Amazon CloudFront now supports SHA-256 for signed URLs and signed cookies
News
This article announces that Amazon CloudFront now supports SHA-256 for creating signed URLs and signed cookies, replacing the previous SHA-1 exclusive approach.
- SHA-256 provides stronger collision detection and improved security posture
- Aligns with modern cryptographic standards for digital signatures
- Use Hash-Algorithm=SHA256 query parameter for signed URLs
- Use CloudFront-Hash-Algorithm=SHA256 cookie attribute for signed cookies
- Fully backwards compatible; existing signatures continue using SHA-1
- Available in all CloudFront edge locations at no additional cost
This update helps organizations meet security compliance requirements while future-proofing content delivery workflows.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.