Amazon CloudFront announces mutual TLS support for origins

Amazon CloudFront Mutual TLS for Origins

Amazon CloudFront now supports mutual TLS authentication (mTLS) for origins, enhancing security by verifying requests to origin servers come only from authorized CloudFront distributions using TLS certificates. This eliminates the need for custom security controls and reduces operational overhead.

What to do

• Configure origin mTLS using AWS Management Console, CLI, SDK, CDK, or CloudFormation.
• Use client certificates from AWS Private Certificate Authority or third-party Certificate Authorities.
• Refer to the CloudFront origin mutual TLS documentation for implementation guidance.

Source: AWS release notes

If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.