Amazon CloudFront announces mutual TLS support for origins

News

This article announces mutual TLS (mTLS) support for Amazon CloudFront origins, enabling certificate-based authentication to verify requests come only from authorized CloudFront distributions.

Eliminates need for custom authentication solutions like shared secrets or IP allow-lists
Provides cryptographic verification of CloudFront identity to origin servers
Reduces operational overhead for secret rotation and access list management
Supports certificates from AWS Private CA or third-party Certificate Authorities
Works with ALB, API Gateway, on-premises, and custom origins
Configurable via Console, CLI, SDK, CDK, or CloudFormation
No additional charge for this feature

CloudFront origin mTLS simplifies secure origin authentication by replacing custom security controls with standardized certificate-based verification.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Nov 20
2025

Amazon CloudFront now supports TLS 1.3 for origin connections

Nov 24
2025

Amazon CloudFront announces support for mutual TLS authentication

Feb 2
2026

Amazon CloudFront now supports mTLS authentication to origins

Nov 6
2025

Amazon CloudFront announces cross-account support for VPC origins

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Amazon CloudFront announces mutual TLS support for origins

Related articles