How can I dynamically add and remove domains (root domains and subdomains) from a CloudFront distribution without creating new ACM certificate for all the domains each time there's a change with the domains I want to allow CloudFront to serve?
Is there maybe a way to move the logic of the allowed domains away from CloudFront to some other service where it'd be easier to manage such use case? I don't even mind allowing all domains on the internet to point to my CloudFront distribution, because due to the nature of my web app any unapproved domains would already be block from serving any content and would only be able to serve an error page of the app.
Right now I'm just trying to understand how to do it from the AWS dashboard and after I figure it out I'll try to do the same actions programmatically, so for now I'm just looking for help with the logical part of the issue, not with coding the solution :)
