0

I am trying to create a custom domain in API Gateway as Edge-optimized and with a ACM certificate we store. But it returns the following error:

One or more of the CNAMEs you provided are already associated with a different resource. (Service: AmazonCloudFront; Status Code: 409; Error Code: CNAMEAlreadyExists; Request ID: 5299fd33-fb58-42a1-8836-33517969365b; Proxy: null)

I checked if there were any records in the hosted zone related to or with the same name that used it but there is nothing.

On the other hand, I have also checked if there was a CNAME with the same name in my CloudFront but I don't have any distribution with CNAMEs configured. (Perhaps they are AWS's own CloudFronts).

I did a DIG against the name I want to use and this is the result:

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60575
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;api.xxx.xxx.xx.com. IN A

;; AUTHORITY SECTION:
xxx.xxx.xx.com. 900 IN  SOA ns-11X5.awsdns-16.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 145 msec
;; SERVER: 192.168.238.254#53(192.168.238.254)
;; WHEN: Tue Sep 08 09:46:18 CEST 2020
;; MSG SIZE  rcvd: 145

I'm still investigating but I can't find anything in the account related to the name I'm trying to create. What can I do?

user1911
  • 680
  • 1
  • 14
  • 36

2 Answers2

2

This error is down to a mapping of your domain to a CloudFront distribution.

Be aware that if you have a wildcard alias targeting CloudFront (e.g. *.example.com) this will also cover any subdomains you try to create. Also try performing a DIG against your target domain to ensure that it does not already resolve to a CloudFront distribution.

It is possible that it could be created in someone else's account although unlikely that this is what has occured.

If you're sure that neither of the above situations have occured you can contact AWS support. By using the method in the How do I resolve the error CNAMEAlreadyExists when setting up a CNAME alias for my Amazon CloudFront distribution? article they should be able to either help you identify or to migrate to your account if someone had taken it.

Chris Williams
  • 32,215
  • 4
  • 30
  • 68
  • Thanks Chris, I performed the DIG against the domain and did not get a response section just an Authority section and a question section, can the authority section the issue? – user1911 Sep 08 '20 at 08:00
  • Was the DIG against the exact domain you intend to use? How does it look when you run it against a known domain? – Chris Williams Sep 08 '20 at 08:35
  • I've just added the DIG result to the post, thanks ! – user1911 Sep 08 '20 at 09:59
0

I had the same issue and following this guide I was able to find out, that there was an active distribution in another account that was using the same CNAME. After some more research I found out that my predecessor had created an API Gateway that was using the same CNAME. API Gateways create "shadow" CloudFront distributions in different accounts. After deleting the API Gateway it was possible to associate the CNAME with my distribution.

adonig
  • 189
  • 2
  • 9