Amazon CloudFront adds ECDSA support for signed URLs
Amazon CloudFront now supports Elliptic Curve Digital Signature Algorithm (ECDSA) for signed URLs and signed cookies, providing customers with enhanced performance and security for content access control. This addition gives customers the flexibility to choose between RSA and ECDSA cryptographic algorithms based on their specific security and performance requirements.
Previously, CloudFront only supported RSA based encryption algorithms to create signed tokens. ECDSA offers several advantages over traditional RSA signatures, including faster signature generation and verification, smaller signature sizes that result in shorter URLs, and equivalent security with smaller key sizes. This makes ECDSA signed URLs and signed cookies particularly beneficial for high-volume applications, mobile environments, and IoT devices where processing efficiency and bandwidth optimization are critical.
ECDSA support with signed URLs and signed cookies is available in all edge locations. This excludes Amazon Web Services China (Beijing) region, operated by Sinnet, and the Amazon Web Services China (Ningxia) region, operated by NWCD. There is no additional charge to utilize this feature. To learn more about restricting content delivered with Amazon CloudFront, visit the CloudFront documentation.