By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How a CloudFront distribution with empty alternate domain name works correctly?

0

I manage 3 AWS accounts (for Route 53, production, and staging).

I created a Route 53 alias record for a subdomain that points to a CloudFront distribution of the STG environment. It worked fine.

Then I decided to change it so that the subdomain would be resolved to the PROD and did the following.

  1. I changed the alternate domain name of the STG distribution to empty.
  2. I changed the alternate domain name of the PROD distribution to the subdomain.
  3. But I forgot to update the Route 53 alias record. So it still pointed to the STG, which had no alternate domain name.

However, it worked as intended. The subdomain resolved to the PROD distribution without problems, and I didn't notice the wrong DNS configuration for a long time. Now I want to know how such a thing could happen. Is there any AWS document that explains how it handle an alias and route it to a possible CloudFront distribution somehow nicely?

Topics
Networking & Content Delivery
Tags
Amazon CloudFrontAmazon Route 53
Language
English
AWS-User-4611435
asked 9 months ago391 views
1 Answer
2

Thank you for the great details. Please allow me to explain with examples, assuming we have:

Sub-domain: cf.example.com
Staging: d123.cloudfront.net
Production: d456.cloudfront.net

Status: alternate domain names was re-assigned to d456.cloudfront.net, while DNS record cf.example.com is still pointing to d123.cloudfront.net.

It would still work as:

  • The client resolves cf.example.com (as if resolving d123.cloudfront.net) and connects to the CloudFront PoP.
  • The client sends an HTTP request with Host: cf.example.com host header.
  • With this Host header, CloudFront learns that this request belongs to the production distribution, where alternate domain name is configured.

I would still recommend to modify DNS record cf.example.com to point to the correct distribution, for example, to avoid the situation that staging distribution gets disabled. I would also recommend taking a look at this doc to move alternate domain names between distributions without any downtime.

Lastly, the most relevant document would be this one while there are many great re:invent presentations explaining with more details, such as the very beginning of this talk that briefly explains HTTP request lifecycle.

AWS
weidi
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content