diff --git a/cdk/bin/opendata.ts b/cdk/bin/opendata.ts
index 5513487915..6f590c0723 100644
--- a/cdk/bin/opendata.ts
+++ b/cdk/bin/opendata.ts
@@ -16,6 +16,7 @@ import {CertificateStack} from "../lib/certificate-stack";
 import {BypassCdnStack} from "../lib/bypass-cdn-stack";
 import {MonitoringStack} from "../lib/monitoring-stack";
 import {LambdaStack} from "../lib/lambda-stack";
+import {DomainStack} from "../lib/domain-stack";
 import {CiTestStack} from "../lib/ci-test-stack";
 
 // load .env file, shared with docker setup
@@ -376,6 +377,7 @@ const prodProps = {
   secondaryFqdn: 'opendata.fi',
   domainName: 'www.avoindata.fi',
   secondaryDomainName: 'www.opendata.fi',
+  newDomainName: "avoindata.suomi.fi"
 };
 
 const clusterStackProd = new ClusterStack(app, 'ClusterStack-prod', {
@@ -687,6 +689,10 @@ const monitoringStackProd = new MonitoringStack(app, 'MonitoringStack-prod', {
   secondaryDomainName: prodProps.secondaryDomainName,
 });
 
+const domainStackProd = new DomainStack(app, 'DomainStack-prod', {
+  zoneName: prodProps.newDomainName,
+  crossAccountId: betaProps.account
+})
 
 const ciTestStackBeta = new CiTestStack(app, 'CiTestStack-beta', {
   env: {
diff --git a/cdk/lib/domain-stack-props.ts b/cdk/lib/domain-stack-props.ts
new file mode 100644
index 0000000000..952bbe2428
--- /dev/null
+++ b/cdk/lib/domain-stack-props.ts
@@ -0,0 +1,6 @@
+import {StackProps} from "aws-cdk-lib";
+
+export interface DomainStackProps extends StackProps{
+  crossAccountId?: string,
+  zoneName: string
+}
diff --git a/cdk/lib/domain-stack.ts b/cdk/lib/domain-stack.ts
new file mode 100644
index 0000000000..e16364f913
--- /dev/null
+++ b/cdk/lib/domain-stack.ts
@@ -0,0 +1,25 @@
+import * as cdk from 'aws-cdk-lib';
+import { Construct } from 'constructs';
+import {aws_iam, aws_route53} from "aws-cdk-lib";
+import {DomainStackProps} from "./domain-stack-props";
+
+export class DomainStack extends cdk.Stack {
+  readonly publicZone: aws_route53.PublicHostedZone;
+  constructor(scope: Construct, id: string, props: DomainStackProps) {
+    super(scope, id, props);
+
+    this.publicZone = new aws_route53.PublicHostedZone(this, "HostedZone", {
+      zoneName: props.zoneName,
+    })
+
+
+    if (props.crossAccountId) {
+      const role = new aws_iam.Role(this, 'Route53CrossDelegateRole', {
+        assumedBy: new aws_iam.AccountPrincipal(props.crossAccountId),
+        roleName: "Route53CrossDelegateRole"
+      })
+
+      this.publicZone.grantDelegation(role)
+    }
+  }
+}