diff --git a/bosh_aws_bootstrap/lib/bosh_aws_bootstrap/aws_config.rb b/bosh_aws_bootstrap/lib/bosh_aws_bootstrap/aws_config.rb
index b2013bf2438..c46901871c4 100644
--- a/bosh_aws_bootstrap/lib/bosh_aws_bootstrap/aws_config.rb
+++ b/bosh_aws_bootstrap/lib/bosh_aws_bootstrap/aws_config.rb
@@ -28,6 +28,13 @@ def aws_access_key_id
         fetch_from_env("BOSH_AWS_ACCESS_KEY_ID")
       end
 
+      def vpc_domain
+        domain = @env.fetch("BOSH_VPC_DOMAIN", "cf-app.com")
+        subdomain = vpc_subdomain
+
+        "#{subdomain}.#{domain}"
+      end
+
       def vpc_subdomain
         fetch_from_env("BOSH_VPC_SUBDOMAIN")
       end
diff --git a/bosh_aws_bootstrap/spec/unit/aws_config_spec.rb b/bosh_aws_bootstrap/spec/unit/aws_config_spec.rb
index 1737e847f80..94a70da39fc 100644
--- a/bosh_aws_bootstrap/spec/unit/aws_config_spec.rb
+++ b/bosh_aws_bootstrap/spec/unit/aws_config_spec.rb
@@ -143,6 +143,20 @@ def it_needs_env(key)
       end
     end
 
+    context "when the domain name is set" do
+      it "loads the domain name" do
+        environment["BOSH_VPC_DOMAIN"] = "domain"
+
+        configuration['vpc']['domain'].should == "burritos.domain"
+      end
+    end
+
+    context "when the domain name is not set" do
+      it "loads the default domain name" do
+        configuration['vpc']['domain'].should == "burritos.cf-app.com"
+      end
+    end
+
     context "when the ssl cert file name is set" do
       it "loads the ssh cert file name" do
         environment["BOSH_SSL_CERT"] = "ssl_cert"
diff --git a/bosh_aws_bootstrap/templates/aws_configuration_template.yml.erb b/bosh_aws_bootstrap/templates/aws_configuration_template.yml.erb
index dc47d158c4f..098281edccb 100644
--- a/bosh_aws_bootstrap/templates/aws_configuration_template.yml.erb
+++ b/bosh_aws_bootstrap/templates/aws_configuration_template.yml.erb
@@ -5,7 +5,7 @@ aws:
   region: us-east-1
 name: <%= vpc_subdomain %>
 vpc:
-  domain: <%= ENV["BOSH_VPC_SUBDOMAIN"] %>.cf-app.com
+  domain: <%= vpc_domain %>
   instance_tenancy: default
   cidr: 10.10.0.0/16
   subnets:
diff --git a/spec/external/aws_bootstrap_spec.rb b/spec/external/aws_bootstrap_spec.rb
index 74d340e95ae..0669d820904 100644
--- a/spec/external/aws_bootstrap_spec.rb
+++ b/spec/external/aws_bootstrap_spec.rb
@@ -77,7 +77,7 @@
     it "associates route tables with subnets" do
       bosh_routes = bosh_subnet.route_table.routes
       bosh_default_route = bosh_routes.detect { |route| route.destination_cidr_block == "0.0.0.0/0" }
-      bosh_default_route.target.id.should match /igw/
+      bosh_default_route.target.id.should match(/igw/)
       bosh_local_route = bosh_routes.detect { |route| route.destination_cidr_block == "10.10.0.0/16" }
       bosh_local_route.target.id.should == "local"
 
@@ -167,8 +167,9 @@
       load_balancer.subnets.should == [bosh_subnet]
       load_balancer.security_groups.map(&:name).should == ["web"]
 
-      hosted_zone = route53.hosted_zones.detect { |hosted_zone| hosted_zone.name == "#{ENV["BOSH_VPC_SUBDOMAIN"]}.cf-app.com." }
-      record_set = hosted_zone.resource_record_sets["\\052.#{ENV["BOSH_VPC_SUBDOMAIN"]}.cf-app.com.", 'CNAME'] # E.g. "*.midway.cf-app.com."
+      config = Bosh::Aws::AwsConfig.new(aws_configuration_template)
+      hosted_zone = route53.hosted_zones.detect { |zone| zone.name == "#{config.vpc_domain}." }
+      record_set = hosted_zone.resource_record_sets["\\052.#{config.vpc_domain}.", 'CNAME'] # E.g. "*.midway.cf-app.com."
       record_set.should_not be_nil
       record_set.resource_records.first[:value] == load_balancer.dns_name
       record_set.ttl.should == 60