# Connecting a custom domain
<a name="custom-domains"></a>

You can connect an app that you’ve deployed with Amplify Hosting to a custom domain. When you use Amplify to deploy your web app, Amplify hosts it for you on the default `amplifyapp.com` domain with a URL such as `https://branch-name.d1m7bkiki6tdw1.amplifyapp.com`. When you connect your app to a custom domain, users see that your app is hosted on a custom URL, such as `https://www.example.com`.

You can purchase a custom domain through an accredited domain registrar such as Amazon Route 53 or GoDaddy. Route 53 is Amazon’s Domain Name System (DNS) web service. For more information about using Route 53, see [What is Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html). For a list of third-party accredited domain registrars, see the [Accredited Registrar Directory](https://www.icann.org/en/accredited-registrars) at the ICANN website.

When you set up your custom domain, you can use the default managed certificate that Amplify provisions for you or you can use your own custom certificate. You can change the certificate in use for the domain at any time. For detailed information about managing certificates, see [Using SSL/TLS certificates](using-certificates.md).

Before you proceed with setting up a custom domain, verify that you have met the following prerequisites.
+ You own a registered domain name.
+ You have a certificate issued by or imported into AWS Certificate Manager.
+ You have deployed your app to Amplify Hosting.

  For more information about completing this step, see [Getting started with deploying an app to Amplify Hosting](getting-started.md).
+ You have a basic knowledge of domains and DNS terminology.

  For more information about domains and DNS, see [Understanding DNS terminology and concepts](understanding-dns-terminology-and-concepts.md).

**Warning**  
When initiating a DomainAssociation request for an Amplify app with a domain that is already or was previously associated with different Amplify App(s) in other AWS account(s) in the same region, this is considered a cross account domain association. Cross account domain association requests require manual verification. If you would like to proceed with a cross account domain association, please contact AWS support for assistance.

**Topics**
+ [Understanding DNS terminology and concepts](understanding-dns-terminology-and-concepts.md)
+ [Using SSL/TLS certificates](using-certificates.md)
+ [Adding a custom domain managed by Amazon Route 53](to-add-a-custom-domain-managed-by-amazon-route-53.md)
+ [Adding a custom domain managed by a third-party DNS provider](to-add-a-custom-domain-managed-by-a-third-party-dns-provider.md)
+ [Updating DNS records for a domain managed by GoDaddy](to-add-a-custom-domain-managed-by-godaddy.md)
+ [Updating the SSL/TLS certificate for a domain](to-update-certificate.md)
+ [Managing subdomains](to-manage-subdomains.md)
+ [Setting up wildcard subdomains](wildcard-subdomain-support.md)
+ [Setting up automatic subdomains for an Amazon Route 53 custom domain](to-set-up-automatic-subdomains-for-a-Route-53-custom-domain.md)
+ [Troubleshooting custom domains](custom-domain-troubleshoot-guide.md)

# Understanding DNS terminology and concepts
<a name="understanding-dns-terminology-and-concepts"></a>

If you are unfamiliar with the terms and concepts associated with Domain Name System (DNS), the following topics can help you understand the procedures for adding custom domains.

## DNS terminology
<a name="dns-terminology"></a>

The following are a list of terms common to DNS. They can help you understand the procedures for adding custom domains.

**CNAME**  
A Canonical Record Name (CNAME) is a type of DNS record that masks the domain for a set of webpages and makes them appear as though they are located elsewhere. A CNAME points a subdomain to a fully qualified domain name (FQDN). For example, you can create a new CNAME record to map the subdomain **www.example.com**, where **www** is the subdomain, to the FQDN domain **branch-name.d1m7bkiki6tdw1.cloudfront.net** assigned to your app in the Amplify console.

**ANAME**  
An ANAME record is like a CNAME record, but at the root level. An ANAME points the root of your domain to an FQDN. That FQDN points to an IP address.

**Name server**  
A name server is a server on the internet that's specialized in handling queries regarding the location of a domain name’s various services. If you set up your domain in Amazon Route 53, a list of name servers are already assigned to your domain.

**NS record**  
An NS record points to name servers that look up your domain details.

## DNS verification
<a name="dns-verification"></a>

A Domain Name System (DNS) is like a phone book that translates human-readable domain names into computer-friendly IP addresses. When you type **https://google.com** into a browser, a lookup operation is performed in the DNS provider to find the IP Address of the server that hosts the website.

DNS providers contain records of domains and their corresponding IP Addresses. The most commonly used DNS records are CNAME, ANAME, and NS records.

Amplify uses a CNAME record to verify that you own your custom domain. If you host your domain with Route 53, verification is done automatically on your behalf. However, if you host your domain with a third-party provider such as GoDaddy, you have to manually update your domain’s DNS settings and add a new CNAME record provided by Amplify.

## Custom domain activation process
<a name="amplify-console-custom-domain-setup"></a>

**Warning**  
When initiating a DomainAssociation request for an Amplify app with a domain that is already or was previously associated with different Amplify App(s) in other AWS account(s) in the same region, this is considered a cross account domain association. Cross account domain association requests require manual verification. If you would like to proceed with a cross account domain association, please contact AWS support for assistance.

When you connect your Amplify app to a custom domain in the Amplify console, there are several steps that Amplify must complete before you can view your app using your custom domain. The following list describes each step in the domain set up and activation process.

**SSL/TLS creation**  
If you are using a managed certificate, AWS Amplify issues an SSL/TLS certificate for setting up a secure custom domain.

**SSL/TLS configuration and verification**  
Before issuing a managed certificate, Amplify verifies that you are the owner of the domain. For domains managed by Amazon Route 53, Amplify automatically updates the DNS verification record. For domains managed outside of Route 53, you must manually add the DNS verification record provided in the Amplify console into your domain with a third-party DNS provider.  
If you are using a custom certificate, you are responsible for validating domain ownership.

**Domain activation**  
The domain is successfully verified. For domains managed outside of Route 53, you need to manually add the CNAME records provided in the Amplify console into your domain with a third-party DNS provider.

# Using SSL/TLS certificates
<a name="using-certificates"></a>

An SSL/TLS certificate is a digital document that allows web browsers to identify and establish encrypted network connections to web sites using the secure SSL/TLS protocol. When you set up your custom domain, you can use the default managed certificate that Amplify provisions for you or you can use your own custom certificate.

With a managed certificate, Amplify issues an SSL/TLS certificate for all domains connected to your app so that all traffic is secured through HTTPS/2. The default certificate generated by AWS Certificate Manager (ACM) is valid for 13 months and renews automatically as long as your app is hosted with Amplify.

**Warning**  
Amplify can't renew the certificate if the CNAME verification record has been modified or deleted in the DNS settings with your domain provider. You must delete and add the domain again in the Amplify console.

To use a custom certificate, you must first obtain a certificate from the third-party certificate authority of your choice. Amplify Hosting supports two types of certificates: RSA (Rivest-Shamir-Adleman) and ECDSA (Elliptic Curve Digital Signature Algorithm). Each certificate type must conform to the following requirements.

**RSA certificates**
+ Amplify Hosting supports 1024-bit, 2048-bit, 3072-bit, and 4096-bit RSA keys.
+ AWS Certificate Manager (ACM) issues RSA certificates with up to 2048-bit keys.
+ To use a 3072-bit or 4096-bit RSA certificate, obtain the certificate externally and import it into ACM. It will then be available for use with Amplify Hosting.

**ECDSA certificates**
+ Amplify Hosting supports 256-bit keys.
+ Use the prime256v1 elliptic curve to obtain an ECDSA certificate for Amplify Hosting.

After you obtain a certificate, import it into AWS Certificate Manager. ACM is a service that lets you easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources. Make sure you request or import the certificate in the US East (N. Virginia) (us-east-1) Region.

Ensure that your custom certificate covers all of the subdomains you plan to add. You can use a wildcard at the beginning of your domain name to cover multiple subdomains. For example, if your domain is `example.com`, you can include the wildcard domain `*.example.com`. This will cover subdomains such as `product.example.com` and `api.example.com`.

After your custom certificate is available in ACM, you will be able to select it during the domain set up process. For instructions on importing certificates into AWS Certificate Manager, see [Importing certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide*. 

If you renew or reimport your custom certificate in ACM, Amplify refreshes the certificate data associated with your custom domain. In the case of imported certificates, ACM doesn't manage the renewals automatically. You are responsible for renewing your custom certificates and importing them again.

You can change the certificate in use for a domain at any time. For example, you can switch from the default managed certificate to a custom certificate or change from a custom certificate to a managed certificate. In addition, you can change the custom certificate in use to a different custom certificate. For instructions on updating certificates, see [Update the SSL/TLS certificate for a domain](to-update-certificate.md).

# Adding a custom domain managed by Amazon Route 53
<a name="to-add-a-custom-domain-managed-by-amazon-route-53"></a>

Amazon Route 53 is a highly available and scalable DNS service. For more information, see [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Welcome.html) in the *Amazon Route 53 Developer Guide*. If you already have a Route 53 domain, use the following instructions to connect your custom domain to your Amplify app.

**To add a custom domain managed by Route 53**

1. Sign in to the AWS Management Console and open the [Amplify console](https://console.aws.amazon.com/amplify/).

1. Choose your app that you want to connect to a custom domain.

1. In the navigation pane, choose **Hosting**, **Custom domains**.

1. On the **Custom domains** page, choose **Add domain**.

1. Enter the name of your root domain. For example, if the name of your domain is **https://example.com**, enter **example.com**.

   As you start typing, any root domains that you already manage in Route 53 appear in the list. You can choose the domain you want to use from the list. If you don't already own the domain and it is available, you can purchase the domain in [Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-register.html). 

1. After you enter your domain name, choose **Configure domain**.

1. By default, Amplify automatically creates two subdomain entries for your domain. For example, if your domain name is **example.com**, you will see the subdomains **https://www.example.com** and **https://example.com** with a redirect set up from the root domain to the **www** subdomain.

   (Optional) You can modify the default configuration if you want to add subdomains only. To change the default configuration, choose **Rewrites and redirects** from the navigation pane, then configure your domain.

1. Choose the SSL/TLS certificate to use. You can either use the default managed certificate that Amplify provisions for you, or a custom third-party certificate that you have imported into AWS Certificate Manager.
   + Use the default Amplify managed certificate.

     1. Choose **Amplify managed certificate**.
   + Use a custom third-party certificate.

     1. Choose **Custom SSL certificate**.

     1. Select the certificate to use from the list.

1. Choose **Add domain**.
**Note**  
It can take up to 24 hours for the DNS to propagate and to issue the certificate. For help with resolving errors that occur, see [Troubleshooting custom domains](custom-domain-troubleshoot-guide.md).

# Adding a custom domain managed by a third-party DNS provider
<a name="to-add-a-custom-domain-managed-by-a-third-party-dns-provider"></a>

If you are not using Amazon Route 53 to manage your domain, you can add a custom domain managed by a third-party DNS provider to your app deployed with Amplify.

If you are using GoDaddy, see [Updating DNS records for a domain managed by GoDaddy](to-add-a-custom-domain-managed-by-godaddy.md) for instructions specific to this provider.

**To add a custom domain managed by a third-party DNS provider**

1. Sign in to the AWS Management Console and open the [Amplify console](https://console.aws.amazon.com/amplify/).

1. Choose your app that you want to add a custom domain to.

1. In the navigation pane, choose **Hosting**, **Custom domains**.

1. On the **Custom domains** page, choose **Add domain**.

1. Enter the name of your root domain. For example, if the name of your domain is **https://example.com**, enter **example.com**.

1. Amplify detects that you are not using a Route 53 domain and gives you the option to create a hosted zone in Route 53.
   + To create a hosted zone in Route 53

     1. Choose **Create hosted zone on Route 53**.

     1. Choose **Configure domain**.

     1. Hosted zone name servers are displayed in the console. Go to your DNS provider's website and add the name servers to your DNS settings.

     1. Select **I have added the above name servers to my domain registry**.

     1. Proceed to step seven.
   + To continue with manual configuration

     1. Choose **Manual configuration**

     1. Choose **Configure domain**.

     1. Proceed to step seven.

1. By default, Amplify automatically creates two subdomain entries for your domain. For example, if your domain name is **example.com**, you will see the subdomains **https://www.example.com** and **https://example.com** with a redirect set up from the root domain to the **www** subdomain. 

   (Optional) You can modify the default configuration if you want to add subdomains only. To change the default configuration, choose **Rewrites and redirects** from the navigation pane and configure your domain.

1. Choose the SSL/TLS certificate to use. You can either use the default managed certificate that Amplify provisions for you, or a custom third-party certificate that you have imported into AWS Certificate Manager.
   + Use the default Amplify managed certificate.

     1. Choose **Amplify managed certificate**.
   + Use a custom third-party certificate.

     1. Choose **Custom SSL certificate**.

     1. Select the certificate to use from the list.

1. Choose **Add domain**.

1. If you chose **Create hosted zone on Route 53** in step six, proceed to step 15.

   If you chose **Manual configuration**, in step six, you must update your DNS records with your third-party domain provider. 

   On the **Actions** menu, choose **View DNS records**. The following screenshot shows the DNS records displayed in the console.  
![\[The DNS records displayed in the Amplify console.\]](http://docs.aws.amazon.com/amplify/latest/userguide/images/amplify-customdomains-DNSRecords.png)

1. Do one of the following: 
   + If you're using GoDaddy, go to [Updating DNS records for a domain managed by GoDaddy](to-add-a-custom-domain-managed-by-godaddy.md).
   + If you're using a different third-party DNS provider, go to the next step in this procedure. 

1. Go to your DNS provider's website, log in to your account, and locate the DNS management settings for your domain. You will configure two CNAME records.

1. Configure the first CNAME record to point your subdomain to the AWS validation server.

   If the Amplify console displays a DNS record for verifying ownership of your subdomain such as **\$1c3e2d7eaf1e656b73f46cd6980fdc0e.example.com**, enter only ** \$1c3e2d7eaf1e656b73f46cd6980fdc0e** for the CNAME record subdomain name.

   The following screenshot shows the location of the verification record to use.  
![\[The DNS records section in the Amplify console with the Hostname verification record circled.\]](http://docs.aws.amazon.com/amplify/latest/userguide/images/amplify-customdomains-DNS-verification-1.png)

   If the the Amplify console displays an ACM validation server record such as **\$1cjhwou20vhu2exampleuw20vuyb2ovb9.j9s73ucn9vy.acm-validations.aws**, enter **\$1cjhwou20vhu2exampleuw20vuyb2ovb9.j9s73ucn9vy.acm-validations.aws** for the CNAME record value.

   The following screenshot shows the location of the ACM verification record to use.  
![\[The DNS records in the Amplify console, including the ACM verification record.\]](http://docs.aws.amazon.com/amplify/latest/userguide/images/amplify-customdomains-DNS-verification2.png)

   Amplify uses this information to verify ownership of your domain and generate an SSL/TLS certificate for your domain. Once Amplify validates ownership of your domain, all traffic will be served using HTTPS/2.
**Note**  
The default Amplify certificate generated by AWS Certificate Manager (ACM) is valid for 13 months and renews automatically as long as your app is hosted with Amplify. Amplify can't renew the certificate if the CNAME verification record has been modified or deleted. You must delete and add the domain again in the Amplify console.
**Important**  
It is important that you perform this step soon after adding your custom domain in the Amplify console. The AWS Certificate Manager (ACM) immediately starts attempting to verify ownership. Over time, the checks become less frequent. If you add or update your CNAME records a few hours after you create your app, this can cause your app to get stuck in the pending verification state.

1. Configure a second CNAME record to point your subdomains to the Amplify domain. For example, if your subdomain is **www.example.com**, enter **www** for the subdomain name.

   If the Amplify console displays the domain for your app as **d111111abcdef8.cloudfront.net**, enter **d111111abcdef8.cloudfront.net** for the Amplify domain.

   If you have production traffic, we recommended you update this CNAME record after your domain status shows as **AVAILABLE** in the Amplify console.

   The following screenshot shows the location of the domain name record to use.  
![\[The DNS records in the Amplify console, including the domain name record.\]](http://docs.aws.amazon.com/amplify/latest/userguide/images/amplify-customdomains-DNS-verification3.png)

1. Configure the ANAME/ALIAS record to point to the root domain of your app (for example **https://example.com**). An ANAME record points the root of your domain to a hostname. If you have production traffic, we recommended that you update your ANAME record after your domain status shows as **AVAILABLE** in the console. For DNS providers that don't have ANAME/ALIAS support, we strongly recommend migrating your DNS to Route 53. For more information, see [Configuring Amazon Route 53 as your DNS service](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring.html).

**Note**  
Verification of domain ownership and DNS propagation for third-party domains can take up to 48 hours. For help resolving errors that occur, see [Troubleshooting custom domains](custom-domain-troubleshoot-guide.md). 

# Updating DNS records for a domain managed by GoDaddy
<a name="to-add-a-custom-domain-managed-by-godaddy"></a>

If GoDaddy is your DNS provider, use the following instructions to update your DNS records in the GoDaddy UI to finish connecting your Amplify app to your GoDaddy domain.

**To add a custom domain managed by GoDaddy**

1. Before you can update your DNS records with GoDaddy, complete steps one through nine of the procedure [Adding a custom domain managed by a third-party DNS provider](to-add-a-custom-domain-managed-by-a-third-party-dns-provider.md).

1. Log in to your GoDaddy account.

1. In your list of domains, find the domain to add and choose **Manage DNS**.

1. On the **DNS ** page, GoDaddy displays a list of records for your domain in the **DNS Records** section. You need to add two new CNAME records.

1. Create the first CNAME record to point your subdomains to the Amplify domain.

   1. In the **DNS Records** section, choose **Add New Record**.

   1. For **Type**, choose **CNAME**.

   1. For **Name**, enter only the subdomain. For example, if your subdomain is **www.example.com**, enter **www** for **Name**.

   1. For **Value**, look at your DNS records in the Amplify console and then enter the value. If the Amplify console displays the domain for your app as **d111111abcdef8.cloudfront.net**, enter **d111111abcdef8.cloudfront.net** for **Value**.

      The following screenshot shows the location of the domain name record to use.  
![\[The DNS records in the Amplify console, including the domain name record.\]](http://docs.aws.amazon.com/amplify/latest/userguide/images/amplify-customdomains-DNS-verification3.png)

   1. Choose **Save**.

1. Create the second CNAME record to point to the AWS Certificate Manager (ACM) validation server. A single validated ACM generates an SSL/TLS certificate for your domain.

   1. For **Type**, choose **CNAME**.

   1. For **Name**, enter the subdomain.

      For example, if the DNS record in the Amplify console for verifying ownership of your subdomain is **\$1c3e2d7eaf1e656b73f46cd6980fdc0e.example.com**, enter only **\$1c3e2d7eaf1e656b73f46cd6980fdc0e** for **Name**.

      The following screenshot shows the location of the verification record to use.  
![\[The DNS records section in the Amplify console with the Hostname verification record circled\]](http://docs.aws.amazon.com/amplify/latest/userguide/images/amplify-customdomains-DNS-verification-1.png)

   1. For **Value**, enter the ACM validation certificate.

      For example, if the validation server is **\$1cjhwou20vhu2exampleuw20vuyb2ovb9.j9s73ucn9vy.acm-validations.aws**, enter **\$1cjhwou20vhu2exampleuw20vuyb2ovb9.j9s73ucn9vy.acm-validations.aws** for **Value**.

      The following screenshot shows the location of the ACM verification record to use.  
![\[The DNS records in the Amplify console, including the ACM verification record.\]](http://docs.aws.amazon.com/amplify/latest/userguide/images/amplify-customdomains-DNS-verification2.png)

   1. Choose **Save**.
**Note**  
The default Amplify certificate generated by AWS Certificate Manager (ACM) is valid for 13 months and renews automatically as long as your app is hosted with Amplify. Amplify can't renew the certificate if the CNAME verification record has been modified or deleted. You must delete and add the domain again in the Amplify console.

1. This step is not required for subdomains. GoDaddy doesn’t support ANAME/ALIAS records. For DNS providers that do not have ANAME/ALIAS support, we strongly recommend migrating your DNS to Amazon Route 53. For more information, see [Configuring Amazon Route 53 as your DNS service](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring.html).

   If you want to keep GoDaddy as your provider and update the root domain, add **Forwarding** and set up a domain forward:

   1. On the **DNS** page, locate the menu at the top of the page and choose **Forwarding**.

   1. In the **Domain** section, choose **Add Forwarding**.

   1. Choose **http://**, and then enter the name of your subdomain to forward to (for example, **www.example.com**) for the **Destination URL**.

   1. For **Forward Type**, choose **Temporary (302)**. 

   1. Choose, **Save**.

# Updating the SSL/TLS certificate for a domain
<a name="to-update-certificate"></a>

You can change the SSL/TLS certificate that is in use for a domain at any time. For example, you can change from using a managed certificate to using a custom certificate. This is helpful if you want to manage the certificate and its expiration notifications. You can also change the custom certificate that is in use for the domain. Making changes to the SSL certificate won't incur any downtime for your active domain. For more information about certificates, see [Using SSL/TLS certificates](using-certificates.md).

Use the following procedure to update the type of certificate or the custom certificate that is in use for a domain.

**To update a domain's certificate**

1. Sign in to the AWS Management Console and open the [Amplify console](https://console.aws.amazon.com/amplify/).

1. Choose your app that you want to update.

1. In the navigation pane, choose **Hosting**, **Custom domains**.

1. On the **Custom domains** page, choose **Domain configuration**.

1. On the details page for your domain, locate the **Custom SSL certificate** section. The procedure for updating your certificate varies depending on the type of change you want to make.
   + To change from a custom certificate to the default Amplify managed certificate

     1. Choose **Amplify managed certificate**.
   + To change from a managed certificate to a custom certificate

     1. Choose **Custom SSL certificate**.

     1. Select the certificate to use from the list.
   + To change a custom certificate to a different custom certificate

     1. For **Custom SSL certificate**, select the new certificate to use from the list.

1. Choose **Save**. The status details for the domain will indicate that Amplify has initiated the SSL creation process for a managed certificate or the configuration process for a custom certificate.

# Managing subdomains
<a name="to-manage-subdomains"></a>

A subdomain is the part of your URL that appears before your domain name. For example, **www** is the subdomain of **www.amazon.com** and **aws** is the subdomain of **aws.amazon.com**. If you already have a production website, you might want to only connect a subdomain. Subdomains can also be multilevel, for example **beta.alpha.example.com** has the multilevel subdomain **beta.alpha**.

## To add a subdomain only
<a name="to-add-a-subdomain-only"></a>

1. Sign in to the AWS Management Console and open the [Amplify console](https://console.aws.amazon.com/amplify/).

1. Choose your app that you want to add a subdomain to.

1. In the navigation pane, choose **Hosting**, and then choose **Custom domains**.

1. On the **Custom domains** page, choose **Add domain**.

1. Enter the name of your root domain and then choose **Configure domain**. For example, if the name of your domain is **https://example.com**, enter **example.com**.

1. Choose **Exclude root** and modify the name of the subdomain. For example if the domain is **example.com** you can modify it to only add the subdomain **alpha**.

1. Choose **Add domain**.

## To add a multilevel subdomain
<a name="to-add-a-multi-level-subdomain"></a>

1. Sign in to the AWS Management Console and open the [Amplify console](https://console.aws.amazon.com/amplify/).

1. Choose your app that you want to add a multilevel subdomain to.

1. In the navigation pane, choose **Hosting**, and then choose **Custom domains**.

1. On the **Custom domains** page, choose **Add domain**.

1. Enter the name of a domain with a subdomain, choose **Exclude root**, and modify the subdomain to add a new level.

   For example, if you have a domain called **alpha.example.com** and you want to create a multilevel subdomain **beta.alpha.example.com**, you would enter **beta** as the subdomain value.

1. Choose **Add domain**.

## To add or edit a subdomain
<a name="to-add-or-edit-a-subdomain"></a>

After adding a custom domain to an app, you can edit an existing subdomain or add a new subdomain.

1. Sign in to the AWS Management Console and open the [Amplify console](https://console.aws.amazon.com/amplify/).

1. Choose your app that you want to manage subdomains for.

1. In the navigation pane, choose **Hosting**, and then choose **Custom domains**.

1. On the **Custom domains** page, choose **Domain configuration**.

1. In the **Subdomains** section, you can edit your existing subdomains as needed. 

1. (Optional) To add a new subdomain, choose **Add new**. 

1. Choose **Save**.

# Setting up wildcard subdomains
<a name="wildcard-subdomain-support"></a>

Amplify Hosting now supports wildcard subdomains. A wildcard subdomain is a catch-all subdomain that enables you to point existing and non-existing subdomains to a specific branch of your application. When you use a wildcard to associate all subdomains in an app to a specific branch, you can serve the same content to your app's users in any subdomain and avoid configuring each subdomain individually.

To create a wildcard subdomain, specify an asterisk (\$1) as the subdomain name. For example, if you specify the wildcard subdomain `*.example.com` for a specific branch of your app, any URL that ends with example.com will be routed to the branch. In this case, requests for `dev.example.com` and `prod.example.com` will be routed to the `*.example.com` subdomain.

Note that Amplify supports wildcard subdomains only for a custom domain. You can't use this feature with the default `amplifyapp.com` domain.

The following requirements apply to wildcard subdomains:
+ The subdomain name must be specified with an asterisk (\$1) only.
+ You can't use a wildcard to replace part of a subdomain name, like this: \$1domain.example.com.
+ You can't replace a subdomain in the middle of a domain name, like this: subdomain.\$1.example.com.
+ By default, all Amplify provisioned certificates cover all subdomains for a custom domain.

## To add or delete a wildcard subdomain
<a name="to-add-or-edit-a-wildcard-subdomain"></a>

After adding a custom domain to an app, you can add a wildcard subdomain for an app branch.

1. Sign in to the AWS Management Console and open the [Amplify Hosting console](https://console.aws.amazon.com/amplify/).

1. Choose your app that you want to manage wildcard subdomains for.

1. In the navigation pane, choose **Hosting**, and then choose **Custom domains**.

1. On the **Custom domains** page, choose **Domain configuration**.

1. In the **Subdomains** section, you can add or delete wildcard subdomains.
   + To add a new wildcard subdomain

     1. Choose **Add new**.

     1. For the subdomain, enter an **\$1**.

     1. For your app branch, select a branch name from the list.

     1. Choose **Save**. 
   + To delete a wildcard subdomain

     1. Choose **Remove** next to the subdomain name. Traffic to a subdomain that is not explicitly configured stops, and Amplify Hosting returns a 404 status code to those requests.

     1. Choose **Save**.

# Setting up automatic subdomains for an Amazon Route 53 custom domain
<a name="to-set-up-automatic-subdomains-for-a-Route-53-custom-domain"></a>

After an app is connected to a custom domain in Route 53, Amplify enables you to automatically create subdomains for newly connected branches. For example, if you connect your **dev** branch, Amplify can automatically create **dev.exampledomain.com**. When you delete a branch, any associated subdomains are automatically deleted. 

**To set up automatic subdomain creation for newly connected branches**

1. Sign in to the AWS Management Console and open the [Amplify console](https://console.aws.amazon.com/amplify/).

1. Choose an app that is connected to a custom domain managed in Route 53.

1. In the navigation pane, choose **Hosting**, and then choose **Custom domains**.

1. On the **Custom domains** page, choose **Domain configuration**.

1. In the **Automatic subdomain creation** section, turn on the feature.

**Note**  
This feature is available only for root domains, for example, **exampledomain.com**. The Amplify console doesn't display this check box if your domain is already a subdomain, such as ** dev.exampledomain.com**.

## Web previews with subdomains
<a name="web-previews-on-subdomains"></a>

After you enable **Automatic subdomain creation** using the preceding instructions, your app’s pull request web previews will also be accessible with automatically created subdomains. When a pull request is closed, the associated branch and subdomain are automatically deleted. For more information on setting up web previews for pull requests, see [Web previews for pull requests](pr-previews.md).

# Troubleshooting custom domains
<a name="custom-domain-troubleshoot-guide"></a>

If you encounter issues when adding a custom domain to an app in the AWS Amplify console, consult [Troubleshooting custom domains](troubleshooting-custom-domains.md) in the Amplify troubleshooting chapter. If you don't see a solution to your issue there, contact Support. For more information, see [Creating a support case](https://docs.aws.amazon.com/awssupport/latest/user/case-management.html#creating-a-support-case) in the *AWS Support User Guide*.