A CloudFront distribution doesn’t inherently understand your domain name; it only knows its own unique domain, like d123abc456xyz.cloudfront.net.
Let’s see this in action. Imagine you have a CloudFront distribution serving your static website. You want users to access it via www.yourdomain.com instead of the CloudFront-provided domain.
Here’s a typical CloudFront distribution configuration:
{
"DistributionConfig": {
"CallerReference": "my-cloudfront-deploy-1678886400",
"Aliases": {
"Quantity": 1,
"Items": [
"www.yourdomain.com"
]
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "my-s3-origin",
"DomainName": "your-bucket-name.s3.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": "origin-access-identity/cloudfront/E123ABCDEF456789"
}
}
]
},
"Enabled": true,
"Comment": "CloudFront distribution for www.yourdomain.com",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"DefaultCacheBehavior": {
"TargetOriginId": "my-s3-origin",
"ViewerProtocolPolicy": "redirect-to-https",
"AllowedMethods": {
"Quantity": 2,
"Items": [
"GET",
"HEAD"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"GET",
"HEAD"
]
}
},
"Compress": true,
"ForwardedValues": {
"QueryString": false,
"Cookies": "none",
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"GET",
"HEAD"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"GET",
"HEAD"
]
}
},
"SmoothStreaming": false
},
"PriceClass": "PriceClass_100",
"ViewerCertificate": {
"ACMCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/your-certificate-id",
"SSLSupportMethod": "sni-only",
"MinimumProtocolVersion": "TLSv1.2_2018",
"CertificateSource": "acm"
},
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
}
The problem is, when a user types www.yourdomain.com into their browser, the DNS system needs to translate that human-readable name into an IP address that the browser can connect to. By default, it doesn’t know this IP address is actually served by CloudFront. This is where Route 53 comes in, acting as the bridge.
Route 53’s Alias records are specifically designed for this. Instead of pointing a traditional A or CNAME record to a fixed IP address or another domain name, an Alias record points to an AWS resource, like your CloudFront distribution. Route 53 then automatically resolves the Alias record to the correct IP addresses for that resource.
Here’s how you’d set up an Alias record in Route 53 for your CloudFront distribution:
- Navigate to Route 53: In the AWS Management Console, go to the Route 53 service.
- Hosted Zones: Select the hosted zone for your domain (e.g.,
yourdomain.com). - Create Record: Click "Create record."
- Record Name: Enter
www(or leave blank for the root domain,yourdomain.com). - Record Type: Select
A – IPv4 address. - Alias Toggle: Turn the "Alias" toggle ON.
- Route traffic to:
- Choose "Alias to CloudFront distributions."
- In the dropdown that appears, select your CloudFront distribution. It will often be displayed with its distribution domain name (e.g.,
d123abc456xyz.cloudfront.net).
- Routing Policy: Leave as "Simple routing."
- Evaluate Target Health: Usually "No" for CloudFront.
- Create Records: Click "Create records."
You’ll notice that when you select "Alias to CloudFront distributions," Route 53 automatically handles the underlying IP resolution. It’s not just a DNS lookup; it’s an integration that understands the dynamic nature of AWS resources.
The most surprising true thing about Alias records is that they can resolve to multiple IP addresses for a single record, unlike traditional CNAMEs or A records which typically point to a single endpoint. For CloudFront, this means Route 53 will provide the current set of IP addresses that AWS uses to route traffic to your distribution, and this set can change over time as AWS scales its infrastructure.
When a user’s browser requests www.yourdomain.com, the request first hits Route 53. Because it’s an Alias record pointing to CloudFront, Route 53 doesn’t just give back a single IP. Instead, it returns the IP addresses that AWS’s global network of edge locations uses for that specific CloudFront distribution. The browser then initiates a connection to one of these edge locations, which in turn fetches content from your origin (like an S3 bucket) and serves it to the user. This entire process is transparent to the end-user, appearing as a direct lookup to www.yourdomain.com.
If you also want to serve content from your root domain (yourdomain.com), you’d repeat the process, but leave the "Record name" field blank. You would then create another Alias record of type A for the root domain, pointing to the same CloudFront distribution.
The next thing you’ll likely want to tackle is setting up HTTPS for your custom domain, which involves integrating AWS Certificate Manager (ACM) with your CloudFront distribution.