Search code examples
amazon-web-servicesaws-api-gatewayamazon-cloudfrontcnamecustom-domain

Create custom domain returns error 409: CNAMEAlreadyExists

I am trying to create a custom domain in API Gateway as Edge-optimized and with a ACM certificate we store. But it returns the following error:

One or more of the CNAMEs you provided are already associated with a different resource. (Service: AmazonCloudFront; Status Code: 409; Error Code: CNAMEAlreadyExists; Request ID: 5299fd33-fb58-42a1-8836-33517969365b; Proxy: null)

I checked if there were any records in the hosted zone related to or with the same name that used it but there is nothing.

On the other hand, I have also checked if there was a CNAME with the same name in my CloudFront but I don't have any distribution with CNAMEs configured. (Perhaps they are AWS's own CloudFronts).

I did a DIG against the name I want to use and this is the result:

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60575
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;api.xxx.xxx.xx.com. IN A

;; AUTHORITY SECTION:
xxx.xxx.xx.com. 900 IN  SOA ns-11X5.awsdns-16.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 145 msec
;; SERVER: 192.168.238.254#53(192.168.238.254)
;; WHEN: Tue Sep 08 09:46:18 CEST 2020
;; MSG SIZE  rcvd: 145

I'm still investigating but I can't find anything in the account related to the name I'm trying to create. What can I do?

Solution

  • This error is down to a mapping of your domain to a CloudFront distribution.

    Be aware that if you have a wildcard alias targeting CloudFront (e.g. *.example.com) this will also cover any subdomains you try to create. Also try performing a DIG against your target domain to ensure that it does not already resolve to a CloudFront distribution.

    It is possible that it could be created in someone else's account although unlikely that this is what has occured.

    If you're sure that neither of the above situations have occured you can contact AWS support. By using the method in the How do I resolve the error CNAMEAlreadyExists when setting up a CNAME alias for my Amazon CloudFront distribution? article they should be able to either help you identify or to migrate to your account if someone had taken it.