I am running some of our backend REST services with Amazon ECS (Docker) and they change their public IP on every restart.
I'm using AWS Route 53 Auto Naming (aka servicediscovery) to register new A records on the DNS when a new backend instance spins up.
Everything works fine except the backends are using HTTP. I wish to secure them with HTTPS and I was looking to Let's Encrypt/Certbot and here comes the issue.
I wish to obtain a wildcard certificate for all names in the hosted zone, let's say *.aws.example.com, but I need to add a verification TEXT record on the Hosted Zone, and it is not possible.
The error message I get is:
The resource hostedzone/Z1R8P3NTRAIWDS can only be managed through servicediscovery.amazonaws.com (arn:aws:servicediscovery:eu-west-1:263810592360:namespace/ns-cuqs46hqusim4jih)
How can I add some static records to my Hosted Zone managed by service discovery?