Amazon CloudFront - Getting Started with AWS services in China
AWS services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with AWS services in China.

Amazon CloudFront

Amazon CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers, with low latency and high transfer speeds, in a developer-friendly environment. When a user requests content that you're serving with CloudFront, the request is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

CloudFront China uses a network of three edge locations in the following cities: Beijing, Zhongwei, and Shanghai. These points of presence (POPs) are connected by a private backbone directly to the AWS China (Beijing) Region operated by Sinnet and the AWS China (Ningxia) Region operated by NWCD.

Region Availability

Amazon CloudFront is available in the following regions in China:

  • Beijing Region

  • Ningxia Region

Feature Availability and Implementation Differences

The AWS services in China implementation of Amazon CloudFront is unique in the following ways:

  • You can’t use the default CloudFront domain, *.cloudfront.cn, to serve content. You must add an alternate domain name, also known as a CNAME, to your CloudFront distributions, and then use that domain name in the URLs for your content. You also must have an ICP registration. In addition, just as with the global CloudFront service, to serve content over HTTPS, you must use an SSL/TLS certificate with your alternate domain name.

    Note

    Amazon CloudFront in the China Regions currently does not support AWS Certificate Manager. You must get an SSL/TLS certificate from a different third-party certificate authority (CA) and then upload it to the IAM certificate store. For more information, see Importing an SSL/TLS Certificate in the Amazon CloudFront Developer Guide.

  • By using the CloudFront API, you can view the ICP recordal status for each CNAME in a CloudFront distribution: APPROVED, SUSPENDED, or PENDING. The ICP recordal status is also displayed in the console for AWS services in China customers. For more information, see CNAME Status (General Tab) in the Amazon CloudFront Developer Guide and AliasICPRecordal in the Amazon CloudFront API Reference.

  • Custom IP groups are not available.

  • IPv6 is not supported.

  • Regional edge caches (RECs) are not available.

  • Lambda@Edge is not available.

  • AWS WAF, a web application firewall service, is not available.

  • RTMP streaming distributions are not available.

  • If you need to restore ACL permissions for the awslogsdelivery account so that CloudFront can write access logs to your Amazon S3 bucket, you must provide the following canonical name for the account: a52cb28745c0c06e84ec548334e44bfa7fc2a85c54af20cd59e4969344b7af56

  • When you use an Amazon S3 bucket as a CloudFront origin, use the following configuration:

    • If the S3 bucket is located inside the China Regions, use one of the following formats.

      • If your S3 bucket is not a website endpoint, use the following format: bucket-name.s3.region.amazonaws.com.cn.

      • If your S3 bucket is a website endpoint, use the following format: bucket-name.s3-website.region.amazonaws.com.cn.

    • When you specify Amazon S3 origins, region can be one of the following:

      • For the Beijing Region: cn-north-1.

      • For the Ningxia Region: cn-northwest-1.

    • If the S3 bucket is located outside of the China Regions, use the following format when you add the bucket as a CloudFront origin: bucket-name.s3-website.region.amazonaws.com.cn. For more information and guidance, follow the recommendations in Using Amazon S3 Buckets Configured as Website Endpoints for Your Origin.

  • For AWS services in China customers, CloudFront does not have root keys and does not support root access.

  • CloudFront signed URLs and signed cookies are not supported.

Guides and References

AWS services in China user guides are available in HTML and PDF, in both Chinese and English. API references are available in HTML and PDF. Some API references may be available only in English. Currently, not all API references are available in the Beijing and Ningxia Regions. Links to some API references will take you to the global AWS site. Note that some features and functionality described in the guides and references may not be available in the current AWS services in China release.

General Information About AWS services in China

The following information applies to all AWS services that are available in the China Regions.

AWS Accounts in the China Regions

To use services in the Beijing and Ningxia Regions, you need an account and credentials specific to each of those Regions.

  • Accounts and credentials for other AWS Regions will not work for services operating in the Beijing and Ningxia Regions.

  • Accounts and credentials for the Beijing and Ningxia Regions will not work for other AWS Regions.

  • For more information, see Signup, Accounts, and Credentials

Domain for AWS services in China

The domain for AWS services in China is www.amazonaws.cn.

Endpoints & Amazon Resource Names (ARNs)

For information about endpoints and ARNs in AWS services in China, see Endpoints and ARNs for AWS services in China

Availability Zones for the China Regions

  • In the Beijing Region, there are two Availability Zones.

  • In the Ningxia Region, there are three Availability Zones.

General Information for AWS services in China

The following applies to all AWS services that are available in the China Regions. For detailed information about specific AWS services, see the service-specific topic in this guide.

  • AWS Identity and Access Management (IAM)

    • You can grant or deny a service access to resources using the Principal policy element.

    • Service principal values vary by Region.

  • EC2-Classic Platform

    • The EC2-Classic platform is not supported.

  • Free Usage Tier

    • The free usage tier is supported in the Ningxia Region.

    • The free usage tier is not supported in the Beijing Region.

AWS Console

The console for AWS services in China is unique to China. The screenshots in the AWS guides might differ from what you see on your console. For information about differences in service functionality, see the topics for each service in this guide.

Code Examples

The AWS documentation might include endpoints and ARNs in code examples that are not specific to the Beijing and Ningxia Regions. When using examples, verify you are using the endpoints and ARNs for your Region.