Wildcard subdomains in AWS Amplify

[cjimenezber]

So we recently decided to remove server side rendering from our react app to use Amplify, since it provides us all that we need (serverless, high availabilty, speed and no need to test in two environments).

However now I have a question regarding how to configure AWS Amplify to have a wildcard CNAME record. I want that any subdomain can reach my app, not just the ones I manually select in the Amplify Console.

I have a wildcard CNAME in Route 53 pointing to the cloudfront, and the subdomains I added manually in the console are working, but the ones that are not (due to the nature of the wildcard CNAME), just get a 403 from cloudfront.

Is there support for wildcard subdomains in Amplify?

How does one configure it? Assuming there is no support for this.

Is there an API I can use to create the Amplify subdomains for me rather than doing it manually everytime a client purchases access?

[swaminator]

@cjimenezber you should be able to create domain associations via the AWS CLI: https://docs.aws.amazon.com/cli/latest/reference/amplify/create-domain-association.html

We have a feature request for domain patterns in our backlog. Thanks hope this helps.

[cjimenezber]

I have another question, to finalize this. We will be either adding them manually or using a cron job that invokes a CLI method with the new customers. When doing manual changes to the subdomains I noticed that all subdomains slow down greatly while the domain gets reverified and everything gets added to cloudfront.

Will this happen for all domains/sub-domains every time I update the list of subdomains?

[VividKnife]

First of all, we have a limit on total number of subdomains you can add to each customer domain (50). Secondly, any update to the subdomains(including add and remove) it will require us to update the cloudfront behind, which takes about 10-15mins.

[cjimenezber]

Alright, will there be any notification of when the wildcard subdomain feature is finished?

[favour121]

Any update on wildcard subdomains?

[MR-Neto]

Any updates? I am in need of this feature.

[leewenjie]

+1 to this feature request, or the next best solution for wildcard subdomains

[cyborganic]

The feature is most definitely required

[eduardotamaki]

+1

[divsbhalala]

+1

[dtelaroli]

+1

[danielfolley]

+1

[Kaustubh26]

+1

[YorbenVerhoest]

+1

[anuj-bluebash]

+1 Please update on this, We are getting delay in our production launch. Please answer yes/No

[dtelaroli]

I have created this js function as workaround. It's not a wildcard, but at least I can create on demand subdomains, programmatically:

https://gist.github.com/dtelaroli/ffbebd858f5089bfb7532ff3d96fb7ea

[abhi7cr]

@anuj-bluebash, We currently don't support wildcards as a subdomain prefix. We have a feature request in our backlog to address this, and will let you know once it's rolled out. Thanks for your patience.

[Kaustubh26]

Would anyone be aware whether this would be possible to achieve through the Cloudfront and S3 hosting option? I see that the docs support it, but not aware of the limitations or if there are any issues with using this solution.

https://aws.amazon.com/about-aws/whats-new/2013/09/18/amazon-cloudfront-announces-wildcard-cname-support/#:~:text=We're%20excited%20to%20let,distribution%20to%20include%20each%20subdomain.

[skolodyazhnyy]

@swaminator @abhi7cr is there any workaround for wildcards to work? I don't see CloudFront for application deployed using Amplify in my AWS Console, so I assume it's internal. Maybe there is way for me to create own CloudFront and setup DNS manually? It would be wonderful if I could keep CI pipeline and setup CloudFront on my own.

[cjimenezber]

Would anyone be aware whether this would be possible to achieve through the Cloudfront and S3 hosting option? I see that the docs support it, but not aware of the limitations or if there are any issues with using this solution.

https://aws.amazon.com/about-aws/whats-new/2013/09/18/amazon-cloudfront-announces-wildcard-cname-support/#:~:text=We're%20excited%20to%20let,distribution%20to%20include%20each%20subdomain.

I ended up going for this option, we have a production app using S3 + Cloudfront with Wildcard CNAME record.

[cdac901]

+1

[niknokseyer]

First of all, we have a limit on total number of subdomains you can add to each customer domain (50). Secondly, any update to the subdomains(including add and remove) it will require us to update the cloudfront behind, which takes about 10-15mins.

Can the limit be increased? We are using it so that each account have their own subdomain.

[dtelaroli]

I have tried and after two weeks I received no as answer

[swaminator]

This issue was closed so we missed this. Reopened it to let you know that we launched a feature for automatic subdomains that match a pattern. Please let us know if this will work for you: https://aws.amazon.com/blogs/mobile/automatically-create-and-delete-custom-sub-domains-for-your-branch-deployments-with-amplify-console/

[niknokseyer]

This issue was closed so we missed this. Reopened it to let you know that we launched a feature for automatic subdomains that match a pattern. Please let us know if this will work for you: https://aws.amazon.com/blogs/mobile/automatically-create-and-delete-custom-sub-domains-for-your-branch-deployments-with-amplify-console/

Can the subdomain limit be increased? We are using it so that each account have their own subdomain.

[dtelaroli]

The short answer is NO

[niknokseyer]

The short answer is NO

What’s gonna be the workaround for that? Are wildcards possible?

[dtelaroli]

No, you can use wildcards configuring it directly at route53, cloudfront and acm, but amplify does not support yet. We are waiting for aws team to solve this issue. I also need this feature, but following the time that AWS takes to solve some issues (near to 3 years), I will move my project from amplify to an own configuration at cloudfront ou cloudflare when I would have 50 customers.

[swaminator]

The short answer is NO

@dtelaroli that isn't really going to help us prioritize the issue. Can I understand a bit more in detail why the subdomain autodetection will not work for you? Again, apologies that this issue slipped under the rug as it was closed. But given I reopened it, I'd like to understand the usecase a bit more.

[swaminator]

@niknokseyer not currently but we will enable limit increases soon.

[dtelaroli]

The short answer is NO

@dtelaroli that isn't really going to help us prioritize the issue. Can I understand a bit more in detail why the subdomain autodetection will not work for you? Again, apologies that this issue slipped under the rug as it was closed. But given I reopened it, I'd like to understand the usecase a bit more.

@swaminator because I don't want to create one subdomain per branch, but one subdomain per customer. I'm creating via sdk a new subdomain to each my customer, but the limit of 50 subdomain limits my app to get maximum of 50 customers. If you increase the limit, it's good, but imagine my r53 zone with a huge number of entries for acm validation and cnames.

The better solution still being wild card subdomain.

[niknokseyer]

@niknokseyer not currently but we will enable limit increases soon.

Looking forward to that. Our use case is for url branding purposes. When a new client / company signs up on our application they get their vanity url (e.g. .webapp.com) to login to their dashboard. We've reached more than 50 account sign ups so we were surprised reaching the 50 subdomain limit. @swaminator

[eschreiner]

@swaminator Same here. I need to use subdomains for customer's dashboards as well. Support for wildcards would solve this for me.

[zgr024]

Correct me if I'm wrong, doesn't this just involve allowing us to place an asterisk as the host? and then just update the DNS to * CNAME target ?

[niknokseyer]

Correct me if I'm wrong, doesn't this just involve allowing us to place an asterisk as the host? and then just update the DNS to * CNAME target ?

This is currently not an option on AWS Amplify.

[dtelaroli]

Correct me if I'm wrong, doesn't this just involve allowing us to place an asterisk as the host? and then just update the DNS to * CNAME target ?

With clouldfront you can get it, but you can't use another subdomain together in amplify, because cloudfront doesn't allows between different accounts. I have tested too much workaround, but there is no way. I think that amplify use another account and it is this the limitation.

By the history, in 2 years the aws will solve it.

[cjimenezber]

et it, but you can't use another subdomain together in amplify, because cloudfront doesn't allows between different accounts. I have tested too much workaround, but there is no way. I think that amplify use another account and it is this the limitation.

I have come to the same conclusion, we ended up buying a different domain to use in dev for this reason. We still use Amplify for development, but we use straigh up S3 on Cloudfront in production.

[dtelaroli]

I'm using different domain as a new hosted zone as subdomain of mine root domain (eg. dev.mydomain.com). But I don't like using different environment configuration. Now, I'm migrating the all 4 apps to CloudFront/S3 (one uses wildcard). If I would have some new surprise, I'll migrate to the CloudFlare.

[cjimenezber]

I'm using different domain as a new hosted zone as subdomain of mine root domain (eg. dev.mydomain.com). But I don't like using different environment configuration. Now, I'm migrating the all 4 apps to CloudFront/S3 (one uses wildcard). If I would have some new surprise, I'll migrate to the CloudFlare.

I fully agree with not wanting to use different environment configuration, we plan to eventually get out of amplify once we finish some critical functionality since we really really need the wildcard subdomains, but that means setting up our own pipeline rather than using a premade one, which is a shame, but the only option we got in order to not have multiple environment configurations.

[dtelaroli]

@cjimenezber today I understand why you have used another domain to development env. It's impossible use another subdomain wildcard because cloudfront does not allow also. Eg.: .rootdomain.com and .dev.rootdomain.com. Now, it is a blocker missing feature for me. I also will need to buy another domain or migrate to another service.

[vemundeldegard]

This is a blocker for me too. It is very useful to have wildcards for multi-tenant systems.

[magedjisr]

any updates on this, I need this feature

[colecanning]

bump

[lemaju]

This issue was closed so we missed this. Reopened it to let you know that we launched a feature for automatic subdomains that match a pattern. Please let us know if this will work for you: https://aws.amazon.com/blogs/mobile/automatically-create-and-delete-custom-sub-domains-for-your-branch-deployments-with-amplify-console/

The short answer is NO

@dtelaroli that isn't really going to help us prioritize the issue. Can I understand a bit more in detail why the subdomain autodetection will not work for you? Again, apologies that this issue slipped under the rug as it was closed. But given I reopened it, I'd like to understand the usecase a bit more.

Wildcard means, that literally ANY subdomain can be entered (e.g. costumer1.example.com or costumer9999.example.com or even 989addad.example.com) to start the same application.

Within the application itself we then render depending on the subdomain, but that's not AWS concern. What matters is, that my App starts, when some random subdomain is entered.

The feature you deployed is nice-to-have, but this is a dealbreaker for many of us.

[zgr024]

As I understand it, wildcards () will cause an issue for SSL certs and probably why AWS has not allowed a in the subdomain entry. Wildcard certs are becoming obsolete as they open up security issues. Increasing, or better yet, removing the limit of 50 subdomains would be the real solution here. As a programmer, I'm pretty sure there's a single config variable in the code that is set to 50. Just append a few more zeros and make it 5000 or 50000... Problem solved.

I can create new subdomains programmatically but the limit here is the true killer. Such a nice system that is ruined by this unrealistic limit.

[Drnoodle]

I'm dealing with the same issue...

I have a first quick fix for it (proxy using api gateway): 1.- Create an Api Gateway, create an any method, then integration HTTP to url : youramplifyurl.com 2.- Add a custom domain name (still in api gateway) ".yourdomain.ext" (create your ACM certificat .yourdomaine.ext) 3.- Add a A record (you need to activate the alias button to ON) and select "from api gateway"

It works fine and does not seems to have any speed performance issues (SEO), I just need to verify it's scalable (it should be).

I'm gonna look for something cleaner on tomorrow but amplify enforces https and manage all certificates. It looks complicated to find an easy way to fix it elsewhere than in cloudformation.

Maybe a simple solution is to find another service...

Keep me in touch

🇫🇷

[WillVill]

bump, this is a real issue. Might need to move over to a different service/supplier.

[swaminator]

Hey guys we are actively looking at designing a solution for this. We will update this thread soon with a plan.

[rohan-jisr]

+1, big issue for us as we have over 400 clients and we let them choose their subdomain programatically when they onboard

[WillVill]

I have gotten this problem solved by reaching out to AWS support and asking to increase the 50 limit to 500. It took a little under a day for them to change it!