Add an alternate domain name
The following task list describes how to use the CloudFront console to add an alternate domain name to your distribution so that you can use your own domain name in your links instead of the CloudFront domain name. For information about updating your distribution using the CloudFront API, see Configure distributions.
Note
If you want viewers to use HTTPS with your alternate domain name, see Use alternate domain names and HTTPS.
Before you begin: Make sure that you do the following before you update your distribution to add an alternate domain name:
Register the domain name with Route 53 or another domain registrar.
Get an SSL/TLS certificate from an authorized certificate authority (CA) that covers the domain name. Add the certificate to your distribution to validate that you are authorized to use the domain. For more information, see Requirements for using alternate domain names.
Add an alternate domain name
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v4/home
. -
Choose the ID for the distribution that you want to update.
-
On the General tab, choose Edit.
-
Update the following values:
- Alternate Domain Names (CNAMEs)
-
Add your alternate domain names. Separate domain names with commas, or type each domain name on a new line.
- SSL Certificate
-
Choose the following setting:
-
Use HTTPS – Choose Custom SSL Certificate, and then choose a certificate from the list. The list includes certificates provisioned by AWS Certificate Manager (ACM), certificates that you purchased from another CA and uploaded to ACM, and certificates that you purchased from another CA and uploaded to the IAM certificate store.
If you uploaded a certificate to the IAM certificate store but it doesn’t appear in the list, review the procedure Import an SSL/TLS certificate to confirm that you correctly uploaded the certificate.
If you choose this setting, we recommend that you use only an alternate domain name in your object URLs (https://www.example.com/logo.jpg). If you use your CloudFront distribution domain name (https://d111111abcdef8.cloudfront.net.cloudfront.net/logo.jpg), a viewer might behave as follows, depending on the value that you choose for Clients Supported:
-
All Clients: If the viewer doesn’t support SNI, it displays a warning because the CloudFront domain name doesn’t match the domain name in your TLS/SSL certificate.
-
Only Clients that Support Server Name Indication (SNI): CloudFront drops the connection with the viewer without returning the object.
-
-
- Clients Supported
-
Choose an option:
-
All Clients: CloudFront serves your HTTPS content using dedicated IP addresses. If you select this option, you incur additional charges when you associate your SSL/TLS certificate with a distribution that is enabled. For more information, see Amazon CloudFront Pricing
. -
Only Clients that Support Server Name Indication (SNI) (Recommended): Older browsers or other clients that don't support SNI must use another method to access your content.
For more information, see Choose how CloudFront serves HTTPS requests.
-
-
Choose Yes, Edit.
-
On the General tab for the distribution, confirm that Distribution Status has changed to Deployed. If you try to use an alternate domain name before the updates to your distribution have been deployed, the links that you create in the following steps might not work.
-
Configure the DNS service for the alternate domain name (such as www.example.com) to route traffic to the CloudFront domain name for your distribution (such as d111111abcdef8.cloudfront.net). The method that you use depends on whether you’re using Route 53 as the DNS service provider for the domain or another provider.
Note
If your DNS record already points to a distribution that is not the distribution that you are updating, then you only add the alternate domain name to your distribution after you update your DNS. For more information, see Restrictions on using alternate domain names.
- Route 53
-
Create an alias resource record set. With an alias resource record set, you don’t pay for Route 53 queries. In addition, you can create an alias resource record set for the root domain name (example.com), which DNS doesn’t allow for CNAMEs. For more information, see Routing traffic to an Amazon CloudFront web distribution by using your domain name in the Amazon Route 53 Developer Guide.
- Another DNS service provider
-
Use the method provided by your DNS service provider to add a CNAME record for your domain. This new CNAME record will redirect DNS queries from your alternate domain name (for example, www.example.com) to the CloudFront domain name for your distribution (for example, d111111abcdef8.cloudfront.net). For more information, see the documentation provided by your DNS service provider.
Important
If you already have an existing CNAME record for your alternate domain name, update that record or replace it with a new one that points to the CloudFront domain name for your distribution.
-
Using
dig
or a similar DNS tool, confirm that the DNS configuration that you created in the previous step points to the domain name for your distribution.The following example shows a
dig
request on the www.example.com domain, as well as the relevant part of the response.PROMPT> dig www.example.com ; <<> DiG 9.3.3rc2 <<> www.example.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15917 ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.example.com. IN A ;; ANSWER SECTION:
www.example.com. 10800 IN CNAME d111111abcdef8.cloudfront.net.
...The answer section shows a CNAME record that routes queries for www.example.com to the CloudFront distribution domain name d111111abcdef8.cloudfront.net. If the name on the right side of
CNAME
is the domain name for your CloudFront distribution, the CNAME record is configured correctly. If it’s any other value, for example, the domain name for your Amazon S3 bucket, then the CNAME record is configured incorrectly. In that case, go back to step 7 and correct the CNAME record to point to the domain name for your distribution. -
Test the alternate domain name by visiting URLs with your domain name instead of the CloudFront domain name for your distribution.
-
In your application, change the URLs for your objects to use your alternate domain name instead of the domain name of your CloudFront distribution.