AWS Cloudfront 备用域名 403 被禁止

Question

I have set up a cloudfront distribution successfully and I am able to navigate to the default domain provided by Cloudfront. I have also set up a alternate domain name using AWS Certificate Manager (ACM). The SSL has been issued and verified by the cname record I added.

For the cname entry in Google Domains I am using:

www CNAME cloudfront-distribution-name.cloudfront.net

When I try to navigate to the alternate domain: domain.com I receive a 403 forbidden network response. See screenshot below:

Note: I set up the cloudfront distribution using a website endpoint as the origin.

Here is the origin config:

Here is the behavior config:

Answer 1

I resolved the issue. Go to cloudfront and then under the 'general' tab select edit. Add a Cert with two domain names:

domain.com *.domain.com

Add the appropriate CNAME record to verify the SSL cert. Then add another CNAME record to verify the www.domain.com . It should look something like this in your DNS:

Record Name: _2958323dad0598j4cb4e722d0d8k5921.domain.com
Type: CNAME
Value: _7sk82036f90ffb2be52p922c080174f8.bsgbmzkfwj.acm-validations.aws

Note: For certain DNS providers you will not include the .domain.com portion as this gets automatically added. (Google domains is one example)

Record Name: www.domain.com
Type: CNAME
Value: x8k4nz5ok8a8dj.cloudfront.net

Note: For certain DNS providers you will not include the .domain.com portion it will just be www for the CNAME record.