CloudFront multi‑tenant distribution fails with 503 “internal error” during stack deploy – feature not enabled yet?

Question

I’m trying to use CloudFront’s new multi‑tenant distribution feature in CDK. I've stripped it down to this:

```
const blueprint = new cloudfront.CfnDistribution(this, 'Blueprint', {
  distributionConfig: {
    enabled: true,
    connectionMode: 'tenant-only',
    tenantConfig: { … },
    origins: [ … ],
    defaultCacheBehavior: { … },
  },
});

new cdk.CfnResource(this, 'Tenant‑Example', {
  type: 'AWS::CloudFront::DistributionTenant',
  properties: {
    Name: 'example',
    DistributionId: blueprint.attrId,
    Domains: ['example.com'],
    Enabled: true,
    Customizations: { Certificate: { Arn: certArn } },
  },
});
```
The template validates and begins to create, but the AWS::CloudFront::DistributionTenant resource fails with:

```
CREATE_FAILED        | AWS::CloudFront::Distribution       | MultiTenantCDN-staging/Blueprint
Internal error reported from downstream service during operation 'CloudFront encountered an internal error. Please try again. (Service: CloudFront, Status Code: 503,
Request ID: 4771c5b9-a3df-43d1-8672-bb3ea8177ecf) (SDK Attempt Count: 3)'.
```

Region: us‑east‑1
CDK version: 2.1013.0
ACM cert is in us‑east‑1

re:Post Agent · Answer

The error you're encountering suggests that there might be a temporary issue with the CloudFront service rather than a problem with your specific configuration or the multi-tenant distribution feature not being enabled.

A 503 error (Service Unavailable) typically indicates that the CloudFront service is temporarily unable to handle the request. This could be due to maintenance, overloading, or other internal issues on AWS's side.

Here are some steps you can take to address this:

1. Retry the operation: Sometimes, waiting a short while and trying again can resolve the issue.

2. Check the AWS Service Health Dashboard: Look for any reported issues or scheduled maintenance for CloudFront in the us-east-1 region.

3. Implement exponential backoff: If you're not already doing so, implement an exponential backoff strategy in your CDK deployment. This can help manage temporary service unavailability.

4. Contact AWS Support: If the problem persists, it would be advisable to open a support ticket with AWS. They can provide more specific information about any ongoing issues and potential resolutions, especially regarding the new multi-tenant distribution feature.

5. Verify account status: Ensure that your AWS account is in good standing and that you haven't reached any service limits for CloudFront distributions in your account.

6. Check for account verification: In some cases, especially for new accounts or when using new features, AWS may require additional account verification before allowing the creation of certain resources. If this is the case, you may need to contact AWS Support to complete the verification process.

It's important to note that since the multi-tenant distribution feature is relatively new, there might be some teething issues or limited availability. If the problem persists after trying these steps, it would be best to engage directly with AWS Support for more specific guidance on using this feature.  
**Sources**  
[Unable to create cloudfront using terraform | AWS re:Post](https://repost.aws/questions/QUG208WxlpQWqTLF-UttuBXA/unable-to-create-cloudfront-using-terraform)  
[HTTP 503 status code (Service Unavailable) - Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/http-503-service-unavailable.html)  
[AWS CloudFront Distribution Access Denied Error | AWS re:Post](https://repost.aws/questions/QUgZUMdtfDSQ-6rJp5nj8o5A/aws-cloudfront-distribution-access-denied-error)

CloudFront multi‑tenant distribution fails with 503 “internal error” during stack deploy – feature not enabled yet?

Relevant content