PCI DSS Compliance
CloudFront supports the processing, storage, and transmission of credit card data by a merchant or service provider, and has been validated as being compliant with Payment Card Industry (PCI) Data Security Standard (DSS). For more information about PCI DSS, including how to request a copy of the AWS PCI Compliance Package, see PCI DSS Level 1.
As a security best practice we recommend that you don't cache credit card information in CloudFront edge caches.
For example, you can configure your origin to include a
header in responses that contain credit card information such as the last four digits of a credit card number and the
card owner's contact information.