Our Blog

Amazon CloudFront now supports SHA-256 for signed URLs and signed cookies

Published
April 1, 2026
https://aws.amazon.com/about-aws/whats-new/2026/04/amazon-cloudfront-sha-256-signed-urls/

Amazon CloudFront SHA-256 Signed URLs and Cookies

Amazon CloudFront now supports SHA-256 as a hash algorithm for creating signed URLs and signed cookies. SHA-256 provides an improved security posture with stronger collision detection and alignment with modern cryptographic standards, giving you stronger cryptographic signing when restricting access to content.

To use SHA-256, include the Hash-Algorithm=SHA256 query parameter in your signed URLs, or the CloudFront-Hash-Algorithm=SHA256 cookie attribute for signed cookies. Existing signed URLs and signed cookies that don't specify a hash algorithm continue to use SHA-1, so this change is fully backwards compatible.

What to do

  • Update your signed URLs and cookies to use SHA-256 by adding the appropriate query parameter or cookie attribute.
  • Review your security and compliance requirements to ensure SHA-256 meets your needs.
  • Consult the Amazon CloudFront Developer Guide for more information on creating signed URLs and cookies.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2026/03/cloudwatch-application-signals-adds-slo-capabilities/

Amazon CloudWatch Application Signals adds new SLO capabilities

Amazon CloudWatch Application Signals now offers three new console based capabilities for Service Level Objectives (SLOs): SLO Recommendations, Service-Level SLOs, and SLO Performance Report
Read more
https://aws.amazon.com/about-aws/whats-new/2025/09/amazon-sns-ipv6-aws-govcloud/

Amazon SNS expands IPv6 support to the AWS GovCloud (US) Regions

Amazon Simple Notification Service (Amazon SNS) now allows customers to make API requests over Internet Protocol version 6 (IPv6) in the AWS GovCloud (US) Regions
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/amazon-s3-access-grants-additional-regions

Amazon S3 Access Grants are now available in additional AWS Regions

You can now create Amazon S3 Access Grants in the AWS Asia Pacific (Thailand) and AWS Mexico (Central) Regions
Read more
View all