After researching a change to the way Google Search Console and Bing Webmaster tools can injest your all-important sitemaps, I have some good news and bad news.

The good news is that it is still possible to host your sitemap on external S3 buckets. The bad news is that you must set up a subdomain of your domain pointed as an Alternative Domain Name for your CloudFront distribution, and in order to do this you must go through domain verification with AWS.

  1. create a Cloudfront distribution to the S3 bucket where the sitemap lives (so, by presumption one would use the S3 uploader option of this gem)

  1. When you set up this Cloudfront distribution, you MUST set up an Alternative Domain name

Your alternative domain name must be a subdomain of your primary domain (

Then, AWS will make you set up a SSL cert for your alternative domain. I suggest using DNS verification here. In order to complete that step, you’ll add some verification records to your domain

You will be doing this all in a 2nd browser tab while in the 1st browser tab you will still be creating the CloudFront distribution. That’s because you must validate the domain first before you can create the distribution with the alternative domain name on it

it takes several minutes of course for AWS to validate.

Then, once you successfully create the distro, you see this:

Notice that I have created the CF distribution telling it my alternative domain name is

However, I still will not be able to set the subdomain record for until after I create this CloudFront distribution — that would be a Catch-2022 — because to create the DNS record I need its target.

  1. Now with the Cloudfront distribution I can create a CNAME record for assets1 in my domain that points to this Cloudfront distro
  2. Finally, back in GSC, you can now add the SSL-enabled asset subdomain.

I like this solution as it keeps the ability to outport the sitemaps to S3, which is nice for 12-factor/distributed apps, and also to have the sitemaps “hot”.

However, based on this research it is now clear to me that prior to about 2019 or 2020, Google + Bing used to allow you to use the S3 buckets directly onto the sitemaps.

If your websites still have GSC settings with S3 buckets, I suspect you are grandfathered into this feature. New websites do not appear to allow this in GSC.

The reason this is significant is that the setup steps involved in correctly getting that TLS/SSL cert onto the asset subdomain are not insignificant, which really just means more work for us I guess. But I agree now that you are correct with the right subdomain set up— as explained above— it is still possible to use sitemaps on S3 via a CNAME

By Jason

Leave a Reply

Your email address will not be published. Required fields are marked *