How can I configure CloudFront to forward the Authorization header to the origin?
Last updated: 2020-11-20
The origin of my Amazon CloudFront distribution requires that requests include the Authorization header. Because of this, my distribution must forward the Authorization header to the origin.
- Create a cache policy. Then, associate the cache policy with the cache behavior that must forward the Authorization header.
Note: You can't use an origin request policy to forward the Authorization header. The header must be a part of the cache key to prevent the cache from satisfying unauthorized requests. CloudFront returns an HTTP 400 error if you try to create an origin request policy that forwards the Authorization header.
- Edit an existing cache behavior with legacy cache settings.
Important: For Amazon Simple Storage Service (Amazon S3) origins, caching based on the Authorization header isn't supported. For more information, see Selecting the headers to base caching on.
Create a cache policy
- Follow the steps to create a cache policy using the CloudFront console.
- Under Cache key contents, for Headers, select Whitelist. From the list of headers, select Authorization. Then, choose Add header.
- Complete all other settings of the cache policy based on the requirements of the behavior that you're attaching the policy to.
- After you create the cache policy, follow the steps to attach the policies to the relevant behavior of your CloudFront distribution.
Edit an existing cache behavior with legacy cache settings
- Open the CloudFront console, and then choose your distribution.
- Choose the Behaviors tab, and then select the path for which you want to forward the Authorization header.
- Choose Edit.
- For Cache Based on Selected Request Headers, choose Whitelist.
- Under Whitelist Headers, choose Authorization from the column on the left, and then choose Add.
- Choose Yes, Edit.