search

aws-amplify / amplify-hosting

AWS Amplify Hosting provides a Git-based workflow for deploying and hosting fullstack serverless web applications.
https://aws.amazon.com/amplify/hosting/
Apache License 2.0
457 stars 115 forks source link

Use ALIAS instead of CNAME with Route53? #125

Open iconara opened 5 years ago

iconara commented 5 years ago

Issue/question Amplify sets up a CNAME pointing to a CloudFormation distribution in my hosted zone. I expected it to set up an ALIAS record.

Additional information One of the selling points of Route53 is that it supports ALIAS records for AWS resources, and that you don't pay for DNS lookups for these. Is there any reason Amplify can't use ALIAS records instead of CNAME when creating records in Route53?

nimacks commented 5 years ago

@iconara , the AWS Amplify Console does in fact use ALIAS/ANAME records to setup your root/apex domain. The CNAME records created by Amplify are to verify that you own the domain and also setup subdomains. Are you not seeing an ALIAS/ANAME record setup for you?

Here is some documentation to give you some more clarity. https://docs.aws.amazon.com/amplify/latest/userguide/custom-domains.html#custom-domain-third-party. Customers who don't host domains in Route53 have to manually set this up. You'll see the reference to the ANAME/ALAIS record.

iconara commented 5 years ago

My app runs only on subdomains (e.g. app.example.com) so I haven't seen what it would do for the apex. For the apex it wouldn't work if you didn't use ALIAS records, so that makes sense.

What I meant to ask was why you're not using ALIAS records for the subdomains. It's not that CNAME doesn't work, but that using ALIAS would mean that I don't have to pay for DNS lookups.

Before I used Amplify I used ALIAS records for my subdomain to point to a CF distribution that hosted my app.

garyleefight commented 5 years ago

@iconara Because we are using ACM to create certificate. ACM uses CNAME records to validate domain. For more information: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html

iconara commented 5 years ago

@garyleefight we're talking about different records. Let me start from the beginning:

I have the following CloudFormation resource (the domain is obviously not example.com, but I can't post the domain, but it's something.com):

AmplifyDomain:
  Type: AWS::Amplify::Domain
  Properties:
    DomainName: example.com
    AppId: !GetAtt AmplifyApp.AppId
    SubDomainSettings:
      - Prefix: app
        BranchName: master
      - Prefix: staging-app
        BranchName: staging

This creates the following Route53 records:

_abcdefghijklmnopqrstuvwxyz0123456789.example.com. CNAME _abcdefghijklmnopqrstuvwxyz0123456789.abcdefghijk.acm-validations.aws.
app.example.com. CNAME abcdefghijk.cloudfront.net
staging-app.example.com. CNAME abcdefghijk.cloudfront.net

These are all CNAMEs. I am not surprised about the ACM validation record, but I don't see why the records pointing to CloudFront are CNAMEs.

I was expecting the following records (the setup I have for other apps where I have set up ACM and CloudFormation myself):

_abcdefghijklmnopqrstuvwxyz0123456789.example.com. CNAME _abcdefghijklmnopqrstuvwxyz0123456789.abcdefghijk.acm-validations.aws.
app.example.com. A ALIAS abcdefghijk.cloudfront.net. (lmnopqrstuvwzyz)
staging-app.example.com. A ALIAS abcdefghijk.cloudfront.net. (lmnopqrstuvwzyz)

Does that make sense?

lkolchin commented 4 years ago

That's actually a very good question and I'm wondering what's the rationale behind this config:

app.example.com. CNAME abcdefghijk.cloudfront.net
staging-app.example.com. CNAME abcdefghijk.cloudfront.net

So, why using CNAMEs instead of ALIAS' for subdomains?

A4TIF commented 3 years ago

Same here, deployed an app using a subdomain app.example.com and was wondering exactly this. Why did I cant get a CNAME record instead of an alias. I'm hosting my DNS with Route53.

nikolap commented 2 years ago

This setup also shows up as a performance warning in AWS' Trusted Advisor

An alias resource record set routes DNS queries to an AWS resource (for example, an Elastic Load Balancing load balancer or an Amazon S3 bucket) or to another Route 53 resource record set. When you use alias resource record sets, Route 53 routes your DNS queries to AWS resources free of charge. Hosted zones created by AWS services won’t appear in your check results.

...

Replace the listed CNAME resource record sets with alias resource record sets; see Choosing Between Alias and Non-Alias Resource Record Sets. You also need to change the record type from CNAME to A or AAAA, depending on the AWS resource; see Values that You Specify When You Create or Edit Amazon Route 53 Resource Record Sets.

ghost commented 2 years ago

Hi @nikolap πŸ‘‹πŸ½ Thank you for bringing this to our attention. The team is investigating this further.

bakersemail commented 2 years ago

I've found that not all ISPs resolve the CNAME records created by Amplify either. I've had to manually update them to A records to resolve this.

github-actions[bot] commented 1 year ago

This has been identified as a feature request. If this feature is important to you, we strongly encourage you to give a πŸ‘ reaction on the request. This helps us prioritize new features most important to you. Thank you!