Basic scenario for hijacking:

CNAME in context of CFN

Before diving into the details, it is important to clarify that a alternate domain name (CNAME) i*s not the same thing* as the authoritative DNS domain name or canonical name, also known as a CNAME. These two entries are related by nature of establishing a link between two different entities, but each entry is separate and distinct from each other. The alternate domain name (CNAME) on a distribution allows you to serve your content using a custom CNAME from your DNS records, such as www.example.com, instead of the default domain that assigns, such as d123456abcdef8.cloudfront.net. Only the CNAME from your authoritative DNS records actually controls where your domain’s traffic is pointed to and from which endpoint your traffic will be served to your end users.

Remediations

Service type Remediation
The specified bucket does not exist
not vulnerable anymore (official statement){.tc-tiddlylink-external rel=“noopener noreferrer” target=“_blank”}, github issue)

Resources