Amazon CloudFront announces VPC origins
Amazon CloudFront announces Virtual Private Cloud (VPC) origins, a new feature that allows customers to use CloudFront to deliver content from applications hosted in VPC private subnets. With VPC origins, customers can have their Application Load Balancers (ALB), Network Load Balancers (NLB), and EC2 Instances in a private subnet that is accessible only through their CloudFront distributions. This makes it easy for customers to secure their web applications, allowing them to focus on growing their businesses while improving security and maintaining high-performance and global scalability with CloudFront.
AWS customers use CloudFront to deliver highly performant and globally scalable applications. Customers serving content from Amazon S3, AWS Elemental Services and Lambda Function URLs can use Origin Access Control as a managed solution to secure their origins. For origins in VPCs, customers had to keep their origins in public subnets, and use Access Control Lists and other mechanisms to restrict access to their origins. Customers had to spend on-going effort to implement and maintain these solutions, leading to undifferentiated work. VPC origins streamlines security management and reduces operational complexity, making it easy to use CloudFront as the single front door for applications.
VPC origins are available in AWS Commercial Regions only, and the full list of supported AWS Regions is available here. There is no additional cost for using VPC origins with CloudFront. CloudFormation support will be coming soon. To learn more, visit CloudFront VPC origins.