CloudFront Security
Last updated
Last updated
For web distributions, CloudFront provides several options for securing content that it delivers, including configuring HTTPS connections, using WAF to control access to your content, or setting up field-level encryption for specific content fields.
In addition, you can prevent users in specific geographic locations from accessing content distributed through a web distribution.
You also have the option of restricting access to private content by requiring that users access that content by using CloudFront signed URLs or signed cookies.
For web distributions, you can configure CloudFront to require that viewers use HTTPS to request your objects, so that connections are encrypted when CloudFront communicates with viewers.
You also can configure CloudFront to use HTTPS to get objects from your origin, so that connections are encrypted when CloudFront communicates with your origin.
If you want to require HTTPS between viewers and CloudFront, you must change the AWS region to US East (N. Virginia) in the AWS Certificate Manager console before you request or import a certificate.
If you want to require HTTPS between CloudFront and your origin, and you're using an ELB load balancer as your origin, you can request or import a certificate in any region.