Updates before 2022

The following table describes the important changes made to CloudFront documentation before 2022.

Change	Description	Date
New feature	CloudFront adds support for response headers policies, which allow you to specify the HTTP headers that CloudFront adds to HTTP responses that it sends to viewers (web browsers or other clients). You can specify the desired headers (and their values) without making any changes to the origin or writing any code. For more information, see Adding or removing HTTP headers in CloudFront responses.	November 2, 2021
New `CloudFront-Viewer-Address` request header	CloudFront adds support for a new header, `CloudFront-Viewer-Address`, that contains the IP address of the viewer that sent the HTTP request to CloudFront. For more information, see Adding CloudFront request headers.	October 25, 2021
Lambda@Edge supports new runtime version	Lambda@Edge now supports Lambda functions with the Python 3.9 runtime. For more information, see Supported runtimes.	September 22, 2021
Amazon managed policy update	CloudFront updated the CloudFrontReadOnlyAccess policy. For more information, see CloudFront updates to Amazon managed policies.	September 8, 2021
New feature	CloudFront now supports ECDSA certificates for viewer-facing HTTPS connections. For more information, see Supported protocols and ciphers between viewers and CloudFront and Requirements for using SSL/TLS certificates with CloudFront.	July 14, 2021
New feature	CloudFront now supports more ways to move an alternate domain name from one distribution to another, without contacting Amazon Web Services Support. For more information, see Moving an alternate domain name to a different distribution.	July 7, 2021
New security policy	CloudFront now supports a new security policy, TLSv1.2_2021, with a smaller set of supported ciphers. For more information, see Supported protocols and ciphers between viewers and CloudFront.	June 23, 2021
New feature	Amazon CloudFront now supports CloudFront Functions, a native feature of CloudFront that enables you to write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations. For more information, see Customizing at the edge with CloudFront Functions.	May 3, 2021
Lambda@Edge supports newer runtime versions	Lambda@Edge now supports Lambda functions with the Node.js 14 runtime. For more information, see Supported runtimes.	April 29, 2021
Remove documentation for RTMP distributions	Amazon CloudFront deprecated real-time messaging protocol (RTMP) distributions on December 31, 2020. Documentation for RTMP distributions is now removed from the Amazon CloudFront Developer Guide.	February 10, 2021
New pricing option	Amazon CloudFront introduces the CloudFront security savings bundle, a simple way to save up to 30% on the CloudFront charges on your Amazon bill. For more information, see the Savings Bundle FAQs.	February 5, 2021
New tutorial	The Amazon CloudFront Developer Guide now includes a tutorial for using Amazon CloudFront to restrict access to an Application Load Balancer in Elastic Load Balancing. For more information, see Restricting access to Application Load Balancers.	December 18, 2020
New option for public key management	CloudFront now supports public key management for signed URLs and signed cookies through the CloudFront console and API, without requiring access to the Amazon account root user. For more information, see Specifying the signers that can create signed URLs and signed cookies.	October 22, 2020
New feature – Origin Shield	CloudFront now supports CloudFront Origin Shield, an additional layer in the CloudFront caching infrastructure that helps to minimize your origin’s load, improve its availability, and reduce its operating costs. For more information, see Using Amazon CloudFront Origin Shield.	October 20, 2020
New compression format	CloudFront now supports the Brotli compression formation when you configure CloudFront to compress objects at CloudFront edge locations. You can also configure CloudFront to cache Brotli objects using a normalized `Accept-Encoding` header. For more information, see Serving compressed files and Compression support.	September 14, 2020
New TLS protocol	CloudFront now supports the TLS 1.3 protocol for HTTPS connections between viewers and CloudFront distributions. TLS 1.3 is enabled by default in all CloudFront security policies. For more information, see Supported protocols and ciphers between viewers and CloudFront.	September 3, 2020
New real-time logs	CloudFront now supports configurable real-time logs. With real-time logs, you can get information about requests made to a distribution in real time. You can use real-time logs to monitor, analyze, and take action based on content delivery performance. For more information, see Real-time logs.	August 31, 2020
API support for additional metrics	CloudFront now supports enabling eight additional real-time metrics with the CloudFront API. For more information, see Turning on additional metrics.	August 28, 2020
New CloudFront HTTP headers	CloudFront added additional HTTP headers for determining information about the viewer such as device type, geographic location, and more. For more information, see Adding CloudFront request headers.	July 23, 2020
New feature	CloudFront now supports cache policies and origin request polices, which give you more granular control over the cache key and origin requests for your CloudFront distributions. For more information, see Working with policies.	July 22, 2020
New security policy	CloudFront now supports a new security policy, TLSv1.2_2019, with a smaller set of supported ciphers. For more information, see Supported protocols and ciphers between viewers and CloudFront.	July 8, 2020
New settings to control origin timeouts and attempts	CloudFront added new settings that control origin timeouts and attempts. For more information, see Controlling origin timeouts and attempts.	June 5, 2020
New documentation for getting started with CloudFront by creating a secure static website	Get started with CloudFront by creating a secure static website using Amazon S3, CloudFront, Lambda@Edge, and more, all deployed with Amazon CloudFormation. For more information, see Getting started with a secure static website.	June 2, 2020
Lambda@Edge supports newer runtime versions	Lambda@Edge now supports Lambda functions with the Node.js 12 and Python 3.8 runtimes. For more information, see Supported runtimes.	February 27, 2020
New real-time metrics in CloudWatch	Amazon CloudFront now offers eight additional real-time metrics in Amazon CloudWatch. For more information, see Turning on additional CloudFront distribution metrics.	December 19, 2019
New fields in access logs	CloudFront adds seven new fields to access logs. For more information, see Standard log file fields.	December 12, 2019
Amazon WordPress plugin	You can use the Amazon WordPress plugin to provide visitors to your WordPress website an accelerated viewing experience using CloudFront. (Update: as of September 30, 2022, the Amazon for WordPress plugin is deprecated.)	October 30, 2019
Tag-based and resource-level IAM permissions policies	CloudFront now supports two additional ways of specifying IAM permission policies: tag-based and resource-level policy permissions. For more information, see Managing Access to Resources.	August 8, 2019
Support for Python programming language	You can now use the Python programming language to develop functions in Lambda@Edge, in addition to Node.js. For example functions that cover a variety of scenarios, see Lambda@Edge Example Functions.	August 1, 2019
Updated monitoring graphs	Content updates to describe new ways for you to monitor Lambda functions associated with your CloudFront distributions directly from the CloudFront console to more easily track and debug errors. For more information, see Monitoring CloudFront.	June 20, 2019
Consolidated security content	A new Security chapter consolidates information about CloudFront's features around and implementation of data protection, IAM, logging, compliance, and more. For more information, see Security.	May 24, 2019
Domain validation is now required	CloudFront now requires that you use an SSL certificate to verify that you have permission to use an alternate domain name with a distribution. For more information, see Using Alternate Domain Names and HTTPS.	April 9, 2019
Updated PDF filename	The new filename for the Amazon CloudFront Developer Guide is: AmazonCloudFront_DevGuide. The previous name was: cf-dg.	January 7, 2019
New features	CloudFront now supports WebSocket, a TCP-based protocol that is useful when you need long-lived connections between clients and servers. You can also now set up CloudFront with origin failover for scenarios that require high availability. For more information, see Using WebSocket with CloudFront Distributions and Optimizing High Availability with CloudFront Origin Failover.	November 20, 2018
New feature	CloudFront now supports detailed error logging for HTTP requests that run Lambda functions. You can store the logs in CloudWatch and use them to help troubleshoot HTTP 5xx errors when your function returns an invalid response. For more information, see CloudWatch Metrics and CloudWatch Logs for Lambda Functions.	October 8, 2018
New feature	You can now opt to have Lambda@Edge expose the body in a request for writable HTTP methods (POST, PUT, DELETE, and so on), so that you can access it in your Lambda function. You can choose read-only access, or you can specify that you’ll replace the body. For more information, see Accessing the Request Body by Choosing the Include Body Option.	August 14, 2018
New feature	CloudFront now supports serving content compressed by using brotli or other compression algorithms, in addition to or instead of gzip. For more information, see Serving Compressed Files.	July 25, 2018
Reorganization	The Amazon CloudFront Developer Guide has been reorganized to simplify finding related content, and to improve scanability and navigation.	June 28, 2018
New Feature	Lambda@Edge now enables you to further customize the delivery of content stored in an Amazon S3 bucket, by allowing you to access additional headers, including custom headers, within origin-facing events. For more information, see these examples showing personalization of content based on viewer location and viewer device type.	March 20, 2018
New Feature	You can now use Amazon CloudFront to negotiate HTTPS connections to origins using Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA uses smaller keys that are faster, yet, just as secure, as the older RSA algorithm. For more information, see Supported SSL/TLS Protocols and Ciphers for Communication Between CloudFront and Your Origin and About RSA and ECDSA Ciphers.	March 15, 2018
New Feature	Lambda@Edge enables you to customize error responses from your origin, by allowing you to execute Lambda functions in response to HTTP errors that Amazon CloudFront receives from your origin. For more information, see these examples showing redirects to another location and response generation with 200 status code (OK).	December 21, 2017
New Feature	A new CloudFront capability, field-level encryption, helps you to further enhance the security of sensitive data, like credit card numbers or personally identifiable information (PII) like social security numbers. For more information, see Using field-level encryption to help protect sensitive data.	December 14, 2017
Doc history archived	Older doc history was archived.	December, 2017

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document history

Amazon Glossary