CNAME record problem

The other question you referenced is correct. To understand how it works, you need to understand a bit about DNS itself. I'm going to give you more information than you probably want, but it's best to understand the fundamentals.

DNS is a hierarchical distributed database. At the top of the hierarchy is the top level domain (TLD). Let's use example.com for illustrative purposes (as described in RFC2606).

.com is the TLD for example.com. When a client, such as your web browser, wants to open example.com, it needs to know what address to send the request to. So the first thing that happens is to query the root servers to find which name servers are responsible for example.com. You can see this with the dig command. First we can look up the SOA - Start of Authority - for the com TLD.

$ dig com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50969
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;com.				IN	A

;; AUTHORITY SECTION:
com.			900	IN	SOA	a.gtld-servers.net. nstld.verisign-grs.com. 1666967668 1800 900 604800 86400

The response tells us that a.gtld-servers.net is the start of authority for the .com TLD. We can query that host to find out which server to ask about example.com.

$  dig @a.gtld-servers.net example.com

; <<>> DiG 9.10.6 <<>> @a.gtld-servers.net example.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43068
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;example.com.			IN	A

;; AUTHORITY SECTION:
example.com.		172800	IN	NS	a.iana-servers.net.
example.com.		172800	IN	NS	b.iana-servers.net.

This result shows that a.iana-servers.net is the name server for example.com. This means that example.com is delegated by the root name server - the top of the hierarchy - to the a.iana-servers.net nameserver (the NS part shows that this is a name server record). If we want to know where to find example.com, we need to ask that name server directly.

$ dig @a.iana-servers.net example.com

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58415
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		86400	IN	A	93.184.216.34

Now we have our result: the IP address for example.com is 93.184.216.34. A DNS record pointing a name to an IPv4 address is know as an A record.

If the owner of example.com wanted to create a new subdomain such as "test.example.com", they could further delegate by creating NS records that point to other name servers. Then you could query those name servers to find the records for hosts in the test.example.com subdomain.

Bearing this in mind, we can now see how it works with Route 53.

You have two accounts: account A and account B. In account A, you have your domain (example.com). In account B, you want the subdomain test.example.com. First you need to delegate the domain. You create a new hosted zone "test.example.com" within Route 53 in account B. Route 53 will automatically create four NS records for the new hosted zone. Now you can delegate the domain in account A. Create a new resource record. For the name, you use test.example.com, and for the value you enter the NS records given to you by Route 53. In this way you delegate test.example.com from account A to account B.

Now that you have test.example.com delegated, you can create new DNS resource records in Route 53 in account B. You can create your ACM certificate, and then create the CNAME records that ACM requires for validation purposes. Because test.example.com has been delegated correctly, ACM will be able to look up the CNAME record, find that the record exists, and trust that you are in control of that domain. Once this is done, ACM will issue a certificate.

It seems like a lot of steps, but it's possible to automate this entire process using tools like CloudFormation or Terraform.

For a deep dive on DNS, I advise you to go straight to the source: RFC 1591. If you prefer a lighter read, AWS has a nice article on the topic.