All news with #cloudfront tag

Amazon CloudFront Adds TLS 1.3 Support for Origins

🔒 Amazon CloudFront now supports TLS 1.3 for connections to origins, automatically enabled across custom origins, Amazon S3, and Application Load Balancers with no configuration changes required. The upgrade provides stronger encryption and reduced handshake latency, delivering up to 30% faster connection establishment when an origin supports TLS 1.3. CloudFront will negotiate TLS 1.3 where supported while maintaining backward compatibility with older TLS versions. This support is available at no additional charge in all CloudFront edge locations and benefits sensitive workloads such as financial services, healthcare, and e-commerce.

Amazon CloudFront Adds CBOR Web Tokens and CAT Support

🔐 Amazon CloudFront now supports CWT (CBOR Web Tokens) and CAT (Common Access Tokens), providing a compact, binary alternative to JWTs using CBOR and protected with COSE. Developers can validate, generate, and refresh tokens directly in CloudFront Functions with sub-millisecond execution and seamless integration with the CloudFront Functions KeyValueStore for secure key management. CAT extends CWT with fine-grained access controls such as URL patterns, IP restrictions, and HTTP method limits, enabling edge-enforced authorization without additional charge.

Amazon CloudFront Adds Cross-Account VPC Origins Support

🔒 Amazon announced that CloudFront now supports cross-account VPC origins, enabling distributions to reach ALB, NLB, and EC2 origins inside private subnets across different AWS accounts. Customers can grant access via AWS RAM, including across Organizations and OUs, removing the need to place origins in public subnets. The capability is available in AWS Commercial Regions at no extra charge and is designed to simplify security and multi-account operations.

Amazon CloudFront Adds IPv6 Origin Connectivity Support

🌐 Amazon CloudFront now supports IPv6 connectivity to origin servers, enabling end-to-end IPv6 content delivery for web applications. Customers can configure custom origins as IPv4-only (default), IPv6-only, or dual-stack; in dual-stack mode CloudFront will automatically balance requests across IPv4 and IPv6 addresses. IPv6 origin support is available in all supported AWS Commercial Regions and excludes Amazon S3 and VPC origins. This capability can improve performance for native IPv6 users and reduce pressure from IPv4 address exhaustion for origin infrastructure.