Posted On: Jul 8, 2021

Amazon CloudFront announces two new APIs, ListConflictingAliases and AssociateAlias, that help locate and move Alternate Domain Names (CNAMEs) if you encounter the CNAMEAlreadyExists error code. These new APIs let you see which distribution has the CNAME and move the CNAME to a target distribution as long as the source distribution is in the same account or if the source distribution in another account is disabled. To move a CNAME between accounts where the source distribution is still enabled, you must contact AWS Support and follow these steps.

The ListConflictingAliases API allows you to identify a given CNAME, either a specific subdomain or a wildcard, and returns a list of CNAMEs that match or overlap that CNAME. The API also returns corresponding (but partially obfuscated) information about the distribution ID and account ID where each CNAME is located to facilitate follow-up investigations. The AssociateAlias API enables you to move a given CNAME to a target distribution as long as the two distributions are in the same account or the source distribution is disabled. To use either of these APIs, domain validation checks must pass for the call to succeed. To learn more, see Moving an alternate domain name to a different distribution in the CloudFront Developer Guide.

In addition, with the launch of these APIs and the introduction of domain validation in April 2019, CloudFront no longer returns the CNAMEAlreadyExists error code in scenarios involving a cross-account wildcard CNAME. For example, now you can have a wildcard CNAME such as *.example.com on a distribution in Account A and a specific subdomain such as test.example.com on a distribution in Account B.