CloudFront flat-rate pricing plans
CloudFront flat-rate pricing plans combine the Amazon CloudFront global content delivery network (CDN) with multiple AWS services and features into a monthly price with no overage charges, regardless of traffic spikes or attacks.
Flat-rate pricing plans include the following features for a simple monthly price:
-
CloudFront CDN
-
AWS WAF and DDoS protection
-
Bot management and analytics
-
Amazon Route 53 DNS
-
Amazon CloudWatch Logs ingestion
-
TLS certificate
-
Serverless edge compute
-
Amazon S3 storage credits each month
Plans are available in Free, Pro, Business, and Premium tiers to match your application's needs. Plans do not require an annual commitment to get the best available rates. Start with the Free plan and upgrade to access more capabilities and larger usage allowances.
Topics
Benefits of CloudFront flat-rate pricing plans
The CloudFront pricing plan provides several key benefits:
-
Consolidated services and pricing
Combine multiple AWS services and features into a single plan for one flat rate. Designed to eliminate separate service purchases and upfront pricing calculations.
-
No overages
There are no overage charges regardless of traffic spikes or attacks.
-
Clear usage allowances
Each plan includes published usage allowances designed for optimal performance at that tier. Monitor your usage, receive proactive notifications, and upgrade based on your application's needs, with no long-term commitments.
-
Protect against DDoS attacks
CloudFront and AWS WAF absorb and block attacks before they reach your infrastructure. Reserves your compute, database, and infrastructure utilization only for legitimate traffic. Blocked DDoS attacks and requests blocked by AWS WAF never count against your usage allowance.
-
Reduce your overall AWS costs
Data transfer from AWS applications running on services such as Amazon S3, AWS Application Load Balancer (ALB), or Amazon API Gateway to CloudFront continues to be free. When you serve your AWS applications through CloudFront instead of directly to the internet, your flat-rate plan covers the data transfer costs between your applications and your viewers for a simple monthly price without the worry of overages. Fewer requests reaching your origin also reduces your costs on services that charge based on usage.
Features by pricing plan tier
Each pricing plan covers one CloudFront distribution with up to one domain that combines essential features and services into one monthly price. Each plan also includes additional S3 storage credits.
Plans on higher tiers include all features from lower tier plans as well as additional features.
-
Free – For hobbyists, learners, and developers getting started.
-
Pro – Launch and grow small websites, blogs, and applications.
-
Business – Protect and accelerate business applications.
-
Premium – Scale and protect business and mission-critical applications.
Select a plan tier that includes features and configurations that you need for your applications. See the following features per pricing plan.
Pricing plan features
The following table shows the CloudFront, AWS WAF and DDoS, Amazon Route 53, Amazon CloudWatch, and Amazon S3 features included in each pricing plan tier.
| Performance and Delivery | Free | Pro | Business | Premium |
|---|---|---|---|---|
Global CDN Use CloudFront's 750+ global edge locations as a massive, distributed, single point of entry for your web application. Accelerate static, dynamic, and non-cacheable applications. |
Yes
|
Yes
|
Yes
|
Yes
|
Content caching Store copies of your content in CloudFront's 750+ edge locations worldwide, delivering it to users from the nearest location. Reduces load times, protects your application from traffic spikes, and saves costs by serving repeated requests locally instead of from your application servers. |
Yes
|
Yes
|
Yes
|
Yes
|
Fast cache invalidations Remove or update cached content across all edge locations within seconds. |
Yes
|
Yes
|
Yes
|
Yes
|
Smart routing Intelligently routes users to the optimal edge location using real-time network data, and connects to your AWS origin through the AWS private network for better performance. |
Yes
|
Yes
|
Yes
|
Yes
|
Tiered caching Regional edge caches sit between edge locations and your application to store content longer, reducing load on your application and maintaining fast delivery. |
Yes
|
Yes
|
Yes
|
Yes
|
Default caching rules Makes effective caching decisions to cache most web applications without custom configuration. |
Yes
|
Yes
|
Yes
|
Yes
|
Custom caching rules Control how CloudFront caches content by specifying which request values to use, optimizing for your application's performance, personalization, and freshness needs using cache policies. |
Yes
|
Yes
|
||
High-speed origin routing With Origin Shield, dynamic requests are routed from edge locations to your origin using CloudFront's private network for high-performance path to your origin. |
Yes
|
|||
Origin load reduction Adds an additional caching layer close to your web application using Origin Shield. Origin Shield consolidates requests from all edge locations, reducing load on your application particularly during traffic spikes. |
Yes
|
|||
Automatic origin failover Automatically routes traffic to a backup origin if your primary origin fails, maintaining high availability without disrupting users. |
Yes
|
|||
Default origin request rules Control which information from viewer requests is automatically included in requests to your origin, using AWS managed origin request policies optimized for common scenarios. |
Yes
|
Yes
|
Yes
|
Yes
|
Default response header rules Use AWS managed response header policies to add or remove HTTP headers in responses to viewers, preconfigured for common security headers, CORS settings, and other standard use cases. |
Yes
|
Yes
|
Yes
|
Yes
|
Custom origin request rules Create your own origin request policies to specify exactly which URL query strings, headers, and cookies are forwarded to your origin, enabling custom analytics and request handling. |
Yes
|
Yes
|
||
Custom response header rules Create your own response header policies to control exactly which HTTP headers CloudFront adds or removes in responses to viewers, such as security headers, Content Security Policy (CSP), CORS settings, and custom application headers. |
Yes
|
Yes
|
||
Number of cache behaviors Configure cache behaviors to control how CloudFront handles requests for specific URL patterns, including which origin serves the content, how content is cached, and whether HTTPS or signed URLs are required. |
5 | 10 | 50 | 100 |
| Security and Protection | ||||
Always-on DDoS protection Protect against DDoS attacks that target your websites or applications. |
Yes
|
Yes
|
Yes
|
Yes
|
Advanced DDoS Protection Identify and block DDoS attacks in seconds using the AntiDDoS AMR. AWS learns your unique application patterns to distinguish between attacks and natural surges from legitimate users. |
Yes
|
Yes
|
||
Web Application Firewall (WAF) Protect against common application vulnerabilities and potential threats based on Amazon internal threat intelligence. Requests are blocked before reaching your servers. |
Yes
|
Yes
|
Yes
|
Yes
|
Number of WAF rules Total number of security rules you can create and enable in your WAF configuration, including both custom rules and AWS Managed Rules. |
5 | 25 | 50 | 75 |
Protections for WordPress, PHP, and SQL databases Use-case based security rules to protect common applications and operating systems like WordPress, PHP, SQL databases, Linux, and Windows. |
Yes
|
Yes
|
Yes
|
|
IP-based rate limiting Automatically block IP addresses that exceed a configurable number of requests over a 5-minute period, protecting against HTTP flood attacks and Denial of Service (DoS) attempts. |
Yes
|
Yes
|
Yes
|
Yes
|
Geographic traffic blocking Block requests from selected countries or regions. |
Yes
|
Yes
|
Yes
|
Yes
|
Header-based threat filtering Create WAF security rules that filter threats based on HTTP request headers. |
Yes
|
Yes
|
Yes
|
|
Regex-based threat filtering Create WAF security rules using regular expressions to match URI paths and HTTP request attributes. |
Yes
|
Yes
|
||
JavaScript challenge Block automated threats by requiring browsers to complete JavaScript challenges that verify legitimate users. |
Yes
|
Yes
|
||
Bot management and analytics Detect and analyze bot traffic with AWS WAF Bot Control for common bots. Provides controls to block, challenge, or allow unverified bots while identifying and distinguishing verified bots like search engines. |
Yes
|
Yes
|
||
Custom WAF response Set a specific HTTP status code and optional custom HTML, plain text, or JSON response when requests are blocked by a rule. |
Yes
|
Yes
|
Yes
|
|
Header Insertion Add custom HTTP headers to requests that pass WAF inspection, enabling downstream applications to process requests differently or flag them for analysis. |
Yes
|
Yes
|
Yes
|
Yes
|
Request body inspection Maximum size of HTTP request body content that can be inspected by AWS WAF for threats and malicious patterns. |
16 KB | 16 KB | 64 KB | 64 KB |
Private origins within VPC Enhance security by keeping your application in a VPC private subnet, accessible only through your CloudFront distributions and hidden from the public internet, using VPC origins. |
Yes
|
Yes
|
||
Origin Access Control (OAC) Maintain a private S3 bucket and only allow access through your designated CloudFront distribution, ensuring your content is protected by your WAF rules, rate limits, and other security controls configured in your CloudFront distribution. |
Yes
|
Yes
|
Yes
|
Yes
|
Free TLS certificate Free TLS certificate for your domain with automatic renewal through AWS Certificate Manager. |
Yes
|
Yes
|
Yes
|
Yes
|
Signed URLs Create secure URLs that provide temporary access to private content for specific users. Commonly used to share private documents with authorized users or grant secure access to protected content after payment verification. |
Yes
|
Yes
|
Yes
|
Yes
|
| Edge Compute | ||||
Serverless edge compute Run lightweight JavaScript at the edge to modify URLs, HTTP headers, and request/response elements in milliseconds using CloudFront Functions. |
Yes
|
Yes
|
Yes
|
Yes
|
Edge key-value store Store data at the edge using KeyValueStore for fast and dynamic content customization with CloudFront Functions. |
Yes
|
Yes
|
Yes
|
|
| Network and Protocol Support | ||||
IPv6 Deliver content over both modern IPv6 and traditional IPv4 connections from CloudFront to viewers and origins. Enables end-to-end IPv6 support for your applications. |
Yes
|
Yes
|
Yes
|
Yes
|
HTTP/2 Enable faster page loads through modern protocol features like multiplexing, header compression, and stream prioritization. Automatically used when supported by browsers and clients. |
Yes
|
Yes
|
Yes
|
Yes
|
HTTP/3 Deliver content using QUIC to browsers and clients that support it, enabling faster connections and improved performance. Particularly benefits mobile users and maintains connections when network conditions change. |
Yes
|
Yes
|
Yes
|
Yes
|
TLS 1.3 Deliver faster HTTPS connections through a handshake process that requires one round-trip compared to two in TLS 1.2. Reduces first byte latency by up to 33% compared to previous TLS versions. |
Yes
|
Yes
|
Yes
|
Yes
|
WebSockets Enable real-time, persistent two-way communication between browsers and servers. Ideal for AI chat applications, multi-player gaming, collaborative workspaces, and real-time data feeds like financial trading platforms. |
Yes
|
Yes
|
Yes
|
Yes
|
| Logging and Monitoring | ||||
Access Logs Access detailed CloudFront request logs to understand security and delivery traffic patterns, with Amazon CloudWatch Logs ingestion is included at no extra cost. |
Yes
|
Yes
|
Yes
|
|
WAF request logs Access detailed AWS WAF request logs to understand security and delivery traffic patterns. Amazon CloudWatch Logs ingestion is included at no extra cost. |
Yes
|
Yes
|
Yes
|
|
Security dashboard Monitor security events, investigate threats, and take immediate blocking actions using visual analytics without writing security rules. Pro and above includes visual log analyzer to quickly understand traffic patterns without querying logs. |
Yes
|
Yes
|
Yes
|
Yes
|
| DNS | ||||
Amazon Route 53 DNS Fast, reliable public authoritative DNS service using Route 53. |
Yes
|
Yes
|
Yes
|
Yes
|
Records per Hosted Zone The maximum number of DNS records allowed in the hosted zone. |
50 | 100 | 1000 | 5000 |
DNSSEC Protect your domain against DNS spoofing and man-in-the-middle attacks where attackers intercept DNS queries and redirect visitors to fake websites. Secures DNS traffic by cryptographically signing your DNS records. |
Yes
|
Yes
|
Yes
|
Yes
|
| Storage | ||||
Amazon S3 storage Amazon S3 storage credits that offset any S3 Standard storage costs in your AWS account. Not limited to CloudFront content or subject to plan usage allowances. |
5 GB | 50 GB | 1 TB | 5 TB |
| Support and Reliability | ||||
24x7 account and billing support One-on-one responses to account and billing questions. If you have a paid support plans, you're eligible to receive support on all flat-rate plans. |
Yes
|
Yes
|
Yes
|
Yes
|
Documentation and AWS Support forums Access product documentation, technical papers, best practices guides, AWS re:Post community forums, and service health information to help plan and troubleshoot. |
Yes
|
Yes
|
Yes
|
Yes
|
Uptime SLA Service Level Agreements (SLA) for Amazon CloudFront, AWS WAF, Amazon Route 53, and Amazon CloudWatch provide service availability commitments. In the event AWS does not meet the associated SLA's commitment, you will be eligible to receive a service credit. |
Yes
|
Yes
|
Monthly usage allowances
Each flat-rate plan includes a monthly usage allowance designed for optimal performance at that tier. You can track your usage allowance in the CloudFront console at any time. You will also receive automatic email notifications when you reach 50%, 80%, and 100% of your allowance.
If you exceed your allowance, you will not incur any overage charges. This allows you to operate your application without worrying about costs from unexpected traffic spikes or attacks. If you outgrow your plan, upgrade to the next tier to access more features and increase your monthly usage allowance. If your usage exceeds the allowances in your CloudFront flat-rate pricing plan, AWS may take appropriate action, which may include reducing your performance (for example, throttling) or requiring a change to your pricing structure.
| Free | Pro | Business | Premium | |
|---|---|---|---|---|
| Requests | 1 M | 10 M | 125 M | 500 M |
| Data transfer | 100 GB | 50 TB | 50 TB | 50 TB |
Note
Blocked DDoS attacks and requests blocked by AWS WAF never count against your usage allowance.
Eligibility based on historical usage
Your historical CloudFront usage may affect your eligibility to sign up for or downgrade to specific plan tiers. If your recent usage exceeds a plan tier's usage allowances, you may need to select a higher tier that better aligns with your workload.
Costs covered by your plan
Your plan covers costs for:
-
Your CloudFront distribution
-
The AWS WAF web ACL associated with your distribution
-
CloudWatch Logs ingestion for your distribution's CloudFront access logs and associated WAF logs
-
The Route 53 hosted zone, DNS records, and DNS queries when attached to your distribution's plan
You will also receive S3 credits to offset S3 Standard storage usage in your payer account, whether or not an S3 bucket is used as an origin for your CloudFront distribution.
Route 53 DNS management and your plan
If you use Route 53 for DNS and attach the zone to your plan, your flat-rate plan can include your Route 53 hosted zone costs. You can attach the zone to your plan in the Manage Plan section of your CloudFront distribution. When your zone is attached to the plan, your plan covers your hosted zone's standard costs, including the monthly hosted zone fee, DNS records, and DNS query fees subject to respective allowances per tier, provided below. The hosted zone must meet the following requirements:
-
Exist in the same AWS account as your CloudFront distribution
-
Maintain the number of records allowed per hosted zone for your plan tier
-
Cover the domain used by your CloudFront distribution
Understanding monthly DNS query allowances
When your hosted zone is attached to your plan, you get:
-
DNS queries to ALIAS records pointing to your CloudFront distribution and other supported AWS services
-
An additional monthly allowance for other DNS record types
| Free | Pro | Business | Premium | |
|---|---|---|---|---|
|
DNS queries to ALIAS records (CloudFront and other supported
AWS services |
No limit | No limit | No limit | No limit |
|
Additional DNS query allowance per month |
1 M | 5 M | 20 M | 100 M |
Note
To maximize your plan benefits, use ALIAS records to point to your CloudFront
distribution. ALIAS records pointing to CloudFront and other supported AWS services
Exceeding DNS query allowances
If your DNS query usage exceeds your plan's monthly allowance, AWS may notify you. At that point, you can detach your hosted zone from the plan in the Manage Plan section of your CloudFront distribution to return the hosted zone to pay-as-you-go pricing. If you do not detach your hosted zone after receiving this notification, AWS may automatically transition the hosted zone to pay-as-you-go pricing. When a hosted zone moves to pay-as-you-go pricing, you are responsible for all standard Route 53 costs. Your CloudFront distribution and all other plan benefits continue unchanged.
Reduce overall AWS costs with pricing plans
CloudFront flat-rate pricing plans can reduce your overall AWS costs in three ways:
First, data transfer costs between CloudFront and your AWS applications running on services such as Amazon S3, AWS Application Load Balancer (ALB), or Amazon API Gateway are automatically waived. When you serve your AWS applications through CloudFront instead of directly to the internet, your flat-rate plan covers the data transfer costs between your applications and your viewers for a simple monthly price without the worry of overages.
Second, CloudFront reduces your compute and database costs by protecting your application infrastructure and reducing the number of requests reaching your origin. It serves cached content from edge locations or regional edge caches, collapses duplicate requests, and blocks malicious and unwanted traffic before it reaches your backend services. This means fewer requests hitting your application servers, databases, and other AWS services that charge based on usage, which reduces your costs.
Finally, each plan includes Amazon S3 Standard storage credits to offset storage usage for your AWS account.
To maximize these savings, configure your AWS origins to only accept traffic from CloudFront. For S3, use Origin Access Control OAC with private buckets to grant access to your designated CloudFront distribution. For Application Load Balancer, Network Load Balancer, and Amazon EC2 instances in private subnets, restrict access to your designated CloudFront distribution using VPC Origins.
Manage your flat-rate pricing plans
Follow these procedures in the CloudFront console to subscribe, upgrade, downgrade, or cancel a pricing plan for your distributions.
Subscribe a new distribution to a pricing plan
When you create a new distribution, you can subscribe to a pricing plan.
To subscribe a new distribution to a pricing plan
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v4/home
. -
In the navigation pane, choose Distributions, then follow the steps to create a distribution.
-
Choose your distribution's pricing plan. Note that some features are not available per pricing plan tier. Review the features per plan and choose the pricing plan that you need for your application.
-
Complete the steps to create your distribution.
Subscribe an existing distribution to a pricing plan
When you update a distribution, you can subscribe to a pricing plan. Before choosing a pricing plan, ensure that your distribution configuration is compatible with the plan that you want.
Tip
If your current distribution uses any unsupported features, you must disable those features before you can subscribe to the pricing plan. This includes disabling features like Lambda@Edge or real-time access logs.
Once your distribution configuration is compatible, you can choose your desired pricing plan while update a distribution.
To subscribe an existing distribution to a pricing plan
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v4/home
. -
In the navigation pane, choose Distributions, then follow the steps to update an existing distribution.
-
Choose your distribution's pricing plan. Note that some features are not available per pricing plan tier. Review the features per plan and choose the pricing plan that you need for your application.
-
Complete the steps to update your distribution.
Upgrade a pricing plan
We recommend that you upgrade a plan if you're approaching or have exceeded your monthly usage allowance, or if you want to enable a feature that is available in the next tier.
When you upgrade to a higher plan tier, changes take effect immediately. Your price and usage allowance are prorated. Your distribution and associated resources will have access to the available features and higher usage allowance of your new plan.
To upgrade a pricing plan
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v4/home
. -
In the navigation pane, choose Distributions.
-
Choose your distribution that is subscribed to an existing pricing plan.
-
Follow the prompts to upgrade your distribution's pricing plan.
-
Complete the steps to update an existing distribution.
Downgrade a pricing plan
We recommend that you downgrade to a lower plan tier if you don't need the additional features on your existing tier. For example, you might downgrade if you expect your application will experience lower traffic.
If you downgrade to a lower tier, your billing changes will take effect at the beginning of the next billing cycle.
If your distribution currently exceeds the usage allowance for a plan, you can downgrade once your usage is within the usage allowance for your desired tier. To avoid being charged for your existing plan tier at the next billing cycle, downgrade before the end of the month.
To downgrade a pricing plan
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v4/home
. -
In the navigation pane, choose Distributions.
-
Choose your distribution that is subscribed to an existing pricing plan.
-
Follow the prompts to downgrade your distribution's pricing plan. If you have unsupported features, you must either remove the feature or resource from the distribution.
-
Complete the steps to update an existing distribution.
Cancel a pricing plan
When you cancel a pricing plan, you will maintain your flat-rate price through the end of your current billing cycle. Your distribution and all associated plan resources will then switch to pay-as-you-go pricing at the start of the next billing cycle.
To cancel a pricing plan
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v4/home
. -
In the navigation pane, choose Distributions.
-
Choose your distribution that is subscribed to an existing pricing plan.
-
Follow the prompts to cancel your distribution's pricing plan. If you have unsupported features, you must either remove the feature or resource from the distribution.
-
Complete the steps to update an existing distribution.
Cancel a pending plan change
If you downgraded or canceled your flat-rate pricing plan, you must wait until the end of the current billing cycle before your changes are in effect. To keep your existing flat-rate pricing plan, upgrade, or downgrade your pricing plan again, you must first cancel your pending plan change.
To cancel a pending pricing plan change
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v4/home
. -
In the navigation pane, choose Distributions.
-
Choose your distribution that is subscribed to an existing pricing plan.
-
Follow the prompts to cancel your distribution's pending plan change.
-
Choose the pricing plan that you want for your distribution.
-
Complete the steps to update an existing distribution.
Deleting a distribution with a pricing plan
You can't delete a distribution that is subscribed to a pricing plan. You must first cancel the pricing plan and then after the current billing cycle, delete the distribution.
To delete a distribution with a pricing plan
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v4/home
. -
In the navigation pane, choose Distributions.
-
Follow the previous steps to cancel the distribution's pricing plan.
-
Follow the steps to delete the distribution.
Note
You can disable a distribution that is subscribed to a pricing plan, but you will still incur charges for that plan. To stop incurring charges for your plan, you must first cancel it.
Permissions
To view or manage pricing plan subscriptions for your CloudFront distributions, you must have the required permissions. For more information, see AWS managed policy: CloudFrontFullAccess and AWS managed policy: CloudFrontReadOnlyAccess.
Flat-rate pricing plan quotas
The following table shows the quotas and restrictions for CloudFront flat-rate pricing plans.
Note
These quotas can't be increased for your AWS account.
| Account-level quotas | Quotas |
|---|---|
| Pricing plans per AWS account | 100 |
| Free plans per AWS account | 3 |
| Apex-level domains per plan | 1 |
Unsupported features
Before you can associate a distribution with a pricing plan, you must ensure that certain features are disabled and associations are removed.
Notes
-
If your distribution or account has any of these restrictions, you must resolve them before you can use pricing plans. After you make changes to your distribution, wait for the changes to propagate to all edge locations.
-
You must have a AWS WAF Web ACL associated with your distribution if you're using a pricing plan. This resource cannot be removed or disassociated from your distribution unless you switch to pay-as-you-go pricing for that distribution.
Unsupported features
You can't subscribe distributions to a pricing plan if their configuration contains the following unsupported features. You can disable the unsupported feature and use an alternative option, or keep pay-as-you-go for your distribution.
| Unsupported features | Alternative options | AWS service |
|---|---|---|
| Use a standard distribution or pay-as-you-go pricing | CloudFront | |
| Use pay-as-you-go pricing | CloudFront | |
|
Anycast IP list configuration |
Use pay-as-you-go pricing | CloudFront |
| Use standard access logs or pay-as-you-go pricing | CloudFront | |
| Use CloudFront Functions or pay-as-you-go pricing | CloudFront | |
|
Targeted Bots |
Use common bots or pay-as-you-go pricing | AWS WAF |
|
CAPTCHA |
Use challenge or pay-as-you-go pricing | AWS WAF |
|
Partner Managed Rules |
Use pay-as-you-go pricing | AWS WAF |
|
Account Creation Fraud Prevention |
Use pay-as-you-go pricing | AWS WAF |
|
Account Takeover Protection |
Use pay-as-you-go pricing | AWS WAF |
|
Rule Groups |
Create individual rules (rule groups are shared AWS WAF rules that can be applied to a web ACL, similar to policies on CloudFront) |
AWS WAF |
| Legacy features | ||
|
ForwardedValues configuration |
Use Origin request policies | CloudFront |
| Use pay-as-you-go pricing | CloudFront | |
| Use pay-as-you-go pricing | CloudFront | |
|
AWS Identity and Access Management (IAM) server certificates |
Use AWS Certificate Manager (ACM) certificates | CloudFront |
| Use Origin access control (OAC) | CloudFront | |
|
Legacy cache settings |
Use cache policies and origin request policies. |
CloudFront |
Unsupported associations
You can't subscribe a distribution to a pricing plan if the distribution is already associated with any of the following resources that are already associated with other distributions. Resources that are associated to a distribution that is subscribed to a pricing plan can only be used for that distribution. For example, if you have a CloudFront function that is using a key value store, neither the function nor the key value store can be shared for a distribution that is on a pricing plan.
-
CloudFront Functions
-
CloudFront Functions associated with a key value store
-
AWS WAF Web ACLs
To subscribe a distribution to a pricing plan, either remove the associated resource or replace it with another one.
Account-level constraints
AWS accounts are not eligible for pricing plans if they meet any of the following conditions:
-
You reached the maximum number of subscriptions allowed. See Flat-rate pricing plan quotas.
-
Your account is using AWS Free Tier.
Resource-level constraints
Distributions are not eligible for pricing plans if they meet any of the following conditions:
-
Your distribution has enabled AWS Shield Advanced
-
Your distribution has enabled the Firewall Manager Service for your web ACL. Firewall Manager won't manage your CloudFront distribution's WebACL in a pricing plan.
Additional features that can affect your pricing plan
Flat-rate pricing plans enable you to pay a flat-rate for your CloudFront distribution and the features listed above that are both included in your plan and associated with your CloudFront distribution. All other features may incur additional charges, including but not limited to the following:
Route 53
-
Route 53 DNSSEC has an AWS KMS cost
-
Route 53 IP (CIDR) blocks (the first 1,000 are free per AWS account)
-
Route 53 Health Checks (the first 50 are free per AWS account)
Logging features
-
Route 53 DNS Query Logs, CloudFront Functions logs, and CloudFront Connection Function Logs
-
AWS WAF log delivery to Amazon S3
-
CloudFront or AWS WAF log delivery to Amazon Data Firehose
-
Additional CloudWatch metrics for CloudFront
-
CloudFront access logs in Parquet format
Note
Your plan includes Amazon CloudWatch Logs ingestion for CloudFront standard logs (access logs) and WAF logs for no added costs. All other CloudWatch costs such as storage and querying are not covered by your plan. All other logs are also billed separately.
Note
Your plan includes public authoritative DNS from Route 53. When your Route 53 hosted zone is attached to your pricing plan, your plan covers your hosted zone's standard costs, including the monthly hosted zone fee, DNS records, and DNS query fees subject to respective allowances per tier. All other costs from Route 53 usage and features not listed above as included in your plan are not covered by your plan.
Pricing plans vs. pay-as-you-go pricing
Flat-rate plans and pay-as-you-go pricing offer different advantages based on your needs. With flat-rate plans, you pay one price that includes multiple AWS services like CloudFront, AWS WAF, Route 53, and CloudWatch Logs ingestion and never face overage charges, even during traffic spikes or attacks.
With pay-as-you-go pricing, you're billed separately for each service and feature based on your actual usage. While this provides complete flexibility in service selection and configuration, your costs can vary month to month based on traffic patterns, and you will need to monitor usage across multiple services to manage costs.
Flat-rate plans are ideal if you want combined monthly billing, simplified service configuration, and built-in security features without worrying about overage charges. Pay-as-you-go pricing is a better choice if you need complete control over individual service features, custom configurations, access to features not available in flat-rate plans, or if you expect to handle large, predictable traffic spikes. Amazon CloudFront flat-rate pricing plans may not be combined with any other offers, promotions, or discounts.
