Set up the target standard distribution or distribution tenant

Request a TLS certificate. This certificate includes the alternate domain name as the Subject or Subject Alternative Domain (SAN), or a wildcard (*) that covers the alternate domain name that you’re moving. If you don’t have one, you can request one from AWS Certificate Manager (ACM) or from another certificate authority (CA) and import it into ACM.

For more information, see Request a public certificate using the console and Import a certificate in the AWS Certificate Manager in the AWS Certificate Manager User Guide.

If you haven’t created the target standard distribution, create one now. As part of creating the standard distribution, associate the certificate with this standard distribution. For more information, see Create a distribution.

If you already have a target standard distribution, associate the certificate with the standard distribution. For more information, see Update a distribution.

If you’re moving alternate domain names within the same AWS account, skip this step.

To move an alternate domain name from one AWS account to another, you must create a TXT record in your DNS configuration. This verification step helps prevent unauthorized domain transfers. CloudFront uses this TXT record to validate your ownership of the alternate domain name.

In your DNS configuration, create a DNS TXT record that associates the alternate domain name with the target standard distribution. The TXT record format can vary, depending on the domain type.

Request a TLS certificate. This certificate includes the alternate domain name as the Subject or Subject Alternative Domain (SAN), or a wildcard (*) that covers the alternate domain name that you’re moving. If you don’t have one, you can request one from AWS Certificate Manager (ACM) or from another certificate authority (CA) and import it into ACM.

For more information, see Request a public certificate using the console and Import a certificate in the AWS Certificate Manager in the AWS Certificate Manager User Guide.

If you haven’t created the target distribution tenant, create one now. As part of creating the distribution tenant, associate the certificate with the distribution tenant. For more information, see Create a distribution.

If you already have a target distribution tenant, associate the certificate with the distribution tenant. For more information, see Add a domain and certificate (distribution tenant).

If you’re moving alternate domain names within the same AWS account, skip this step.

To move an alternate domain name from one AWS account to another, you must create a TXT record in your DNS configuration. This verification step helps prevent unauthorized domain transfers, and CloudFront uses this TXT record to validate your ownership of the alternate domain name.

In your DNS configuration, create a DNS TXT record that associates the alternate domain name with the target distribution tenant. The TXT record format can vary, depending on the domain type.