Our Blog

Amazon CloudFront announces Passthrough Mode for mutual TLS (Viewer)

Published
May 14, 2026
https://aws.amazon.com/about-aws/whats-new/2026/05/amazon-cloudfront-mtls-passthrough/

Amazon CloudFront Passthrough Mode for mTLS Authentication

Amazon CloudFront now supports passthrough mode for viewer mutual TLS (mTLS) authentication, allowing clients to forward certificates to their origin for validation without CloudFront performing certificate verification. This mode is ideal for customers with existing mTLS implementations at their origins, enabling them to maintain their validation logic without configuring trust stores on CloudFront.

In passthrough mode, CloudFront forwards every request to the origin with the client's full certificate chain, ensuring end-to-end authentication by the origin. Caching is not performed, and connection functions are still invoked to process certificate data before it reaches the origin.

What to do

  • Update your CloudFront distribution to use passthrough mode for mTLS authentication.
  • Ensure your origin is configured to validate client certificates forwarded by CloudFront.
  • Review the documentation for CloudFront Mutual TLS (Viewer) for more details.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/12/amazon-ec2-x8g-instances-europe-stockholm/

Amazon EC2 X8g instances now available in Europe (Stockholm) region

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) X8g instances are available in Europe (Stockholm) region
Read more
https://aws.amazon.com/about-aws/whats-new/2026/02/amazon-location-service-introduces-kiro-power-claude-skill-llm-context/

Amazon Location Service introduces LLM Context as a Kiro power and Claude Code plugin to improve AI performance

Today, Amazon Location launched curated AI Agent context as a Kiro power , Claude Code plugin , and agent skill in the open Agent Skills format, usable by any compatible agent
Read more
https://aws.amazon.com/about-aws/whats-new/2025/11/ec2-r8i-r8i-flex-instances-additional-regions/

Amazon EC2 R8i and R8i-flex instances are now available in additional AWS regions

Starting today, Amazon Elastic Compute Cloud (Amazon EC2) R8i and R8i-flex instances are available in the Asia Pacific (Sydney), Canada (Central) and US West (N
Read more
View all