Workaround for CNAME to external web sites at the zone apex

2 minute read
Content level: Foundational

If you wants to set a CNAME for an external system in a Route 53 hosted zone, and there is a Zone Apex or other record, it cannot be set. The workaround for this is described below.

As is known, it is stated in RFC 1912 that CNAMEs cannot be set together with other Resource Record Sets.

However, our customer may want to have a resource outside of AWS name resolved with CNAME.

For example, if a customer is using a CDN other than CloudFront and needs to use CNAME.

In this case, an Alias record cannot also be used.


The majority of cases where CNAME is used in Zone Apex is for website browsing.

In this case, a new CloudFront distribution can be created and used as a reverse proxy to use an external CDN or other website as the origin.

Since Alias records can be set for CloudFront, this can be accomplished via CloudFront if there is a Zone Apex that was intended to be set as a CNAME.

In many cases this could be a workaround.

Example -> Zone Apex -> CNAME of External CDN -> CloudFront Distribution

Domain Name:


CloudFront Origin:

In this example, we can see that the External CDN can be specified as the origin.

Although multiple tiers of CDNs add extra cost, if cacheable, the cost can be contained.

published a month ago831 views