1

In Aws Certificate Manager, I have created SSL certificate and add it to dns.

*.test.example.com

In Cloudfront, I have created a distribution With below CNAME

dev.test.example.com

Then, I can successfully access dev.test.example.com.

After that, I try to create Another distribution with CNAME uat.test.example.com using the same SSL certificate

But error occurs and cannot create the distribution. 

com.amazonaws.services.cloudfront.model.CNAMEAlreadyExistsException: One or more aliases specified for the distribution includes an incorrectly configured DNS record that points to another CloudFront distribution. You must update the DNS record to correct the problem
Jonathan Hall
  • 75,165
  • 16
  • 143
  • 189
CCCC
  • 5,665
  • 4
  • 41
  • 88
  • I think for the second CNAME, you have to add it as `*.test.example.com` rather then `uat.test.example.com`. Have you tried that? – Marcin Dec 23 '20 at 11:08
  • Can u explain for the reason? Because i already create SSL cert for *.test.example.com – CCCC Dec 23 '20 at 12:43
  • In the [docs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-restrictions) in section "Duplicate and overlapping alternate domain names" they suggest it. Its possible it applies to your case? – Marcin Dec 23 '20 at 12:48

1 Answers1

0

Dont use wildcards (*) in your DNS for cloudfront, just for the certificate. You should create a CNAME for each domain name and point it to its appropriate cloudfront url:

dev.test.example.com CNAME 0123456789.cloudfront.net

uat.test.example.com CNAME 9876543210.cloudfront.net

Having *.test.example.com is perfectly valid DNS, but means all traffic matching *.test.example.com (which would include your dev, uat, and any other future subdomains) will be sent to your dev cloudfront distribution.

MisterSmith
  • 2,884
  • 1
  • 10
  • 13