Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Amplify Hosting custom domain stuck in regenerate-and-fail loop with CloudFront alias-conflict

0

Symptom

Amplify Hosting custom domain association is stuck in a regenerate-and-fail loop. Each Save/Retry cycle provisions a fresh underlying CloudFront distribution which then fails its alias-attach with the error below, even when the customer-side DNS CNAME has been updated to match the latest distribution and propagation is verified across multiple resolvers.

Error

domainStatus: FAILED
statusReason: One or more aliases specified for the distribution includes
              an incorrectly configured DNS record that points to another
              CloudFront distribution. You must update the DNS record to
              correct the problem.

Pattern observed

  • ACM cert validation CNAME present and resolving correctly via 1.1.1.1, 8.8.8.8, 9.9.9.9
  • App CNAME updated to the value Amplify reports in subDomains[0].dnsRecord (queried via aws amplify list-domain-associations)
  • DNS-only / unproxied at the DNS provider (no CDN proxy in front)
  • Status briefly transitions AWAITING_APP_CNAMEverified=trueFAILED with the error above, roughly 60 seconds after CNAME propagation completes
  • Each Retry → Save in the console regenerates the underlying CloudFront distribution to a new hostname; status returns to AWAITING_APP_CNAME with the new expected target
  • Even after a clean Remove → 5 min wait → Add cycle (verified domainAssociations: [] between), the next provisioning hits the same conflict
  • The Amplify-provisioned distribution at time of failure had real A records — distribution itself appeared healthy

Working theory

CloudFront's internal alternate-domain-name registry still has the alias claimed by one (or more) of the prior Amplify-provisioned distributions whose underlying state didn't fully release the alias when Amplify tore them down. Each new distribution trips the alias-conflict check, and each Save/Retry adds another orphan claim, making it worse.

What I've tried

  1. Retry on FAILED with DNS already updated to the expected target → same failure
  2. Remove → 5 min wait → Add (clean slate, association list empty between) → updated DNS to the new expected target → same failure
  3. Verified DNS propagation, validation CNAME, no proxy on the alias record, no DNSSEC interference
  4. Confirmed unproxied DNS, correct CNAME values matching API output, multiple resolver consistency

After several distributions burned through this loop, I've stopped touching the console to avoid making it worse.

Question

Is there a self-service way to clear the orphan alias claim, or does this require AWS internal cleanup? If internal cleanup is required, what's the path for accounts on Basic support, where technical cases aren't available?

Topics
Front-End Web & MobileNetworking & Content Delivery
Tags
Amazon CloudFrontDomain Name System (DNS)AWS Amplify
Language
English
asked 11 days ago39 views
1 Answer
0

This is a known issue pattern where CloudFront's alternate domain name (CNAME) registry retains stale alias claims from previously deleted Amplify-provisioned distributions. When Amplify tears down a distribution during the retry cycle, the alias doesn't always release cleanly from CloudFront's internal registry, causing subsequent distributions to fail the conflict check even though no active distribution should be claiming that domain.

Unfortunately, there is no self-service mechanism to clear these orphan alias claims. This requires AWS internal intervention to manually release the stale CNAME associations from CloudFront's registry.

For accounts on Basic support without access to technical support cases, you have two options:

  1. Upgrade to a paid support plan temporarily (Developer, Business, or Enterprise) to open a technical case. Support engineers can identify which distribution IDs are holding the stale claims and release them. Once resolved, you can downgrade your support plan.

  2. Use the Account and Billing support channel (available on all support tiers, including Basic) to explain that you have a service issue preventing you from using a paid AWS service (Amplify Hosting). Request escalation to the Amplify or CloudFront service team. While this path is primarily for account/billing issues, service-blocking technical problems sometimes warrant escalation even on Basic support.

In your case description, emphasize that you've already validated DNS configuration, waited for propagation, performed clean removal cycles, and that each retry is creating additional orphan claims that worsen the situation. Request that support identify all CloudFront distribution IDs associated with your Amplify app (including deleted ones) that may still hold claims on your custom domain, and release those aliases from CloudFront's registry.

Once the stale claims are cleared, a fresh domain association attempt should succeed without the alias conflict error.

answered 11 days ago
EXPERT
reviewed 11 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content