Configure secure access and restrict access to content

CloudFront provides several options for securing content that it delivers. The following are some ways you can use CloudFront to secure and restrict access to content:

Configure HTTPS connections
Prevent users in specific geographic locations from accessing content
Require users to access content using CloudFront signed URLs or signed cookies
Set up field-level encryption for specific content fields
Use AWS WAF to control access to your content

You should also implement a DDoS-resilient architecture for your infrastructure and applications. For more information, see AWS Best Practices for DDoS Resiliency.

Topics

Use HTTPS with CloudFront
Use alternate domain names and HTTPS
Serve private content with signed URLs and signed cookies
Restrict access to an AWS origin
Restrict access to Application Load Balancers
Restrict the geographic distribution of your content
Use field-level encryption to help protect sensitive data

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Disable AWS WAF security protections

Use HTTPS with CloudFront