_overwrite = var.allow_overwrite
   name            = var.name
@@ -13,6 +17,30 @@ resource "aws_route53_record" "load_balancer" {
   }
 }
 
+resource "aws_route53_record" "weighted_load_balancer" {
+  for_each = (
+    var.hosted_zone_name == null || var.alias_weighted_routing == null ?
+    {} :
+    { (var.hosted_zone_name) = var.alias_weighted_routing }
+  )
+
+  allow_overwrite = var.allow_overwrite
+  name            = var.name
+  type            = "A"
+  zone_id         = data.aws_route53_zone.this[each.key].zone_id
+  set_identifier  = each.value.set_identifier
+
+  weighted_routing_policy {
+    weight = each.value.weight
+  }
+
+  alias {
+    evaluate_target_health = true
+    name                   = var.alb_dns_name
+    zone_id                = var.alb_zone_id
+  }
+}
+
 data "aws_route53_zone" "this" {
   for_each = toset(var.hosted_zone_name == null ? [] : [var.hosted_zone_name])
 
diff --git a/modules/alb-route53-alias/variables.tf b/modules/alb-route53-alias/variables.tf
@@ -14,6 +14,31 @@ variable "allow_overwrite" {
   description = "Allow overwriting of existing DNS records"
 }
 
+variable "alias_weighted_routing" {
+  description = "Optional weighted routing configuration for the Route 53 alias"
+  type = object({
+    weight         = number
+    set_identifier = string
+  })
+  default = null
+
+  validation {
+    condition = (
+      var.alias_weighted_routing == null ||
+      var.alias_weighted_routing.weight >= 0
+    )
+    error_message = "alias_weighted_routing.weight must be greater than or equal to 0."
+  }
+
+  validation {
+    condition = (
+      var.alias_weighted_routing == null ||
+      trimspace(var.alias_weighted_routing.set_identifier) != ""
+    )
+    error_message = "alias_weighted_routing.set_identifier must not be empty."
+  }
+}
+
 variable "name" {
   description = "Name of the Route 53 alias (example: www)"
   type        = string
diff --git a/variables.tf b/variables.tf
@@ -16,6 +16,31 @@ variable "allow_overwrite" {
   description = "Allow overwriting of existing DNS records"
 }
 
+variable "alias_weighted_routing" {
+  description = "Optional weighted routing configuration for Route 53 aliases"
+  type = object({
+    weight         = number
+    set_identifier = string
+  })
+  default = null
+
+  validation {
+    condition = (
+      var.alias_weighted_routing == null ||
+      var.alias_weighted_routing.weight >= 0
+    )
+    error_message = "alias_weighted_routing.weight must be greater than or equal to 0."
+  }
+
+  validation {
+    condition = (
+      var.alias_weighted_routing == null ||
+      trimspace(var.alias_weighted_routing.set_identifier) != ""
+    )
+    error_message = "alias_weighted_routing.set_identifier must not be empty."
+  }
+}
+
 variable "attach_certificate_domains" {
   description = "Additional existing certificates which should be attached"
   type        = list(string)
