Table of Contents

The Error

Error creating CloudFront Distribution: CNAMEAlreadyExists

What Causes This

Another CloudFront distribution (possibly in a different AWS account) is already using this CNAME/alternate domain name. CloudFront CNAMEs must be globally unique across all AWS accounts.

How to Fix It

Solution 1: Find the Conflicting Distribution

# Check if the domain is associated with any distribution in your account
aws cloudfront list-distributions \
  --query "DistributionList.Items[?contains(Aliases.Items, 'www.example.com')].[Id,DomainName,Aliases.Items]" \
  --output table

Solution 2: Remove CNAME from Old Distribution

# If the old distribution is in your account, remove the CNAME first
aws cloudfront get-distribution-config --id E1234567890 > dist-config.json
# Edit the Aliases section to remove the conflicting CNAME
aws cloudfront update-distribution --id E1234567890 \
  --distribution-config file://dist-config.json \
  --if-match ETAG_HERE

Solution 3: Cross-Account Conflict

# If the CNAME is in another AWS account you control:
# 1. Remove it from the old account's distribution
# 2. Wait a few minutes for propagation
# 3. Apply in the new account

# If you don't control the other account:
# Contact AWS Support to resolve the CNAME conflict

Solution 4: Use Separate Domain

resource "aws_cloudfront_distribution" "cdn" {
  aliases = ["cdn.example.com"]  # Use a different subdomain
  # ...
}

Prevention Tips

  1. Pin provider versions — avoid surprise breaking changes
  2. Use CI/CD — catch errors before they hit production
  3. Test with terraform plan — always review before applying
  4. Keep Terraform updated — newer versions have better error messages
  5. Use terraform validate — catches syntax errors early

Hands-On Courses

Learn to avoid these errors with interactive, project-based courses:

Conclusion

This error is common and fixable. Follow the solutions above, and check our Terraform course for hands-on training that covers real-world troubleshooting scenarios.