How do I resolve the error CNAMEAlreadyExists when setting up a CNAME alias for my Amazon CloudFront distribution?

Last updated: 2019-07-16

When I try to add a CNAME alias to a single Amazon CloudFront distribution or multiple distributions, I get an error similar to the following:

"Status Code: 409; Error Code: CNAMEAlreadyExists; Request ID:a123456b-c78d-90e1-23f4-gh5i67890jkl" 

Short Description

You can't use the same CNAME alias for more than one CloudFront distribution. The CNAMEAlreadyExists error occurs when the CNAME alias you're trying to add is already associated with another CloudFront distribution.

Resolution

If the error code you receive is "CNAMEAlreadyExists" and you want to move the CNAME to another distribution, follow these steps:

Note: AWS Support can't associate the same CNAME for more than one distribution. They can assist you only with switching a CNAME between two distributions or with removing a CNAME from a distribution.

1.    Direct your DNS provider to create a TXT record in the following format:

<CNAME alias> TXT <CloudFront distribution name>

For example, if you're adding the CNAME alias example.com for your CloudFront distribution named d123.cloudfront.net, then direct your DNS provider to create the following TXT record:

example.com TXT d123.cloudfront.net

If your DNS provider doesn't allow for identical TXT and CNAME records, consider adding an underscore before the CNAME alias in the TXT record. For example, the following TXT and CNAME records are identical: 

cname.example.com.   900   IN   TXT     "dexample123456.cloudfront.net"
cname.example.com.   900   IN   CNAME   "dexample123456.cloudfront.net"

These TXT and CNAME records differ because there is an underscore before the first entry: 

_cname.example.com.   900   IN   TXT     "dexample123456.cloudfront.net"
cname.example.com.   900   IN   CNAME   "dexample123456.cloudfront.net"

Note: CNAME records created by your DNS provider might take some time to propagate. You might not see changes until after the DNS record has fully propagated through your DNS provider and the Time To Live (TTL) has expired on already-served DNS requests.

2.    Add a valid SSL certificate to the CloudFront distribution that covers the CNAME that you want to move. The SSL certificate must also cover any other new CNAMEs that you want to associate with the distribution.

3.    After the TXT record is created and you've added an SSL certificate to the distribution, contact AWS Support. Ask that AWS verify the ownership of the DNS domain name and confirm that you can add the CNAME alias to the distribution. Be sure that you provide a copy of the CNAMEAlreadyExists error message in your case with AWS Support.