AWS cognito custom domain A record without actual targer

Question

I am trying to set cognito up with a custom domain. I have a registered domain name, hosted zone with route53. let's say mydomain.com. I also created certs for mydomain.com, *.mydomain.com in us-east-1 (N.Virginia) as document instructs. When I tried my domain, cognito gave me an error saying that I must have an A record. I tried creating an Alias A record. But I don't have an actual Target. I just was to use something like auth.mydomain.com for logging in. Since I couldn't make sense of an alias record I created a regular A record and set the target to a dummy ip 1.1.1.1, Since I read that the target isn't really relevant for cognito. At first it didn't work. But I thought that it's dns proportion thing and I tested it the next day and was able to add the domain to cognito.

My questions are:

1. Did I do right? Is it ok to set the A record to a dummy ip as long as my domain doesn't actually point to anything? Is it possible to remove it after the association with cognito?

2. Why did it only work after a day? Is this DNA caching/propogation time? Would that be the case with alias record? Or since alias is AWS aware it would be instant?

Thanks!

Answer 1

Generally speaking, your DNS should have an Apex (A) record pointing to something. If there's nothing yet, and although it is 100% not best practice, then yes, 1.1.1.1 will work (or anything, really).

Once you add your A record, head over to Amazon Certificate Manager to create your ACM certificate for your domain. Make sure your ACM certificate covers your subdomain, and verify it using DNS method. Verification takes about 5 minutes and once your certificate is verified, you'll be able to head over to the Cognito console to set up your custom domain using the certificate you just created.