I have an app that lets users set up custom domains for their static websites. My current flow routes requests from customdomain.app to Lambda Edge, which queries the database for the correct file path, then goes through CloudFront to an S3 bucket. The issue is that I can't use SSL certificates for multiple custom domains because CloudFront only allows one certificate per distribution.
Right now, I have a CloudFront distribution for my app, where I've successfully set up an SSL certificate for wildcard *.myapp.app. This lets me serve files through app-generated URLs (like custom.myapp.app), but I'm struggling with how to manage multiple user domains. I've tried several approaches:
1. Using Cloudflare on top of CloudFront, asking users to set a CNAME record to proxy.myapp.app, which didn't work because CNAME to CNAME isn't allowed on Cloudflare.
2. Asking users to point their CNAME directly to my CloudFront URL, which also failed because of the missing SSL certificate for those custom domains.
What should I do next? Should I set up a separate Nginx server to manage custom domains with HTTPS in front of CloudFront? Or is it better to create multiple CloudFront distributions for each user? Maybe I could modify the ACM certificate to include user domains as they're requested? I'm open to suggestions.
If anything isn't clear, let me know! I know I could request a quota increase for AWS services, but I'm really looking to find a solution that works structurally for this situation.
2 Answers
I faced a similar situation. I ended up using Cloudflare for SSL termination, routing traffic to a single CloudFront URL. Just need to train users on how to correctly set their A or CNAME records. If you're managing domains, I recommend looking into Dynadot; they have a clean API for easy management.
Yeah, definitely consider alternatives like Caddy or Nginx if you want someone to manage SSL for you. Just make sure you get familiar with server management!
Have you checked out the new CloudFront SaaS manager feature? It might be just the thing you need. Here's a link to the announcement: https://aws.amazon.com/blogs/aws/reduce-your-operational-overhead-today-with-amazon-cloudfront-saas-manager/. It could simplify your setup by handling multiple domains more efficiently!
That's interesting! I've also heard that Amplify Hosting used a model where each custom domain gets its own CloudFront distribution. If SaaS Manager can manage this for you, it might save you a lot of hassle!
Thanks for the info! I'm curious though, regarding CloudFront SaaS manager, do you know if there's a subscription fee for each tenant, or is it a flat rate?
Sounds like a solid plan! I've been looking into multiple options too, like Vercel's multi-tenant setup since I'm using Next.js. Let's see how it compares in terms of cost and ease!