Set up the target standard distribution or distribution tenant

Request a TLS certificate. This certificate includes the alternate domain name as the Subject or Subject Alternative Domain (SAN), or a wildcard (*) that covers the alternate domain name that you’re moving. If you don’t have one, you can request one from Amazon Certificate Manager (ACM) or from another certificate authority (CA) and import it into ACM.

For more information, see Request a public certificate using the console and Import a certificate in the Amazon Certificate Manager in the Amazon Certificate Manager User Guide.

If you haven’t created the target standard distribution, create one now. As part of creating the standard distribution, associate the certificate with this standard distribution. For more information, see Create a distribution.

If you already have a target standard distribution, associate the certificate with the standard distribution. For more information, see Update a distribution.

If you’re moving alternate domain names within the same Amazon Web Services account, skip this step.

To move an alternate domain name from one Amazon Web Services account to another, you must create a TXT record in your DNS configuration. This verification step helps prevent unauthorized domain transfers. CloudFront uses this TXT record to validate your ownership of the alternate domain name.

In your DNS configuration, create a DNS TXT record that associates the alternate domain name with the target standard distribution. The TXT record format can vary, depending on the domain type.

Request a TLS certificate. This certificate includes the alternate domain name as the Subject or Subject Alternative Domain (SAN), or a wildcard (*) that covers the alternate domain name that you’re moving. If you don’t have one, you can request one from Amazon Certificate Manager (ACM) or from another certificate authority (CA) and import it into ACM.

For more information, see Request a public certificate using the console and Import a certificate in the Amazon Certificate Manager in the Amazon Certificate Manager User Guide.

If you haven’t created the target distribution tenant, create one now. As part of creating the distribution tenant, associate the certificate with the distribution tenant. For more information, see Create a distribution.

If you already have a target distribution tenant, associate the certificate with the distribution tenant. For more information, see Add a domain and certificate (distribution tenant).

If you’re moving alternate domain names within the same Amazon Web Services account, skip this step.

To move an alternate domain name from one Amazon Web Services account to another, you must create a TXT record in your DNS configuration. This verification step helps prevent unauthorized domain transfers, and CloudFront uses this TXT record to validate your ownership of the alternate domain name.

In your DNS configuration, create a DNS TXT record that associates the alternate domain name with the target distribution tenant. The TXT record format can vary, depending on the domain type.