AWS Cloud Front DNS Configuration?


I am trying to get my head around how one would configure CloudFront to serve up dynamic content from an EC2 backed origin, while using a custom SSL certificate.  

But my, I suppose bigger question is how CloudFront and DNS actually works.  Obviously the EC2 origin has it's own publicly routable IP and DNS (whether it be automatically, or manually assigned).  But how does the distribution work?  As far as I understand, the distribution is an abstraction, or logical unit of settings that are pushed out to the edge datacenters, which there are a bunch of, and each one needing its own publicly routable IP and DNS addresses.  

The DNS that Amazon generates for the distributions is something like  But how can this be served up to all of the edge locations?  IE one DNS can't resolve to multiple different IP addresses, can it?  I know you can have have many DNS's point to the same IP.  Also, if my above premise is correct, how do all these different edge datacenters have the same IP address?  

Ugghh, I am wondering all this so I know how to point some of our DNS records (that are not hosted by Route53) at a distribution and, to boot, use SSL.  I know there is documentation on this, but I have not been able to get it to work and I would like to know, logically how all this stuff ties together.

Thanks for any insight that you can offer.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shalom CarmelCTOCommented:
So let's get some terminology straight.
A DNS is not a name pointing to an IP address, but the service/server that does the pointing.
Route 53 is a DNS. NSone is a DNS. Godaddy has a DNS.
A DNS hosts zones. For simplicity's sake, a zone is equivalent to a domain.
Inside a zone there are records of different types. A records, CNAME records, MX records, TXT records etc. I think that records are what you call DNS.

A single record can resolve to multiple addresses.
An A record can return multiple answers.
A CNAME must return exactly one answer.
Some DNS can return answers based on criteria like geo location of the querying client, availability of the endpoint, or perceived latency from the client to the endpoints.
Cloudfront is a CDN. All CDN services will return different answers based at least on geo location and availability, so if you run nslookup to a cloudfront distribution from Los Angeles and from Istanbul you will get different answers.

So in your case, let's assume that you want to serve "" out of Cloudfront.
Step 1.
You associate "" with a cloudfront distribution, go to your DNS wherever that is, and create a CNAME from "" to the Cloudfront distribution name.
Congratulations, is now active and working.

Step 2.
Your distribution is already set up to serve secure content if you use the distribution name, but you want your own. You go and buy a certificate for "" , install it on Cloudfront and associate with your distribution.  I will not cover in detail the way to order a certificate, as this is not the subject here. Technically what happens is that the certificate you uploaded is replicated to all Cloudfront pops.
Congratulations, - secure is now active and working.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CnicNVAuthor Commented:
Ok thanks a lot for this useful information :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cloud Computing

From novice to tech pro — start learning today.