PCI DSS Compliance
CloudFront supports the processing, storage, and transmission of credit card data by a merchant or service provider, and has been validated as being compliant with Payment Card Industry (PCI) Data Security Standard (DSS). For more information about PCI DSS, including how to request a copy of the AWS PCI Compliance Package, see PCI DSS Level 1.
As a security best practice, we recommend that you don't cache credit card information in
CloudFront edge caches. For example, you can configure your origin to include a
header in responses that contain credit card information, such as the last four digits of a
credit card number and the card owner's contact information.