CloudFrontToS3 : Customize Domain Name with Certificate

[gmarchand]

Use Case

I would want to customize the domain name of my Cloudfront Distribution

But I can't do it as you can see in this code:

        cfn_s3 = CloudFrontToS3(self, "lawsy-newsletter-cloudfront-s3",
            cloud_front_distribution_props=cloudfront.DistributionProps(
                domain_names=[domain_name],
                certificate=certificate_cf,
                comment="CloudFront distribution for lAWSy Newsletter",
                default_behavior=cloudfront.BehaviorOptions(
                    origin=cloudfront_origins.S3Origin(??)
                    ),

                )

            )
        )

How could it possible to customize the domain name with a TLS Certificate ?

[gmarchand]

I tried this one

        certificate_cf = acm.DnsValidatedCertificate(
            self,
            "certificate-cf",
            domain_name=domain_name,
            hosted_zone=hosted_zone,
            region="us-east-1",
        )


        bucket = s3.Bucket(self, "s3-bucket",
            enforce_ssl=True,
        )

        cfn_s3 = CloudFrontToS3(self, "cloudfront-s3",
            existing_bucket_obj=bucket, # s3.Bucket
            cloud_front_distribution_props=cloudfront.DistributionProps(
                domain_names=[domain_name],
                certificate=certificate_cf,
                comment="CloudFront distribution for lAWSy Newsletter",
                default_behavior=cloudfront.BehaviorOptions(
                    origin=cloudfront_origins.S3Origin(bucket)
                    ),

                )

            )

But I have this error

Invalid request provided: AWS::CloudFront::Distribution: Cannot use both Origin Access Control and Origin Access Identity on an origin 

[biffgaut]

Thanks, we'll take a look

[biffgaut]

Sorry it took so long for us to get back to this.

Reading this, it sounds like you want to replace the service generated domain name for your CloudFront distribution with your own custom domain name. If this is the case, that is not possible. To assign a custom domain name to your CloudFront to S3 architecture you will need to register your Domain Name with a DNS service such as Route53 and direct it to your CloudFront distribution url. There's lots of discussion around doing that here.

WRT to your last error around OAC and OAI, the cloudfront-s3 construct automatically creates an OAC (the recommended technology to use at this point), so if you supply your own S3Origin then you are adding an extra OAI and will see that error. You don't need to supply that, the construct will set all that up for you. This issue is also discussed here.