Getting Started with AWS services in China
AWS services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with AWS services in China.

Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers, with low latency and high transfer speeds, in a developer-friendly environment. When a user requests content that you're serving with CloudFront, the request is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

CloudFront China uses a network of three edge locations in the following cities: Beijing, Zhongwei, and Shanghai. These points of presence (POPs) are connected by a private backbone directly to the AWS China (Beijing) Region operated by Sinnet and the AWS China (Ningxia) Region operated by NWCD.

Region Availability

Amazon CloudFront is available in the following regions in China:

  • Beijing Region

  • Ningxia Region

Feature Availability and Implementation Differences

The AWS services in China implementation of Amazon CloudFront is unique in the following ways:

  • Customers can’t use the default CloudFront domain, *.cloudfront.cn, to serve content. They must add an alternate domain name, also known as a CNAME, to their CloudFront distributions, and then use the domain name in the URLs for their content. They also must have an ICP registration. In addition, just as with the global CloudFront service, to serve content over HTTPS, customers must set up an SSL/TLS certificate with their alternate domain name.

  • By using the CloudFront API, you can view the ICP recordal status for each CNAME in a CloudFront distribution: APPROVED, SUSPENDED, or PENDING. The ICP recordal status is also displayed in the console for AWS services in China customers. For more information, see CNAME Status (General Tab) in the Amazon CloudFront Developer Guide and AliasICPRecordal in the Amazon CloudFront API Reference.

  • Custom IP groups are not available.

  • IPv6 is not supported.

  • Regional edge caches (RECs) are not available.

  • Origin access identities (OAIs), which allow access to an Amazon S3 bucket only from a CloudFront distribution, are not available.

  • Lambda@Edge is not available.

  • AWS WAF, a web application firewall service, is not available.

  • RTMP streaming distributions are not available.

  • If you need to restore ACL permissions for awslogsdelivery so that you can write CloudFront access logs to an Amazon S3 bucket, you must provide the following canonical name for the account: a52cb28745c0c06e84ec548334e44bfa7fc2a85c54af20cd59e4969344b7af56

  • When you use an Amazon S3 bucket as a CloudFront origin, the following configuration requirements apply:

    • When you specify Amazon S3 origins, region can be one of the following:

      • For the Beijing Region: cn-north-1.

      • For the Ningxia Region: cn-northwest-1.

    • If the S3 bucket is located outside of the China Regions, use the following format when you add the bucket as a CloudFront origin: bucket-name.s3-website.region.amazonaws.com.cn. For more information and guidance, follow the recommendations in Using Amazon S3 Buckets Configured as Website Endpoints for Your Origin.

    • If the S3 bucket is located inside the China Regions, use one of the following formats. You must include the China Regions in the URL.

      • If your S3 bucket is not a website endpoint, use the following format: bucket-name.s3.region.amazonaws.com.cn.

      • If your S3 bucket is a website endpoint, use the following format: bucket-name.s3-website.region.amazonaws.com.cn.

  • For AWS services in China customers, CloudFront does not have root keys and does not support root access.

Guides and References

AWS services in China user guides are available in HTML and PDF, in both Chinese and English. API references are available in HTML and PDF. Some API references may be available only in English. Currently, not all API references are available in the Beijing and Ningxia Regions. Links to some API references will take you to the global AWS site. Note that some features and functionality described in the guides and references may not be available in the current AWS services in China release.

General Information About AWS services in China

The following information applies to all AWS services that are available in the China Regions.

AWS Accounts in the China Regions

To use services in the Beijing and Ningxia Regions, you need an account and credentials specific to each of those Regions.

  • Accounts and credentials for other AWS Regions will not work for services operating in the Beijing and Ningxia Regions.

  • Accounts and credentials for the Beijing and Ningxia Regions will not work for other AWS Regions.

  • For more information, see Signup, Accounts, and Credentials

Domain for AWS services in China

The domain for AWS services in China is www.amazonaws.cn.

Endpoints & Amazon Resource Names (ARNs)

For information about endpoints and ARNs in AWS services in China, see Endpoints and ARNs for AWS services in China

Availability Zones for the China Regions

  • In the Beijing Region, there are two Availability Zones.

  • In the Ningxia Region, there are three Availability Zones.

General Information for AWS services in China

The following applies to all AWS services that are available in the China Regions. For detailed information about specific AWS services, see the service-specific topic in this guide.

  • AWS Identity and Access Management (IAM)

    • You can grant or deny a service access to resources using the Principal policy element.

    • Service principal values vary by Region.

  • EC2-Classic Platform

    • The EC2-Classic platform is not supported.

  • Free Usage Tier

    • The free usage tier is not available in the Beijing and Ningxia Regions.

AWS Console

The console for AWS services in China are unique to China. The screenshots in the AWS guides might differ from what you see on your console. For information about differences in service functionality, see the topics for each service in this guide.

Code Examples

The AWS documentation might include endpoints and ARNs in code examples that are not specific to the Beijing and Ningxia Regions. When using examples, verify you are using the endpoints and ARNs for your Region.