# Document history
<a name="WhatsNew"></a>

The following table describes the important changes made to CloudFront documentation. For notification of updates, you can [subscribe to the RSS feed](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/amazon-cf-doc-releases.rss).

| Change | Description | Date | 
| --- |--- |--- |
| [Added mutual TLS (viewer)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/mtls-authentication.html) | CloudFront supports mutual TLS (viewer). | November 24, 2025 | 
| [Added log field for access logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/standard-logs-reference.html) | Added the `connection-id` field for access logs (standard logs) and real-time access logs. | November 24, 2025 | 
| [Added connection logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/connection-logs.html) | Added connection logs as a new logging feature for mutual TLS (viewer). | November 24, 2025 | 
| [Added Connection Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/connection-functions.html) | CloudFront supports Connection Functions for mutual TLS (viewer). | November 24, 2025 | 
| [Add support for bringing your own IP to CloudFront using IPAM](bring-your-own-ip-address-using-ipam.md) | CloudFront supports bringing your own IPv4 addresses through IPAM's BYOIP for global services. | November 24, 2025 | 
| [AWS managed policy update](security-iam-awsmanpol.md) | The `CloudFrontReadOnlyAccess` and `CloudFrontFullAccess` IAM policies now support `ec2:DescribeIpamPools` and `ec2:GetIpamPoolCidrs` actions. | November 24, 2025 | 
| [Updates to CloudFront Functions](helper-functions-origin-modification.md) | This release adds parameters for the origin modification helper methods in CloudFront Functions. You can use the `hostHeader`, `sni`, `allowedCertificateNames`, and `originOverrides` parameters. | November 20, 2025 | 
| [Updates to CloudFront Functions](cwt-support-cloudfront-functions.md) | Added CBOR Web Tokens (CWT) support for CloudFront Functions. | November 20, 2025 | 
| [Updates to CloudFront Functions](general-helper-methods.md) | Added general helper methods for CloudFront Functions. | November 20, 2025 | 
| [Updated AWS managed policy](security-iam-awsmanpol.md) | Updated `CloudFrontFullAccess` to allow permission to create an AWS WAF Web ACL resource and create, update, delete, and read access to AWS Pricing Plan Manager. | November 18, 2025 | 
| [Updated AWS managed policy](security-iam-awsmanpol.md) | Updated `CloudFrontReadOnlyAccess` to allow read-only permission to AWS Pricing Plan Manager.  | November 18, 2025 | 
| [Updated AWS managed policy](security-iam-awsmanpol.md) | Updated `CloudFrontFullAccess` to allow permission to create an AWS WAF Web ACL resource and create, update, delete, and read access to AWS Pricing Plan Manager. | November 18, 2025 | 
| [Updated AWS managed policy](security-iam-awsmanpol.md) | Updated `CloudFrontReadOnlyAccess` to allow read-only permission to AWS Pricing Plan Manager.  | November 18, 2025 | 
| [CloudFront supports flat-rate pricing plans](flat-rate-pricing-plan.md) | You can now subscribe your distributions to a CloudFront flat-rate pricing plan. | November 18, 2025 | 
| [Anycast static IPs](request-static-ips.md) | You can now choose between only IPv4 addresses or both IPv4 and IPv6 addresses (dualstack). | November 5, 2025 | 
| [Added support for sharing VPC origins across AWS accounts](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/sharing-resources.html) | You can create a resource share and add VPC origins to it. This lets you keep your VPC origins and CloudFront distributions in separate AWS accounts, enabling your organization to maintain multi-account requirements. Other AWS accounts can associate the shared VPC origins for their CloudFront distributions. | November 5, 2025 | 
| [Added viewer security policy](DownloadDistValuesGeneral.md) | Added the TLSv1.2\$12025 security policy.  [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html)   [Security policy (minimum SSL/TLS version) ](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.html#DownloadDistValues-security-policy)   | October 10, 2025 | 
| [Added post-quantum (PQ) key exchange algorithms](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-openssl-rfc-cipher-names) | Added two new PQ key exchange algorithms to CloudFront TLS policies. | September 4, 2025 | 
| [IPv6 origin requests](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-enable-ipv6.html#ipv6-origin-requests) | When you use a custom origin (excluding Amazon S3 and VPC origins), you can customize origin settings for your distribution to choose how CloudFront connects to your origin using IPv4 or IPv6 addresses. | September 3, 2025 | 
| [Added new managed origin request policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html#managed-origin-request-policy-host-header-only) | Added new managed origin request policy `HostHeaderOnly`. | August 29, 2025 | 
| [CloudFront public endpoints now support IPv6](#WhatsNew) | See [Amazon CloudFront endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/cf_region.html) in the *AWS General Reference* and [AWS services that support IPv6](https://docs.aws.amazon.com//vpc/latest/userguide/aws-ipv6-support.html) in the *Amazon VPC User Guide*. | August 21, 2025 | 
| [Added viewer security policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesGeneral.html#DownloadDistValues-security-policy) | Added TLSv1.3\$12025, a new TLS 1.3-only security policy. | August 7, 2025 | 
| [Added new origin timeout settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginResponseTimeout) | Added the response completion timeout for all origins, and added the response timeout (origin read timeout) for S3 origins. | July 30, 2025 | 
| [Added preconfigured standard distribution settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/template-preconfigured-origin-settings.html) | Added preconfigured settings for standard distributions. | June 17, 2025 | 
| [Added new console workflow for standard distribution domain setup](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-domain-existing-distribution.html) | Added new console workflow for standard distribution domain setup. | June 17, 2025 | 
| [Added example parameters](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/tenant-customization.html#examples-parameters) | Added examples for using parameters with domain names and origin paths in distribution tenants. | June 17, 2025 | 
| [Added CloudFront Functions support for CloudFront SaaS Manager](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/saas-specific-logic-function-code.html) | Added helper functions and the `endpoint` field for the `context` object. | May 2, 2025 | 
| [Updates to standard logging (v2)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/standard-logging.html#partitioning) | Added the `{distributionid}` partition variable to support sending access logs to AWS Glue. | May 1, 2025 | 
| [Updates to CloudFront managed policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/security-iam-awsmanpol.html) | Added ACM permissions to the `CloudFrontReadOnlyAccess` and `CloudFrontFullAccess` managed policies. | April 28, 2025 | 
| [Added support for multi-tenant distribution and distribution tenants](distribution-config-options.md) | You can create a multi-tenant distribution to set common distribution settings based on your origin type. Then, you can reuse the multi-tenant distribution to create multiple distribution tenants that share those settings. You can then customize specific distribution tenants as you add additional websites or applications. | April 28, 2025 | 
| [Updates for Lambda@Edge functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/edge-functions-logs.html#lambda-at-edge-logs) | Lambda@Edge functions now support advanced logging controls and customizing the CloudWatch log group name. | April 7, 2025 | 
| [Anycast static IPs](request-static-ips.md) | You can use Anycast static IPs to enable routing of apex domains directly to your CloudFront distributions. | April 4, 2025 | 
| [Added additional helper methods for origin modification](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/helper-functions-origin-modification.html) | Added the `selectRequestOriginById()` and `createRequestOriginGroup()` CloudFront Functions helper methods. | April 2, 2025 | 
| [Updates to standard logging (v2)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/standard-logging.html#bucket-path-examples) | Added the `{accountid}` partition variable and example suffix paths for access log delivery to Amazon S3. | February 14, 2025 | 
| [Added additional real-time access log fields for standard logging (v2)](standard-logging.md) | You can specify the `c-country` and `cache-behavior-path-pattern` real-time access log fields when you enable standard logging (v2). | January 31, 2025 | 
| [Lambda@Edge supports newer runtime version](lambda-at-edge-function-restrictions.md#lambda-at-edge-restrictions-runtime) | Lambda@Edge now supports Lambda functions with the Node.js 22 runtime. | November 22, 2024 | 
| [Media quality-aware resiliency support for CloudFront](media-quality-score.md) | You can use the media quality-aware resiliency (MQAR) feature so that CloudFront automatically chooses the origin in an origin group with the highest media quality score. | November 21, 2024 | 
| [Helper method for origin modification](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/helper-functions-origin-modification.html) | Added new CloudFront Functions helper method for origin modification. | November 21, 2024 | 
| [VPC origins](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-vpc-origins.html) | Use CloudFront VPC origins to restrict access to an Application Load Balancer, Network Load Balancer, or EC2 instance origin. | November 20, 2024 | 
| [Updates to managed policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-cloudfront-full-access) | Updated managed policy `CloudFrontFullAccess`. | November 20, 2024 | 
| [Anycast static IPs](request-static-ips.md) | You can request Anycast static IPs from CloudFront to use with your distributions. | November 20, 2024 | 
| [Added support for standard logging](standard-logging.md) | CloudFront supports standard logging (v2) and sending your logs to Amazon CloudWatch Logs, Amazon Data Firehose, and Amazon Simple Storage Service (Amazon S3). | November 20, 2024 | 
| [Added support for gRPC](distribution-using-grpc.md) | CloudFront now supports gRPC requests for your distribution. | November 20, 2024 | 
| [Added new managed policy for VPC origins](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-vpc-origin) | Added new managed policy `AWSCloudFrontVPCOriginServiceRolePolicy`. | November 20, 2024 | 
| [Lambda@Edge supports newer runtime version](lambda-at-edge-function-restrictions.md#lambda-at-edge-restrictions-runtime) | Lambda@Edge now supports Lambda functions with the Python 3.13 runtime. | November 13, 2024 | 
| [Evaluate with AWS Config Rules](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/TrackingChanges.html#cloudfront-config-rules) | Evaluate your CloudFront configurations with AWS Config Rules. | September 20, 2024 | 
| [Added more troubleshooting content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/troubleshooting-response-errors.html) | Added more troubleshooting content for HTTP 4xx and 5xx error response status codes. | August 26, 2024 | 
| [Added new managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html#managed-cache-policy-origin-cache-headers) | Added new managed cache policies `UseOriginCacheControlHeaders` and `UseOriginCacheControlHeaders-QueryStrings`. | May 24, 2024 | 
| [Added origin access control support](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) | You can now create an origin access control (OAC) for AWS Elemental MediaPackage V2 and AWS Lambda function URL. | April 11, 2024 | 
| [Real-time access log fields for CMCD](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config) | Added 18 common media client data (CMCD) fields for real-time access logs. | April 9, 2024 | 
| [Getting started with a CloudFront standard distribution](GettingStarted.SimpleDistribution.md) | Updated tutorial for a standard distribution that uses an Amazon S3 origin with origin access control (OAC).  | March 18, 2024 | 
| [Code examples for CloudFront using AWS SDKs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/service_code_examples.html) | Added code examples that show how to use CloudFront with an AWS software development kit (SDK). The examples are divided into code excerpts that show you how to call individual service functions and examples that show you how to accomplish a specific task by calling multiple functions within the same service. | February 16, 2024 | 
| [AWS managed policy](security-iam-awsmanpol.md) | The `CloudFrontReadOnlyAccess` and `CloudFrontFullAccess` IAM policies now support `KeyValueStore` operations. | December 19, 2023 | 
| [JavaScript runtime 2.0](functions-javascript-runtime-features.md) | Added JavaScript runtime 2.0 features for CloudFront Functions. | November 21, 2023 | 
| [CloudFront KeyValueStore](kvs-with-functions.md) | Amazon CloudFront now supports CloudFront KeyValueStore. This feature is a secure, global, low-latency key value datastore that allows read access from within CloudFront Functions. You can enable advanced customizable logic at CloudFront edge locations.  | November 21, 2023 | 
| [Lambda@Edge supports newer runtime version](lambda-at-edge-function-restrictions.md#lambda-at-edge-restrictions-runtime) | Lambda@Edge now supports Lambda functions with the Node.js 20 runtime. | November 15, 2023 | 
| [Security dashboard](distribution-web-awswaf.md) | CloudFront creates a security dashboard when you create a distribution. Enable AWS WAF, manage geo restrictions, and view high-level data for requests, bots, and logs. | November 8, 2023 | 
| [Sorting query strings in functions](functions-event-structure.md#functions-event-structure-query) | CloudFront now supports query string sorting using CloudFront Functions. | October 3, 2023 | 
| [AWS WAF security recommendations](distribution-web-awswaf.md) | Amazon CloudFront now displays AWS WAF security recommendations on the CloudFront console. | September 26, 2023 | 
| [Support for serving stale (expired) cache content](Expiration.md#stale-content) | CloudFront supports the `Stale-While-Revalidate` and `Stale-If-Error` cache control directives. | May 15, 2023 | 
| [Enable AWS WAF protections with one click](distribution-web-awswaf.md) | A streamlined method for adding AWS WAF security protections to CloudFront distributions. | May 10, 2023 | 
| [Enable ACLs for new S3 buckets used for standard logs](standard-logging-legacy-s3.md#AccessLogsBucketAndFileOwnership) | Added note and links to address the default ACL setting for new S3 buckets. | April 11, 2023 | 
| [Create an origin using Amazon S3 Object Lambda](DownloadDistS3AndCustomOrigins.md#using-S3-Object-Lambda) | You can use an Amazon S3 Object Lambda Access Point alias as an origin for your distribution. | March 31, 2023 | 
| [Customize HTTP status and body using CloudFront Functions](functions-event-structure.md#functions-event-structure-status-body) | You can use CloudFront Functions to update the viewer response status code and replace or remove the response body. | March 29, 2023 | 
| [Added CORS headers wildcard options for ports](understanding-response-headers-policies.md#understanding-response-headers-policies-cors) | You can now include wildcard configurations for ports in CORS access-control headers. | March 20, 2023 | 
| [Added new link for the AWS Security Hub CSPM User Guide](compliance.md) | Updated language and added link to the reorganized Amazon CloudFront controls in the *AWS Security Hub CSPM User Guide*. | March 9, 2023 | 
| [CloudFront now supports block lists ("all except") in origin request policies](origin-request-understand-origin-request-policy.md#origin-request-understand-origin-request-policy-settings) | Use block lists in origin request policies to include all query strings, HTTP headers, or cookies, ***except*** for the ones specified, in requests that CloudFront sends to the origin. | February 22, 2023 | 
| [CloudFront adds a new managed origin request policy to forward all viewer headers except the Host header](using-managed-origin-request-policies.md#managed-origin-request-policy-all-viewer-except-host-header) | Use CloudFront's new managed origin request policy to include all headers from the viewer request, ***except*** for the `Host` header, in requests that CloudFront sends to the origin. | February 22, 2023 | 
| [Updated restrictions on Lambda@Edge](lambda-at-edge-function-restrictions.md#lambda-at-edge-restrictions-features) | Lambda@Edge supports Lambda runtime management configurations set to **Auto**. | February 16, 2023 | 
| [Updated the IAM guidance for CloudFront](security-iam.md) | Updated guide to align with the IAM best practices. For more information, see [Security best practices in IAM](https://docs.aws.amazon.com//IAM/latest/UserGuide/best-practices.html). | February 15, 2023 | 
| [Enhanced security with origin access control](private-content-restricting-access-to-mediastore.md) | You can now secure MediaStore origins by permitting access to only the designated CloudFront distributions. | February 9, 2023 | 
| [New headers for determining viewer's header structure](adding-cloudfront-headers.md#cloudfront-headers-viewer-headers) | You can now add header order and header count to help identify the viewer based on the headers that it sends. | January 13, 2023 | 
| [Lambda@Edge supports newer runtime version](lambda-at-edge-function-restrictions.md#lambda-at-edge-restrictions-runtime) | Lambda@Edge now supports Lambda functions with the Node.js 18 runtime. | January 12, 2023 | 
| [Remove response headers using a response headers policy](understanding-response-headers-policies.md#understanding-response-headers-policies-remove-headers) | You can now use a CloudFront response headers policy to remove headers that CloudFront received in the response from the origin. The specified headers are not included in the response that CloudFront sends to viewers. | January 3, 2023 | 
| [Continuous deployment for safely testing configuration changes](continuous-deployment.md) | You can now deploy changes to your CDN configuration by testing with a subset of production traffic. | November 18, 2022 | 
| [Release of `CloudFront-Viewer-JA3-Fingerprint` header](adding-cloudfront-headers.md#cloudfront-headers-other) | You can now use the JA3 fingerprint to help determine whether the request comes from a known client. | November 16, 2022 | 
| [Added CORS headers wildcard options](understanding-response-headers-policies.md#understanding-response-headers-policies-cors) | You can now use various wildcard configurations in some CORS access-control headers. | November 11, 2022 | 
| [Additional metrics for CloudFront distributions](viewing-cloudfront-metrics.md#monitoring-console.distributions-additional) | Support for `MonitoringSubscription` in the CloudFront API and CloudFormation. | October 3, 2022 | 
| [Enhanced security with origin access control](private-content-restricting-access-to-s3.md) | You can now secure Amazon S3 origins by permitting access to only the designated CloudFront distributions. | August 24, 2022 | 
| [HTTP/3 support for CloudFront distributions](DownloadDistValuesGeneral.md#DownloadDistValuesSupportedHTTPVersions) | You can now choose HTTP/3 for your CloudFront distribution. | August 15, 2022 | 
| [Add handshake details to CloudFront-Viewer-TLS header](adding-cloudfront-headers.md#cloudfront-headers-other) | You can new view information about the SSL/TLS handshake used. | June 27, 2022 | 
| [New metric in Server-Timing header](understanding-response-headers-policies.md#server-timing-header-metrics) | Added the new `cdn-downstream-fbl` metric to `Server-Timing` headers. | June 13, 2022 | 
| [New header to get information about TLS version and cipher](adding-cloudfront-headers.md#cloudfront-headers-other) | You can now use the `CloudFront-Viewer-TLS` header to get information about the version of TLS (or SSL) and the cipher that was used for the connection between the viewer and CloudFront. | May 23, 2022 | 
| [New FunctionThrottles metric for CloudFront Functions](viewing-cloudfront-metrics.md#monitoring-console.cloudfront-functions) | With Amazon CloudWatch, you can now monitor the number of times that a CloudFront Function was throttled in a given time period. | May 4, 2022 | 
| [CloudFront supports Lambda function URLs](DownloadDistS3AndCustomOrigins.md#concept_lambda_function_url) | If you build a serverless web application by using Lambda functions with function URLs, you can now add CloudFront for an array of benefits. | April 6, 2022 | 
| [Server-Timing header in HTTP responses](understanding-response-headers-policies.md#server-timing-header) | You can now enable the `Server-Timing` header in HTTP responses sent from CloudFront to view metrics that can help you gain insights about the behavior and performance of CloudFront. | March 30, 2022 | 
| [Use AWS-managed prefix list to limit inbound traffic](LocationsOfEdgeServers.md#managed-prefix-list) | You can now limit the inbound HTTP and HTTPS traffic to your origins from only the IP addresses that belong to CloudFront’s origin-facing servers. | February 7, 2022 | 
| [New feature](#WhatsNew) | CloudFront adds support for *response headers policies*, which allow you to specify the HTTP headers that CloudFront adds to HTTP responses that it sends to viewers (web browsers or other clients). You can specify the desired headers (and their values) without making any changes to the origin or writing any code. For more information, see [Adding or removing HTTP headers in CloudFront responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/modifying-response-headers.html). | November 2, 2021 | 
| [New `CloudFront-Viewer-Address` request header](#WhatsNew) | CloudFront adds support for a new header, `CloudFront-Viewer-Address`, that contains the IP address of the viewer that sent the HTTP request to CloudFront. For more information, see [Adding CloudFront request headers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-cloudfront-headers.html). | October 25, 2021 | 
| [Lambda@Edge supports new runtime version](#WhatsNew) | Lambda@Edge now supports Lambda functions with the Python 3.9 runtime. For more information, see [Supported runtimes](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-edge-function-restrictions.html#lambda-at-edge-restrictions-runtime). | September 22, 2021 | 
| [AWS managed policy update](#WhatsNew) | CloudFront updated the **CloudFrontReadOnlyAccess** policy. For more information, see [CloudFront updates to AWS managed policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-updates). | September 8, 2021 | 
| [New feature](#WhatsNew) | CloudFront now supports ECDSA certificates for viewer-facing HTTPS connections. For more information, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html) and [Requirements for using SSL/TLS certificates with CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-and-https-requirements.html). | July 14, 2021 | 
| [New feature](#WhatsNew) | CloudFront now supports more ways to move an alternate domain name from one distribution to another, without contacting Support. For more information, see [Move an alternate domain name to a different distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/alternate-domain-names-move.html). | July 7, 2021 | 
| [New security policy](#WhatsNew) | CloudFront now supports a new security policy, **TLSv1.2\$12021**, with a smaller set of supported ciphers. For more information, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html). | June 23, 2021 | 
| [New feature](#WhatsNew) | Amazon CloudFront now supports CloudFront Functions, a native feature of CloudFront that enables you to write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations. For more information, see [Customizing at the edge with CloudFront Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-functions.html). | May 3, 2021 | 
| [Lambda@Edge supports newer runtime versions](#WhatsNew) | Lambda@Edge now supports Lambda functions with the Node.js 14 runtime. For more information, see [Supported runtimes](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-edge-function-restrictions.html#lambda-at-edge-restrictions-runtime). | April 29, 2021 | 
| [Remove documentation for RTMP distributions](#WhatsNew) | [Amazon CloudFront deprecated real-time messaging protocol (RTMP) distributions on December 31, 2020.](https://forums.aws.amazon.com/ann.jspa?annID=7356) Documentation for RTMP distributions is now removed from the *Amazon CloudFront Developer Guide*. | February 10, 2021 | 
| [New pricing option](#WhatsNew) | Amazon CloudFront introduces the *CloudFront security savings bundle*, a simple way to save up to 30% on the CloudFront charges on your AWS bill. For more information, see the Savings Bundle [FAQs](https://aws.amazon.com/cloudfront/faqs/). | February 5, 2021 | 
| [New tutorial](#WhatsNew) | The *Amazon CloudFront Developer Guide* now includes a tutorial for using Amazon CloudFront to restrict access to an Application Load Balancer in Elastic Load Balancing. For more information, see [Restricting access to Application Load Balancers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/restrict-access-to-load-balancer.html). | December 18, 2020 | 
| [New option for public key management](#WhatsNew) | CloudFront now supports public key management for signed URLs and signed cookies through the CloudFront console and API, without requiring access to the AWS account root user. For more information, see [Specifying the signers that can create signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html). | October 22, 2020 | 
| [New feature – Origin Shield](#WhatsNew) | CloudFront now supports CloudFront Origin Shield, an additional layer in the CloudFront caching infrastructure that helps to minimize your origin's load, improve its availability, and reduce its operating costs. For more information, see [Using Amazon CloudFront Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html). | October 20, 2020 | 
| [New compression format](#WhatsNew) | CloudFront now supports the Brotli compression formation when you configure CloudFront to compress objects at CloudFront edge locations. You can also configure CloudFront to cache Brotli objects using a normalized `Accept-Encoding` header. For more information, see [Serving compressed files](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html) and [Compression support](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-policy-compressed-objects). | September 14, 2020 | 
| [New TLS protocol](#WhatsNew) | CloudFront now supports the TLS 1.3 protocol for HTTPS connections between viewers and CloudFront distributions. TLS 1.3 is enabled by default in all CloudFront security policies. For more information, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html). | September 3, 2020 | 
| [New real-time access logs](#WhatsNew) | CloudFront now supports configurable real-time access logs. With real-time access logs, you can get information about requests made to a distribution in real time. You can use real-time access logs to monitor, analyze, and take action based on content delivery performance. For more information, see [Real-time logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html). | August 31, 2020 | 
| [API support for additional metrics](#WhatsNew) | CloudFront now supports enabling eight additional real-time metrics with the CloudFront API. For more information, see [Turning on additional metrics](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/viewing-cloudfront-metrics.html#enable-metrics). | August 28, 2020 | 
| [New CloudFront HTTP headers](#WhatsNew) | CloudFront added additional HTTP headers for determining information about the viewer such as device type, geographic location, and more. For more information, see [Adding CloudFront request headers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-cloudfront-headers.html). | July 23, 2020 | 
| [New feature](#WhatsNew) | CloudFront now supports *cache policies* and *origin request polices*, which give you more granular control over the *cache key* and *origin requests* for your CloudFront distributions. For more information, see [Control the cache key](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html) and [Control origin requests](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html). | July 22, 2020 | 
| [New security policy](#WhatsNew) | CloudFront now supports a new security policy, **TLSv1.2\$12019**, with a smaller set of supported ciphers. For more information, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html). | July 8, 2020 | 
| [New settings to control origin timeouts and attempts](#WhatsNew) | CloudFront added new settings that control origin timeouts and attempts. For more information, see [Controlling origin timeouts and attempts](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html#controlling-attempts-and-timeouts). | June 5, 2020 | 
| [New documentation for getting started with CloudFront by creating a secure static website](#WhatsNew) | Get started with CloudFront by creating a secure static website using Amazon S3, CloudFront, Lambda@Edge, and more, all deployed with CloudFormation. For more information, see [Getting started with a secure static website](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/getting-started-secure-static-website-cloudformation-template.html). | June 2, 2020 | 
| [Lambda@Edge supports newer runtime versions](#WhatsNew) | Lambda@Edge now supports Lambda functions with the Node.js 12 and Python 3.8 runtimes. For more information, see [Supported runtimes](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-edge-function-restrictions.html#lambda-at-edge-restrictions-runtime). | February 27, 2020 | 
| [New real-time metrics in CloudWatch](#WhatsNew) | Amazon CloudFrontnow offers eight additional real-time metrics in Amazon CloudWatch. For more information, see [Turning on additional CloudFront distribution metrics](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/viewing-cloudfront-metrics.html#monitoring-console.distributions-additional). | December 19, 2019 | 
| [New fields in access logs](#WhatsNew) | CloudFront adds seven new fields to access logs. For more information, see [Standard log file fields](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html#BasicDistributionFileFormat). | December 12, 2019 | 
| [AWS WordPress plugin](#WhatsNew) | You can use the AWS WordPress plugin to provide visitors to your WordPress website an accelerated viewing experience using CloudFront. (Update: as of September 30, 2022, the AWS for WordPress plugin is deprecated.) | October 30, 2019 | 
| [Tag-based and resource-level IAM permissions policies](#WhatsNew) | CloudFront now supports two additional ways of specifying IAM permission policies: tag-based and resource-level policy permissions. For more information, see [Managing Access to Resources](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/access-control-manage-access-intro.html). | August 8, 2019 | 
| [Support for Python programming language](#WhatsNew) | You can now use the Python programming language to develop functions in Lambda@Edge, in addition to Node.js. For example functions that cover a variety of scenarios, see [Lambda@Edge Example Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html). | August 1, 2019 | 
| [Updated monitoring graphs](#WhatsNew) | Content updates to describe new ways for you to monitor Lambda functions associated with your CloudFront distributions directly from the CloudFront console to more easily track and debug errors. For more information, see [Monitoring CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/monitoring-using-cloudwatch.html). | June 20, 2019 | 
| [Consolidated security content](#WhatsNew) | A new Security chapter consolidates information about CloudFront features around and implementation of data protection, IAM, logging, compliance, and more. For more information, see [Security](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/security.html). | May 24, 2019 | 
| [Domain validation is now required](#WhatsNew) | CloudFront now requires that you use an SSL certificate to verify that you have permission to use an alternate domain name with a distribution. For more information, see [Using Alternate Domain Names and HTTPS](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-requirements). | April 9, 2019 | 
| [Updated PDF filename](#WhatsNew) | The new filename for the Amazon CloudFront Developer Guide is: AmazonCloudFront\$1DevGuide. The previous name was: cf-dg. | January 7, 2019 | 
| [New features](#WhatsNew) | CloudFront now supports WebSocket, a TCP-based protocol that is useful when you need long-lived connections between clients and servers. You can also now set up CloudFront with origin failover for scenarios that require high availability. For more information, see [Using WebSocket with CloudFront Distributions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.websockets.html) and [ Optimizing High Availability with CloudFront Origin Failover](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html). | November 20, 2018 | 
| [New feature](#WhatsNew) | CloudFront now supports detailed error logging for HTTP requests that run Lambda functions. You can store the logs in CloudWatch and use them to help troubleshoot HTTP 5xx errors when your function returns an invalid response. For more information, see [ CloudWatch Metrics and CloudWatch Logs for Lambda Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-cloudwatch-metrics-logging.html). | October 8, 2018 | 
| [New feature](#WhatsNew) | You can now opt to have Lambda@Edge expose the body in a request for writable HTTP methods (POST, PUT, DELETE, and so on), so that you can access it in your Lambda function. You can choose read-only access, or you can specify that you'll replace the body. For more information, see [ Accessing the Request Body by Choosing the Include Body Option](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html). | August 14, 2018 | 
| [New feature](#WhatsNew) | CloudFront now supports serving content compressed by using brotli or other compression algorithms, in addition to or instead of gzip. For more information, see [Serving Compressed Files](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html). | July 25, 2018 | 
| [Reorganization](#WhatsNew) | The Amazon CloudFront Developer Guide has been reorganized to simplify finding related content, and to improve scanability and navigation. | June 28, 2018 | 
| [New Feature](#WhatsNew) | Lambda@Edge now enables you to further customize the delivery of content stored in an Amazon S3 bucket, by allowing you to access additional headers, including custom headers, within origin-facing events. For more information, see these examples showing personalization of content based on [viewer location](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examples-redirect-based-on-country) and [viewer device type](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examples-vary-on-device-type). | March 20, 2018 | 
| [New Feature](#WhatsNew) | You can now use Amazon CloudFront to negotiate HTTPS connections to origins using Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA uses smaller keys that are faster, yet, just as secure, as the older RSA algorithm. For more information, see [ Supported SSL/TLS Protocols and Ciphers for Communication Between CloudFront and Your Origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers-cloudfront-to-origin) and [ About RSA and ECDSA Ciphers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-cloudfront-to-custom-origin.html#using-https-cloudfront-to-origin-about-ciphers). | March 15, 2018 | 
| [New Feature](#WhatsNew) | Lambda@Edge enables you to customize error responses from your origin, by allowing you to execute Lambda functions in response to HTTP errors that Amazon CloudFrontreceives from your origin. For more information, see these examples showing [redirects to another location](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examples-custom-error-new-site) and [response generation with 200 status code (OK)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examples-custom-error-static-body). | December 21, 2017 | 
| [New Feature](#WhatsNew) | A new CloudFront capability, field-level encryption, helps you to further enhance the security of sensitive data, like credit card numbers or personally identifiable information (PII) like social security numbers. For more information, see [Using field-level encryption to help protect sensitive data](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html). | December 14, 2017 | 
| [Doc history archived](#WhatsNew) | Older doc history was archived. | December 1, 2017 |