I'm trying to transfer an alternate domain name from one Cloudfront distribution to another, following the instructions on this page: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-move
When I run the following command: aws cloudfront associate-alias --alias dev.example.net --target-distribution-id E37*********** it gives the error message An error occurred (IllegalUpdate) when calling the AssociateAlias operation: Invalid or missing alias DNS TXT records.
I have added the DNS TXT record and waited for it to report INSYNC in the console.
The subdomain I am trying to transfer is dev.example.net and as per the doc, I've added a TXT record for _dev.example.net. I have done this by adding a record to our example.net hosted zone with the subdomain _dev.
Here's how the record appears in Route 53 console: Route 53 record
Performing nslookup -q=TXT _dev.example.net gives the following:
Server: ip-***-**-*-*.ap-southeast-2.compute.internal
Address: ***.**.*.*
Non-authoritative answer:
_dev.example.net text =
"d*************.cloudfront.net"
If it helps, before I added that TXT record, nslookup -q=TXT _dev.example.net gave the following response:
Server: ip-***-**-*-*.ap-southeast-2.compute.internal
Address: ***.**.*.*
example.net
primary name server = ns-1536.awsdns-00.co.uk
responsible mail addr = awsdns-hostmaster.amazon.com
serial = 1
refresh = 7200 (2 hours)
retry = 900 (15 mins)
expire = 1209600 (14 days)
default TTL = 86400 (1 day)
Other info:
dev.example.net associated with itexample.net is a placeholder for my actual root domain throughoutdev. rather than _dev._.dev. (as per some Japanese article I found)dev.example.net to my target distribution in Route 53 yet. In the docs it indicates that that should be done after running the associate-alias command successfully.Turns out it was the private hosted zone causing problems.
For me, the solution was to use our public production example.net hosted zone and create _dev.example.net TXT d******.cloudfront.net there.