NoSuchDistribution
AWS NoSuchDistribution means the specified CloudFront distribution does not exist in the current account scope (HTTP 404).
Last reviewed: March 3, 2026|Editorial standard: source-backed technical guidance
What Does No Such Distribution Mean?
CloudFront could not locate the distribution ID in the current account context, so read/update/delete operations fail until distribution identity mapping is corrected.
Common Causes
- -Distribution ID is mistyped, stale, or from a different AWS account.
- -Automation references distribution removed or replaced during migration.
- -Delete/disable workflow completed and dependent jobs still target old ID.
- -State/config caches lag behind current CloudFront distribution inventory.
How to Fix No Such Distribution
- 1Resolve distribution ID from live CloudFront inventory before mutation calls.
- 2Verify caller account context and permissions for target distribution ownership.
- 3Update IaC/runtime config to current distribution ID after replacements.
- 4Retry only after confirming target distribution exists in current account context.
Step-by-Step Diagnosis for No Such Distribution
- 1Capture failing distribution ID, request ID, and caller account from logs.
- 2Correlate create/delete/update timelines with CloudTrail event history.
- 3Diff expected distribution mapping against current CloudFront API list output.
- 4Check deployment rollback or replacement logic for stale ID propagation.
Distribution ID and Account Scope Checks
- -Validate distribution ID against live CloudFront inventory for the same account (example: ID belongs to another account environment).
- -Verify auth context used by automation (example: assumed role targets tooling account, not delivery account that owns distribution).
Lifecycle Replacement and Drift Detection
- -Correlate NoSuchDistribution events with create/delete replacement windows (example: cleanup removed old distribution before consumers switched IDs).
- -Diff IaC outputs and runtime config references (example: service still caches retired distribution ID after cutover).
How to Verify the Fix
- -Call
GetDistributionfor the target ID and confirm CloudFront returns config and ETag. - -Replay the failed CloudFront operation and confirm NoSuchDistribution is resolved.
- -Validate deployment logs no longer reference retired distribution IDs.
How to Prevent Recurrence
- -Distribute distribution IDs from a signed environment manifest instead of static config.
- -Add pre-operation existence checks for distribution IDs in CloudFront automation paths.
- -Enforce atomic config updates so consumers switch IDs before old distributions are removed.
Pro Tip
- -publish a signed distribution-ID manifest per environment and require consumers to refresh from that manifest before executing CloudFront mutations.
Decision Support
Compare Guide
403 Forbidden vs 404 Not Found: When to Hide Resources
Use 403 for explicit access denial, or 404 to conceal resource existence when security policy requires reducing endpoint and object enumeration risk.
Compare Guide
404 Not Found vs 410 Gone: Missing vs Permanent Removal
Learn when to return 404 (missing or temporary absence) versus 410 (intentional permanent removal), including redirect and cache implications.
Playbook
Resource State Playbook (404 / 410 / ResourceNotFound)
Use this playbook to separate temporary missing-resource lookups from permanent removals, then fix scope, lifecycle, and identifier drift safely.
Official References
Provider Context
This guidance is specific to AWS services. Always validate implementation details against official provider documentation before deploying to production.