Point a subdomain from Route53 to CloudFront without using CNAME

3
votes

I have a subdomain (dev.example.com) and I need to point it to my cloudfront distribution (xyz.cloudfront.net). I did the following steps

1) Created the cloudfront distribution. DID NOT specify anything in the Cname field while creating the cloud front distribution.

2) Created an Alias record in Route53 with 'A' record and pointed dev.example.com to xyz.cloudfront.net.

But this setup does not work. It works only if I specify cname field in the cloudfront distribution.

Any ideas to get this working ?

4
amazon-web-servicesamazon-route53
In DNS terms, an A record means the domain or subdomain points to an IPv4 address, while a CNAME points to another domain or subdomain. An Alias record is something "created" by AWS to allow you to make your zone apex (the top domain, example.com) point to another domain or subdomain - In other words, it's equivalent to a CNAME, but specific to the apex. It was created because the DNS specification/standard doesn't support CNAMEs for the apex - See docs.aws.amazon.com/Route53/latest/DeveloperGuide/… for more info about Alias.jweyrich
@jweyrich. He is using an ALIAS record. To create an ALIAS record you start with Type A and then enable ALIAS. He is speaking of the Alternate Domain Names (CNAMEs) in the CloudFront setup.John Hanley
Thanks, Actually I have 2 cloudfront distributions created to support blue green deployments. I wanted a way to switch between both the distributions at the route53 level. If I have update the CNAME in cloudfront, the update is going to take a lot of time, each time I have switch between my blue and green cloudfront distribution. Any ideas on how to address this ?AWS Enthusiastic
Yes, enter both names in the CNAME field. CloudFront does not care if the origin matches the CNAME except for S3. Also create an SSL certificate via ACM with all your domain names and enable SSL.John Hanley
@jweyrich. For internal AWS services, you use an ALIAS A record as Route 53 is internally tracking the IP addresses of the target as it dynamically changes. If the target is outside of AWS or does not support ALIAS then you would use a CNAME.John Hanley

4 Answers

3
votes

When accessing a CloudFront distribution, from anything other than the *.cloudfront.net URL, you must specify the CNAME. Even if you're using an A record.

You are creating an ALIAS record in Route 53. Even though you are not creating a CNAME record, you must specify your DNS entry dev.example.com in the CNAME field of your distribution.

Otherwise, CloudFront will not know what distribution you are requesting.

The alternative is to use a dedicated IP address, but that will cost you $600.

3
votes

Unless you only plan to use the CloudFront domain names, you must include one or more custom domain names, such as dev.example.com, in the Alternate Domain Names box if you want CloudFront to serve those domains.

3
votes

CloudFront needs the so-called CNAME entry (Alternate Domain Name) in its configuration order to associate the incoming request with the distribution, and for this reason, they must be globally unique.

There is, however, an exception for wildcards that appear to conflict with single subdomains... they don't.

If you are using a subdomain, it should be possible to work around the CloudFront limitation on Alternate Domain Name assignments by provisioning the two distributions like this:

blue:  dev.example.com
green: *.example.com

Point the DNS record for dev.example.com to the CloudFront endpoint for green. (And don't get ahead of me...)

You will find that in spite of the DNS setup, the blue side will handle dev.example.com requests because CloudFront does not actually know or care how the request was routed to it -- it uses SNI and the Host header to select the correct distribution. Requests for dev.example.com will match blue regardless of which DNS record is used for the intermediate routing.

To switch traffic to green, remove the Alternate Domain Name from blue, and the wildcard on green will automatically start carrying the traffic. No DNS change needed.

This is documented behavior:

You cannot add an alternate domain name to a CloudFront distribution if the alternate domain name already exists in another CloudFront distribution, even if your AWS account owns the other distribution.

However, you can add a wildcard alternate domain name, such as *.example.com, that includes (that overlaps with) a non-wildcard alternate domain name, such as www.example.com. Overlapping domain names can be in the same distribution or in separate distributions as long as both distributions were created by using the same AWS account. (emphasis added)

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-restrictions

-1
votes

You can do that with,

Dedicated IP Custom SSL feature

It will cost you $600 for dedicated IP Address at Cloudfront POP's.

More details here

Once you have the dedicated IP, then you can create A record in DNS pointing to those IP Address(s).

Cloudfront works based on SNI (Server Name Indication) which needs a CNAME to map your distribution to.

Hope it helps.