Document history
The following table describes the important changes made to CloudFront documentation. For notification of updates, you can subscribe to the RSS feed.
| Change | Description | Date |
|---|---|---|
Added the | February 14, 2025 | |
Added additional real-time log fields for standard logging (v2) | You can specify the | January 31, 2025 |
Lambda@Edge now supports Lambda functions with the Node.js 22 runtime. | November 22, 2024 | |
You can use the media quality-aware resiliency (MQAR) feature so that CloudFront automatically chooses the origin in an origin group with the highest media quality score. | November 21, 2024 | |
Added new CloudFront Functions helper method for origin modification. | November 21, 2024 | |
Use CloudFront VPC origins to restrict access to an Application Load Balancer, Network Load Balancer, or EC2 instance origin. | November 20, 2024 | |
Updated managed policy | November 20, 2024 | |
You can request Anycast static IPs from CloudFront to use with your distributions. | November 20, 2024 | |
CloudFront supports standard logging (v2) and sending your logs to Amazon CloudWatch Logs, Amazon Data Firehose, and Amazon Simple Storage Service (Amazon S3). | November 20, 2024 | |
CloudFront now supports gRPC requests for your distribution. | November 20, 2024 | |
Added new managed policy | November 20, 2024 | |
Lambda@Edge now supports Lambda functions with the Python 3.13 runtime. | November 13, 2024 | |
Evaluate your CloudFront configurations with AWS Config Rules. | September 20, 2024 | |
Added more troubleshooting content for HTTP 4xx and 5xx error response status codes. | August 26, 2024 | |
Added new managed cache policies | May 24, 2024 | |
You can now create an origin access control (OAC) for AWS Elemental MediaPackage V2 and AWS Lambda function URL. | April 11, 2024 | |
Added 18 common media client data (CMCD) fields for real-time logging. | April 9, 2024 | |
Updated tutorial for a basic distribution that uses an Amazon S3 origin with origin access control (OAC). | March 18, 2024 | |
Added code examples that show how to use CloudFront with an AWS software development kit (SDK). The examples are divided into code excerpts that show you how to call individual service functions and examples that show you how to accomplish a specific task by calling multiple functions within the same service. | February 16, 2024 | |
The | December 19, 2023 | |
Added JavaScript runtime 2.0 features for CloudFront Functions. | November 21, 2023 | |
Amazon CloudFront now supports CloudFront KeyValueStore. This feature is a secure, global, low-latency key value datastore that allows read access from within CloudFront Functions. You can enable advanced customizable logic at CloudFront edge locations. | November 21, 2023 | |
Lambda@Edge now supports Lambda functions with the Node.js 20 runtime. | November 15, 2023 | |
CloudFront creates a security dashboard when you create a distribution. Enable AWS WAF, manage geo restrictions, and view high-level data for requests, bots, and logs. | November 8, 2023 | |
CloudFront now supports query string sorting using CloudFront Functions. | October 3, 2023 | |
Amazon CloudFront now displays AWS WAF security recommendations on the CloudFront console. | September 26, 2023 | |
CloudFront supports the | May 15, 2023 | |
A streamlined method for adding AWS WAF security protections to CloudFront distributions. | May 10, 2023 | |
Added note and links to address the default ACL setting for new S3 buckets. | April 11, 2023 | |
You can use an Amazon S3 Object Lambda Access Point alias as an origin for your distribution. | March 31, 2023 | |
You can use CloudFront Functions to update the viewer response status code and replace or remove the response body. | March 29, 2023 | |
You can now include wildcard configurations for ports in CORS access-control headers. | March 20, 2023 | |
Updated language and added link to the reorganized Amazon CloudFront controls in the AWS Security Hub User Guide. | March 9, 2023 | |
CloudFront now supports block lists ("all except") in origin request policies | Use block lists in origin request policies to include all query strings, HTTP headers, or cookies, except for the ones specified, in requests that CloudFront sends to the origin. | February 22, 2023 |
Use CloudFront's new managed origin request policy to include all headers
from the viewer request, except for the | February 22, 2023 | |
Lambda@Edge supports Lambda runtime management configurations set to Auto. | February 16, 2023 | |
Updated guide to align with the IAM best practices. For more information, see Security best practices in IAM. | February 15, 2023 | |
You can now secure MediaStore origins by permitting access to only the designated CloudFront distributions. | February 9, 2023 | |
You can now add header order and header count to help identify the viewer based on the headers that it sends. | January 13, 2023 | |
Lambda@Edge now supports Lambda functions with the Node.js 18 runtime. | January 12, 2023 | |
You can now use a CloudFront response headers policy to remove headers that CloudFront received in the response from the origin. The specified headers are not included in the response that CloudFront sends to viewers. | January 3, 2023 | |
Continuous deployment for safely testing configuration changes | You can now deploy changes to your CDN configuration by testing with a subset of production traffic. | November 18, 2022 |
You can now use the JA3 fingerprint to help determine whether the request comes from a known client. | November 16, 2022 | |
You can now use various wildcard configurations in some CORS access-control headers. | November 11, 2022 | |
Support for | October 3, 2022 | |
You can now secure Amazon S3 origins by permitting access to only the designated CloudFront distributions. | August 24, 2022 | |
You can now choose HTTP/3 for your CloudFront distribution. | August 15, 2022 | |
You can new view information about the SSL/TLS handshake used. | June 27, 2022 | |
Added the new | June 13, 2022 | |
You can now use the | May 23, 2022 | |
With Amazon CloudWatch, you can now monitor the number of times that a CloudFront Function was throttled in a given time period. | May 4, 2022 | |
If you build a serverless web application by using Lambda functions with function URLs, you can now add CloudFront for an array of benefits. | April 6, 2022 | |
You can now enable the | March 30, 2022 | |
You can now limit the inbound HTTP and HTTPS traffic to your origins from only the IP addresses that belong to CloudFront’s origin-facing servers. | February 7, 2022 | |
New feature | CloudFront adds support for response headers policies, which allow you to specify the HTTP headers that CloudFront adds to HTTP responses that it sends to viewers (web browsers or other clients). You can specify the desired headers (and their values) without making any changes to the origin or writing any code. For more information, see Adding or removing HTTP headers in CloudFront responses. | November 2, 2021 |
New CloudFront-Viewer-Address request header | CloudFront adds support for a new header, | October 25, 2021 |
Lambda@Edge supports new runtime version | Lambda@Edge now supports Lambda functions with the Python 3.9 runtime. For more information, see Supported runtimes. | September 22, 2021 |
AWS managed policy update | CloudFront updated the CloudFrontReadOnlyAccess policy. For more information, see CloudFront updates to AWS managed policies. | September 8, 2021 |
New feature | CloudFront now supports ECDSA certificates for viewer-facing HTTPS connections. For more information, see Supported protocols and ciphers between viewers and CloudFront and Requirements for using SSL/TLS certificates with CloudFront. | July 14, 2021 |
New feature | CloudFront now supports more ways to move an alternate domain name from one distribution to another, without contacting Support. For more information, see Move an alternate domain name to a different distribution. | July 7, 2021 |
New security policy | CloudFront now supports a new security policy, TLSv1.2_2021, with a smaller set of supported ciphers. For more information, see Supported protocols and ciphers between viewers and CloudFront. | June 23, 2021 |
New feature | Amazon CloudFront now supports CloudFront Functions, a native feature of CloudFront that enables you to write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations. For more information, see Customizing at the edge with CloudFront Functions. | May 3, 2021 |
Lambda@Edge supports newer runtime versions | Lambda@Edge now supports Lambda functions with the Node.js 14 runtime. For more information, see Supported runtimes. | April 29, 2021 |
Remove documentation for RTMP distributions | Amazon CloudFront deprecated real-time messaging
protocol (RTMP) distributions on December 31, 2020. | February 10, 2021 |
New pricing option | Amazon CloudFront introduces the CloudFront security savings
bundle, a simple way to save up to 30% on the CloudFront charges on your AWS
bill. For more information, see the Savings Bundle FAQs | February 5, 2021 |
New tutorial | The Amazon CloudFront Developer Guide now includes a tutorial for using Amazon CloudFront to restrict access to an Application Load Balancer in Elastic Load Balancing. For more information, see Restricting access to Application Load Balancers. | December 18, 2020 |
New option for public key management | CloudFront now supports public key management for signed URLs and signed cookies through the CloudFront console and API, without requiring access to the AWS account root user. For more information, see Specifying the signers that can create signed URLs and signed cookies. | October 22, 2020 |
New feature – Origin Shield | CloudFront now supports CloudFront Origin Shield, an additional layer in the CloudFront caching infrastructure that helps to minimize your origin's load, improve its availability, and reduce its operating costs. For more information, see Using Amazon CloudFront Origin Shield. | October 20, 2020 |
New compression format | CloudFront now supports the Brotli compression formation when you configure CloudFront to compress
objects at CloudFront edge locations. You can also configure CloudFront to cache Brotli objects using
a normalized | September 14, 2020 |
New TLS protocol | CloudFront now supports the TLS 1.3 protocol for HTTPS connections between viewers and CloudFront distributions. TLS 1.3 is enabled by default in all CloudFront security policies. For more information, see Supported protocols and ciphers between viewers and CloudFront. | September 3, 2020 |
New real-time logs | CloudFront now supports configurable real-time logs. With real-time logs, you can get information about requests made to a distribution in real time. You can use real-time logs to monitor, analyze, and take action based on content delivery performance. For more information, see Real-time logs. | August 31, 2020 |
API support for additional metrics | CloudFront now supports enabling eight additional real-time metrics with the CloudFront API. For more information, see Turning on additional metrics. | August 28, 2020 |
New CloudFront HTTP headers | CloudFront added additional HTTP headers for determining information about the viewer such as device type, geographic location, and more. For more information, see Adding CloudFront request headers. | July 23, 2020 |
New feature | CloudFront now supports cache policies and origin request polices, which give you more granular control over the cache key and origin requests for your CloudFront distributions. For more information, see Control the cache key and Control origin requests. | July 22, 2020 |
New security policy | CloudFront now supports a new security policy, TLSv1.2_2019, with a smaller set of supported ciphers. For more information, see Supported protocols and ciphers between viewers and CloudFront. | July 8, 2020 |
New settings to control origin timeouts and attempts | CloudFront added new settings that control origin timeouts and attempts. For more information, see Controlling origin timeouts and attempts. | June 5, 2020 |
New documentation for getting started with CloudFront by creating a secure static website | Get started with CloudFront by creating a secure static website using Amazon S3, CloudFront, Lambda@Edge, and more, all deployed with AWS CloudFormation. For more information, see Getting started with a secure static website. | June 2, 2020 |
Lambda@Edge supports newer runtime versions | Lambda@Edge now supports Lambda functions with the Node.js 12 and Python 3.8 runtimes. For more information, see Supported runtimes. | February 27, 2020 |
New real-time metrics in CloudWatch | Amazon CloudFrontnow offers eight additional real-time metrics in Amazon CloudWatch. For more information, see Turning on additional CloudFront distribution metrics. | December 19, 2019 |
New fields in access logs | CloudFront adds seven new fields to access logs. For more information, see Standard log file fields. | December 12, 2019 |
AWS WordPress plugin | You can use the AWS WordPress plugin to provide visitors to your WordPress website an accelerated viewing experience using CloudFront. (Update: as of September 30, 2022, the AWS for WordPress plugin is deprecated.) | October 30, 2019 |
Tag-based and resource-level IAM permissions policies | CloudFront now supports two additional ways of specifying IAM permission policies: tag-based and resource-level policy permissions. For more information, see Managing Access to Resources. | August 8, 2019 |
Support for Python programming language | You can now use the Python programming language to develop functions in Lambda@Edge, in addition to Node.js. For example functions that cover a variety of scenarios, see Lambda@Edge Example Functions. | August 1, 2019 |
Updated monitoring graphs | Content updates to describe new ways for you to monitor Lambda functions associated with your CloudFront distributions directly from the CloudFront console to more easily track and debug errors. For more information, see Monitoring CloudFront. | June 20, 2019 |
Consolidated security content | A new Security chapter consolidates information about CloudFront features around and implementation of data protection, IAM, logging, compliance, and more. For more information, see Security. | May 24, 2019 |
Domain validation is now required | CloudFront now requires that you use an SSL certificate to verify that you have permission to use an alternate domain name with a distribution. For more information, see Using Alternate Domain Names and HTTPS. | April 9, 2019 |
Updated PDF filename | The new filename for the Amazon CloudFront Developer Guide is: AmazonCloudFront_DevGuide. The previous name was: cf-dg. | January 7, 2019 |
New features | CloudFront now supports WebSocket, a TCP-based protocol that is useful when you need long-lived connections between clients and servers. You can also now set up CloudFront with origin failover for scenarios that require high availability. For more information, see Using WebSocket with CloudFront Distributions and Optimizing High Availability with CloudFront Origin Failover. | November 20, 2018 |
New feature | CloudFront now supports detailed error logging for HTTP requests that run Lambda functions. You can store the logs in CloudWatch and use them to help troubleshoot HTTP 5xx errors when your function returns an invalid response. For more information, see CloudWatch Metrics and CloudWatch Logs for Lambda Functions. | October 8, 2018 |
New feature | You can now opt to have Lambda@Edge expose the body in a request for writable HTTP methods (POST, PUT, DELETE, and so on), so that you can access it in your Lambda function. You can choose read-only access, or you can specify that you'll replace the body. For more information, see Accessing the Request Body by Choosing the Include Body Option. | August 14, 2018 |
New feature | CloudFront now supports serving content compressed by using brotli or other compression algorithms, in addition to or instead of gzip. For more information, see Serving Compressed Files. | July 25, 2018 |
Reorganization | The Amazon CloudFront Developer Guide has been reorganized to simplify finding related content, and to improve scanability and navigation. | June 28, 2018 |
New Feature | Lambda@Edge now enables you to further customize the delivery of content stored in an Amazon S3 bucket, by allowing you to access additional headers, including custom headers, within origin-facing events. For more information, see these examples showing personalization of content based on viewer location and viewer device type. | March 20, 2018 |
New Feature | You can now use Amazon CloudFront to negotiate HTTPS connections to origins using Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA uses smaller keys that are faster, yet, just as secure, as the older RSA algorithm. For more information, see Supported SSL/TLS Protocols and Ciphers for Communication Between CloudFront and Your Origin and About RSA and ECDSA Ciphers. | March 15, 2018 |
New Feature | Lambda@Edge enables you to customize error responses from your origin, by allowing you to execute Lambda functions in response to HTTP errors that Amazon CloudFrontreceives from your origin. For more information, see these examples showing redirects to another location and response generation with 200 status code (OK). | December 21, 2017 |
New Feature | A new CloudFront capability, field-level encryption, helps you to further enhance the security of sensitive data, like credit card numbers or personally identifiable information (PII) like social security numbers. For more information, see Using field-level encryption to help protect sensitive data. | December 14, 2017 |
Doc history archived | Older doc history was archived. | December 1, 2017 |
