How a CloudFront distribution with empty alternate domain name works correctly?

Question

I manage 3 AWS accounts (for Route 53, production, and staging).

I created a Route 53 alias record for a subdomain that points to a CloudFront distribution of the STG environment. It worked fine.

Then I decided to change it so that the subdomain would be resolved to the PROD and did the following.

1. I changed the alternate domain name of the STG distribution to empty.
2. I changed the alternate domain name of the PROD distribution to the subdomain.
3. But I forgot to update the Route 53 alias record. So it still pointed to the STG, which had no alternate domain name.

However, it worked as intended. The subdomain resolved to the PROD distribution without problems, and I didn't notice the wrong DNS configuration for a long time. Now I want to know how such a thing could happen. Is there any AWS document that explains how it handle an alias and route it to a possible CloudFront distribution somehow nicely?

Answer

Thank you for the great details. Please allow me to explain with examples, assuming we have:

```
Sub-domain: cf.example.com
Staging: d123.cloudfront.net
Production: d456.cloudfront.net 
```

Status: alternate domain names was re-assigned to `d456.cloudfront.net`, while DNS record `cf.example.com` is still pointing to `d123.cloudfront.net`.

---

It would still work as:
- The client resolves `cf.example.com` (as if resolving `d123.cloudfront.net`) and connects to the CloudFront PoP.
- The client sends an HTTP request with `Host: cf.example.com` host header.
- With this `Host` header, CloudFront learns that this request belongs to the *production* distribution, where alternate domain name is configured.

---

I would still recommend to modify DNS record `cf.example.com` to point to the correct distribution, for example, to avoid the situation that staging distribution gets disabled. I would also recommend taking a look at this [doc](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-move-options) to move alternate domain names between distributions without any downtime.

Lastly, the most relevant document would be this [one](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/HowCloudFrontWorks.html#HowCloudFrontWorksContentDelivery) while there are many great re:invent presentations explaining with more details, such as the very beginning of [this talk](https://www.youtube.com/watch?v=tHmbK07-vMk) that briefly explains HTTP request lifecycle.

How a CloudFront distribution with empty alternate domain name works correctly?

관련 콘텐츠