Getting Partial AWS Account IDs for any Cloudfront Website
Yesterday Amazon released a new Cloudfront API that returns partial AWS account ids and Cloudfront distribution ids associated with some given domain name, to help you determine which of your own AWS accounts serves traffic for that domain.
In Cloudfront, a domain alias can only be associated with a single distribution globally across all AWS accounts, and for companies that have a lot of assets it can be difficult to track down which account owns a given domain - this API helps solve that problem. Of course it would be problematic if we could lookup account ids (even partial ones) for arbitrary websites, so to help protect against this information leakage Amazon requires you to have a valid TLS certificate for the domain name you want to query. This is called out in their documentation:
To list conflicting aliases, you provide the alias to search and the ID of a distribution in your account that has an attached SSL/TLS certificate that includes the provided alias.
