Point a subdomain from Route53 to CloudFront without using CNAME

Question

I have a subdomain (dev.example.com) and I need to point it to my cloudfront distribution (xyz.cloudfront.net). I did the following steps

1) Created the cloudfront distribution. DID NOT specify anything in the Cname field while creating the cloud front distribution.

2) Created an Alias record in Route53 with 'A' record and pointed dev.example.com to xyz.cloudfront.net.

But this setup does not work. It works only if I specify cname field in the cloudfront distribution.

Any ideas to get this working ?

Answer 1

CloudFront needs the so-called CNAME entry (Alternate Domain Name) in its configuration order to associate the incoming request with the distribution, and for this reason, they must be globally unique.

There is, however, an exception for wildcards that appear to conflict with single subdomains... they don't.

If you are using a subdomain, it should be possible to work around the CloudFront limitation on Alternate Domain Name assignments by provisioning the two distributions like this:

blue:  dev.example.com
green: *.example.com

Point the DNS record for dev.example.com to the CloudFront endpoint for green. (And don't get ahead of me...)

You will find that in spite of the DNS setup, the blue side will handle dev.example.com requests because CloudFront does not actually know or care how the request was routed to it -- it uses SNI and the Host header to select the correct distribution. Requests for dev.example.com will match blue regardless of which DNS record is used for the intermediate routing.

To switch traffic to green, remove the Alternate Domain Name from blue, and the wildcard on green will automatically start carrying the traffic. No DNS change needed.

This is documented behavior:

You cannot add an alternate domain name to a CloudFront distribution if the alternate domain name already exists in another CloudFront distribution, even if your AWS account owns the other distribution.

However, you can add a wildcard alternate domain name, such as *.example.com, that includes (that overlaps with) a non-wildcard alternate domain name, such as www.example.com. Overlapping domain names can be in the same distribution or in separate distributions as long as both distributions were created by using the same AWS account. (emphasis added)

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-restrictions