I'm working on a simple website, currently it is static content hosted on a S3 bucket and served via a CloudFront distribution, so far so good.
I recently purchased a domain on Route 53 and want to use it to redirect traffic to the distribution but I'm facing some issues.
First of all, I'm managing both the distribution and the bucket via cdk, and it is configured for the eu-central-1 (Frakfurt) region.
I'm now trying trough the console to add a A record to my domain hosted zone (the default one, the one created by Route 53 itself) as an alias to the CloudFront distribution: problem is when checking "alias" and selecting "Alias to CloudFront distribution" from the drop down the region drop down become desabled on N.Virginia with the following message and none of my distributions appears in the third drop down list.
AFAIK both Route 53 and CloudFront are global services, so I cannot understand why a specific region is involved.
The message is: "An alias to a CloudFront distribution and another record in the same hosted zone are global and available only in US East (N. Virginia)."
I tried forcing the distribution name, but it gives error upon saving, while with the distribution domain it doesn't but still when trying to reach my domain via web browser (Chrome) I get a "Site can't be reached" with the DNS_PROBE_FINISHED_NXDOMAIN.
Am I missing some steps?
Update #1 - ACM public certificate
I've been suggested to add an alternate domain name to my distribution that match the hosted zone domain so I requested a public certificate from AWS Certificate Manager (from web console, not cdk).
When editing the distribution the certificate do not appear in the dropdown list.
The certificate has been requested from Frankfurt, is that the reason I cannot select it? Do I need to request another one from N. Virginia?
Mroreover, I can crete a DNS record in Route 53 directly from certificate details page, but when trying I cannot select my domain (the only option) as it is disabled: why is that?
I'm working on a simple website, currently it is static content hosted on a S3 bucket and served via a CloudFront distribution, so far so good.
I recently purchased a domain on Route 53 and want to use it to redirect traffic to the distribution but I'm facing some issues.
First of all, I'm managing both the distribution and the bucket via cdk, and it is configured for the eu-central-1 (Frakfurt) region.
I'm now trying trough the console to add a A record to my domain hosted zone (the default one, the one created by Route 53 itself) as an alias to the CloudFront distribution: problem is when checking "alias" and selecting "Alias to CloudFront distribution" from the drop down the region drop down become desabled on N.Virginia with the following message and none of my distributions appears in the third drop down list.
AFAIK both Route 53 and CloudFront are global services, so I cannot understand why a specific region is involved.
The message is: "An alias to a CloudFront distribution and another record in the same hosted zone are global and available only in US East (N. Virginia)."
I tried forcing the distribution name, but it gives error upon saving, while with the distribution domain it doesn't but still when trying to reach my domain via web browser (Chrome) I get a "Site can't be reached" with the DNS_PROBE_FINISHED_NXDOMAIN.
Am I missing some steps?
Update #1 - ACM public certificate
I've been suggested to add an alternate domain name to my distribution that match the hosted zone domain so I requested a public certificate from AWS Certificate Manager (from web console, not cdk).
When editing the distribution the certificate do not appear in the dropdown list.
The certificate has been requested from Frankfurt, is that the reason I cannot select it? Do I need to request another one from N. Virginia?
Mroreover, I can crete a DNS record in Route 53 directly from certificate details page, but when trying I cannot select my domain (the only option) as it is disabled: why is that?
Share Improve this question edited Jan 21 at 8:09 fudo asked Jan 20 at 8:29 fudofudo 2,8808 gold badges27 silver badges68 bronze badges 9- Even though CloudFront distributions are global, the alias record for a hosted zone must be configured with CloudFront via the US East (N. Virginia) region. The distribution region (Frankfurt in your case) is unrelated to the Route 53 alias record setup. – root69 Commented Jan 20 at 8:58
- @root69 so that means I need to "move" my distribution to N. Virginia region to make it work? – fudo Commented Jan 20 at 9:00
- No, when setting up the alias record in Route 53, use the N. Virginia region for the alias target selection, then your CloudFront distribution should still appear in the dropdown list when you are in the hosted zone console for your domain. Your distribution remains global, and this limitation only affects the Route 53 alias setup, which must be done in N. Virginia. – root69 Commented Jan 20 at 9:08
- Do you have the CloudFront distribution set up with an alternative domain name that matches your desired domain name? If not, that's probably the reason it doesn't appear in the list. – deceze ♦ Commented Jan 20 at 9:11
- @root69 I can't: after selecting "Alias to CloudFront distribution" in the first drop down, the region one became disabled and automatically set to N. Virginia and my distribution doesn't appear in the third dropdown – fudo Commented Jan 20 at 9:38
1 Answer
Reset to default 2Firstly, you are right that CloudFront is a global resource, so region is not relevant. So when Route 53 defaults to us-east-1 with no option to change it, it is just AWS way of saying that the region is irrelevant here. So don't worry about this.
What you may need to check is whether your distribution has a valid certificate and has an alternate domain name configured that matches the Route 53 zone, i.e., silviogratani.it.