keeping track of digital experience
AWS Cognito: More Fun with Custom Domains
Harien 22 Feb 2019 3 minutes

In my last post, I discussed an issue I faced white setting up a custom domain in Amazon Cognito and how I solved it. Here is another one.

It is about re-creating an existing User Pool that has a custom domain name mapped. The same situation applies when deleting a custom domain of a User Pool and re-assigning it.

Some background…

I created a User Pool to try out Cognito and mapped a custom domain name to it. After a couple of days of hacking, I need to reset the pool. I thought the best way to go about doing it is to delete and re-create it.

Re-create User Pool

Deleting is simple enough and so as creating a new one.

However, when I tried to assign the same custom domain name that I had previously assigned, it gave me the following error:

There already exists a CloudFront Distribution with the specified 
domain name, please delete that and try again

My first impression was that even through the User Pool was deleted successfully, it might take a while to delete he CloudFront distribution, which must have been scheduled to delete asynchronously.

So, I gave it a couple of hours, but still the same - damn!

The CloudFront distribution created automatically by Cognito is not listed under your account. So there’s no way to check whether it was properly deleted or not.


Having seen this thread on AWS Forums, I got the impression that it is somewhat commmon. Several individuals have ended up with the same error doing slightly different things.

Luckily, somebody has mentioned the cause at the end.


After assigning a custom domain name for an Identity Pool, a CNAME record should be added to the DNS to point the custom domain to the CloudFront distribution. During deletion, everything gets cleaned up except for this record, even though the record is in Route 53 of the same account. Probably because it is something created manually.

I completely forgot about this record and the error did not give me enough clues to make my dumb self think that it is caused by an existing DNS record, not by the distribution itself.