Custom domain names with the CDK

When using the CDK to create a few services (cloudfront and cognition) I run into a circular problem: I can't create the custom domain in the service until the CNAME record exists, but the CNAME record can't exist yet because I haven't created the service.

Example:

    const domainNames=["my.something.com"];
    const certificate = Certificate.fromCertificateArn(stack, "some-id", "arn:aws:acn:us-east-1:........");

    const cfconfig = new CloudFrontWebDistribution(stack,
        "xxx-cloudfront-static",
        {
           /* more stuff */
           viewerCertificate: ViewerCertificate.fromAcmCertificate(certificate, { aliases: domainNames })
        }
    );

This attempt just gets you this:

One or more aliases specified for the distribution includes an incorrectly configured DNS record that points to another CloudFront distribution. You must update the DNS record to correct the problem. For more information, see https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-restrictions

This happens with Cognito as well. To get around this, I have to omit the custom domain, then give the ops team manual instructions to

• Deploy the stack
• Go into the console and get the real cloudfront and cognito distribution hostnames
• Modify the CNAME records in their DNS (not route 53)
• Go back into the console and manually set up the custom domains for cloudfront and cognito

Is this just the way it is or am I missing something?

It is possible this is just a matter of patience. I destroyed my stack and created it again, but I had old CNAME records now pointing to the new place. I deleted them, but maybe I need to wait longer for them to time out. I had created all the old records with 15 minute TTLs but maybe somebody along the way is not honoring those TTLs.