We're using cloudfront to front end a web app (myapp.com with s3, lambda, athena, ... etc) Before a new release we're creating an entire new distribution (next.myapp.com) with new code and content, testing and then would like to make it the live version of myapp.com. But this doesn't seem possible.
Multiple Cloudfront distributions can't have the same CNAMEs so we can't change the DNS entry for myapp.com to point to the new service. Changing the distribution means there's a delay as the new config populates around the world.
Is there away of doing this using amazon infrastructure? Or am I doing this completely wrong? Would like to be able to migrate the live service ASAP, but still have the existing version available for manual failback if the release breaks something
This is possible with only a very brief period of downtime, if you follow these steps.
Create the new distribution with the correct certificate but no Alternate Domain Name, and allow it to stabilize.
Change the DNS for the site to point to the new distribution. This does not have the negative impact that you would assume, because the site continues to work on the existing distribution. CloudFront does not differentiate between arrival endpoints -- it's only looking at the SNI and Host header, matching these against the Alternate Domain Name -- so the old distribution will continue to handle the traffic.
Edit the existing distribution to remove the Alternate Domain Name. You do not need to wait for it to return to "Deployed" status.
Edit the new distribution to add the Alternate Domain Name. You may have to attempt this more than once but it will eventually be accepted.