Menu
Amazon CloudFront
Developer Guide (API Version 2016-09-07)

Document History

The following table describes the important changes to the documentation since the last release of CloudFront.

  • API Version: 2016-09-07

  • Latest documentation update: September 7, 2016

ChangeDescriptionDate Changed

New Feature

The account that you use to create or update a web or RTMP distribution now requires additional permissions if you want to enable access logs for the distribution. For more information, see Permissions Required to Configure Logging and to Access Your Log Files.

September 19, 2016

New Feature

You can now choose the HTTP version, HTTP/2 or HTTP/1.1, that you want viewers to use to communicate with CloudFront. Viewers use the latest version that you configure CloudFront to use. If you choose HTTP/2, viewers that don't support HTTP/2 automatically use an earlier version. For more information, see the description for the Supported HTTP Versions field.

September 7, 2016

New Feature

For web distributions, you can now choose the query string parameters that CloudFront uses as a basis for caching your objects. For more information, see Configuring CloudFront to Cache Based on Query String Parameters.

August 30, 2016

New Feature

You can now assign tags, which are commonly used for cost allocation, to CloudFront web and RTMP distributions. For more information, see Tagging Amazon CloudFront Distributions.

August 9, 2016

New Feature

You can now configure CloudFront to use SSL/TLS certificates that you provisioned by using the new AWS Certificate Manager service. Note that CloudFront still supports using certificates that you obtained from a third-party certificate authority and uploaded to the IAM certificate store. For more information, see Using an HTTPS Connection to Access Your Objects. To specify an SSL/TLS certificate by using the CloudFront API, use the new Certificate and CertificateSource elements. For more information, see the descriptions of these elements in the DistributionConfig Complex Type topic in the Amazon CloudFront API Reference.

January 21, 2016

New Features

For web distributions, you can now further protect communication between CloudFront and your origin server:

  • Enforce HTTPS-only connection between CloudFront and your origin webserver – You can configure CloudFront to connect to your origin server using HTTPS regardless of whether the viewer made the request by using HTTP or HTTPS.

  • Support for TLSv1.1 and TLSv1.2 between CloudFront and your origin webserver – CloudFront now supports TLSv1.1 and TLSv1.2 for communication between CloudFront and your origin. In addition, you can choose the protocols that you want CloudFront to use when communicating with your origin so you can, for example, choose not to allow CloudFront to communicate with your origin by using SSLv3, which is less secure than TLS.

For more information, see How to Require HTTPS for Communication between Viewers, CloudFront, and Your Origin.

January 13, 2016

New Feature

For web distributions, you can now configure CloudFront to include custom headers when it forwards requests to your origin. Custom headers have a variety of uses, such as the following:

  • You can distinguish the requests that are forwarded to your custom origin by CloudFront from requests that come from other sources.

  • If you've configured more than one CloudFront distribution to use the same origin, you can distinguish between the requests that CloudFront forwards for each distribution.

  • You can use custom headers to control access to content on a custom origin.

For more information, see Forwarding Custom Headers to Your Origin (Web Distributions Only).

December 28, 2015

New Feature

For web distributions, you can now configure CloudFront to automatically compress files of certain types for both Amazon S3 and custom origins, so downloads are faster and your web pages render faster. Compression also reduces your CloudFront data transfer cost because you pay for the total amount of data served. For more information, see Serving Compressed Files.

December 17, 2015

New Feature

You can now integrate CloudFront with AWS WAF, a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked.

For more information about AWS WAF, see the AWS WAF Developer Guide. For information about how to add the ID for an AWS WAF web ACL to a CloudFront distribution, see AWS WAF Web ACL in the topic Values that You Specify When You Create or Update a Web Distribution.

October 6, 2015

New Feature

CloudFront access logs for web distributions now include four new columns:

  • x-forwarded-for – The originating IP address of the client that made a request.

  • ssl-protocol – The SSL protocol (for example, TLSv1.1) that the client and CloudFront negotiated for transmitting the request and response.

  • ssl-cipher – The SSL cipher (for example, ECDHE-RSA-AES128-GCM-SHA256) that the client and CloudFront negotiated for transmitting the request and response.

  • x-edge-response-result-type – The classification of the response (for example, Hit or Miss) just before CloudFront begins to return the response to the viewer. In some cases, this value can differ from the value of the existing log field x-edge-result-type, which shows how CloudFront classified the response after the last byte left the edge location.

For more information about access logs, see Access Logs. For a complete listing of all of the fields that appear in access logs for web distributions, see Web Distribution Log File Format.

June 30, 2015

New Feature

You can now configure a maximum time-to-live (TTL) and a default TTL to specify how long CloudFront caches your objects in edge locations. You can set the TTL at the edge when your origin doesn't include a Cache-Control max-age, Cache-Control s-maxage, or Expires header in the response, or you can override the header value. For more information, see Specifying How Long Objects Stay in a CloudFront Edge Cache (Expiration).

June 17, 2015

New Feature

The invalidation feature, which allows you to remove objects from CloudFront edge caches before they expire, now supports the * wildcard character. You can add a * wildcard character at the end of an invalidation path to remove all objects that match this path. For more information, see Invalidating Objects (Web Distributions Only).

May 21, 2015

New Features

This release of CloudFront includes the following improvements to CloudFront reports:

  • A new Devices report lets you see what types of devices your users are using to view your content.

  • You can now download the data for CloudFront reports in comma-separated values (CSV) format.

  • You can now view CloudWatch metrics in the CloudFront console, which lets you more easily view all of the metrics for a distribution.

  • For Devices, Browsers, and Operating Systems reports, we created separate categories for requests from bots and crawlers, for requests from custom viewers, and for requests for which the value of the User-Agent header is empty.

  • The Popular Objects report now lets you view up to 500 characters of the URL for each object.

For more information about CloudFront reports, see CloudFront Reports.

March 25, 2015

New Feature

When you have Amazon S3 buckets in regions that require signature version 4 for authentication and you're using an origin access identity to restrict access to your Amazon S3 bucket, you can now submit PUT requests to CloudFront to upload objects to your bucket. For more information, see Using an Origin Access Identity in Amazon S3 Regions that Support Only Signature Version 4 Authentication.

March 18, 2015

New Features

This release of CloudFront introduces the following new features:

  • For web distributions, you can now use signed cookies instead of signed URLs to control who can access your content. Signed cookies are useful when you don't want to change your current URLs or when you want to provide access to multiple restricted files, for example, all of the files in the subscribers' area of a website. For information about using signed cookies to protect your private content, see Serving Private Content through CloudFront.

  • For web distributions, you can configure CloudFront to cache different versions of your objects based on the device a user is using to view your content. With this release, we add support for caching a different version of your objects when the device is a smart TV. For more information, see User-Agent Header.

March 12, 2015

New Features

This release of CloudFront introduces the following new features:

  • Adding a path to the origin – For web distributions, you can now specify a path in addition to a domain name when you configure the origin. For example, if you're using an Amazon S3 bucket as your origin, you can specify bucket-name.s3.amazonaws.com/production instead of just bucket-name.s3.amazonaws.com. This allows you to use a single bucket to serve content for multiple distributions. This feature works both for Amazon S3 origins and for custom origins. For information about specifying an origin path in the CloudFront console, see Origin Path.

  • Top-referrers report and viewer reports – For web distributions, you can now display a list of the top referrers. You can also display information about the viewers that are accessing your content, including the browsers that your users are using, the operating systems that the browsers are running on, and the locations of viewers. For information about these reports, see CloudFront Top Referrers Report and CloudFront Viewers Reports.

December 15, 2014

New Feature

For web distributions, you can now choose the minimum SSL protocol version, SSLv3 or TLSv1, that you want CloudFront to allow when responding to requests from your users. If a user is using a browser or device that doesn't support the minimum protocol version that you specify, CloudFront won't serve your objects to the user. For information about choosing the minimum SSL protocol version in the CloudFront console, see Minimum SSL Protocol Version.

October 24, 2014

New Features

This release of CloudFront introduces the following new features:

  • Cache Statistics charts – You can now view a graphical representation of statistics related to CloudFront edge locations. The following statistics are available for a specified time period over the last 60 days: total number of requests; hits, misses, and errors as a percentage of total requests; total bytes transferred to viewers and bytes transferred for cache misses; viewer requests by HTTP status code (2xx, 3xx, 4xx, and 5xx); and the percentage of GET requests that didn't finish downloading. For more information, see CloudFront Cache Statistics Reports.

  • Faster delivery of access logs – CloudFront access log files are now delivered several times per hour, and the files are available within an hour of viewer requests. For more information about access logs, see Access Logs.

  • Popular Objects report – The Popular Objects report lists the number of requests, cache hits, and cache misses, as well as error rates for the 50 most popular objects during a specified period. For more information, see CloudFront Popular Objects Report.

October 21, 2014

New Feature

For web distributions, you can now monitor six CloudFront metrics in near real time using CloudFront. This lets you quickly spot trends in usage and availability. You can also set alarms based on the metrics, so you can get notification when a specific event occurs. For more information, see Monitoring CloudFront Activity Using CloudWatch.

October 9, 2014

New Features

This release of CloudFront introduces the following new features:

  • For web distributions, you can now configure CloudFront to cache the response to OPTIONS requests. The response includes information about the options provided by a web server and can apply to a specific resource or to the server as a whole. For more information, see Allowed HTTP Methods and Cached HTTP Methods.

  • For web distributions, when you configure CloudFront to forward whitelisted cookies to your origin and to cache objects based on cookie values, you can now use * and ? wildcards in cookie names. For more information, see Configuring CloudFront to Cache Objects Based on Cookies.

September 29, 2014

New Feature

CloudFront now supports more ciphers for forwarding HTTPS requests to custom origin servers. For more information, see Encryption.

August 20, 2014

New Feature

For web distributions, CloudFront lets you choose whether you want CloudFront to forward headers to your origin and to cache separate versions of a specified object based on the header values in viewer requests. This allows you to serve different versions of your content based on the device the user is using, the location of the viewer, the language the viewer is using, and a variety of other criteria. For more information, see Configuring CloudFront to Cache Objects Based on Request Headers.

June 26, 2014

New Feature

Amazon CloudFront now works with AWS CloudTrail to capture information about every request that your AWS account (including your IAM users) sends to the CloudFront API. Integrating CloudFront and CloudTrail lets you determine which requests were made to the CloudFront API, the source IP address from which each request was made, who made the request, when it was made, and more. For more information about using CloudFront with CloudTrail, see Using AWS CloudTrail to Capture Requests Sent to the CloudFront API.

May 28, 2014

New Feature

With this release, for HTTPS viewer requests that CloudFront forwards to a custom origin, CloudFront validates that one of the domain names in the SSL certificate on your origin server matches the domain name that you specify for Origin Domain Name. If the domain names don't match, CloudFront responds to viewer requests with an HTTP status code 502 (bad gateway) instead of the requested objects. To enable this functionality, you must specify an Origin Protocol Policy of Match Viewer. For more information, see How to Require HTTPS for Communication between Viewers, CloudFront, and Your Origin.

May 16, 2014

New Feature

This release of CloudFront introduces a new field in CloudFront access logs for web distributions. The time-taken field shows the number of seconds between the time a CloudFront edge server receives a viewer's request and the time that CloudFront writes the last byte of the response to the server's output queue as measured on the server. For more information about the file format of CloudFront access logs for web distributions, see Web Distribution Log File Format.

April 28, 2014

Updated Documentation

Live HTTP Streaming Using CloudFront and Adobe Media Server 5.0 has updated procedures for subscribing to Adobe Media Server and for creating an AWS CloudFormation stack.

March 18, 2014

New Feature

This release of CloudFront introduces usage charts that contain a subset of data from the CloudFront usage report. For more information, see CloudFront Usage Reports.

March 13, 2014

New Features

This release of CloudFront introduces the following new features:

March 5, 2014

New Feature

This release of CloudFront introduces support for HTTP on-demand streaming of media files in the Microsoft Smooth Streaming format. For more information, see Configuring On-Demand Smooth Streaming.

February 20, 2014

New Feature

This release of CloudFront introduces support for HTTP 1.1. For more information, see Transfer Encoding.

In addition, we added documentation about on-demand progressive downloads and on-demand Apple HTTP live streaming. For more information, see Configuring On-Demand Progressive Downloads and Configuring On-Demand Apple HTTP Live Streaming (HLS) in the Amazon CloudFront Developer Guide.

February 7, 2014

New Features

This release of CloudFront introduces geo restriction. If you need to prevent users in selected countries from accessing your content, you can configure a CloudFront web distribution to do one of the following:

  • Allow users to access content only if they're in a whitelist of specified countries.

  • Prevent users from accessing content if they're in a blacklist of specified countries.

For more information, see Restricting the Geographic Distribution of Your Content.

December 18, 2013

New Features

This release of CloudFront introduces the following features:

  • DELETE, OPTIONS, PATCH, POST, and PUT support: You can now use the DELETE, OPTIONS, PATCH, POST, and PUT HTTP methods in requests that you send to CloudFront. For more information, see Allowed HTTP Methods.

    For information about how to specify HTTP methods by using the CloudFront API, see Method in the topic DistributionConfig Complex Type in the Amazon CloudFront API Reference.

  • Distribution types renamed: CloudFront download distributions are now known as web distributions, and streaming distributions are now known as RTMP distributions.

  • New columns in access logs for web distributions: Access logs for CloudFront web distributions now include three additional columns for each request: x-host-header, cs-protocol, and cs-bytes. For more information, see Web Distribution Log File Format.

October 15, 2013

New Features

This release of CloudFront introduces the following features:

  • Custom error pages: You can now serve error pages with your own branding and content instead of the default HTTP error messages, such as "404, page not found." You can also use custom error pages to serve a static page when your web server is unavailable. For more information, see Customizing Error Responses.

    For information about how to specify custom error pages by using the CloudFront API, see CustomErrorResponses in the topic DistributionConfig Complex Type in the Amazon CloudFront API Reference.

  • Configurable cache duration for error responses: Also known as error caching minimum TTL, this feature lets you specify how long you want CloudFront to cache each error at CloudFront edge locations. CloudFront previously cached all error responses for five minutes; now you can specify any duration and thereby control how frequently CloudFront checks with your origin after an error. For more information, see Customizing Error Responses.

    For information about how to specify the cache duration for error responses by using the CloudFront API, see CustomErrorResponses in the topic DistributionConfig Complex Type in the Amazon CloudFront API Reference.

September 23, 2013

New Feature

You can now include the * wildcard in a CloudFront alternate domain name (CNAME), such as *.example.com. This is useful when you want to route all requests for objects in a domain and its subdomains to a CloudFront distribution. For more information, see Using Alternate Domain Names (CNAMEs).

September 18, 2013

Updated Documentation

Documentation about live streaming with Wowza Media Server 3.6 was added. For more information, see Live HTTP Streaming Using Wowza Streaming Engine 4.2.

September 10, 2013

Updated Documentation

The documentation about live streaming with Adobe Flash Media Server was replaced with documentation about live streaming with Adobe Media Server version 5.0. For more information, see Live HTTP Streaming Using CloudFront and Adobe Media Server 5.0.

July 31, 2013

New Features

This release of CloudFront introduces the following features:

  • Authentication with AWS Signature Version 4: If you are using CloudFront API version 2013-05-12 or later, you must authenticate requests by using AWS Signature version 4. For more information, see Authenticating REST Requests in the Amazon CloudFront API Reference.

  • SSL for CloudFront alternate domain names: CloudFront now supports using HTTPS and using your own domain name in the URLs for your objects (for example, http://www.example.com/image.jpg). For more information, see Using Alternate Domain Names and HTTPS.

In addition, a simultaneous release of Amazon Route 53 introduces the following CloudFront–related feature:

  • Amazon Route 53 aliases to CloudFront distributions: Amazon Route 53 now supports creating alias resource record sets that route DNS queries to alternate domain names for CloudFront distributions. You can use this feature both for alternate domain names at the zone apex (example.com) and alternate domain names for subdomains (www.example.com). For more information, see Routing Queries to an Amazon CloudFront Distribution in the Amazon Route 53 Developer Guide.

June 11, 2013

New Features

This release of CloudFront introduces the following features:

  • Fields for private content in the AWS Management Console: Settings for private content, which previously could be configured or changed only using the CloudFront API, can now be configured or changed in the AWS Management Console. This includes settings for origin access identities and trusted signers. In addition, the documentation about private content was reorganized and clarified.

    For more information, see Serving Private Content through CloudFront.

  • Improvements to the AWS Management Console: Wizards and dialog boxes in the AWS Management Console have been resized to simplify viewing on tablet computers without compromising the appearance for other viewers. In addition, the number of pages in the Create Distribution wizard was reduced to simplify the process of creating a new distribution.

September 27, 2012

New Features

This release of CloudFront introduces the following features:

  • Access log improvements for web distributions: For web distributions, CloudFront access logs now include fields for:

    • The cookie header in each viewer request, including name-value pairs and attributes. This field is optional.

    • The result type of a request (for example, Hit, RefreshHit, or Miss).

    • An identifier that uniquely identifies each request (the CloudFront request ID).

    For more information, see Web Distribution Log File Format.

    For information about how to configure a CloudFront distribution to include cookies in access logs by using the CloudFront API, see IncludeCookies in the topic DistributionConfig Complex Type in the Amazon CloudFront API Reference.

  • Cookie support for web distributions: You can now choose whether you want CloudFront to forward cookies and the associated cookie attributes to your origin. If so, you can also choose whether to forward all cookies or just a selected list of cookies. For more information, see Configuring CloudFront to Cache Objects Based on Cookies.

    For information about how to configure a CloudFront distribution to forward cookies to your origin by using the CloudFront API, see Cookies in the topic DistributionConfig Complex Type in the Amazon CloudFront API Reference.

  • Price classes for web and RTMP distributions: You can now choose a price class that corresponds with the maximum price that you want to pay for CloudFront service. If you're willing to accept higher latency for your viewers in some geographic regions in return for lower cost, you can choose a price class that doesn't include all CloudFront regions. For more information, see Choosing the Price Class for a CloudFront Distribution.

    For information about how to specify the price class for a CloudFront web distribution by using the CloudFront API, see PriceClass in the topic DistributionConfig Complex Type in the Amazon CloudFront API Reference.

    For information about how to specify the price class for a CloudFront RTMP distribution by using the CloudFront API, see PriceClass in the topic StreamingDistributionConfig Complex Type in the Amazon CloudFront API Reference.

September 5, 2012

New Features

This release of CloudFront introduces the following features:

June 22, 2012

New Features

This release of CloudFront introduces the following features for web distributions:

For information about how to specify these values by using the CloudFront API, see DistributionConfig Complex Type in the Amazon CloudFront API Reference.

In addition, the CloudFront console has been updated. For more information, see Task List for Creating a Web Distribution and Task List for Streaming Media Files Using RTMP.

The Amazon CloudFront Getting Started Guide was merged into the Amazon CloudFront Developer Guide, and the Amazon CloudFront Developer Guide was reorganized to enhance usability.

May 13, 2012

Updated Documentation

The documentation about working with objects was reorganized and clarified. For the revised documentation, see Working with Objects.

April 4, 2012

New Documentation

Documentation about live streaming with Microsoft IIS Media Services version 4.1 was added. For more information, see Live Smooth Streaming Using Amazon CloudFront and IIS Media Services 4.1.

April 1, 2012

Updated Documentation

The documentation about live streaming with Adobe Flash Media Server was updated with information about Adobe Flash Media Server version 4.5.

As of July 31, 2013, CloudFront supports live streaming with Adobe Media Server 5.0. For more information, see Live HTTP Streaming Using CloudFront and Adobe Media Server 5.0.

March 29, 2012

New Feature

This release of CloudFront reduces the minimum TTL value for a web distribution. If you don't specify a minimum TTL when you create a distribution, CloudFront sets the minimum TTL to 0 seconds. For more information, see the following documentation:

March 15, 2012

Updated Documentation

Topics about live streaming with Adobe Flash Media Server and about geoblocking were moved from a separate document into the CloudFront Streaming Tutorials chapter in this guide.

February 2, 2012

New Feature

This release of CloudFront introduces AWS Management Console support for creating a distribution with a custom origin, restricting your distribution to HTTPS exclusively, and specifying a default root object. For more information, go to the Amazon CloudFront product page or see any of the following topics in the Amazon CloudFront Developer Guide:

April 27, 2011

New Feature

This release of CloudFront includes integration with AWS Identity and Access Management (IAM). For more information, see Authentication and Access Control for CloudFront.

March 10, 2011

New Feature

This release of CloudFront includes new APIs to support custom origins. For more information, go to the Amazon CloudFront product page or Task List for Creating a Web Distribution in the Amazon CloudFront Developer Guide.

November 9, 2010

New Feature

This release of CloudFront includes new APIs for object invalidation. For more information, go to the Amazon CloudFront product page or Invalidating Objects (Web Distributions Only) in the Amazon CloudFront Developer Guide.

August 31, 2010

New Feature

CloudFront now supports the ability to assign a default root object to your distribution. For more information, see Specifying a Default Root Object (Web Distributions Only).

August 5, 2010

New Feature

Access logging for HTTP distributions now includes a field for query string parameters. For more information, see Web Distribution Log File Format.

July 14, 2010

New Feature

Added support for secure connections using HTTPS. For more information, see Using an HTTPS Connection to Access Your Objects.

June 7, 2010

New Feature

Added logging for RTMP content. For more information, see RTMP Distribution Log File Format.

May 13, 2010

New Feature

Reduced the minimum amount of time an object can be on an edge server from 24 hours to 1 hour. The default, however, remains 24 hours. For more information, see Specifying How Long Objects Stay in a CloudFront Edge Cache (Expiration).

April 13, 2010

New Feature

Added feature to serve private streaming content over a Real-Time Messaging Protocol (RTMP) and prevent the content from being downloaded. For more information, see Serving Private Content through CloudFront.

March 28, 2010

New Feature

Added feature to deliver streaming content over a Real-Time Messaging Protocol (RTMP) connection. For more information, see Task List for Streaming Media Files Using RTMP.

December 15, 2009

New Feature

Added feature to restrict access to your content delivered over HTTP. For more information, see Serving Private Content through CloudFront.

November 11, 2009

New Guide

We've separated the API reference material into its own guide. The Amazon CloudFront Developer Guide contains general information about how to use CloudFront, and the Auto Scaling API Reference contains detailed information about the control API requests, responses, and errors.

November 11, 2009