Amazon CloudFront Developer Guide

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 382 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Amazon CloudFront
Developer Guide
API Version 2016-08-01
Amazon CloudFront: Developer Guide
Copyright © 2016 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner
that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not
owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by
Amazon.
Amazon CloudFront Developer Guide
Table of Contents
What Is Amazon CloudFront? .......................................................................................................... 1
How CloudFront Delivers Content ............................................................................................. 4
Locations and IP Address Ranges of CloudFront Edge Servers ..................................................... 6
PCI DSS Compliance ............................................................................................................. 6
AWS Billing and Usage Reports for CloudFront ................................................................................... 8
AWS Billing Report for CloudFront .......................................................................................... 10
AWS Usage Report for CloudFront ......................................................................................... 11
Interpreting Your AWS Bill and the AWS Usage Report for CloudFront ........................................... 12
CloudFront Reports ...................................................................................................................... 15
CloudFront Cache Statistics Reports ....................................................................................... 16
Downloading Data in CSV Format .................................................................................. 17
How Cache Statistics Charts Are Related to Data in the CloudFront Access Logs ................... 19
CloudFront Popular Objects Report ......................................................................................... 20
Downloading Data in CSV Format .................................................................................. 21
How Data in the Popular Objects Report Is Related to Data in the CloudFront Access Logs ...... 22
CloudFront Top Referrers Report ............................................................................................ 23
Downloading Data in CSV Format .................................................................................. 24
How Data in the Top Referrers Report Is Related to Data in the CloudFront Access Logs ......... 25
CloudFront Usage Reports .................................................................................................... 25
Downloading Data in CSV Format .................................................................................. 26
How the Usage Charts Are Related to Data in the CloudFront Usage Report .......................... 28
CloudFront Viewers Reports .................................................................................................. 29
Displaying Viewers Charts and Reports ........................................................................... 30
Downloading Data in CSV Format .................................................................................. 31
How Data in the Locations Report Is Related to Data in the CloudFront Access Logs ............... 35
Getting Started ............................................................................................................................ 37
Step 1: Sign up for Amazon Web Services ................................................................................ 37
Step 2: Upload your content to Amazon S3 and grant object permissions ...................................... 38
Step 3: Create a CloudFront Web Distribution ........................................................................... 39
Step 4: Test your links ........................................................................................................... 45
Working with Distributions ............................................................................................................. 46
Overview of Web and RTMP Distributions ................................................................................ 47
Web Distributions ........................................................................................................ 47
RTMP Distributions ...................................................................................................... 48
Creating Web and RTMP Distributions ..................................................................................... 48
Listing, Viewing, and Updating CloudFront Distributions .............................................................. 48
Deleting a Distribution .......................................................................................................... 49
Using Alternate Domain Names (CNAMEs) .............................................................................. 50
Using the * Wildcard in Alternate Domain Names .............................................................. 50
Restrictions on Using Alternate Domain Names ................................................................ 51
Adding an Alternate Domain Name ................................................................................. 51
Choosing the Price Class for a CloudFront Distribution ............................................................... 54
Using CloudFront with Amazon S3 .......................................................................................... 54
Adding CloudFront When You're Distributing Content from Amazon S3 .................................. 55
Moving an Amazon S3 Bucket to a Different Region ........................................................... 56
Changes to the CloudFront API .............................................................................................. 56
Working with Web Distributions ...................................................................................................... 58
Task List for Creating a Web Distribution .................................................................................. 58
Creating or Updating a Web Distribution Using the CloudFront Console ......................................... 59
Testing Your Web Distribution ................................................................................................. 60
Using Amazon S3 Origins and Custom Origins for Web Distributions ............................................ 61
Using Amazon S3 Buckets for Your Origin ........................................................................ 61
Using Amazon EC2 or Other Custom Origins .................................................................... 62
Values that You Specify When You Create or Update a Web Distribution ........................................ 63
Delivery Method .......................................................................................................... 64
API Version 2016-08-01
iii
Amazon CloudFront Developer Guide
Origin Settings ............................................................................................................ 64
Cache Behavior Settings ............................................................................................... 68
Distribution Details ....................................................................................................... 75
Custom Error Pages and Error Caching ........................................................................... 79
Restrictions ................................................................................................................ 79
Values that CloudFront Displays in the Console When You Create or Update a Web Distribution ........ 80
Distribution ID (General Tab) .......................................................................................... 80
Distribution Status (General Tab) .................................................................................... 80
Last Modified (General Tab) ........................................................................................... 81
Domain Name (General Tab) ......................................................................................... 81
Requirements and Recommendations for Using Amazon EC2 and Other Custom Origins ................ 81
Using AWS WAF to Control Access to Your Content ................................................................... 82
Restricting the Geographic Distribution of Your Content .............................................................. 82
Using CloudFront Geo Restriction ................................................................................... 83
Using a Third-Party Geolocation Service .......................................................................... 84
Configuring On-Demand Smooth Streaming ............................................................................. 85
Configuring On-Demand Progressive Downloads ...................................................................... 86
Configuring On-Demand Apple HTTP Live Streaming (HLS) ....................................................... 86
Working with RTMP Distributions .................................................................................................... 87
How RTMP Distributions Work ............................................................................................... 87
Task List for Streaming Media Files Using RTMP ....................................................................... 89
Creating an RTMP Distribution Using the CloudFront Console ..................................................... 90
Values that You Specify When You Create or Update an RTMP Distribution .................................... 90
Origin Domain Name (Amazon S3 Bucket) ....................................................................... 91
Restrict Bucket Access (Amazon S3 Only) ....................................................................... 92
Origin Access Identity (Amazon S3 Only) ......................................................................... 92
Comment for New Identity(Amazon S3 Only) .................................................................... 92
Your Identities (Amazon S3 Only) ................................................................................... 92
Grant Read Permissions on Bucket (Amazon S3 Only) ....................................................... 92
Price Class ................................................................................................................. 92
Alternate Domain Names (CNAMEs) ............................................................................... 93
Logging ..................................................................................................................... 93
Bucket for Logs ........................................................................................................... 93
Log Prefix ................................................................................................................... 93
Comment ................................................................................................................... 93
Distribution State ......................................................................................................... 93
Restrict Viewer Access (Use Signed URLs) ...................................................................... 94
Trusted Signers ........................................................................................................... 94
AWS Account Numbers ................................................................................................ 94
Values that CloudFront Displays in the Console When You Create or Update an RTMP
Distribution ......................................................................................................................... 95
Distribution ID ............................................................................................................. 95
Status ........................................................................................................................ 95
Last Modified .............................................................................................................. 95
Domain Name ............................................................................................................. 95
Configuring the Media Player ................................................................................................. 96
MPEG Files ................................................................................................................ 96
Using an Amazon S3 Bucket as the Origin for an RTMP Distribution ............................................. 96
Creating Multiple RTMP Distributions for an Origin Server ........................................................... 97
Restricting Access Using Crossdomain.xml .............................................................................. 97
Error Codes for RTMP Distributions ........................................................................................ 98
Troubleshooting RTMP Distributions ........................................................................................ 98
Working with Objects .................................................................................................................... 99
Format of URLs for CloudFront Objects ................................................................................... 99
Format of Public URLs for Objects in Amazon S3 ............................................................ 100
Format of Public URLs for Objects in a Custom Origin ...................................................... 101
How Public URLs Affect the Invalidation of Directories ...................................................... 101
Format of Signed URLs ............................................................................................... 101
API Version 2016-08-01
iv
Amazon CloudFront Developer Guide
How CloudFront Processes HTTP and HTTPS Requests .......................................................... 102
Increasing the Proportion of Requests that Are Served from CloudFront Edge Caches ................... 102
Specifying How Long CloudFront Caches Your Objects ..................................................... 102
Caching Based on Query String Parameters ................................................................... 103
Caching Based on Cookie Values ................................................................................. 103
Caching Based on Request Headers ............................................................................. 104
Serving Media Content by Using HTTP .......................................................................... 104
Configuring CloudFront to Cache Based on Query String Parameters ......................................... 105
Query String Parameters and Web Distributions .............................................................. 105
Query String Parameters and RTMP Distributions ............................................................ 106
Configuring CloudFront to Cache Objects Based on Cookies ..................................................... 106
Configuring CloudFront to Cache Objects Based on Request Headers ........................................ 108
Headers and Web Distributions .................................................................................... 108
Headers and RTMP Distributions .................................................................................. 112
Forwarding Custom Headers to Your Origin (Web Distributions Only) ........................................... 112
Configuring CloudFront to Forward Custom Headers to Your Origin ..................................... 112
Custom Headers that CloudFront Can't Forward to Your Origin ........................................... 113
Using Custom Headers for Cross-Origin Resource Sharing (CORS) ................................... 113
Using Custom Headers to Restrict Access to Your Content on a Custom Origin ..................... 113
Adding, Removing, or Replacing Objects in a Distribution .......................................................... 114
Adding Objects that You Want CloudFront to Distribute ..................................................... 114
Updating Existing Objects Using Versioned Object Names ................................................ 115
Updating Existing Objects Using the Same Object Names ................................................. 115
Specifying How Long Objects Stay in a CloudFront Edge Cache (Expiration) ........................ 116
Invalidating Objects (Web Distributions Only) .................................................................. 121
Customizing Error Responses .............................................................................................. 127
Creating or Updating a Cache Behavior for Custom Error Pages ........................................ 129
Changing Response Codes ......................................................................................... 129
Controlling How Long CloudFront Caches Errors ............................................................. 129
How CloudFront Responds When a Custom Error Page Is Unavailable ................................ 130
Pricing for Custom Error Pages .................................................................................... 130
Configuring Error Response Behavior ............................................................................ 131
How CloudFront Processes Partial Requests for an Object (Range GETs) ................................... 132
Specifying a Default Root Object (Web Distributions Only) ........................................................ 132
Serving Compressed Files ................................................................................................... 135
Using CloudFront to Compress Your Content ................................................................... 135
Using a Custom Origin to Compress Your Content ........................................................... 137
Request and Response Behavior .................................................................................................. 139
Request and Response Behavior for Amazon S3 Origins .......................................................... 139
How CloudFront Processes and Forwards Requests to Your Amazon S3 Origin Server ........... 139
How CloudFront Processes Responses from Your Amazon S3 Origin Server ........................ 144
Request and Response Behavior for Custom Origins ............................................................... 145
How CloudFront Processes and Forwards Requests to Your Custom Origin Server ................ 146
How CloudFront Processes Responses from Your Custom Origin Server ............................. 155
How CloudFront Processes HTTP 3xx Status Codes from Your Origin ......................................... 158
How CloudFront Processes and Caches HTTP 4xx and 5xx Status Codes from Your Origin ............ 158
How CloudFront Processes Errors When You Have Configured Custom Error Pages .............. 158
How CloudFront Processes Errors When You Have Not Configured Custom Error Pages ........ 160
HTTP 4xx and 5xx Status Codes that CloudFront Caches ................................................. 161
Serving Private Content through CloudFront ................................................................................... 162
Overview of Private Content ................................................................................................. 162
Restricting Access to Objects in CloudFront Edge Caches ................................................ 163
Restricting Access to Objects in Amazon S3 Buckets ....................................................... 163
Using an HTTP Server for Private Content .............................................................................. 164
Task List: Serving Private Content ......................................................................................... 165
Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content ............................ 166
Creating a CloudFront Origin Access Identity and Adding it to Your Distribution ..................... 166
API Version 2016-08-01
v
Amazon CloudFront Developer Guide
Granting the Origin Access Identity Permission to Read Objects in Your Amazon S3
Bucket ..................................................................................................................... 168
Using an Origin Access Identity in Amazon S3 Regions that Support Only Signature Version
4 Authentication ......................................................................................................... 170
Specifying the AWS Accounts That Can Create Signed URLs and Signed Cookies (Trusted
Signers) ........................................................................................................................... 171
Creating CloudFront Key Pairs for Your Trusted Signers ..................................................... 172
Reformatting the CloudFront Private Key (.NET and Java Only) .......................................... 173
Adding Trusted Signers to Your Distribution ..................................................................... 174
Verifying that Trusted Signers Are Active (Optional) .......................................................... 176
Rotating CloudFront Key Pairs ...................................................................................... 176
Choosing Between Signed URLs and Signed Cookies .............................................................. 178
Using Both Signed URLs and Signed Cookies ................................................................ 178
Using Signed URLs ............................................................................................................ 179
Choosing Between Canned and Custom Policies for Signed URLs ..................................... 179
How Signed URLs Work .............................................................................................. 180
Choosing How Long Signed URLs Are Valid ................................................................... 180
When Does CloudFront Check the Expiration Date and Time in a Signed URL? .................... 181
Sample Code and Third-Party Tools .............................................................................. 181
Creating a Signed URL Using a Canned Policy ............................................................... 182
Creating a Signed URL Using a Custom Policy ................................................................ 189
Using Signed Cookies ......................................................................................................... 198
Choosing Between Canned and Custom Policies for Signed Cookies .................................. 198
How Signed Cookies Work .......................................................................................... 198
Preventing Misuse of Signed Cookies ............................................................................ 199
When Does CloudFront Check the Expiration Date and Time in a Signed Cookie? ................. 200
Sample Code and Third-Party Tools .............................................................................. 200
Setting Signed Cookies Using a Canned Policy ............................................................... 200
Setting Signed Cookies Using a Custom Policy ............................................................... 205
Using a Linux Command and OpenSSL for Base64-Encoding and Encryption .............................. 213
Code Examples for Creating a Signature for a Signed URL ....................................................... 214
Create a URL Signature Using Perl ............................................................................... 214
Create a URL Signature Using PHP .............................................................................. 216
Create a URL Signature Using C# and the .NET Framework .............................................. 218
Create a URL Signature Using Java .............................................................................. 226
Using an HTTPS Connection to Access Your Objects ....................................................................... 229
How CloudFront Works with HTTPS Connections .................................................................... 230
How to Require HTTPS for Communication between Viewers, CloudFront, and Your Origin ............. 230
Supported Protocols and Ciphers ......................................................................................... 233
Using Alternate Domain Names and HTTPS ........................................................................... 234
Choosing How CloudFront Serves HTTPS Requests ........................................................ 234
Requirements and Limits on Using SSL/TLS Certificates with CloudFront ............................ 236
To use alternate domain names with HTTPS ................................................................... 238
Determining the Size of the Public Key in an SSL/TLS Certificate ....................................... 239
Rotating SSL/TLS Certificates ...................................................................................... 240
Reverting from a Custom SSL/TLS Certificate to the Default CloudFront Certificate ............... 241
Switching from a Custom SSL/TLS Certificate with Dedicated IP Addresses to SNI ............... 241
Charges for HTTPS Connections .......................................................................................... 242
Authentication and Access Control ................................................................................................ 243
Authentication ................................................................................................................... 243
Access Control .................................................................................................................. 244
Overview of Managing Access ............................................................................................. 245
ARNs for CloudFront Resources ................................................................................... 245
Understanding Resource Ownership ............................................................................. 245
Managing Access to Resources .................................................................................... 246
Specifying Policy Elements: Resources, Actions, Effects, and Principals .............................. 247
Specifying Conditions in a Policy ................................................................................... 247
Using IAM Policies for CloudFront ......................................................................................... 248
API Version 2016-08-01
vi
Amazon CloudFront Developer Guide
Permissions Required to Use the CloudFront Console ...................................................... 248
AWS Managed (Predefined) Policies for CloudFront ......................................................... 250
Customer Managed Policy Examples ............................................................................. 250
CloudFront API Permissions Reference ................................................................................. 253
Required Permissions for Actions on Web Distributions ..................................................... 253
Required Permissions for Actions on RTMP Distributions .................................................. 254
Required Permissions for Actions on Invalidations ........................................................... 255
Required Permissions for Actions on Origin Access Identities ............................................ 255
Required Permissions for Actions on Tags ...................................................................... 255
Access Logs ............................................................................................................................. 256
How Logging Works ........................................................................................................... 256
Choosing an Amazon S3 Bucket for Your Access Logs ............................................................. 257
Amazon S3 Permissions Required to Access Your Log Files ...................................................... 258
File Name Format .............................................................................................................. 258
Timing of Log File Delivery .................................................................................................. 258
Analyzing Access Logs ....................................................................................................... 259
Editing Your Logging Settings ............................................................................................... 259
Deleting Log Files from an Amazon S3 Bucket ........................................................................ 260
Log File Format ................................................................................................................. 260
Web Distribution Log File Format .................................................................................. 261
RTMP Distribution Log File Format ................................................................................ 267
Charges for Access Logs ..................................................................................................... 269
Monitoring CloudFront Activity Using CloudWatch ............................................................................ 270
Downloading Data in CSV Format ......................................................................................... 271
Information About the Report ....................................................................................... 272
Data in the CloudWatch Metrics Report ......................................................................... 272
Capturing API Requests with CloudTrail ......................................................................................... 274
CloudFront Information in CloudTrail Log Files ......................................................................... 274
Understanding CloudFront Log File Entries ............................................................................. 275
Tagging Amazon CloudFront Distributions ...................................................................................... 280
Tag Restrictions ................................................................................................................. 281
Adding, Editing, and Deleting Tags for Distributions .................................................................. 281
Troubleshooting ......................................................................................................................... 282
I can't view the files in my web distribution. ............................................................................. 282
Did you sign up for both CloudFront and Amazon S3? ...................................................... 282
Are your Amazon S3 bucket and object permissions set correctly? ..................................... 282
Is your alternate domain name (CNAME) correctly configured? .......................................... 283
Are you referencing the correct URL for your CloudFront distribution? ................................. 283
Do you need help troubleshooting a custom origin? .......................................................... 283
I can't view the files in my RTMP distribution. .......................................................................... 284
Error Message: Certificate: <certificate-id> is being used by CloudFront. ...................................... 284
Load Testing CloudFront .............................................................................................................. 285
Streaming Tutorials ..................................................................................................................... 286
Live Streaming .................................................................................................................. 286
On-Demand Streaming ....................................................................................................... 286
RTMP Streaming ............................................................................................................... 286
Live HTTP Streaming Using CloudFront and Adobe Media Server 5.0 ......................................... 286
Overview .................................................................................................................. 287
Steps to Configure Live Streaming ................................................................................ 288
Creating an Amazon Web Services Account ................................................................... 288
Creating an Amazon EC2 Key Pair ................................................................................ 288
Subscribing to Adobe Media Server .............................................................................. 289
Creating an AWS CloudFormation Stack for Live Streaming .............................................. 290
Verifying that Adobe Media Server Is Running ................................................................. 291
Setting Up Adobe Flash Media Live Encoder to Publish a Live Stream ................................ 292
Embedding Strobe Media Playback for an Amazon CloudFront Live HTTP Stream in a Web
Application ................................................................................................................ 295
Deleting an AWS CloudFormation Stack and an Amazon EBS Volume for Live Streaming ....... 296
API Version 2016-08-01
vii
Amazon CloudFront Developer Guide
Frequently Asked Questions ........................................................................................ 297
Additional Documentation ............................................................................................ 303
Live Smooth Streaming Using Amazon CloudFront and IIS Media Services 4.1 ............................. 304
Overview of Live Smooth Streaming with Amazon Web Services ........................................ 304
Creating an Amazon Web Services Account ................................................................... 305
Creating an Amazon EC2 Key Pair ................................................................................ 305
Creating an AWS CloudFormation Stack for Live Smooth Streaming ................................... 306
Verifying that Your Amazon EC2 Windows Server Instance Is Running ................................. 309
Getting Your Windows Password ................................................................................... 309
Encoding Your Live Stream .......................................................................................... 310
Viewing Your Live Smooth Stream ................................................................................. 311
Deleting Your AWS CloudFormation Live Smooth Streaming Stack ..................................... 311
Frequently Asked Questions ........................................................................................ 311
Additional Documentation ............................................................................................ 313
Live Streaming with Wowza Streaming Engine 4.2 ................................................................... 314
Creating an Amazon Web Services Account ................................................................... 314
Creating an Amazon EC2 Key Pair ................................................................................ 315
Getting a License for Wowza Streaming Engine 4.2 ......................................................... 315
Subscribing to Wowza Streaming Engine 4.2 through AWS Marketplace .............................. 315
Creating an AWS CloudFormation Stack for Live Streaming .............................................. 316
Verifying that Wowza Streaming Engine 4.2 Is Running .................................................... 318
Setting Up an Encoder to Publish a Live Stream .............................................................. 318
Playing the Live Stream in a Web Application .................................................................. 319
Deleting an AWS CloudFormation Stack for Live Streaming ............................................... 321
Frequently Asked Questions ........................................................................................ 321
Additional Documentation ............................................................................................ 322
Live HTTP Streaming Using CloudFront and Any HTTP Origin ................................................... 324
Creating a New CloudFront Distribution for Live Streaming ................................................ 324
Configuring Web Players to Play the Live Stream ............................................................. 325
(Optional) Deleting an AWS CloudFormation Stack for Live Streaming ................................ 325
On-Demand Media Streaming with Unified Streaming .............................................................. 325
Creating an Amazon Web Services Account ................................................................... 326
Creating an Amazon EC2 Key Pair ................................................................................ 327
Subscribing to Unified Streaming .................................................................................. 327
Creating an AWS CloudFormation Stack for On-Demand Streaming ................................... 328
Verifying that Unified Streaming Server Is Running .......................................................... 330
Uploading Your Media Files to Amazon S3 ..................................................................... 330
Playing the On-Demand Stream In a Test Web Application ................................................ 331
Deleting the AWS CloudFormation Stack and Amazon S3 Bucket for On-Demand
Streaming ................................................................................................................. 333
Frequently Asked Questions ........................................................................................ 334
Additional Documentation ............................................................................................ 336
On-Demand Video Streaming Using CloudFront and Adobe Flash Player ..................................... 338
Creating an Amazon S3 Bucket .................................................................................... 338
Creating CloudFront Web and RTMP Distributions ........................................................... 338
Creating a Flash Project Using Adobe Flash Builder ......................................................... 340
Uploading Media and Flash Builder Files to an Amazon S3 Bucket ..................................... 341
Playing the Media File ................................................................................................. 342
On-Demand Video Streaming Using CloudFront and Flowplayer for Adobe Flash .......................... 343
Uploading Media and Flowplayer Files to an Amazon S3 Bucket ........................................ 343
Creating CloudFront Web and RTMP Distributions ........................................................... 344
Embedding Video in an HTML Page .............................................................................. 345
On-Demand Video Streaming Using CloudFront and JW Player ................................................. 348
Uploading Media and JW Player Files to an Amazon S3 Bucket ......................................... 348
Creating CloudFront Web and RTMP Distributions ........................................................... 349
Embedding Video in a Web Page .................................................................................. 350
Uploading the HTML File and Playing the Video .............................................................. 352
Limits ....................................................................................................................................... 353
API Version 2016-08-01
viii
Amazon CloudFront Developer Guide
Resources ................................................................................................................................ 355
Additional Amazon CloudFront Documentation ........................................................................ 355
Getting Support ................................................................................................................. 356
CloudFront Developer Tools and SDKs ................................................................................... 356
Using CloudFront Logging ................................................................................................... 356
Additional Tips from the Amazon Web Services Blog ................................................................ 356
Invalidating Objects ............................................................................................................ 357
Distributing Streaming Media ............................................................................................... 357
Tools and Code Examples for Configuring Private Content ........................................................ 357
Using CloudFront with a Content Management System ............................................................. 358
Document History ...................................................................................................................... 359
AWS Glossary ........................................................................................................................... 373
API Version 2016-08-01
ix
Amazon CloudFront Developer Guide
What Is Amazon CloudFront?
Topics
How CloudFront Delivers Content (p. 4)
Locations and IP Address Ranges of CloudFront Edge Servers (p. 6)
PCI DSS Compliance (p. 6)
CloudFront is a web service that speeds up distribution of your static and dynamic web content, for
example, .html, .css, .php, and image files, to end users. CloudFront delivers your content through a
worldwide network of data centers called edge locations.When a user requests content that you're serving
with CloudFront, the user is routed to the edge location that provides the lowest latency (time delay), so
content is delivered with the best possible performance. If the content is already in the edge location with
the lowest latency, CloudFront delivers it immediately. If the content is not currently in that edge location,
CloudFront retrieves it from an Amazon S3 bucket or an HTTP server (for example, a web server) that
you have identified as the source for the definitive version of your content.
This concept is best illustrated by an example. Suppose you're serving the following image from a traditional
web server, not from CloudFront:
API Version 2016-08-01
1
Amazon CloudFront Developer Guide
(The image is owned by NASA and comes from the Visible Earth website, http://visibleearth.nasa.gov/.)
You're serving the image using the URL http://example.com/globe_west_540.png.Your users
can easily navigate to this URL and see the image, but they probably don't know that their request was
routed from one network to another—through the complex collection of interconnected networks that
comprise the Internet—until the image was found.
Further suppose that the web server from which you're serving the image is in Seattle, Washington, USA,
and that a user in Austin, Texas, USA requests the image. The traceroute list below (courtesy of
www.WatchMouse.com) shows one way that this request could be routed.
API Version 2016-08-01
2
Amazon CloudFront Developer Guide
In this example, the request was routed 10 times within the United States before the image was retrieved,
which is not an unusually large number of hops. If your user were in Europe, the request would be routed
through even more networks to reach your server in Seattle. The number of networks and the distance
that the request and the image must travel have a significant impact on the performance, reliability, and
availability of the image.
CloudFront speeds up the distribution of your content by routing each user request to the edge location
that can best serve your content.Typically, this is the CloudFront edge location that provides the lowest
latency. This dramatically reduces the number of networks that your users' requests must pass through,
which improves performance. Users get lower latency—the time it takes to load the first byte of the
object—and higher data transfer rates.You also get increased reliability and availability because copies
of your objects are now held in multiple edge locations around the world.
API Version 2016-08-01
3
Amazon CloudFront Developer Guide
For a list of the locations of CloudFront edge servers, see The Amazon CloudFront Global Edge Network
on the CloudFront Product Details page.
How CloudFront Delivers Content
After some initial setup, CloudFront works invisibly to speed up delivery of your content. This overview
includes both the steps you perform before your first user accesses your application or website and how
CloudFront serves your content when configuration is complete.
Setting up CloudFront involves a few simple steps:
How You Configure CloudFront to Deliver Your Content
1. You configure your origin servers, from which CloudFront gets your files for distribution from
CloudFront edge locations all over the world.
An origin server stores the original, definitive version of your objects. If you're serving content over
HTTP, your origin server is either an Amazon S3 bucket or an HTTP server, such as a web server.
Your HTTP server can be running on an Amazon Elastic Compute Cloud (Amazon EC2) instance
or on a server that you manage; these servers are also known as custom origins.
If you're distributing media files on demand using the Adobe Media Server RTMP protocol, your
origin server is always an Amazon S3 bucket.
2. You upload your files to your origin servers.Your files, also known as objects, typically include web
pages, images, and media files, but can be anything that can be served over HTTP or a supported
version of Adobe RTMP, the protocol used by Adobe Flash Media Server.
If you're using an Amazon S3 bucket as an origin server, you can make the objects in your bucket
publicly readable, so anyone who knows the CloudFront URLs for your objects can access them.
You also have the option of keeping objects private and controlling who accesses them. See Serving
Private Content through CloudFront (p. 162).
3. You create a CloudFront distribution, which tells CloudFront which origin servers to get your files
from when users request the files through your web site or application. At the same time, you specify
details such as whether you want CloudFront to log all requests and whether you want the distribution
to be enabled as soon as it's created.
4. CloudFront sends your distribution's configuration (but not your content) to all of its edge
locations—collections of servers in geographically dispersed data centers where CloudFront caches
copies of your objects.
5. As you develop your website or application, you use the domain name that CloudFront provides for
your URLs. For example, if CloudFront returns d111111abcdef8.cloudfront.net as the domain
name for your distribution, the URL for logo.jpg in your Amazon S3 bucket (or in the root directory
on an HTTP server) will be http://d111111abcdef8.cloudfront.net/logo.jpg.
You can also configure your CloudFront distribution so you can use your own domain name. In that
case, the URL might be http://www.example.com/logo.jpg.
6. Optionally, you can configure your origin server to add headers to the files; the headers indicate how
long you want the files to stay in the cache in CloudFront edge locations. By default, each object
stays in an edge location for 24 hours before it expires.The minimum expiration time is 0 seconds;
there isn't a maximum expiration time limit. For more information, see Specifying How Long Objects
Stay in a CloudFront Edge Cache (Expiration) (p. 116).
API Version 2016-08-01
4
Amazon CloudFront Developer Guide
How CloudFront Delivers Content
How CloudFront Delivers Content to Your Users
Once you configure CloudFront to deliver your content, here's what happens when users request your
objects:
1. A user accesses your website or application and requests one or more objects, such as an image
file and an HTML file.
2. DNS routes the request to the CloudFront edge location that can best serve the user's request,
typically the nearest CloudFront edge location in terms of latency, and routes the request to that
edge location.
3. In the edge location, CloudFront checks its cache for the requested files. If the files are in the cache,
CloudFront returns them to the user. If the files are not in the cache, it does the following:
a. CloudFront compares the request with the specifications in your distribution and forwards the
request for the files to the applicable origin server for the corresponding file type—for example,
to your Amazon S3 bucket for image files and to your HTTP server for the HTML files.
b. The origin servers send the files back to the CloudFront edge location.
c. As soon as the first byte arrives from the origin, CloudFront begins to forward the files to the
user. CloudFront also adds the files to the cache in the edge location for the next time someone
requests those files.
4. After an object has been in an edge cache for 24 hours or for the duration specified in your file
headers, CloudFront does the following:
API Version 2016-08-01
5
Amazon CloudFront Developer Guide
How CloudFront Delivers Content
a. CloudFront forwards the next request for the object to your origin to determine whether the edge
location has the latest version.
b. If the version in the edge location is the latest, CloudFront delivers it to your user.
If the version in the edge location is not the latest, your origin sends the latest version to
CloudFront, and CloudFront delivers the object to your user and stores the latest version in the
cache at that edge location.
Locations and IP Address Ranges of CloudFront
Edge Servers
For a list of the locations of CloudFront edge servers, see The Amazon CloudFront Edge Network on the
Amazon CloudFront detail page.
Amazon Web Services (AWS) publishes its current IP address ranges in JSON format.To view the current
ranges, download ip-ranges.json. For more information, see AWS IP Address Ranges in the Amazon
Web Services General Reference.
To find the IP address ranges that are associated with CloudFront edge servers, search ip-ranges.json
for the following string:
"service": "CLOUDFRONT"
PCI DSS Compliance
CloudFront supports the processing, storage, and transmission of credit card data by a merchant or
service provider, and has been validated as being compliant with Payment Card Industry (PCI) Data
API Version 2016-08-01
6
Amazon CloudFront Developer Guide
Locations and IP Address Ranges of CloudFront Edge
Servers
Security Standard (DSS). For more information about PCI DSS, including how to request a copy of the
AWS PCI Compliance Package, see PCI DSS Level 1.
As a security best practice we recommend that you don't cache credit card information in CloudFront
edge caches. For example, you can configure your origin to include a
Cache-Control:no-cache="field-name" header in responses that contain credit card information
such as the last four digits of a credit card number and the card owner's contact information.
API Version 2016-08-01
7
Amazon CloudFront Developer Guide
PCI DSS Compliance
AWS Billing and Usage Reports for
CloudFront
Amazon CloudFront is designed so you don't have to pay any up-front fees or commit to how much content
you'll have. As with the other AWS services, you pay as you go and pay only for what you use.
The following diagram and table summarize the charges to use CloudFront.
API Version 2016-08-01
8
Amazon CloudFront Developer Guide
Your monthly bill from AWS separates your usage and dollar amounts by AWS service and function. The
following table lists the charges that are illustrated in the previous graphic.
CommentsCharge
You pay normal Amazon S3 storage charges to store objects in
your bucket; the charges appear in the Amazon S3 portion of
your AWS statement.
Storage in an Amazon S3
bucket
You incur CloudFront charges when CloudFront responds to re-
quests for your objects.These charges are lower than the corres-
ponding Amazon S3 charges. The CloudFront charges appear
in the CloudFront portion of your AWS statement. For more in-
formation, see Amazon CloudFront Pricing.
Serving objects from edge loc-
ations
You incur CloudFront charges when users transfer data to your
origin, which includes DELETE, OPTIONS, PATCH, POST, and PUT
requests.The CloudFront charges appear in the CloudFront
portion of your AWS statement. For more information, see
Amazon CloudFront Pricing.
Submitting data to your origin
API Version 2016-08-01
9
Amazon CloudFront Developer Guide
Note
You also incur a surcharge for HTTPS requests. For more information, see Amazon CloudFront
Pricing.
AWS provides two usage reports for CloudFront:
The billing report is a high-level view of all of the activity for the AWS services that you're using, including
CloudFront. For more information, see AWS Billing Report for CloudFront (p. 10).
The usage report is a summary of activity for a specific service, aggregated by hour, day, or month.
For more information, see AWS Usage Report for CloudFront (p. 11).
In addition, you can view usage charts that provide a graphical representation of your CloudFront usage.
For more information, see CloudFront Usage Reports (p. 25).
AWS Billing Report for CloudFront
You can view a summary of your AWS usage and charges, listed by service, on the Bills page in the AWS
Management Console.
You can also download a more detailed version of the report in CSV format. The detailed billing report
includes the following values that are applicable to CloudFront:
ProductCodeAmazonCloudFront
UsageType — One of the following values
A code that identifies the type of data transfer
Invalidations
SSL-Cert-Custom
For more information, see Interpreting Your AWS Bill and the AWS Usage Report for CloudFront (p. 12).
ItemDescription — A description of the billing rate for the UsageType.
Usage Start Date/Usage End DateThe day that the usage applies to, in Coordinated Universal
Time (UTC).
Usage Quantity — One of the following values:
The number of requests during the specified time period
The amount of data transferred in gigabytes
The number of objects invalidated
The sum of the prorated months that you had SSL certificates associated with enabled CloudFront
distributions. For example, if you have one certificate associated with an enabled distribution for an
entire month and another certificate associated with an enabled distribution for half of the month,
this value will be 1.5.
To display summary billing information and download the detailed billing report
1. Sign in to the AWS Management Console at https://console.aws.amazon.com/console/home.
2. In the title bar, click your IAM user name, and click Billing & Cost Management.
3. In the navigation pane, click Bills.
4. To view summary information for CloudFront, under Details, click CloudFront.
5. To download a detailed billing report in CSV format, click Download CSV, and follow the on-screen
prompts to save the report.
API Version 2016-08-01
10
Amazon CloudFront Developer Guide
AWS Billing Report for CloudFront
AWS Usage Report for CloudFront
AWS provides a CloudFront usage report that is more detailed than the billing report but less detailed
than CloudFront access logs. The usage report provides aggregate usage data by hour, day, or month;
and it lists operations by region and usage type, such as data transferred out of the Australia region.
The CloudFront usage report includes the following values:
ServiceAmazonCloudFront
Operation — HTTP method. Values include DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.
UsageType — One of the following values
A code that identifies the type of data transfer
Invalidations
SSL-Cert-Custom
For more information, see Interpreting Your AWS Bill and the AWS Usage Report for CloudFront (p. 12).
Resource — Either the ID of the CloudFront distribution associated with the usage or the certificate
ID of an SSL certificate that you have associated with a CloudFront distribution.
StartTime/EndTimeThe day that the usage applies to, in Coordinated Universal Time (UTC).
UsageValue — (1) The number of requests during the specified time period or (2) the amount of data
transferred in bytes.
If you're using Amazon S3 as the origin for CloudFront, consider running the usage report for Amazon
S3, too. However, if you use Amazon S3 for purposes other than as an origin for your CloudFront
distributions, it might not be clear what portion applies to your CloudFront usage.
Tip
For detailed information about every request that CloudFront receives for your objects, turn on
CloudFront access logs for your distribution. For more information, see Access Logs (p. 256).
To download the usage report for CloudFront or Amazon S3
1. Sign in to the AWS Management Console at https://console.aws.amazon.com/console/home.
2. In the title bar, click your IAM user name, and click Billing & Cost Management.
3. In the navigation pane, click Reports.
4. Under AWS Usage Report, click AWS Usage Report.
5. In the Service list, click CloudFront or Amazon Simple Storage Service.
6. Select the applicable settings:
Usage Types — For a detailed explanation of CloudFront usage types, see the section called
“Interpreting Your AWS Bill and the AWS Usage Report for CloudFront” (p. 12).
For Amazon S3, select All Usage Types.
Operation — Select All Operations.
Time Period — Select the time period that you want the report to cover.
Report Granularity — Select whether you want the report to include subtotals by the hour, by the
day, or by the month.
7. Click the download button for the desired format.
8. Follow the on-screen prompts to view or save the report.
API Version 2016-08-01
11
Amazon CloudFront Developer Guide
AWS Usage Report for CloudFront
Interpreting Your AWS Bill and the AWS Usage
Report for CloudFront
Your AWS bill for CloudFront service includes codes and abbreviations that might not be immediately
obvious. The first column in the following table lists items that appear in your bill and explains what each
means.
In addition, you can get an AWS usage report for CloudFront that contains more detail than the AWS bill
for CloudFront.The second column in the table lists items that appear in the usage report and shows the
correlation between bill items and usage report items.
Most codes in both columns include a two-letter abbreviation that indicates the location of the activity. In
the following table, region in a code is replaced by one of the following two-letter abbreviations in your
AWS bill and in the usage report:
AP: Hong Kong, Philippines, South Korea, Singapore, and Taiwan (Asia Pacific)
AU: Australia
CA: Canada
EU: Europe
IN: India
JP: Japan
SA: South America
US: United States
For more information about pricing by region, see Amazon CloudFront Pricing.
Note
This table doesn't include charges for transferring your objects from an Amazon S3 bucket to
CloudFront edge locations. These charges, if any, appear in the AWS Data Transfer portion of
your AWS bill.
API Version 2016-08-01
12
Amazon CloudFront Developer Guide
Interpreting Your AWS Bill and the AWS Usage Report
for CloudFront
Values in the Usage Type Column in the CloudFront Us-
age Report
Items in Your CloudFront Bill
Web distributions:
region-Out-Bytes-HTTP-Static: Bytes served via HTTP
for objects with TTL 3600 seconds
region-Out-Bytes-HTTPS-Static: Bytes served via HT-
TPS for objects with TTL 3600 seconds
region-Out-Bytes-HTTP-Dynamic: Bytes served via
HTTP for objects with TTL < 3600 seconds
region-Out-Bytes-HTTPS-Dynamic: Bytes served via
HTTPS for objects with TTL < 3600 seconds
region-Out-Bytes-HTTP-Proxy: Bytes returned from
CloudFront to viewers via HTTP in response to DELETE,
OPTIONS, PATCH, POST, and PUT requests.
region-Out-Bytes-HTTPS-Proxy: Bytes returned from
CloudFront to viewers via HTTPS in response to DELETE,
OPTIONS, PATCH, POST, and PUT requests.
RTMP distributions:
region-FMS-Out-Bytes
region-DataTransfer-Out-Bytes
Sum of bytes that CloudFront served for
web and RTMP distributions:
Web distributions: Total bytes
served from CloudFront edge loca-
tions in region in response to user
GET and HEAD requests
RTMP distributions: Total bytes
transferred from CloudFront edge
locations in region to end users
region-Out-OBytes-HTTP-Proxy
Total bytes transferred via HTTP from CloudFront edge loca-
tions to your origin in response to DELETE, OPTIONS, PATCH,
POST, and PUT requests.
region-Out-OBytes-HTTPS-Proxy
Total bytes transferred via HTTPS from CloudFront edge
locations to your origin in response to DELETE, OPTIONS,
PATCH, POST, and PUT requests.
region-DataTransfer-Out-OBytes
Web distributions only: Total bytes
transferred from CloudFront edge loca-
tions to your origin in response to DE-
LETE, OPTIONS, PATCH, POST, and PUT
requests.
region-Requests-HTTP-Static
Number of HTTP GET and HEAD requests served for objects
with TTL 3600 seconds
region-Requests-HTTP-Dynamic
Number of HTTP GET and HEAD requests served for objects
with TTL < 3600 seconds
region-Requests-Tier1
Web distributions only: Number of
HTTP GET and HEAD requests
region-Requests-HTTPS-Static
Number of HTTPS GET and HEAD requests served for objects
with TTL 3600 seconds
region-Requests-HTTPS-Dynamic
Number of HTTPS GET and HEAD requests served for objects
with TTL < 3600 seconds
region-Requests-Tier2-HTTPS
Web distributions only: Number of
HTTPS GET and HEAD requests
API Version 2016-08-01
13
Amazon CloudFront Developer Guide
Interpreting Your AWS Bill and the AWS Usage Report
for CloudFront
Values in the Usage Type Column in the CloudFront Us-
age Report
Items in Your CloudFront Bill
region-Requests-HTTP-Proxy
Same as the corresponding item in your CloudFront bill
region-Requests-HTTP-Proxy
Web distributions only: Number of
HTTP DELETE, OPTIONS, PATCH, POST,
and PUT requests that CloudFront for-
wards to your origin
region-Requests-HTTPS-Proxy
Same as the corresponding item in your CloudFront bill
region-Requests-HTTPS-Proxy
Web distributions only: Number of
HTTPS DELETE, OPTIONS, PATCH,
POST, and PUT requests that CloudFront
forwards to your origin
Invalidations
Same as the corresponding item in your CloudFront bill
Invalidations
Web distributions only:The charge for
invalidating objects (removing the ob-
jects from CloudFront edge locations);
for more information, see Paying for
Object Invalidation (p. 127)
SSL-Cert-Custom
Same as the corresponding item in your CloudFront bill
SSL-Cert-Custom
Web distributions only:The charge for
using an SSL certificate with a Cloud-
Front alternate domain name such as
example.com instead of using the default
CloudFront SSL certificate and the do-
main name that CloudFront assigned to
your distribution
API Version 2016-08-01
14
Amazon CloudFront Developer Guide
Interpreting Your AWS Bill and the AWS Usage Report
for CloudFront
CloudFront Reports
The CloudFront console includes a variety of reports:
CloudFront Cache Statistics Reports (p. 15)
CloudFront Popular Objects Report (p. 15)
CloudFront Top Referrers Report (p. 16)
CloudFront Usage Reports (p. 16)
CloudFront Viewers Reports (p. 16)
Most of these reports are based on the data in CloudFront access logs, which contain detailed information
about every user request that CloudFront receives.You don't need to enable access logs to view the
reports. For more information, see Access Logs (p. 256). The CloudFront usage report is based on the
AWS usage report for CloudFront, which also doesn't require any special configuration. For more
information, see AWS Usage Report for CloudFront (p. 11).
CloudFront Cache Statistics Reports
The CloudFront cache statistics report includes the following information:
Total Requests – Shows the total number of requests for all HTTP status codes (for example, 200 or
404) and all methods (for example, GET, HEAD, or POST)
Percentage of Viewer Requests by Result Type – Shows hits, misses, and errors as a percentage
of total viewer requests for the selected CloudFront distribution
Bytes Transferred to Viewers – Shows total bytes and bytes from misses
HTTP Status Codes – Shows viewer requests by HTTP status code
Percentage of GET Requests that Didn't Finish Downloading– Shows viewer GET requests that
didn't finish downloading the requested object as a percentage of total requests
For more information, see CloudFront Cache Statistics Reports (p. 16).
CloudFront Popular Objects Report
The CloudFront popular objects report lists the 50 most popular objects and statistics about those objects,
including the number of requests for the object, the number of hits and misses, the hit ratio, the number
of bytes served for misses, the total bytes served, the number of incomplete downloads, and the number
of requests by HTTP status code (2xx, 3xx, 4xx, and 5xx).
API Version 2016-08-01
15
Amazon CloudFront Developer Guide
For more information, see CloudFront Popular Objects Report (p. 20).
CloudFront Top Referrers Report
The CloudFront top referrers report includes the top 25 referrers, the number of requests from a referrer,
and the number of requests from a referrer as a percentage of the total number of requests during the
specified period.
For more information, see CloudFront Top Referrers Report (p. 23).
CloudFront Usage Reports
The CloudFront usage reports include the following information:
Number of Requests – Shows the number of HTTP and HTTPS requests that CloudFront responds
to from edge locations in the selected region during each time interval for the specified CloudFront
distribution
Data Transferred by Protocol – Shows the total amount of data transferred over HTTP and HTTPS
from CloudFront edge locations in the selected region during each time interval for the specified
CloudFront distribution
Data Transferred by Destination– Shows the total amount of data transferred over HTTP and HTTPS
from CloudFront edge locations in the selected region during each time interval for the specified
CloudFront distribution
For more information, see CloudFront Usage Reports (p. 25).
CloudFront Viewers Reports
The CloudFront viewers reports include the following information:
Devices – Shows the types of devices (for example, Desktop or Mobile) that your users use to access
your content
Browsers – Shows the name (or the name and version) of the browsers that your users use most
frequently to access your content, for example, Chrome or Firefox
Operating Systems – Shows the name (or the name and version) of the operating system that viewers
run on most frequently when accessing your content, for example, Linux, Mac OS X, or Windows
Locations – Shows the locations, by country or by U.S. state/territory, of the viewers that access your
content most frequently
For more information, see CloudFront Viewers Reports (p. 29).
CloudFront Cache Statistics Reports
You can use the Amazon CloudFront console to display a graphical representation of statistics related
to CloudFront edge locations. Data for these statistics are drawn from the same source as CloudFront
access logs.You can display charts for a specified date range in the last 60 days, with data points every
hour or every day.You can usually view data about requests that CloudFront received as recently as an
hour ago, but data can occasionally be delayed by as much as 24 hours.
Note
You don't need to enable access logging to view cache statistics.
API Version 2016-08-01
16
Amazon CloudFront Developer Guide
CloudFront Cache Statistics Reports
To display CloudFront cache statistics
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. In the navigation pane, click Cache Statistics.
3. In the CloudFront Cache Statistics Reports pane, for Start Date and End Date, select the date
range for which you want to display cache statistics charts. Available ranges depend on the value
that you select for Granularity:
DailyTo display charts with one data point per day, select any date range in the previous 60
days.
HourlyTo display charts with one data point every hour, select any date range of up to 14 days
within the previous 60 days.
Dates and times are in Coordinated Universal Time (UTC).
4. For Granularity, specify whether to display one data point per day or one data point per hour in the
charts. If you specify a date range greater than 14 days, the option to specify one data point per hour
is not available.
5. For Viewer Location, choose the continent from which viewer requests originated, or choose All
Locations. Cache statistics charts include data for requests that CloudFront received from the
specified location.
6. In the Distribution list, select the distributions for which you want to display data in the usage charts:
An individual web distributionThe charts display data for the selected CloudFront web
distribution.The Distribution list displays the distribution ID and alternate domain names (CNAMEs)
for the distribution, if any. If a distribution has no alternate domain names, the list includes origin
domain names for the distribution.
All Web DistributionsThe charts display summed data for all web distributions that are
associated with the current AWS account, excluding web distributions that you have deleted.
7. Click Update.
8. To view data for a daily or hourly data point within a chart, move your mouse pointer over the data
point.
9. For charts that show data transferred, note that you can change the vertical scale to gigabytes,
megabytes, or kilobytes for each chart.
Topics
Downloading Data in CSV Format (p. 17)
How Cache Statistics Charts Are Related to Data in the CloudFront Access Logs (p. 19)
Downloading Data in CSV Format
You can download the Cache Statistics report in CSV format. This section explains how to download the
report and describes the values in the report.
To download the Cache Statistics report in CSV format
1. While viewing the Cache Statistics report, click CSV.
2. In the Opening file name dialog box, choose whether to open or save the file.
API Version 2016-08-01
17
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
Information About the Report
The first few rows of the report include the following information:
Version
The version of the format for this CSV file.
Report
The name of the report.
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
StartDateUTC
The beginning of the date range for which you ran the report, in Coordinated Universal Time (UTC).
EndDateUTC
The end of the date range for which you ran the report, in Coordinated Universal Time (UTC).
GeneratedTimeUTC
The date and time on which you ran the report, in Coordinated Universal Time (UTC).
Granularity
Whether each row in the report represents one hour or one day.
ViewerLocation
The continent that viewer requests originated from, or ALL, if you chose to download the report for
all locations.
Data in the Cache Statistics Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
ViewerLocation
The continent that viewer requests originated from, or ALL, if you chose to download the report for
all locations.
TimeBucket
The hour or the day that data applies to, in Coordinated Universal Time (UTC).
RequestCount
The total number of requests for all HTTP status codes (for example, 200 or 404) and all methods
(for example, GET, HEAD, or POST).
HitCount
The number of viewer requests for which the object is served from a CloudFront edge cache.
MissCount
The number of viewer requests for which the object isn't currently in an edge cache, so CloudFront
must get the object from your origin.
ErrorCount
The number of viewer requests that resulted in an error, so CloudFront didn't serve the object.
IncompleteDownloadCount
The number of viewer requests for which the viewer started but didn't finish downloading the object.
HTTP2xx
The number of viewer requests for which the HTTP status code was a 2xx value (succeeded).
API Version 2016-08-01
18
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
HTTP3xx
The number of viewer requests for which the HTTP status code was a 3xx value (additional action
is required).
HTTP4xx
The number of viewer requests for which the HTTP status code was a 4xx value (client error).
HTTP5xx
The number of viewer requests for which the HTTP status code was a 5xx value (server error).
TotalBytes
The total number of bytes served to viewers by CloudFront in response to all requests for all HTTP
methods.
BytesFromMisses
The number of bytes served to viewers for objects that were not in the applicable edge cache at the
time of the request. This value is a good approximation of bytes transferred from your origin to
CloudFront edge caches. However, it excludes requests for objects that are already in the edge
cache but that have expired.
How Cache Statistics Charts Are Related to Data
in the CloudFront Access Logs
The following table shows how cache statistics charts in the CloudFront console correspond with values
in CloudFront access logs. For more information about CloudFront access logs, see Access Logs (p. 256).
Total Requests
This chart shows the total number of requests for all HTTP status codes (for example, 200 or 404)
and all methods (for example, GET, HEAD, or POST).Total requests shown in this chart equal the total
number of requests in the access log files for the same time period.
Percentage of Viewer Requests by Result Type
This chart shows hits, misses, and errors as a percentage of total viewer requests for the selected
CloudFront distribution:
Hit – A viewer request for which the object is served from a CloudFront edge cache. In access
logs, these are requests for which the value of x-edge-response-result-type is Hit.
Miss – A viewer request for which the object isn't currently in an edge cache, so CloudFront must
get the object from your origin. In access logs, these are requests for which the value of
x-edge-response-result-type is Miss.
Error – A viewer request that resulted in an error, so CloudFront didn't serve the object. In access
logs, these are requests for which the value of x-edge-response-result-type is Error,
LimitExceeded, or CapacityExceeded.
The chart does not include refresh hits—requests for objects that are in the edge cache but that have
expired. In access logs, refresh hits are requests for which the value of
x-edge-response-result-type is RefreshHit.
Bytes Transferred to Viewers
This chart shows two values:
Total BytesThe total number of bytes served to viewers by CloudFront in response to all requests
for all HTTP methods. In CloudFront access logs, Total Bytes is the sum of the values in the
sc-bytes column for all of the requests during the same time period.
Bytes from MissesThe number of bytes served to viewers for objects that were not in the
applicable edge cache at the time of the request. In CloudFront access logs, Bytes from Misses
is the sum of the values in the sc-bytes column for requests for which the value of
x-edge-result-type is Miss.This value is a good approximation of bytes transferred from your
origin to CloudFront edge caches. However, it excludes requests for objects that are already in
the edge cache but that have expired.
API Version 2016-08-01
19
Amazon CloudFront Developer Guide
How Cache Statistics Charts Are Related to Data in the
CloudFront Access Logs
HTTP Status Codes
This chart shows viewer requests by HTTP status code. In CloudFront access logs, status codes
appear in the sc-status column:
2xxThe request succeeded.
3xx – Additional action is required. For example, 301 (Moved Permanently) means that the
requested object has moved to a different location.
4xxThe client apparently made an error. For example, 404 (Not Found) means that the client
requested an object that could not be found.
5xxThe origin server didn't fill the request. For example, 503 (Service Unavailable) means that
the origin server is currently unavailable.
Percentage of GET Requests that Didn't Finish Downloading
This chart shows viewer GET requests that didn't finish downloading the requested object as a
percentage of total requests.Typically, downloading an object doesn't complete because the viewer
canceled the download, for example, by clicking a different link or by closing the browser. In CloudFront
access logs, these requests have a value of 200 in the sc-status column and a value of Error in
the x-edge-result-type column.
CloudFront Popular Objects Report
The Amazon CloudFront console can display a list of the 50 most popular objects for a distribution during
a specified date range in the previous 60 days.
Data for the Popular Objects report is drawn from the same source as CloudFront access logs.To get
an accurate count of the top 50 objects, CloudFront counts the requests for all of your objects in 10-minute
intervals beginning at midnight and keeps a running total of the top 150 objects for the next 24 hours.
(CloudFront also retains daily totals for the top 150 objects for 60 days.) Near the bottom of the list, objects
constantly rise onto or drop off of the list, so the totals for those objects are approximations. The fifty
objects at the top of the list of 150 objects may rise and fall within the list, but they rarely drop off of the
list altogether, so the totals for those objects typically are more reliable.
When an object drops off of the list of the top 150 objects and then rises onto the list again over the course
of a day, CloudFront adds an estimated number of requests for the period that the object was missing
from the list. The estimate is based on the number of requests received by whichever object was at the
bottom of the list during that time period. If the object rises into the top 50 objects later in the day, the
estimates of the number of requests that CloudFront received while the object was out of the top 150
objects usually causes the number of requests in the Popular Objects report to exceed the number of
requests that appear in the access logs for that object.
Note
You don't need to enable access logging to view a list of popular objects.
To display popular objects for a distribution
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. In the navigation pane, click Popular Objects.
3. In the CloudFront Popular Objects Report pane, for Start Date and End Date, select the date
range for which you want to display a list of popular objects.You can choose any date range in the
previous 60 days.
Dates and times are in Coordinated Universal Time (UTC).
4. In the Distribution list, select the distribution for which you want to display a list of popular objects.
5. Click Update.
API Version 2016-08-01
20
Amazon CloudFront Developer Guide
CloudFront Popular Objects Report
Topics
Downloading Data in CSV Format (p. 21)
How Data in the Popular Objects Report Is Related to Data in the CloudFront Access Logs (p. 22)
Downloading Data in CSV Format
You can download the Popular Objects report in CSV format. This section explains how to download the
report and describes the values in the report.
To download the Popular Objects report in CSV format
1. While viewing the Popular Objects report, click CSV.
2. In the Opening file name dialog box, choose whether to open or save the file.
Information About the Report
The first few rows of the report include the following information:
Version
The version of the format for this CSV file.
Report
The name of the report.
DistributionID
The ID of the distribution that you ran the report for.
StartDateUTC
The beginning of the date range for which you ran the report, in Coordinated Universal Time (UTC).
EndDateUTC
The end of the date range for which you ran the report, in Coordinated Universal Time (UTC).
GeneratedTimeUTC
The date and time on which you ran the report, in Coordinated Universal Time (UTC).
Data in the Popular Objects Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
Object
The last 500 characters of the URL for the object.
RequestCount
The total number of requests for this object.
HitCount
The number of viewer requests for which the object is served from a CloudFront edge cache.
MissCount
The number of viewer requests for which the object isn't currently in an edge cache, so CloudFront
must get the object from your origin.
HitCountPct
The value of HitCount as a percentage of the value of RequestCount.
API Version 2016-08-01
21
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
BytesFromMisses
The number of bytes served to viewers for this object when the object was not in the applicable edge
cache at the time of the request.
TotalBytes
The total number of bytes served to viewers by CloudFront for this object in response to all requests
for all HTTP methods.
IncompleteDownloadCount
The number of viewer requests for this object for which the viewer started but didn't finish downloading
the object.
HTTP2xx
The number of viewer requests for which the HTTP status code was a 2xx value (succeeded).
HTTP3xx
The number of viewer requests for which the HTTP status code was a 3xx value (additional action
is required).
HTTP4xx
The number of viewer requests for which the HTTP status code was a 4xx value (client error).
HTTP5xx
The number of viewer requests for which the HTTP status code was a 5xx value (server error).
How Data in the Popular Objects Report Is Related
to Data in the CloudFront Access Logs
The following list shows how values in the Popular Objects report in the CloudFront console correspond
with values in CloudFront access logs. For more information about CloudFront access logs, see Access
Logs (p. 256).
URLThe last 500 characters of the URL that viewers use to access the object.
Requests
The total number of requests for the object.This value generally corresponds closely with the number
of GET requests for the object in CloudFront access logs.
HitsThe number of viewer requests for which the object was served from a CloudFront edge cache. In
access logs, these are requests for which the value of x-edge-response-result-type is Hit.
Misses
The number of viewer requests for which the object wasn't in an edge cache, so CloudFront retrieved
the object from your origin. In access logs, these are requests for which the value of
x-edge-response-result-type is Miss.
Hit Ratio
The value of the Hits column as a percentage of the value of the Requests column.
Bytes from Misses
The number of bytes served to viewers for objects that were not in the applicable edge cache at the
time of the request. In CloudFront access logs, Bytes from Misses is the sum of the values in the
sc-bytes column for requests for which the value of x-edge-result-type is Miss.
Total Bytes
The total number of bytes that CloudFront served to viewers in response to all requests for the object
for all HTTP methods. In CloudFront access logs, Total Bytes is the sum of the values in the
sc-bytes column for all of the requests during the same time period.
Incomplete Downloads
The number of viewer requests that did not finish downloading the requested object.Typically, the
reason that a download doesn't complete is that the viewer canceled it, for example, by clicking a
API Version 2016-08-01
22
Amazon CloudFront Developer Guide
How Data in the Popular Objects Report Is Related to
Data in the CloudFront Access Logs
different link or by closing the browser. In CloudFront access logs, these requests have a value of
200 in the sc-status column and a value of Error in the x-edge-result-type column.
2xx The number of requests for which the HTTP status code is 2xx, Successful. In CloudFront access
logs, status codes appear in the sc-status column.
3xx The number of requests for which the HTTP status code is 3xx, Redirection.3xx status codes
indicate that additional action is required. For example, 301 (Moved Permanently) means that the
requested object has moved to a different location.
4xx The number of requests for which the HTTP status code is 4xx, Client Error.4xx status codes
indicate that the client apparently made an error. For example, 404 (Not Found) means that the client
requested an object that could not be found.
5xx The number of requests for which the HTTP status code is 5xx, Server Error.5xx status codes
indicate that the origin server didn't fill the request. For example, 503 (Service Unavailable) means
that the origin server is currently unavailable.
CloudFront Top Referrers Report
The CloudFront console can display a list of the 25 domains of the websites that originated the most
HTTP and HTTPS requests for objects that CloudFront is distributing for a specified distribution. These
top referrers can be search engines, other websites that link directly to your objects, or your own website.
For example, if http://example.com/index.html links to 10 graphics, example.com is the referrer for all 10
graphics.You can display the Top Referrers report for any date range in the previous 60 days.
Note
If a user enters a URL directly into the address line of a browser, there is no referrer for the
requested object.
Data for the Top Referrers report is drawn from the same source as CloudFront access logs. To get an
accurate count of the top 25 referrers, CloudFront counts the requests for all of your objects in 10-minute
intervals and keeps a running total of the top 75 referrers. Near the bottom of the list, referrers constantly
rise onto or drop off of the list, so the totals for those referrers are approximations.The 25 referrers at
the top of the list of 75 referrers may rise and fall within the list, but they rarely drop off of the list altogether,
so the totals for those referrers typically are more reliable.
Note
You don't need to enable access logging to view a list of top referrers.
To display top referrers for a distribution
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. In the navigation pane, click Top Referrers.
3. In the CloudFront Top Referrers Report pane, for Start Date and End Date, select the date range
for which you want to display a list of top referrers.
Dates and times are in Coordinated Universal Time (UTC).
4. In the Distribution list, select the distribution for which you want to display a list of top referrers.
5. Click Update.
Topics
Downloading Data in CSV Format (p. 24)
API Version 2016-08-01
23
Amazon CloudFront Developer Guide
CloudFront Top Referrers Report
How Data in the Top Referrers Report Is Related to Data in the CloudFront Access Logs (p. 25)
Downloading Data in CSV Format
You can download the Top Referrers report in CSV format. This section explains how to download the
report and describes the values in the report.
To download the Top Referrers report in CSV format
1. While viewing the Top Referrers report, click CSV.
2. In the Opening file name dialog box, choose whether to open or save the file.
Information About the Report
The first few rows of the report include the following information:
Version
The version of the format for this CSV file.
Report
The name of the report.
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
StartDateUTC
The beginning of the date range for which you ran the report, in Coordinated Universal Time (UTC).
EndDateUTC
The end of the date range for which you ran the report, in Coordinated Universal Time (UTC).
GeneratedTimeUTC
The date and time on which you ran the report, in Coordinated Universal Time (UTC).
Data in the Top Referrers Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
Referrer
The domain name of the referrer.
The total number of requests from the domain name in the Referrer column.
RequestsPct
The number of requests submitted by the referrer as a percentage of the total number of requests
during the specified period.
API Version 2016-08-01
24
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
How Data in the Top Referrers Report Is Related
to Data in the CloudFront Access Logs
The following list shows how values in the Top Referrers report in the CloudFront console correspond
with values in CloudFront access logs. For more information about CloudFront access logs, see Access
Logs (p. 256).
Referrer
The domain name of the referrer. In access logs, referrers are listed in the cs(Referer) column.
Request Count
The total number of requests from the domain name in the Referrer column.This value generally
corresponds closely with the number of GET requests from the referrer in CloudFront access logs.
Request %
The number of requests submitted by the referrer as a percentage of the total number of requests
during the specified period. If you have more than 25 referrers, then you can't calculate Request %
based on the data in this table because the Request Count column doesn't include all of the requests
during the specified period.
CloudFront Usage Reports
The Amazon CloudFront console can display a graphical representation of your CloudFront usage that
is based on a subset of the usage report data.You can display charts for a specified date range in the
last 60 days, with data points every hour or every day.You can usually view data about requests that
CloudFront received as recently as four hours ago, but data can occasionally be delayed by as much as
24 hours.
For more information, see How the Usage Charts Are Related to Data in the CloudFront Usage
Report (p. 28).
To display CloudFront usage charts
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. In navigation pane, click Usage Reports.
3. In the CloudFront Usage Reports pane, for Start Date and End Date, select the date range for
which you want to display usage charts. Available ranges depend on the value that you select for
Granularity:
DailyTo display charts with one data point per day, select any date range in the previous 60
days.
HourlyTo display charts with one data point every hour, select any date range of up to 14 days
within the previous 60 days.
Dates and times are in Coordinated Universal Time (UTC).
4. For Granularity, specify whether to display one data point per day or one data point per hour in the
charts. If you specify a date range greater than 14 days, the option to specify one data point per hour
is not available.
5. For Billing Region, choose the CloudFront billing region that has the data you want to view, or
choose All Regions. Usage charts include data for requests that CloudFront processes in edge
locations in the specified region. The region where CloudFront processes requests might or might
not correspond with the location of your users.
API Version 2016-08-01
25
Amazon CloudFront Developer Guide
How Data in the Top Referrers Report Is Related to Data
in the CloudFront Access Logs
Select only regions that are included in the price class for your distribution; otherwise, the usage
charts probably won't contain any data. For example, if you chose Price Class 200 for your distribution,
the South America and Australia billing regions are not included, so CloudFront generally won't
process your requests from those regions. For more information about price classes, see Choosing
the Price Class for a CloudFront Distribution (p. 54).
6. In the Distribution list, select the distributions for which you want to display data in the usage charts:
An individual web distributionThe charts display data for the selected CloudFront distribution.
The Distribution list displays the distribution ID and alternate domain names (CNAMEs) for the
distribution, if any. If a distribution has no alternate domain names, the list includes origin domain
names for the distribution.
All Web Distributions (excludes deleted)The charts display summed data for all web
distributions that are associated with the current AWS account, excluding web distributions that
you have deleted.
All Deleted DistributionsThe charts display summed data for all web distributions that are
associated with the current AWS account and that were deleted in the last 60 days.
7. Click Update Graphs.
8. To view data for a daily or hourly data point within a chart, move your mouse pointer over the data
point.
9. For charts that show data transferred, note that you can change the vertical scale to gigabytes,
megabytes, or kilobytes for each chart.
Topics
Downloading Data in CSV Format (p. 26)
How the Usage Charts Are Related to Data in the CloudFront Usage Report (p. 28)
Downloading Data in CSV Format
You can download the Usage report in CSV format. This section explains how to download the report
and describes the values in the report.
To download the Usage report in CSV format
1. While viewing the Usage report, click CSV.
2. In the Opening file name dialog box, choose whether to open or save the file.
Information About the Report
The first few rows of the report include the following information:
Version
The version of the format for this CSV file.
Report
The name of the report.
DistributionID
The ID of the distribution that you ran the report for, ALL if you ran the report for all distributions, or
ALL_DELETED if you ran the report for all deleted distributions.
StartDateUTC
The beginning of the date range for which you ran the report, in Coordinated Universal Time (UTC).
API Version 2016-08-01
26
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
EndDateUTC
The end of the date range for which you ran the report, in Coordinated Universal Time (UTC).
GeneratedTimeUTC
The date and time on which you ran the report, in Coordinated Universal Time (UTC).
Granularity
Whether each row in the report represents one hour or one day.
BillingRegion
The continent that viewer requests originated from, or ALL, if you chose to download the report for
all billing regions.
Data in the Usage Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, ALL if you ran the report for all distributions, or
ALL_DELETED if you ran the report for all deleted distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
BillingRegion
The CloudFront billing region that you ran the report for, or ALL.
TimeBucket
The hour or the day that data applies to, in Coordinated Universal Time (UTC).
HTTP
The number of HTTP requests that CloudFront responded to from edge locations in the selected
region during each time interval for the specified CloudFront distribution. Values include:
The number of GET and HEAD requests, which cause CloudFront to transfer data to your users
The number of DELETE, OPTIONS, PATCH, POST, and PUT requests, which cause CloudFront to
transfer data to your origin
HTTPS
The number of HTTPS requests that CloudFront responded to from edge locations in the selected
region during each time interval for the specified CloudFront distribution. Values include:
The number of GET and HEAD requests, which cause CloudFront to transfer data to your users
The number of DELETE, OPTIONS, PATCH, POST, and PUT requests, which cause CloudFront to
transfer data to your origin
HTTPBytes
The total amount of data transferred over HTTP from CloudFront edge locations in the selected billing
region during the time period for the specified CloudFront distribution.Values include:
Data transferred from CloudFront to your users in response to GET and HEAD requests
Data transferred from CloudFront to your origin for DELETE, OPTIONS, PATCH, POST, and PUT
requests
Data transferred from CloudFront to your users in response to DELETE, OPTIONS, PATCH, POST,
and PUT requests
HTTPSBytes
The total amount of data transferred over HTTPS from CloudFront edge locations in the selected
billing region during the time period for the specified CloudFront distribution.Values include:
Data transferred from CloudFront to your users in response to GET and HEAD requests
Data transferred from CloudFront to your origin for DELETE, OPTIONS, PATCH, POST, and PUT
requests
API Version 2016-08-01
27
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
Data transferred from CloudFront to your users in response to DELETE, OPTIONS, PATCH, POST,
and PUT requests
BytesIn
The total amount of data transferred from CloudFront to your origin for DELETE, OPTIONS, PATCH,
POST, and PUT requests in the selected region during each time interval for the specified CloudFront
distribution.
BytesOut
The total amount of data transferred over HTTP and HTTPS from CloudFront to your users in the
selected region during each time interval for the specified CloudFront distribution. Values include:
Data transferred from CloudFront to your users in response to GET and HEAD requests
Data transferred from CloudFront to your users in response to DELETE, OPTIONS, PATCH, POST,
and PUT requests
How the Usage Charts Are Related to Data in the
CloudFront Usage Report
The following list shows how the usage charts in the CloudFront console correspond with values in the
Usage Type column in the CloudFront usage report.
Topics
Number of Requests (p. 28)
Data Transferred by Protocol (p. 28)
Data Transferred by Destination (p. 29)
Number of Requests
This chart shows the number of HTTP and HTTPS requests that CloudFront responds to from edge
locations in the selected region during each time interval for the specified CloudFront distribution.
Number of HTTP Requests
region-Requests-HTTP-Static: Number of HTTP GET and HEAD requests served for objects with
TTL 3600 seconds
region-Requests-HTTP-Dynamic: Number of HTTP GET and HEAD requests served for objects
with TTL < 3600 seconds
region-Requests-HTTP-Proxy: Number of HTTP DELETE, OPTIONS, PATCH, POST, and PUT
requests that CloudFront forwards to your origin
Number of HTTPS Requests
region-Requests-HTTPS-Static: Number of HTTPS GET and HEAD requests served for objects
with TTL 3600 seconds
region-Requests-HTTPS-Dynamic: Number of HTTPS GET and HEAD requests served for objects
with TTL < 3600 seconds
region-Requests-HTTPS-Proxy: Number of HTTPS DELETE, OPTIONS, PATCH, POST, and PUT
requests that CloudFront forwards to your origin
Data Transferred by Protocol
This chart shows the total amount of data transferred over HTTP and HTTPS from CloudFront edge
locations in the selected region during each time interval for the specified CloudFront distribution.
API Version 2016-08-01
28
Amazon CloudFront Developer Guide
How the Usage Charts Are Related to Data in the
CloudFront Usage Report
Data Transferred over HTTP
region-Out-Bytes-HTTP-Static: Bytes served via HTTP for objects with TTL 3600 seconds
region-Out-Bytes-HTTP-Dynamic: Bytes served via HTTP for objects with TTL < 3600 seconds
region-Out-Bytes-HTTP-Proxy: Bytes returned from CloudFront to viewers via HTTP in response
to DELETE, OPTIONS, PATCH, POST, and PUT requests
region-Out-OBytes-HTTP-Proxy: Total bytes transferred via HTTP from CloudFront edge
locations to your origin in response to DELETE, OPTIONS, PATCH, POST, and PUT requests
Data Transferred over HTTPS
region-Out-Bytes-HTTPS-Static: Bytes served via HTTPS for objects with TTL 3600 seconds
region-Out-Bytes-HTTPS-Dynamic: Bytes served via HTTPS for objects with TTL < 3600
seconds
region-Out-Bytes-HTTPS-Proxy: Bytes returned from CloudFront to viewers via HTTPS in
response to DELETE, OPTIONS, PATCH, POST, and PUT requests
region-Out-OBytes-HTTPS-Proxy: Total bytes transferred via HTTPS from CloudFront edge
locations to your origin in response to DELETE, OPTIONS, PATCH, POST, and PUT requests
Data Transferred by Destination
This chart shows the total amount of data transferred over HTTP and HTTPS from CloudFront edge
locations in the selected region during each time interval for the specified CloudFront distribution.
Data Transferred from CloudFront to Your Users
region-Out-Bytes-HTTP-Static: Bytes served via HTTP for objects with TTL 3600 seconds
region-Out-Bytes-HTTPS-Static: Bytes served via HTTPS for objects with TTL 3600 seconds
region-Out-Bytes-HTTP-Dynamic: Bytes served via HTTP for objects with TTL < 3600 seconds
region-Out-Bytes-HTTPS-Dynamic: Bytes served via HTTPS for objects with TTL < 3600
seconds
region-Out-Bytes-HTTP-Proxy: Bytes returned from CloudFront to viewers via HTTP in response
to DELETE, OPTIONS, PATCH, POST, and PUT requests
region-Out-Bytes-HTTPS-Proxy: Bytes returned from CloudFront to viewers via HTTPS in
response to DELETE, OPTIONS, PATCH, POST, and PUT requests
Data Transferred from CloudFront to Your Origin
region-Out-OBytes-HTTP-Proxy: Total bytes transferred via HTTP from CloudFront edge
locations to your origin in response to DELETE, OPTIONS, PATCH, POST, and PUT requests
region-Out-OBytes-HTTPS-Proxy: Total bytes transferred via HTTPS from CloudFront edge
locations to your origin in response to DELETE, OPTIONS, PATCH, POST, and PUT requests
CloudFront Viewers Reports
The CloudFront console can display four reports about the physical devices (desktop computers, mobile
devices) and about the viewers (typically web browsers) that are accessing your content:
DevicesThe type of the devices that your users use most frequently to access your content, for
example, Desktop or Mobile.
BrowsersThe name (or the name and version) of the browsers that your users use most frequently
to access your content, for example, Chrome or Firefox.The report lists the top 10 browsers.
Operating SystemsThe name (or the name and version) of the operating system that viewers run
on most frequently when accessing your content, for example, Linux, Mac OS X, or Windows. The
report lists the top 10 operating systems.
API Version 2016-08-01
29
Amazon CloudFront Developer Guide
CloudFront Viewers Reports
LocationsThe locations, by country or by U.S. state/territory, of the viewers that access your content
most frequently. The report lists the top 50 countries or U.S. states/territories.
You can display all four Viewers reports for any date range in the previous 60 days. For the Locations
report, you can also display the report with data points every hour for any date range of up to 14 days in
the previous 60 days.
Note
You don't need to enable access logging to view Viewers charts and reports.
Topics
Displaying Viewers Charts and Reports (p. 30)
Downloading Data in CSV Format (p. 31)
How Data in the Locations Report Is Related to Data in the CloudFront Access Logs (p. 35)
Displaying Viewers Charts and Reports
To display CloudFront Viewers charts and reports, perform the following procedure.
To display CloudFront Viewers charts and reports
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. In the navigation pane, click Viewers.
3. In the CloudFront Viewers pane, for Start Date and End Date, select the date range for which you
want to display viewer charts and reports.
For the Locations chart, available ranges depend on the value that you select for Granularity:
DailyTo display charts with one data point per day, select any date range in the previous 60
days.
HourlyTo display charts with one data point every hour, select any date range of up to 14 days
within the previous 60 days.
Dates and times are in Coordinated Universal Time (UTC).
4. (Browsers and Operating Systems charts only) For Grouping, specify whether you want to group
browsers and operating systems by name (Chrome, Firefox) or by name and version (Chrome 40.0,
Firefox 35.0).
5. (Locations chart only) For Granularity, specify whether to display one data point per day or one data
point per hour in the charts. If you specify a date range greater than 14 days, the option to specify
one data point per hour is not available.
6. (Locations chart only) For Details, specify whether to display the top locations by countries or by
U.S. states.
7. In the Distribution list, select the distribution for which you want to display data in the usage charts:
An individual web distributionThe charts display data for the selected CloudFront web
distribution. The Distribution list displays the distribution ID and an alternate domain name
(CNAME) for the distribution, if any. If a distribution has no alternate domain names, the list includes
an origin domain name for the distribution.
All Web Distributions (excludes deleted)The charts display summed data for all web
distributions that are associated with the current AWS account, excluding web distributions that
you have deleted.
API Version 2016-08-01
30
Amazon CloudFront Developer Guide
Displaying Viewers Charts and Reports
8. Click Update.
9. To view data for a daily or hourly data point within a chart, move your mouse pointer over the data
point.
Downloading Data in CSV Format
You can download each of the Viewer reports in CSV format. This section explains how to download the
reports and describes the values in the report.
To download the Viewer reports in CSV format
1. While viewing the applicable Viewer report, click CSV.
2. Choose the data that you want to download, for example, Devices or Devices Trends.
3. In the Opening file name dialog box, choose whether to open or save the file.
Topics
Information About the Reports (p. 31)
Devices Report (p. 32)
Device Trends Report (p. 32)
Browsers Report (p. 32)
Browser Trends Report (p. 33)
Operating Systems Report (p. 33)
Operating System Trends Report (p. 34)
Locations Report (p. 34)
Location Trends Report (p. 35)
Information About the Reports
The first few rows of each report includes the following information:
Version
The version of the format for this CSV file.
Report
The name of the report.
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all web distributions.
StartDateUTC
The beginning of the date range for which you ran the report, in Coordinated Universal Time (UTC).
EndDateUTC
The end of the date range for which you ran the report, in Coordinated Universal Time (UTC).
GeneratedTimeUTC
The date and time on which you ran the report, in Coordinated Universal Time (UTC).
Grouping (Browsers and Operating Systems Reports Only)
Whether the data is grouped by the name or by the name and version of the browser or operating
system.
Granularity
Whether each row in the report represents one hour or one day.
Details (Locations Report Only)
Whether requests are listed by country or by U.S. state.
API Version 2016-08-01
31
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
Devices Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
Requests
The number of requests that CloudFront received from each type of device.
RequestsPct
The number of requests that CloudFront received from each type of device as a percentage of the
total number of requests that CloudFront received from all devices.
Device Trends Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
TimeBucket
The hour or the day that the data applies to, in Coordinated Universal Time (UTC).
Desktop
The number of requests that CloudFront received from desktop computers during the period.
Mobile
The number of requests that CloudFront received from mobile devices during the period. Mobile
devices can include both tablets and mobile phones. If CloudFront can't determine whether a request
originated from a mobile device or a tablet, it's counted in the Mobile column.
Smart-TV
The number of requests that CloudFront received from smart TVs during the period.
Tablet
The number of requests that CloudFront received from tablets during the period. If CloudFront can't
determine whether a request originated from a mobile device or a tablet, it's counted in the Mobile
column.
Unknown
Requests for which the value of the User-Agent HTTP header was not associated with one of the
standard device types, for example, Desktop or Mobile.
Empty
The number of requests that CloudFront received that didn't include a value in the HTTP User-Agent
header during the period.
Browsers Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
API Version 2016-08-01
32
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
Group
The browser or the browser and version that CloudFront received requests from, depending on the
value of Grouping. In addition to browser names, possible values include the following:
Bot/Crawler – primarily requests from search engines that are indexing your content.
Empty – requests for which the value of the User-Agent HTTP header was empty.
Other – browsers that CloudFront identified but that aren't among the most popular. If
Bot/Crawler, Empty, and/or Unknown don't appear among the first nine values, then they're
also included in Other.
Unknown – requests for which the value of the User-Agent HTTP header was not associated
with a standard browser. Most requests in this category come from custom applications or scripts.
Requests
The number of requests that CloudFront received from each type of browser.
RequestsPct
The number of requests that CloudFront received from each type of browser as a percentage of the
total number of requests that CloudFront received during the time period.
Browser Trends Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
TimeBucket
The hour or the day that the data applies to, in Coordinated Universal Time (UTC).
(Browsers)
The remaining columns in the report list the browsers or the browsers and their versions, depending
on the value of Grouping. In addition to browser names, possible values include the following:
Bot/Crawler – primarily requests from search engines that are indexing your content.
Empty – requests for which the value of the User-Agent HTTP header was empty.
Other – browsers that CloudFront identified but that aren't among the most popular. If
Bot/Crawler, Empty, and/or Unknown don't appear among the first nine values, then they're
also included in Other.
Unknown – requests for which the value of the User-Agent HTTP header was not associated
with a standard browser. Most requests in this category come from custom applications or scripts.
Operating Systems Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
API Version 2016-08-01
33
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
Group
The operating system or the operating system and version that CloudFront received requests from,
depending on the value of Grouping. In addition to operating system names, possible values include
the following:
Bot/Crawler – primarily requests from search engines that are indexing your content.
Empty – requests for which the value of the User-Agent HTTP header was empty.
Other – operating systems that CloudFront identified but that aren't among the most popular. If
Bot/Crawler, Empty, and/or Unknown don't appear among the first nine values, then they're
also included in Other.
Unknown – requests for which the value of the User-Agent HTTP header was not associated
with a standard browser. Most requests in this category come from custom applications or scripts.
Requests
The number of requests that CloudFront received from each type of operating system.
RequestsPct
The number of requests that CloudFront received from each type of operating system as a percentage
of the total number of requests that CloudFront received during the time period.
Operating System Trends Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
TimeBucket
The hour or the day that the data applies to, in Coordinated Universal Time (UTC).
(Operating systems)
The remaining columns in the report list the operating systems or the operating systems and their
versions, depending on the value of Grouping. In addition to operating system names, possible
values include the following:
Bot/Crawler – primarily requests from search engines that are indexing your content.
Empty – requests for which the value of the User-Agent HTTP header was empty.
Other – operating systems that CloudFront identified but that aren't among the most popular. If
Bot/Crawler, Empty, and/or Unknown don't appear among the first nine values, then they're
also included in Other.
Unknown – requests for which the operating system isn't specified in the User-Agent HTTP
header.
Locations Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
API Version 2016-08-01
34
Amazon CloudFront Developer Guide
Downloading Data in CSV Format
LocationCode
The abbreviation for the location that CloudFront received requests from. For more information about
possible values, see the description of Location in How Data in the Locations Report Is Related to
Data in the CloudFront Access Logs (p. 35).
LocationName
The name of the location that CloudFront received requests from.
Requests
The number of requests that CloudFront received from each location.
RequestsPct
The number of requests that CloudFront received from each location as a percentage of the total
number of requests that CloudFront received from all locations during the time period.
TotalBytes
The number of bytes that CloudFront served to viewers in this country or state, for the specified
distribution and period.
Location Trends Report
The report includes the following values:
DistributionID
The ID of the distribution that you ran the report for, or ALL if you ran the report for all distributions.
FriendlyName
An alternate domain name (CNAME) for the distribution, if any. If a distribution has no alternate
domain names, the list includes an origin domain name for the distribution.
TimeBucket
The hour or the day that the data applies to, in Coordinated Universal Time (UTC).
(Locations)
The remaining columns in the report list the locations that CloudFront received requests from. For
more information about possible values, see the description of Location in How Data in the Locations
Report Is Related to Data in the CloudFront Access Logs (p. 35).
How Data in the Locations Report Is Related to
Data in the CloudFront Access Logs
The following list shows how data in the Locations report in the CloudFront console corresponds with
values in CloudFront access logs. For more information about CloudFront access logs, see Access
Logs (p. 256).
Location
The country or U.S. state that the viewer is in. In access logs, the c-ip column contains the IP
address of the device that the viewer is running on.We use geolocation data to identify the geographic
location of the device based on the IP address.
If you're displaying the Locations report by country, note that the country list is based on ISO 3166-2,
Codes for the representation of names of countries and their subdivisions – Part 2: Country subdivision
code. The country list includes the following additional values:
Anonymous ProxyThe request originated from an anonymous proxy.
Satellite ProviderThe request originated from a satellite provider that provides Internet service
to multiple countries. Users might be in countries with a high risk of fraud.
Europe (Unknown)The request originated from an IP in a block that is used by multiple European
countries. The country that the request originated from cannot be determined. CloudFront uses
Europe (Unknown) as the default.
API Version 2016-08-01
35
Amazon CloudFront Developer Guide
How Data in the Locations Report Is Related to Data in
the CloudFront Access Logs
Asia/Pacific (Unknown)The request originated from an IP in a block that is used by multiple
countries in the Asia/Pacific region.The country that the request originated from cannot be
determined. CloudFront uses Asia/Pacific (Unknown) as the default.
If you're displaying the Locations report by U.S. state, note that the report can include U.S. territories
and U.S. Armed Forces regions.
Request Count
The total number of requests from the country or U.S. state that the viewer is in, for the specified
distribution and period. This value generally corresponds closely with the number of GET requests
from IP addresses in that country or state in CloudFront access logs.
Request %
One of the following, depending on the value that you selected for Details:
CountriesThe requests from this country as a percentage of the total number of requests.
U.S. StatesThe requests from this state as a percentage of the total number of requests from
the United States.
If requests came from more than 50 countries, then you can't calculate Request % based on the
data in this table because the Request Count column doesn't include all of the requests during the
specified period.
Bytes
The number of bytes that CloudFront served to viewers in this country or state, for the specified
distribution and period. To change the display of data in this column to KB, MB, or GB, click the link
in the column heading.
API Version 2016-08-01
36
Amazon CloudFront Developer Guide
How Data in the Locations Report Is Related to Data in
the CloudFront Access Logs
Getting Started with CloudFront
The example in this topic gives you a quick overview of how to use CloudFront to:
Store the original versions of your objects in one Amazon Simple Storage Service (Amazon S3) bucket.
Distribute download content such as text or graphics.
Make your objects accessible to everyone.
Use the CloudFront domain name in URLs for your objects (for example,
http://d111111abcdef8.cloudfront.net/image.jpg) instead of your own domain name (for
example, http://www.example.com/image.jpg).
Keep your objects in CloudFront edge locations for the default duration of 24 hours. (The minimum
duration is 0 seconds.)
For information about how to use CloudFront when you want to use other options, see Task List for
Creating a Web Distribution (p. 58) or Task List for Streaming Media Files Using RTMP (p. 89).
You only need to perform a few basic steps to start delivering your content using CloudFront. The first
step is signing up. After that, you create a CloudFront distribution, and then use the CloudFront domain
name to reference content in your web pages or applications.
Topics
Step 1: Sign up for Amazon Web Services (p. 37)
Step 2: Upload your content to Amazon S3 and grant object permissions (p. 38)
Step 3: Create a CloudFront Web Distribution (p. 39)
Step 4: Test your links (p. 45)
Step 1: Sign up for Amazon Web Services
If you haven't already done so, sign up for Amazon Web Services at http://aws.amazon.com. Just choose
Sign Up Now and enter any required information.
API Version 2016-08-01
37
Amazon CloudFront Developer Guide
Step 1: Sign up for Amazon Web Services
Step 2: Upload your content to Amazon S3 and
grant object permissions
An Amazon S3 bucket is a container that can contain objects or folders. CloudFront can distribute almost
any type of object for you using an Amazon S3 bucket as the source, for example, text, images, and
videos.You can create multiple buckets, and there is no limit to the amount of data that you can store on
Amazon S3.
By default, your Amazon S3 bucket and all of the objects in it are private—only the AWS account that
created the bucket has permission to read or write the objects in it. If you want to allow anyone to access
the objects in your Amazon S3 bucket using CloudFront URLs, you must grant public read permissions
to the objects. (This is one of the most common mistakes when working with CloudFront and Amazon
S3.You must explicitly grant privileges to each object in an Amazon S3 bucket.)
Note
If you want to restrict who can download your content, you can use the CloudFront private content
feature. For more information about distributing private content, see Serving Private Content
through CloudFront (p. 162).
To upload your content to Amazon S3 and grant read permission to everyone
1. Sign in to the AWS Management Console and open the Amazon S3 console at https://
console.aws.amazon.com/s3/.
2. In the Amazon S3 console, choose Create Bucket.
3. In the Create Bucket dialog, enter a bucket name.
Important
For your bucket to work with CloudFront, the name must conform to DNS naming
requirements. For more information, go to Bucket Restrictions and Limitations in the Amazon
Simple Storage Service Developer Guide.
4. Select a region for your bucket. By default, Amazon S3 creates buckets in the US East (N. Virginia)
region. We recommend that you choose a region close to you to optimize latency, minimize costs,
or to address regulatory requirements.
5. Choose Create.
6. Select your bucket in the Buckets pane, and choose Upload.
7. On the Upload - Select Files page, choose Add Files, and choose the files that you want to upload.
API Version 2016-08-01
38
Amazon CloudFront Developer Guide
Step 2: Upload your content to Amazon S3 and grant
object permissions
8. Enable public read privileges for each object that you upload to your Amazon S3 bucket.
a. Choose Set Details.
b. On the Set Details page, choose Set Permissions.
c. On the Set Permissions page, choose Make everything public.
9. Choose Start Upload.
After the upload completes, you can navigate to this item by its URL. In the case of the previous
example, the URL would be:
http://s3.amazonaws.com/example-myawsbucket/filename
Use your Amazon S3 URL to verify that your content is publicly accessible, but remember that this
is not the URL you will use when you are ready to distribute your content.
Step 3: Create a CloudFront Web Distribution
To create a CloudFront web distribution
1. Open the CloudFront console at https://console.aws.amazon.com/cloudfront/.
2. Choose Create Distribution.
3. On the Select a delivery method for your content page, in the Web section, choose Get Started.
API Version 2016-08-01
39
Amazon CloudFront Developer Guide
Step 3: Create a CloudFront Web Distribution
4. On the Create Distribution page, under Origin Settings, choose the Amazon S3 bucket that you
created earlier. For Origin ID, Origin Path, Restrict Bucket Access, and Origin Custom Headers,
accept the default values.
5. Under Default Cache Behavior Settings, accept the default values, and CloudFront will:
API Version 2016-08-01
40
Amazon CloudFront Developer Guide
Step 3: Create a CloudFront Web Distribution
Forward all requests that use the CloudFront URL for your distribution (for example,
http://d111111abcdef8.cloudfront.net/image.jpg) to the Amazon S3 bucket that you
specified in Step 4.
Allow end users to use either HTTP or HTTPS to access your objects.
Respond to requests for your objects.
Cache your objects at CloudFront edge locations for 24 hours.
Forward only the default request headers to your origin and not cache your objects based on the
values in the headers.
Exclude cookies and query string parameters, if any, when forwarding requests for objects to your
origin. (Amazon S3 doesn't process cookies and processes only a limited set of query string
parameters.)
Not be configured to distribute media files in the Microsoft Smooth Streaming format.
Allow everyone to view your content.
Not automatically compress your content.
For more information about cache behavior options, see Cache Behavior Settings (p. 68).
API Version 2016-08-01
41
Amazon CloudFront Developer Guide
Step 3: Create a CloudFront Web Distribution
6. Under Distribution Settings, enter the applicable values:
Price Class
Select the price class that corresponds with the maximum price that you want to pay for
CloudFront service. By default, CloudFront serves your objects from edge locations in all
CloudFront regions.
API Version 2016-08-01
42
Amazon CloudFront Developer Guide
Step 3: Create a CloudFront Web Distribution
For more information about price classes and about how your choice of price class affects
CloudFront performance for your distribution, go to Choosing the Price Class for a CloudFront
Distribution (p. 54). For information about CloudFront pricing, including how price classes map
to CloudFront regions, go to Amazon CloudFront Pricing.
AWS WAF Web ACL
If you want to use AWS WAF to allow or block HTTP and HTTPS requests based on criteria that
you specify, choose the web ACL to associate with this distribution. For more information about
AWS WAF, see the AWS WAF Developer Guide.
Alternate Domain Names (CNAMEs) (Optional)
Specify one or more domain names that you want to use for URLs for your objects instead of
the domain name that CloudFront assigns when you create your distribution. For example, if
you want the URL for the object:
/images/image.jpg
to look like this:
http://www.example.com/images/image.jpg
instead of like this:
http://d111111abcdef8.cloudfront.net/images/image.jpg
you would create a CNAME for www.example.com.
Important
If you add a CNAME for www.example.com to your distribution, you also need to create
(or update) a CNAME record with your DNS service to route queries for
www.example.com to d111111abcdef8.cloudfront.net.You must have permission
to create a CNAME record with the DNS service provider for the domain. Typically, this
means that you own the domain, but you may also be developing an application for the
domain owner. For more information about CNAMEs, see Using Alternate Domain
Names (CNAMEs) (p. 50).
For the current limit on the number of alternate domain names that you can add to a distribution,
see Amazon CloudFront Limits in the Amazon Web Services General Reference.To request a
higher limit, go to https://console.aws.amazon.com/support/home#/case/
create?issueType=service-limit-increase&limitType=service-code-cloudfront-distributions.
SSL Certificate
Accept the default value, Default CloudFront Certificate.
Default Root Object (Optional)
The object that you want CloudFront to request from your origin (for example, index.html)
when a viewer requests the root URL of your distribution (http://www.example.com/) instead
of an object in your distribution (http://www.example.com/product-description.html).
Specifying a default root object avoids exposing the contents of your distribution.
Logging (Optional)
If you want CloudFront to log information about each request for an object and store the log files
in an Amazon S3 bucket, select On, and specify the bucket and an optional prefix for the names
of the log files.There is no extra charge to enable logging, but you accrue the usual Amazon
S3 charges for storing and accessing the files. CloudFront doesn't delete the logs automatically,
but you can delete them at any time.
Cookie Logging
In this example, we're using Amazon S3 as the origin for your objects, and Amazon S3 doesn't
process cookies, so we recommend that you select Off for the value of Cookie Logging.
Comment (Optional)
Enter any comments that you want to save with the distribution.
API Version 2016-08-01
43
Amazon CloudFront Developer Guide
Step 3: Create a CloudFront Web Distribution
Distribution State
Select Enabled if you want CloudFront to begin processing requests as soon as the distribution
is created, or select Disabled if you do not want CloudFront to begin processing requests after
the distribution is created.
7. Choose Create Distribution.
8. After CloudFront has created your distribution, the value of the Status column for your distribution
will change from InProgress to Deployed. If you chose to enable the distribution, it will then be ready
to process requests.This should take less than 15 minutes.
The domain name that CloudFront assigns to your distribution appears in the list of distributions. (It
also appears on the General tab for a selected distribution.)
API Version 2016-08-01
44
Amazon CloudFront Developer Guide
Step 3: Create a CloudFront Web Distribution
Step 4:Test your links
After you've created your distribution, CloudFront knows where your Amazon S3 origin server is, and you
know the domain name associated with the distribution.You can create a link to your Amazon S3 bucket
content with that domain name, and have CloudFront serve it.
Note
You must wait until the status of your distribution changes to Deployed before testing your links.
To link to your objects
1. Copy the following HTML into a new file:
Replace <domain name> with the domain name that CloudFront assigned to your distribution.
Replace <object name> with the name of a file in your Amazon S3 bucket.
<html>
<head>My CloudFront Test</head>
<body>
<p>My text content goes here.</p>
<p><img src="http://domain name/object name" alt="my test image"/>
</body>
</html>
For example, if your domain name was d111111abcdef8.cloudfront.net and your object was
image.jpg, the URL for the link would be:
http://d111111abcdef8.cloudfront.net/image.jpg.
If your object is in a folder within your bucket, include the folder in the URL. For example, if image.jpg
is located in an images folder, then the URL would be:
http://d111111abcdef8.cloudfront.net/images/image.jpg
2. Save the text in a file that has a .html filename extension.
3. Open your web page in a browser to ensure that you can see your content. If you cannot see the
content, confirm that you have performed all of the steps correctly.You can also see the tips in
Troubleshooting (p. 282).
The browser returns your page with the embedded image file, served from the edge location that CloudFront
determined was appropriate to serve the object.
For more information on using CloudFront, go to Amazon CloudFront Resources (p. 355).
API Version 2016-08-01
45
Amazon CloudFront Developer Guide
Step 4:Test your links
Working with Distributions
Topics
Overview of Web and RTMP Distributions (p. 47)
Creating Web and RTMP Distributions (p. 48)
Listing, Viewing, and Updating CloudFront Distributions (p. 48)
Deleting a Distribution (p. 49)
Using Alternate Domain Names (CNAMEs) (p. 50)
Choosing the Price Class for a CloudFront Distribution (p. 54)
Using CloudFront with Amazon S3 (p. 54)
Changes to the CloudFront API (p. 56)
The following table lists the actions you can perform on a distribution and provides links to the
corresponding documentation on how to perform the actions using the CloudFront console and the
CloudFront API.
Using the CloudFront
API: RTMP Distribu-
tions
Using the CloudFront
API:Web Distributions
Using the CloudFront
Console
Action
Go to POST Streaming
Distribution
Go to POST DistributionWeb Distributions: See
Task List for Creating a
Web Distribution (p. 58)
RTMP Distributions:
See Task List for
Streaming Media Files
Using RTMP (p. 89)
Create a distribution
Go to GET Streaming
Distribution List
Go to GET Distribution
List
See Listing, Viewing,
and Updating Cloud-
Front Distribu-
tions (p. 48)
List your distributions
Go to GET Streaming
Distribution
Go to GET DistributionSee Listing, Viewing,
and Updating Cloud-
Front Distribu-
tions (p. 48)
Get all information about
a distribution
API Version 2016-08-01
46
Amazon CloudFront Developer Guide
Using the CloudFront
API: RTMP Distribu-
tions
Using the CloudFront
API:Web Distributions
Using the CloudFront
Console
Action
Go to GET Streaming
Distribution Config
Go to GET Distribution
Config
See Listing, Viewing,
and Updating Cloud-
Front Distribu-
tions (p. 48)
Get the distribution con-
figuration
Go to PUT Streaming
Distribution Config
Go to PUT Distribution
Config
See Listing, Viewing,
and Updating Cloud-
Front Distribu-
tions (p. 48)
Update a distribution
Go to DELETE Stream-
ing Distribution
Go to DELETE Distribu-
tion
See Deleting a Distribu-
tion (p. 49)
Delete a distribution
Overview of Web and RTMP Distributions
When you want to use CloudFront to distribute your content, you create a distribution and specify
configuration settings such as:
Your origin, which is the Amazon S3 bucket or HTTP server from which CloudFront gets the files that
it distributes.You can specify any combination of up to 10 Amazon S3 buckets and/or HTTP servers
as your origins.
Whether you want the files to be available to everyone or you want to restrict access to selected users.
Whether you want CloudFront to require users to use HTTPS to access your content.
Whether you want CloudFront to forward cookies and/or query strings to your origin.
Whether you want CloudFront to prevent users in selected countries from accessing your content.
Whether you want CloudFront to create access logs.
For the current limit on the number of web and RTMP distributions that you can create for each AWS
account, see Amazon CloudFront Limits in the Amazon Web Services General Reference.To request a
higher limit, go to https://console.aws.amazon.com/support/home#/case/
create?issueType=service-limit-increase&limitType=service-code-cloudfront-distributions.
The number of files that you can serve per distribution is unlimited.
Web Distributions
You can use web distributions to serve the following content over HTTP or HTTPS:
Static and dynamic download content, for example, .html, .css, .php, and image files, using HTTP or
HTTPS.
Multimedia content on demand using progressive download and Apple HTTP Live Streaming (HLS).
For more information, see the applicable topic in Working with Web Distributions (p. 58).
You can't serve Adobe Flash multimedia content over HTTP or HTTPS, but you can serve it using a
CloudFront RTMP distribution. See RTMP Distributions (p. 48) below.
A live event, such as a meeting, conference, or concert, in real time. For live streaming, you create the
distribution automatically by using an AWS CloudFormation stack. For more information, see the
applicable live-streaming tutorial in CloudFront Streaming Tutorials (p. 286).
API Version 2016-08-01
47
Amazon CloudFront Developer Guide
Overview of Web and RTMP Distributions
For web distributions, your origin can be either an Amazon S3 bucket or an HTTP server, for example,
a web server. For more information about how web distributions work, including the values that you specify
when you create a web distribution, see Working with Web Distributions (p. 58). For information about
creating a web distribution, see Task List for Creating a Web Distribution (p. 58).
RTMP Distributions
RTMP distributions stream media files using Adobe Media Server and the Adobe Real-Time Messaging
Protocol (RTMP). An RTMP distribution must use an Amazon S3 bucket as the origin.
For information about the values you specify when you create an RTMP distribution, see Working with
RTMP Distributions (p. 87). For information about creating an RTMP distribution, see Task List for
Streaming Media Files Using RTMP (p. 89).
Creating Web and RTMP Distributions
Web distributions: For information about creating web distributions using the CloudFront console, see
Task List for Creating a Web Distribution (p. 58). For information about creating web distributions using
the CloudFront API, see POST Distribution in the Amazon CloudFront API Reference.
RTMP distributions: For information about creating RTMP distributions using the CloudFront console,
see Task List for Streaming Media Files Using RTMP (p. 89). For information about creating RTMP
distributions using the CloudFront API, see POST Streaming Distribution in the Amazon CloudFront API
Reference.
Listing,Viewing, and Updating CloudFront
Distributions
You can use the CloudFront console to list the CloudFront distributions that are associated with your
AWS account, view the settings for a distribution, and update most settings.
When you save changes to your distribution configuration, CloudFront starts to propagate the changes
to all edge locations. Until your configuration is updated in an edge location, CloudFront continues to
serve your content from that location based on the previous configuration. After your configuration is
updated in an edge location, CloudFront immediately starts to serve your content from that location based
on the new configuration.
Your changes don't propagate to every edge location instantaneously; propagation to all edge locations
should take less than 15 minutes. When propagation is complete, the status of your distribution changes
from InProgress to Deployed. While CloudFront is propagating your changes to edge locations, we
cannot determine whether a given edge location is serving your content based on the previous configuration
or the new configuration.
To List, View, and Update CloudFront Distributions Using the CloudFront Console
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. In the top pane of the CloudFront console, select the distribution that you want to view or update.
Note
The top pane lists all of the distributions that are associated with the AWS account that you
used when you signed in to the CloudFront console.
API Version 2016-08-01
48
Amazon CloudFront Developer Guide
RTMP Distributions
3. To view or edit RTMP distribution settings, skip to Step 4.
To view or edit settings for a web distribution, perform the following steps.
a. In the Distribution Settings pane, click the tab for the settings that you want to change: General,
Origins, or Behaviors.
b. For general settings, click Edit.
For origins or cache behaviors, click the origin or cache behavior, and click Edit.
c. Enter or update the applicable values. For information about the fields, see the following topics:
General settings: Distribution Details (p. 75)
Origin settings: Origin Settings (p. 64)
Cache behavior settings: Cache Behavior Settings (p. 68)
d. Click Yes, Edit.
4. To edit or view settings for an RTMP distribution:
a. In the Distribution Details pane, click Edit.
b. Enter or update the applicable values. For information about the fields, see Values that You
Specify When You Create or Update an RTMP Distribution (p. 90).
c. Click Yes, Edit.
Deleting a Distribution
If you no longer want to use a distribution, use the following procedure to delete it using the CloudFront
console.
You can also delete a distribution using the CloudFront API:
To delete a web distribution, use the DELETE Distribution API action. For more information, go to
DELETE Distribution in the Amazon CloudFront API Reference.
To delete an RTMP distribution, use the DELETE Streaming Distribution API action. For more
information, go to DELETE Streaming Distribution in the Amazon CloudFront API Reference.
Note
CloudFront lets you create a combined total of up to 100 web and RTMP distributions for an
AWS account.
To Delete a CloudFront Distribution Using the CloudFront Console
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. In the right pane of the CloudFront console, find the distribution that you want to delete.
3. If the value of the State column is Disabled, skip to Step 7.
If the value of State is Enabled and the value of Status is Deployed, continue with Step 4 to disable
the distribution before deleting it.
API Version 2016-08-01
49
Amazon CloudFront Developer Guide
Deleting a Distribution
If the value of State is Enabled and the value of Status is InProgress, wait until Status changes
to Deployed. Then continue with Step 4 to disable the distribution before deleting it.
4. In the right pane of the CloudFront console, check the check box for the distribution that you want
to delete.
5. Click Disabled to disable the distribution, and click Yes, Disable to confirm. Then click Close.
6. The value of the State column immediately changes to Disabled. Wait until the value of the Status
column changes to Deployed.
7. Check the check box for the distribution that you want to delete.
8. Click Delete, and click Yes, Delete to confirm. Then click Close.
Using Alternate Domain Names (CNAMEs)
In CloudFront, an alternate domain name, also known as a CNAME, lets you use your own domain name
(for example, www.example.com) for links to your objects instead of using the domain name that
CloudFront assigns to your distribution. Both web and RTMP distributions support alternate domain
names.
When you create a distribution, CloudFront returns a domain name for the distribution, for example:
d111111abcdef8.cloudfront.net
When you use the CloudFront domain name for your objects, the URL for an object called
/images/image.jpg is:
http://d111111abcdef8.cloudfront.net/images/image.jpg
If you want to use your own domain name, such as www.example.com, instead of the cloudfront.net
domain name that CloudFront assigned to your distribution, you can add an alternate domain name to
your distribution for www.example.com.You can then use the following URL for /images/image.jpg:
http://www.example.com/images/image.jpg
Topics
Using the * Wildcard in Alternate Domain Names (p. 50)
Restrictions on Using Alternate Domain Names (p. 51)
Adding an Alternate Domain Name (p. 51)
Using the * Wildcard in Alternate Domain Names
When you add alternate domain names, you can use the * wildcard at the beginning of a domain name
instead of specifying subdomains individually. For example, with an alternate domain name of
*.example.com, you can use any domain name that ends with example.com in your object URLs, such
as www.example.com, product-name.example.com, and marketing.product-name.example.com.
The name of an object is the same regardless of the domain name, for example:
www.example.com/images/image.jpg
product-name.example.com/images/image.jpg
marketing.product-name.example.com/images/image.jpg
The alternate domain name must begin with an asterisk and a dot ( *. ).You cannot use a wildcard to
replace part of a subdomain name, like this: *domain.example.com, and you cannot replace a subdomain
in the middle of a domain name, like this: subdomain.*.example.com.
API Version 2016-08-01
50
Amazon CloudFront Developer Guide
Using Alternate Domain Names (CNAMEs)
A wildcard alternate domain name, such as *.example.com, can include another alternate domain
name, such as example.com, as long as they're both in the same CloudFront distribution or they're in
distributions that were created by using the same AWS account.
Restrictions on Using Alternate Domain Names
Note the following restrictions on using alternate domain names:
Maximum Number of Alternate Domain Names
For the current limit on the number of alternate domain names that you can add to a distribution, see
Amazon CloudFront Limits in the Amazon Web Services General Reference.To request a higher
limit, go to https://console.aws.amazon.com/support/home#/case/
create?issueType=service-limit-increase&limitType=service-code-cloudfront-distributions.
Permission to Change DNS Configuration
If you're adding alternate domain names to your distribution, you need to create CNAME records to
route DNS queries for the domain names to your CloudFront distribution.You must have permission
to create CNAME records with the DNS service provider for the corresponding domains. Typically,
this means that you own the domains, but you may also be developing an application for the domain
owner.
Duplicate and Overlapping Alternate Domain Names
You cannot add an alternate domain name to a CloudFront distribution if the alternate domain name
already exists in another CloudFront distribution, even if your AWS account owns the other distribution.
However, you can add a wildcard alternate domain name, such as *.example.com, that includes
(that overlaps with) a non-wildcard alternate domain name, such as www.example.com. Overlapping
domain names can be in the same distribution or in separate distributions as long as both distributions
were created by using the same AWS account.
Alternate Domain Names at the Zone Apex for a Domain
When you add an alternate domain name to a distribution, you need to create a CNAME record in
your DNS configuration to route DNS queries for the domain name to your CloudFront distribution.
However, you can't create a CNAME record for the top node of a DNS namespace, also known as
the zone apex; the DNS protocol doesn't allow it. For example, if you register the DNS name
example.com, the zone apex is example.com.You can't create a CNAME record for example.com,
but you can create CNAME records for www.example.com, newproduct.example.com, and so
on.
If you're using Amazon Route 53 as your DNS service, you can create an alias resource record set
instead of a CNAME.You can create an alias resource record set for a domain name at the zone
apex (example.com). In addition, with an alias resource record set, you don't pay for Amazon Route 53
queries. For more information, go to Routing Queries to an Amazon CloudFront Distribution in the
Amazon Route 53 Developer Guide.
Alternate Domain Names and HTTPS
If you want viewers to use HTTPS with an alternate domain names, additional configuration is required.
For more information, see Using Alternate Domain Names and HTTPS (p. 234).
Adding an Alternate Domain Name
The following task list describes the process for using the CloudFront console to add an alternate domain
name to your distribution so you can use your own domain name in your links instead of the CloudFront
domain name that is associated with your distribution.
Note
If you want viewers to use HTTPS with your alternate domain name, see Using Alternate Domain
Names and HTTPS (p. 234).
API Version 2016-08-01
51
Amazon CloudFront Developer Guide
Restrictions on Using Alternate Domain Names
For information about updating your distribution using the CloudFront API, see Working with
Distributions (p. 46).
Adding an Alternate Domain Name Using the CloudFront Console
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. In the CloudFront console, use the steps below to update your distribution to include your domain
name as an alternate domain name in the Alternate Domain Names (CNAMEs) field.
a. In the top pane of the CloudFront console, select the distribution that you want to update, and
click Distribution Settings.
b. On the General tab, click Edit.
c. Add the applicable alternate domain names in the Alternate Domain Names (CNAMEs) field.
Separate domain names with commas or put each one on a new line.
d. Web distributions only: For SSL Certificate, choose the applicable option:
If you don't want to use SSL – Click Default CloudFront Certificate.
If you do want to use SSL – Click Custom SSL Certificate, and choose a certificate from
the list. Note that the list can include both certificates provisioned by AWS Certificate Manager
and certificates that you purchased from another certificate authority and uploaded to the IAM
certificate store.
If you uploaded a certificate to the IAM certificate store but it doesn't appear in the list, review
the procedure To use alternate domain names with HTTPS (p.238) to confirm that you correctly
uploaded the certificate to the IAM certificate store.
If you choose this setting, we recommend that you use only an alternate domain name in your
object URLs (https://example.com/logo.jpg). If you use your CloudFront distribution domain
name (https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then
CloudFront behaves normally. However, a viewer that does not support SNI exhibits one of
the following behaviors, depending on the value of Clients Supported:
All Clients: If the viewer doesn't support SNI, it displays a warning because the CloudFront
domain name doesn't match the domain name in your SSL certificate.
Only Clients that Support Server Name Indication (SNI): CloudFront drops the connection
with the viewer without returning the object.
e. Web distributions only: Choose the applicable option for Clients Supported:
All Clients: CloudFront serves your HTTPS content using dedicated IP addresses. If you
select this option, you incur additional charges when you associate your SSL certificate with
a distribution that is enabled. For more information, see http://aws.amazon.com/cloudfront/
pricing.
Only Clients that Support Server Name Indication (SNI): Older browsers or other clients
that don't support SNI must use another method to access your content.
For more information, see Choosing How CloudFront Serves HTTPS Requests (p. 234).
f. Click Yes, Edit.
3. In the CloudFront console, on the General tab for your distribution, confirm that the status of your
distribution has changed to Deployed. If you try to use an alternate domain name before the updates
to your distribution have been deployed, the links you create in the following steps might not work.
4. Using the method provided by your DNS service provider, add a CNAME resource record set to the
hosted zone for your domain. This new CNAME resource record set will redirect DNS queries from
API Version 2016-08-01
52
Amazon CloudFront Developer Guide
Adding an Alternate Domain Name
your domain (for example, www.example.com) to the CloudFront domain name for your distribution
(for example, d111111abcdef8.cloudfront.net). For more information, see the documentation provided
by your DNS service provider.
If you're using Amazon Route 53 as your DNS service, you can create an alias resource record set
instead of a CNAME.With an alias resource record set, you don't pay for Amazon Route 53 queries.
In addition, you can create an alias resource record set for a domain name at the zone apex
(example.com), which DNS doesn't allow for CNAMEs. For more information, go to Routing Queries
to an Amazon CloudFront Distribution in the Amazon Route 53 Developer Guide.
Important
If you already have an existing CNAME record for your domain name, update that resource
record set or replace it with a new one that points to the CloudFront domain name for your
distribution.
In addition, confirm that your CNAME resource record set points to your distribution's domain
name and not to one of your origin servers.
5. Using dig or a similar tool, confirm that the CNAME resource record set that you created in Step 4
points to the domain name for your distribution. For more information about dig, go to http://
www.kloth.net/services/dig.php.
The following example shows a dig request on the images.example.com domain, as well as the
relevant part of the response.
[prompt]> dig images.example.com
; <<> DiG 9.3.3rc2 <<> images.example.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15917
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;images.example.com. IN A
;; ANSWER SECTION:
images.example.com. 10800 IN CNAME d111111abcdef8.cloudfront.net.
...
...
The line in the Answer Section shows a CNAME resource record set that routes queries for
images.example.com to the CloudFront distribution domain name d111111abcdef8.cloudfront.net.
The CNAME resource record set is configured correctly if the name on the right side of CNAME is the
domain name for your CloudFront distribution. If that is any other value, for example, the domain
name for your Amazon S3 bucket, then the CNAME resource record set is configured incorrectly. In
that case, go back to Step 4 and correct the CNAME record to point to the domain name for your
distribution.
6. Test the alternate domain name by creating some test links that use your domain name in the URL
instead of the CloudFront domain name for your distribution.
7. In your application, change the links for your objects to use your alternate domain name instead of
the domain name of your CloudFront distribution.
API Version 2016-08-01
53
Amazon CloudFront Developer Guide
Adding an Alternate Domain Name
Choosing the Price Class for a CloudFront
Distribution
CloudFront has edge locations all over the world. Our cost for each edge location varies and, as a result,
the price that we charge you varies depending on the edge location from which CloudFront serves your
requests.
CloudFront edge locations are grouped into geographic regions, and we've grouped regions into price
classes.The default price class includes all regions. Another price class includes most regions (the United
States; Europe; Hong Kong, Korea, and Singapore; Japan; and India regions) but excludes the
most-expensive regions. A third price class includes only the least-expensive regions (the United States
and Europe regions).
By default, CloudFront responds to requests for your objects based only on performance: objects are
served from the edge location for which latency is lowest for that viewer. If you're willing to accept higher
latency for your viewers in some geographic regions in return for lower cost, you can choose a price class
that doesn't include all CloudFront regions. Although CloudFront will serve your objects only from the
edge locations in that price class, it still serves content from the edge location that has the lowest latency
among the edge locations in your selected price class. However, some of your viewers, especially those
in geographic regions that are not in your price class, may see higher latency than if your content were
being served from all CloudFront edge locations. For example, if you choose the price class that includes
only the United States and Europe, viewers in Australia and in Asia may experience higher latency than
if you choose the price class that includes Australia and Asia.
If you choose a price class that does not include all edge locations, CloudFront may still occasionally
serve requests for your content from an edge location in a region that is not included in your price class.
When this happens, you are not charged the rate for the more expensive region from which your objects
were served. Instead, you're charged the rate for the least-expensive region in your selected price class.
You can choose a price class when you create or update a CloudFront web distribution or RTMP
distribution. To find the applicable topic about creating or updating a web or an RTMP distribution using
the CloudFront console or API, see Working with Distributions (p. 46).
If you're creating or updating a distribution by using the CloudFront API, one of the AWS SDKs, or AWS
CloudFormation, see the applicable topic for a list of valid values (search for PriceClass):
Web distributionsDistributionConfig Complex Type
RTMP distributionsStreamingDistributionConfig Complex Type
For more information about CloudFront pricing and price classes, go to Amazon CloudFront Pricing.
Using CloudFront with Amazon S3
You can store your content in an Amazon S3 bucket and use CloudFront to distribute the content. This
topic explains how to use CloudFront with your S3 bucket, and how to update your CloudFront distribution
if you move the S3 bucket to a different region.
Topics
Adding CloudFront When You're Distributing Content from Amazon S3 (p. 55)
Moving an Amazon S3 Bucket to a Different Region (p. 56)
API Version 2016-08-01
54
Amazon CloudFront Developer Guide
Choosing the Price Class for a CloudFront Distribution
Adding CloudFront When You're Distributing
Content from Amazon S3
If you store your objects in an Amazon S3 bucket, you can either have your users get your objects directly
from S3, or you can configure CloudFront to get your objects from S3 and distribute them to your users.
Using CloudFront can be more cost effective if your users access your objects frequently because, at
higher usage, the price for CloudFront data transfer is lower than the price for Amazon S3 data transfer.
In addition, downloads are faster with CloudFront than with Amazon S3 alone because your objects are
stored closer to your users.
Note
If you want CloudFront to respect Amazon S3 cross-origin resource sharing settings, configure
CloudFront to forward the Origin header to Amazon S3. For more information, see Configuring
CloudFront to Cache Objects Based on Request Headers (p. 108).
If you currently distribute content directly from your Amazon S3 bucket using your own domain name
(such as example.com) instead of the domain name of your Amazon S3 bucket (such as
MyAWSBucket.s3.amazonaws.com), you can add CloudFront with no disruption by using the following
procedure.
To add CloudFront when you're already distributing your content from Amazon S3
1. Create a CloudFront distribution using the procedure described in the applicable topic:
Task List for Creating a Web Distribution (p. 58)
Task List for Streaming Media Files Using RTMP (p. 89)
When you create the distribution, specify the name of your Amazon S3 bucket as the origin server.
Important
For your bucket to work with CloudFront, the name must conform to DNS naming
requirements. For more information, see Bucket Restrictions and Limitations in the Amazon
Simple Storage Service Developer Guide.
If you're using a CNAME with Amazon S3, specify the CNAME for your distribution, too.
2. Create a test web page that contains links to publicly readable objects in your Amazon S3 bucket,
and test the links. For this initial test, use the CloudFront domain name of your distribution in the
object URLs, for example, http://d111111abcdef8.cloudfront.net/images/image.jpg.
For more information about the format of CloudFront URLs, see Format of URLs for CloudFront
Objects (p. 99).
3. If you're using Amazon S3 CNAMEs, your application uses your domain name (for example,
example.com) to reference the objects in your Amazon S3 bucket instead of using the name of your
bucket (for example, myawsbucket.s3.amazonaws.com). To continue using your domain name to
reference objects instead of using the CloudFront domain name for your distribution (for example,
d111111abcdef8.cloudfront.net), you need to update your settings with your DNS service provider.
For Amazon S3 CNAMEs to work, your DNS service provider must have a CNAME resource record
set for your domain that currently routes queries for the domain to your Amazon S3 bucket. For
example, if a user requests this object:
http://example.com/images/image.jpg
the request is automatically rerouted, and the user sees this object:
http://myawsbucket.s3.amazonaws.com/images/image.jpg
API Version 2016-08-01
55
Amazon CloudFront Developer Guide
Adding CloudFront When You're Distributing Content
from Amazon S3
To route queries to your CloudFront distribution instead of your Amazon S3 bucket, you need to use
the method provided by your DNS service provider to update the CNAME resource record set for
your domain.This updated CNAME record will start to redirect DNS queries from your domain to the
CloudFront domain name for your distribution. For more information, see the documentation provided
by your DNS service provider.
Note
If you're using Amazon Route 53 as your DNS service, you can use either a CNAME resource
record set or an alias resource record set. For information about editing resource record
sets, see Editing Resource Record Sets. For information about alias resource record sets,
see Choosing Between Alias and Non-Alias Resource Record Sets. Both topics are in the
Amazon Route 53 Developer Guide.
For more information about using CNAMEs with CloudFront, see Using Alternate Domain Names
(CNAMEs) (p. 50).
After you update the CNAME resource record set, it can take up to 72 hours for the change to
propagate throughout the DNS system, although it usually happens faster. During this time, some
requests for your content will continue to be routed to your Amazon S3 bucket, and others will be
routed to CloudFront.
Moving an Amazon S3 Bucket to a Different Region
If you're using Amazon S3 as the origin for a CloudFront distribution and you move the bucket to a different
region, CloudFront can take up to an hour to update its records to include the change of region when
both of the following are true:
You're using a CloudFront origin access identity (OAI) to restrict access to the bucket
You move the bucket to an Amazon S3 region that requires Signature Version 4 for authentication
When you're using OAIs, CloudFront uses the region (among other values) to calculate the signature that
it uses to request objects from your bucket. For more information about OAIs, see Using an Origin Access
Identity to Restrict Access to Your Amazon S3 Content (p. 166). For a list of Amazon S3 regions and the
signature versions that they support, see Amazon Simple Storage Service (Amazon S3) in the "Regions
and Endpoints" chapter of the Amazon Web Services General Reference.
To force a faster update to CloudFront's records, you can update your CloudFront distribution, for example,
by updating the Comment field on the General tab in the CloudFront console. When you update a
distribution, CloudFront immediately checks on the region that your bucket is in; propagation of the change
to all edge locations should take less than 15 minutes.
Changes to the CloudFront API
Beginning with the 2012-05-05 version of the CloudFront API, we made substantial changes to the format
of the XML document that you include in the request body when you create or update a web distribution
or an RTMP distribution, and when you invalidate objects.With previous versions of the API, we discovered
that it was too easy to accidentally delete one or more values for an element that accepts multiple values,
for example, CNAMEs and trusted signers. Our changes for the 2012-05-05 release are intended to
prevent these accidental deletions and to notify you when there's a mismatch between the number of
values you say you're specifying in the Quantity element and the number of values you're actually
specifying.
Note the following about using the 2012-05-05 API version or later with web and RTMP distributions that
were created using earlier API versions:
API Version 2016-08-01
56
Amazon CloudFront Developer Guide
Moving an Amazon S3 Bucket to a Different Region
You cannot use versions of the API earlier than 2012-05-05 to update a web distribution that was
created or updated using the 2012-05-05 or later CloudFront API.
You can use the new API version to get a list of distributions, get information about a distribution, or
get distribution configuration. CloudFront returns an XML document in the new XML format.
To update a distribution that was created using an earlier API version, use the 2012-05-05 or later
version of GET Distribution or GET Streaming Distribution to get an XML document in the new XML
format, change the data as applicable, and use the 2012-05-05 or later version of PUT Distribution
Config or PUT Streaming Distribution Config to submit the changes to CloudFront.
You can use the new API to delete a distribution that was created using an earlier API version.The
distribution must already be disabled.
API Version 2016-08-01
57
Amazon CloudFront Developer Guide
Changes to the CloudFront API
Working with Web Distributions
This section describes how you configure and manage CloudFront web distributions. For a basic
explanation of distributions, see Working with Distributions (p. 46). For information about CloudFront
RTMP distributions, see Working with RTMP Distributions (p. 87).
Topics
Task List for Creating a Web Distribution (p. 58)
Creating or Updating a Web Distribution Using the CloudFront Console (p. 59)
Testing Your Web Distribution (p. 60)
Using Amazon S3 Origins and Custom Origins for Web Distributions (p. 61)
Values that You Specify When You Create or Update a Web Distribution (p. 63)
Values that CloudFront Displays in the Console When You Create or Update a Web Distribution (p. 80)
Requirements and Recommendations for Using Amazon EC2 and Other Custom Origins (p. 81)
Using AWS WAF to Control Access to Your Content (p. 82)
Restricting the Geographic Distribution of Your Content (p. 82)
Configuring On-Demand Smooth Streaming (p. 85)
Configuring On-Demand Progressive Downloads (p. 86)
Configuring On-Demand Apple HTTP Live Streaming (HLS) (p. 86)
Task List for Creating a Web Distribution
The following task list summarizes the process for creating a web distribution.
To Create a Web Distribution
1. Create one or more Amazon S3 buckets or configure HTTP servers as your origin servers. An origin
is the location where you store the original version of your web content. When CloudFront gets a
request for your files, it goes to the origin to get the files that it distributes at edge locations.You can
use any combination of Amazon S3 buckets and HTTP servers as your origin servers.
If you're using Amazon S3, note that the name of your bucket must be all lowercase and cannot
contain spaces.
If you're using an Amazon EC2 server or another custom origin, review Requirements and
Recommendations for Using Amazon EC2 and Other Custom Origins (p. 81).
API Version 2016-08-01
58
Amazon CloudFront Developer Guide
Task List for Creating a Web Distribution
For the current limit on the number of origins that you can create for a distribution, see Amazon
CloudFront Limits in the Amazon Web Services General Reference. To request a higher limit, go to
https://console.aws.amazon.com/support/home#/case/
create?issueType=service-limit-increase&limitType=service-code-cloudfront-distributions.
2. Upload your content to your origin servers. If you don't want to restrict access to your content using
CloudFront signed URLs, make the objects publicly readable.
Caution
You are responsible for ensuring the security of your origin server. You must ensure that
CloudFront has permission to access the server and that the security settings are appropriate
to safeguard your content.
3. Create your CloudFront web distribution:
For more information about creating a web distribution using the CloudFront console, see Creating
or Updating a Web Distribution Using the CloudFront Console (p. 59).
For information about creating a web distribution using the CloudFront API, go to POST Distribution
in the Amazon CloudFront API Reference.
4. Optional: If you created your distribution using the CloudFront console, create more cache behaviors
or origins for your distribution. For more information, see To List, View, and Update CloudFront
Distributions Using the CloudFront Console (p. 48).
5. Test your web distribution. For more information, see Testing Your Web Distribution (p. 60).
6. Develop your website or application to access your content using the domain name that CloudFront
returned after you created your distribution in Step 3. For example, if CloudFront returns
d111111abcdef8.cloudfront.net as the domain name for your distribution, the URL for the file
image.jpg in an Amazon S3 bucket or in the root directory on an HTTP server will be
http://d111111abcdef8.cloudfront.net/image.jpg.
If you specified one or more alternate domain names (CNAMEs) when you created your distribution,
you can use your own domain name. In that case, the URL for image.jpg might be
http://www.example.com/image.jpg.
Note the following:
If you want to use signed URLs to restrict access to your content, see Serving Private Content
through CloudFront (p. 162).
If you want to serve compressed content, see Serving Compressed Files (p. 135).
For information about CloudFront request and response behavior for Amazon S3 and custom
origins, see Request and Response Behavior (p. 139).
Creating or Updating a Web Distribution Using
the CloudFront Console
The procedures in this topic explain how to create or update a web distribution using the CloudFront
console. If you want to create a web distribution using the CloudFront API, go to POST Distribution in the
Amazon CloudFront API Reference. If you want to update a web distribution using the CloudFront API,
go to PUT DistributionConfig in the Amazon CloudFront API Reference.
For the current limit on the number of web distributions that you can create for each AWS account, see
Amazon CloudFront Limits in the Amazon Web Services General Reference.To request a higher limit,
API Version 2016-08-01
59
Amazon CloudFront Developer Guide
Creating or Updating a Web Distribution Using the
CloudFront Console
go to https://console.aws.amazon.com/support/home#/case/
create?issueType=service-limit-increase&limitType=service-code-cloudfront-distributions.
To create a CloudFront web distribution using the CloudFront console (p. 60)
To update a CloudFront web distribution using the CloudFront console (p. 60)
To create a CloudFront web distribution using the CloudFront console
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. Choose Create Distribution.
3. On the first page of the Create Distribution Wizard, in the Web section, choose Get Started.
4. Specify settings for the distribution. For more information, see Values that You Specify When You
Create or Update a Web Distribution (p. 63).
5. Choose Create Distribution.
6. After CloudFront creates your distribution, the value of the Status column for your distribution will
change from InProgress to Deployed. If you chose to enable the distribution, it will then be ready
to process requests.This should take less than 15 minutes.
The domain name that CloudFront assigns to your distribution appears in the list of distributions. (It
also appears on the General tab for a selected distribution.)
7. When your distribution is deployed, confirm that you can access your content using your new
CloudFront URL or CNAME. For more information, see Testing Your Web Distribution (p. 60).
To update a CloudFront web distribution using the CloudFront console
1. Sign in to the AWS Management Console and open the CloudFront console at https://
console.aws.amazon.com/cloudfront/.
2. Choose the ID for the distribution that you want to update.
3. Update the applicable values. For more information, see Values that You Specify When You Create
or Update a Web Distribution (p. 63).
4. Choose Create Distribution.
5. After you change settings, the value of the Status column for your distribution changes to InProgress
while CloudFront propagates the changes to edge locations. When Status changes to Deployed,
the distribution is ready to process requests. (The value of the State column for the distribution must
also be Enabled.) This should take less than 15 minutes after you save the last change.
Testing Your Web Distribution
After you've created your distribution, CloudFront knows where your origin server is, and you know the
domain name associated with the distribution.You can create links to your objects using the CloudFront
domain name, and CloudFront will serve the objects to your web page or application.
Note
You must wait until the status of the distribution changes to Deployed before you can test your
links.
To create links to objects in a web distribution
1. Copy the following HTML code into a new file, replace domain-name with your distribution's domain
name, and replace object-name with the name of your object.
API Version 2016-08-01
60
Amazon CloudFront Developer Guide
Testing Your Web Distribution
<html>
<head>My CloudFront Test</head>
<body>
<p>My text content goes here.</p>
<p><img src="http://domain-name/object-name" alt="my test image"
</body>
</html>
For example, if your domain name were d111111abcdef8.cloudfront.net and your object were
image.jpg, the URL for the link would be:
http://d111111abcdef8.cloudfront.net/image.jpg.
If your object is in a folder on your origin server, then the folder must also be included in the URL.
For example, if image.jpg were located in the images folder on your origin server, then the URL would
be:
http://d111111abcdef8.cloudfront.net/images/image.jpg
2. Save the HTML code in a file that has a .html filename extension.
3. Open your web page in a browser to ensure that you can see your object.
The browser returns your page with the embedded image file, served from the edge location that CloudFront
determined was appropriate to serve the object.
Using Amazon S3 Origins and Custom Origins
for Web Distributions
When you create a web distribution, you specify where CloudFront sends requests for the files that it
distributes to edge locations. CloudFront supports using Amazon S3 buckets and HTTP servers (for
example, web servers) as origins.
Using Amazon S3 Buckets for Your Origin
When you use Amazon S3 as an origin for your distribution, you place any objects that you want CloudFront
to deliver in an Amazon S3 bucket.You can use any method that is supported by Amazon S3 to get your
objects into Amazon S3, for example, the Amazon S3 console or API, or a third-party tool.You can create
a hierarchy in your bucket to store the objects, just as you would with any other Amazon S3 bucket.
Using an existing Amazon S3 bucket as your CloudFront origin server doesn't change the bucket in any
way; you can still use it as you normally would to store and access Amazon S3 objects at the standard
Amazon S3 price.You incur regular Amazon S3 charges for storing the objects in the bucket. For more
information about the charges to use CloudFront, see CloudFront Reports (p. 15).
Important
For your bucket to work with CloudFront, the name must conform to DNS naming requirements.
For more information, go to Bucket Restrictions and Limitations in the Amazon Simple Storage
Service Developer Guide.
When you specify the Amazon S3 bucket that you want CloudFront to get objects from, how you specify
the bucket name depends on whether you have configured the bucket as a website endpoint:
The bucket is not configured as a website endpoint
In general, use the following format:
API Version 2016-08-01
61
Amazon CloudFront Developer Guide
Using Amazon S3 Origins and Custom Origins for Web
Distributions
bucket-name.s3.amazonaws.com
If your bucket is in the US Standard region and you want Amazon S3 to route requests to a facility
in Northern Virginia, use the following format:
bucket-name.s3-external-1.amazonaws.com
When you specify the bucket name in this format, you can use the following CloudFront features:
Configure CloudFront to communicate with your Amazon S3 bucket using SSL. For more information,
see Using an HTTPS Connection to Access Your Objects (p. 229).
Use an origin access identity to require that your users access your content using CloudFront
URLs, not by using Amazon S3 URLs. For more information, see Using an Origin Access Identity
to Restrict Access to Your Amazon S3 Content (p. 166).
Update the content of your bucket by submitting POST and PUT requests to CloudFront. For more
information, see HTTP Methods (p. 141) in the topic How CloudFront Processes and Forwards
Requests to Your Amazon S3 Origin Server (p. 139).
The bucket is configured as a website endpoint
Enter the Amazon S3 static website hosting endpoint for your bucket. This value appears in the
Amazon S3 console, on the Properties page under Static Website Hosting.
When you specify the bucket name in this format, you can use Amazon S3 redirects and Amazon
S3 custom error documents. (CloudFront also provides custom error pages. For more information,
see Customizing Error Responses (p. 127).) For more information about Amazon S3 features, see
the Amazon S3 documentation.
Do not specify the bucket using the following formats:
The Amazon S3 path style, s3.amazonaws.com/bucket-name
The Amazon S3 CNAME, if any
Using Amazon EC2 or Other Custom Origins
A custom origin is an HTTP server, for example, a web server. The HTTP server can be an Amazon EC2
instance or an HTTP server that you manage privately. When you use a custom origin, you specify the
DNS name of the server, along with the HTTP and HTTPS ports and the protocol that you want CloudFront
to use when fetching objects from your origin.
Most CloudFront features are supported when you use a custom origin with the following exceptions:
RTMP distributions—Not supported.
Private content—Although you can use a signed URL to distribute content from a custom origin, for
CloudFront to access the custom origin, the origin must remain publicly accessible. For more information,
see Serving Private Content through CloudFront (p. 162).
For information about requirements and recommendations when using custom origins, see Requirements
and Recommendations for Using Amazon EC2 and Other Custom Origins (p. 81).
API Version 2016-08-01
62
Amazon CloudFront Developer Guide
Using Amazon EC2 or Other Custom Origins
Values that You Specify When You Create or
Update a Web Distribution
When you create a new web distribution or update an existing distribution, you specify the following
values. For information about creating or updating a web distribution using the CloudFront console, see
the applicable topic:
Working with Web Distributions (p. 58)
Listing, Viewing, and Updating CloudFront Distributions (p. 48)
Delivery Method (p. 64)
Origin Settings (p. 64)
Origin Domain Name (p. 65)
Origin Path (p. 66)
Origin ID (p. 66)
Restrict Bucket Access (Amazon S3 Only) (p. 66)
Origin Access Identity (Amazon S3 Only) (p. 66)
Comment for New Identity (Amazon S3 Only) (p. 67)
Your Identities (Amazon S3 Only) (p. 67)
Grant Read Permissions on Bucket (Amazon S3 Only) (p. 67)
Origin SSL Protocols (Amazon EC2 and Other Custom Origins Only) (p. 67)
Origin Protocol Policy (Amazon EC2 and Other Custom Origins Only) (p. 67)
HTTP Port (Amazon EC2 and Other Custom Origins Only) (p. 68)
HTTPS Port (Amazon EC2 and Other Custom Origins Only) (p. 68)
Origin Custom Headers (p. 68)
Cache Behavior Settings (p. 68)
Path Pattern (p. 69)
Origin (Existing Distributions Only) (p. 70)
Viewer Protocol Policy (p. 70)
Allowed HTTP Methods (p. 71)
Cached HTTP Methods (p. 71)
Forward Headers (p. 71)
Whitelist Headers (p. 72)
Object Caching (p. 72)
Minimum TTL (p. 72)
Default TTL (p. 73)
Maximum TTL (p. 73)
Forward Cookies (Amazon EC2 and Other Custom Origins Only) (p. 73)
Whitelist Cookies (Amazon EC2 and Other Custom Origins Only) (p. 73)
Forward Query Strings (p. 74)
Smooth Streaming (p. 74)
Restrict Viewer Access (Use Signed URLs) (p. 74)
Trusted Signers (p. 74)
API Version 2016-08-01
63
Amazon CloudFront Developer Guide
Values that You Specify When You Create or Update a
Web Distribution
AWS Account Numbers (p. 75)
Compress Objects Automatically (p. 75)
Distribution Details (p. 75)
Price Class (p. 75)
AWS WAF Web ACL (p. 75)
Alternate Domain Names (CNAMEs) (p. 76)
SSL Certificate (p. 76)
Clients Supported (p. 77)
Minimum SSL Protocol Version (p. 77)
Default Root Object (p. 77)
Logging (p. 77)
Bucket for Logs (p. 78)
Log Prefix (p. 78)
Cookie Logging (p. 78)
Comment (p. 78)
Distribution State (p. 78)
Custom Error Pages and Error Caching (p. 79)
Error Code (p. 79)
Response Page Path (p. 79)
Response Code (p. 79)
Error Caching Minimum TTL (p. 79)
Restrictions (p. 79)
Enable Geo Restriction (p. 79)
Restriction Type (p. 80)
Countries (p. 80)
Delivery Method
You specify the delivery method when you create a distribution. For a web distribution, this value is always
Web.You can't change the delivery method for an existing distribution.
Origin Settings
When you create or update a distribution, you provide information about one or more locations—known
as origins—where you store the original versions of your web content. CloudFront gets your web content
from your origins and serves it to viewers via a world-wide network of edge servers. Each origin is either
an Amazon S3 bucket or an HTTP server, for example, a web server.
For the current limit on the number of origins that you can create for a distribution, see Amazon CloudFront
Limits in the Amazon Web Services General Reference.To request a higher limit, go to https://
console.aws.amazon.com/support/home#/case/
create?issueType=service-limit-increase&limitType=service-code-cloudfront-distributions.
API Version 2016-08-01
64
Amazon CloudFront Developer Guide
Delivery Method