Basic scenario for hijacking:

CNAME in context of CFN

Before diving into the details, it is important to clarify that a alternate domain name (CNAME) i*s not the same thing* as the authoritative DNS domain name or canonical name, also known as a CNAME. These two entries are related by nature of establishing a link between two different entities, but each entry is separate and distinct from each other. The alternate domain name (CNAME) on a distribution allows you to serve your content using a custom CNAME from your DNS records, such as, instead of the default domain that assigns, such as Only the CNAME from your authoritative DNS records actually controls where your domain’s traffic is pointed to and from which endpoint your traffic will be served to your end users.


Service type Remediation
The specified bucket does not exist
not vulnerable anymore (official statement){.tc-tiddlylink-external rel=“noopener noreferrer” target=“_blank”}, github issue)