Posted On: Jan 13, 2016
We are excited to announce three new security features that help further protect communication between Amazon CloudFront and your origin server.
- Enforce HTTPS-only connection between CloudFront and your origin webserver: Now you can configure CloudFront to connect to your origin server using HTTPS regardless of whether the viewer made the request by using HTTP or HTTPS. For more information, see How to Require HTTPS for Communication between Viewers, CloudFront, and Your Origin in the Amazon CloudFront Developer Guide.
- Support for TLSv1.1 and TLSv1.2 between CloudFront and your origin webserver: We’ve added TLSv1.1 and TLSv1.2 to the list of supported protocol versions you can use for the HTTPS connections between CloudFront and your custom origin webserver. In addition, you can choose the protocols that you want CloudFront to use when communicating with your origin so you can, for example, choose not to allow CloudFront to communicate with your origin by using SSLv3, which is less secure than TLS. For more information, see How to Require HTTPS for Communication between Viewers, CloudFront, and Your Origin in the Amazon CloudFront Developer Guide.
- Add or modify request headers forwarded from CloudFront to your origin (launched Dec 28th): Now you can configure CloudFront to add custom headers or override the value of existing request headers when CloudFront forwards requests to your origin. You can use these headers to help validate that requests made to your origin were sent from CloudFront (shared secret) and configure your origin to only allow requests that contain the custom header values that you specify. This feature also helps with setting up Cross-Origin Request Sharing (CORS) for your CloudFront distribution - you can configure CloudFront to always add custom headers to your origin to accommodate viewers that don't automatically include those headers in requests. It also allows you to disable varying on the Origin header, which improves your cache hit ratio, yet forward the appropriate headers so that your origin can respond with the CORS header. For more information, see Forwarding Custom Headers to Your Origin in the Amazon CloudFront Developer Guide.
All these features are provided at no additional charge.