Securing the CloudFront Edge

Amazon CloudFront is the AWS content delivery network (CDN) that serves content from global edge locations. Beyond speed, it is a powerful security boundary: it terminates connections at the edge, absorbs DDoS via Shield, hosts WAF inspection, and hides your origin from direct exposure.

CloudFront terminates TLS at the nearest edge location, encrypting traffic between users and the edge with modern protocols and ciphers you configure via a security policy. You can also enforce HTTPS-only by redirecting HTTP to HTTPS, ensuring data in transit is always encrypted.