Getting Started with AWS services in China
AWS services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with AWS services in China.

Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers, with low latency and high transfer speeds, in a developer-friendly environment. When a user requests content that you're serving with CloudFront, the request is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

CloudFront China uses a network of three edge locations in the following cities: Beijing, Zhongwei, and Shanghai. These points of presence (POPs) are connected by a private backbone directly to the AWS China (Beijing) Region operated by Sinnet and the AWS China (Ningxia) Region operated by NWCD.

Please note the following AWS services in China implementation particulars, which are potentially relevant to all services in the Beijing and Ningxia Regions.

  • To use services in the Beijing and Ningxia Regions, you need an account and credentials specific to the Beijing and Ningxia Regions. Accounts and credentials for other AWS Regions will not work for services operating in the Beijing and Ningxia Regions. Likewise, accounts and credentials for the Beijing and Ningxia Regions will not work for other AWS Regions.

  • There are two Availability Zones in the Beijing Region.

  • There are three Availability Zones in the Ningxia Region.

  • In AWS Identity and Access Management (IAM), you can grant or deny a service access to resources using the Principal policy element. Service principal values vary by Region.

  • The domain for both the Beijing and Ningxia Regions is www.amazonaws.cn.

  • The endpoints for services in the China (Beijing) Region and the China (Ningxia) Region are different from other global endpoints.

    • The endpoint domain for both the Beijing and Ningxia Regions is amazonaws.com.cn.

    • For an endpoint in the China (Beijing) Region, the Region value should be cn-north-1.

    • For an endpoint in the China (Ningxia) Region, the Region value should be cn-northwest-1.

    • For example, the endpoint for Elastic Load Balancing in the Beijing Region is elasticloadbalancing.cn-north-1.amazonaws.com.cn.

    Endpoint syntax varies from service to service. For more information, see China (Beijing), China (Ningxia), and the service-specific documentation.

  • In the China Regions, the Amazon Resource Name (ARN) syntax includes a cn.

    For example: arn:aws-cn:iam::123456789012:user/division_abc/subdivision_xyz/Bob.

  • The EC2-Classic platform is not supported.

  • The free usage tier is not available in the China Regions.

Note

The AWS documentation might show code examples for endpoints and ARNs that are not specific for the Beijing and Ningxia Regions. When using examples, verify you are using the correct endpoints and ARNs for your Region.

Language Options

Chinese is the default language for AWS services in China documentation. To switch to the English version of the page, use the language selection dropdown at the top of the page. Note: Selecting a different language will update the language cookie, making it the default language.

Chinese-language URL syntax:
http://docs.amazonaws.cn/aws/latest/userguide/introduction.html
English-language URL syntax:
http://docs.amazonaws.cn/en_us/aws/latest/userguide/introduction.html

Feature Availability and Implementation Differences

The AWS services in China implementation of Amazon CloudFront is unique in the following ways:

  • Customers can’t use the default CloudFront domain, *.cloudfront.cn, to serve content. They must add an alternate domain name, also known as a CNAME, to their CloudFront distributions, and then use the domain name in the URLs for their content. They also must have an ICP registration. In addition, just as with the global CloudFront service, to serve content over HTTPS, customers must set up an SSL/TLS certificate with their alternate domain name.

  • By using the CloudFront API, you can view the ICP recordal status for each CNAME in a CloudFront distribution: APPROVED, SUSPENDED, or PENDING. The ICP recordal status is also displayed in the console for AWS services in China customers. For more information, see CNAME Status (General Tab) in the Amazon CloudFront Developer Guide and AliasICPRecordal in the Amazon CloudFront API Reference.

  • Custom IP groups are not available.

  • IPv6 is not supported.

  • Regional edge caches (RECs) are not available.

  • Origin access identities (OAIs), which allow access to an Amazon S3 bucket only from a CloudFront distribution, are not available.

  • Lambda@Edge is not available.

  • AWS WAF, a web application firewall service, is not available.

  • RTMP streaming distributions are not available.

  • If you need to restore ACL permissions for awslogsdelivery so that you can write CloudFront access logs to an Amazon S3 bucket, you must provide the following canonical name for the account: a52cb28745c0c06e84ec548334e44bfa7fc2a85c54af20cd59e4969344b7af56

User Guides

AWS services in China user guides are available in HTML and PDF, in both Chinese and English. API guides are available in HTML and PDF, in English only. Currently, the API guides are not available in the Beijing and Ningxia Regions. Links to API guides will take you to the global AWS site. Note that some features and functionality described in the guides may not be available in the current AWS services in China release.