使用默认查看器证书创建 AWS 分配会导致 InvalidViewerCertificate

Creating AWS Distribution With Default Viewer Certificate Results in InvalidViewerCertificate

我正在尝试通过 API 创建新的 AWS Distribution,我在其中设置:

    "ViewerCertificate": {
        "CloudFrontDefaultCertificate": true

这应该使用默认的 CF 证书,但结果我收到了这个错误:

To add an alternate domain name (CNAME) to a CloudFront distribution, you must attach a trusted certificate that validates your authorization to use the domain name.

"DistributionConfig": {
    "Aliases": {
        "Quantity": 2,
        "Items": ["www.xxyz.com", "xyz.com"]
    "DefaultRootObject": "",
    "Origins": {
        "Quantity": 1,
        "Items": [{
            "Id": "RJMn5FUTvrqoh-cloudfrontxyz.com",
            "DomainName": "chzsgor80ynsme.xyz.com",
            "OriginPath": "",
            "CustomHeaders": {
                "Quantity": 0
            "CustomOriginConfig": {
                "HTTPPort": 80,
                "HTTPSPort": 443,
                "OriginProtocolPolicy": "http-only",
                "OriginSslProtocols": {
                    "Quantity": 4,
                    "Items": ["SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"]
    "DefaultCacheBehavior": {
        "TargetOriginId": "RJMn5FUTvrqoh-cloudfrontxyz.com",
        "ForwardedValues": {
            "QueryString": true,
            "Cookies": {
                "Forward": "all"
            "Headers": {
                "Quantity": 1,
                "Items": ["Host"]
        "TrustedSigners": {
            "Enabled": false,
            "Quantity": 0
        "ViewerProtocolPolicy": "allow-all",
        "AllowedMethods": {
            "Quantity": 7,
            "Items": ["HEAD", "DELETE", "POST", "GET", "OPTIONS", "PUT", "PATCH"],
            "CachedMethods": {
                "Quantity": 2,
                "Items": ["HEAD", "GET"]
        "SmoothStreaming": false,
        "MinTTL": 0,
        "DefaultTTL": 3600,
        "MaxTTL": 31536000,
        "Compress": false
    "CacheBehaviors": {
        "Quantity": 0
    "CustomErrorResponses": {
        "Quantity": 0
    "Comment": "",
    "Logging": {
        "Enabled": false,
        "Bucket": "",
        "Prefix": "",
        "IncludeCookies": true
    "Enabled": true,
    "PriceClass": "PriceClass_100",
    "ViewerCertificate": {
        "CloudFrontDefaultCertificate": true
    "Restrictions": {
        "GeoRestriction": {
            "RestrictionType": "none",
            "Quantity": 0
    "WebACLId": "",
    "CallerReference": "xyz-1555690298"


几周前这确实奏效了,但有些事情可能发生了变化。 或者,默认证书允许的分发量可能有限制?


我认为这是因为 CloudFront 最近的公告:


由于您要添加 CNAME: "Aliases":{ "Quantity": 2, "Items": ["www.xxyz.com", "xyz.com"] }