Amazon CloudFront
Amazon CloudFront
Amazon CloudFront is the AWS CDN and edge service — accelerates static and dynamic content delivery, a standard for web performance.
400+ edge locations globally
Cache invalidations beyond a free quota are billed per path
Create a distribution in the AWS Console; point origin to your S3 bucket, ALB, or custom origin. Configure behaviors (path patterns + cache rules) and SSL. SDK calls: CloudFront.createDistribution, createInvalidation, etc.
Uptime · 30-day window
GitHub activity
About this API
CloudFront is AWS's CDN, caching content across 400+ edge locations (PoPs) globally and serving users from the nearest one. The most common pattern is S3 + CloudFront for static sites — S3 stores the files, CloudFront adds acceleration, HTTPS, and hides the raw S3 URL. It's also widely used in front of API Gateway or ALB to cache hot responses and offload the origin.
Edge functions are CloudFront's killer feature: CloudFront Functions (ultralight, <1 ms, JS-only — for URL rewrites and header tweaks) and Lambda@Edge (Node/Python, full request-level logic like A/B tests, dynamic routing, JWT verification). Both execute at the edge, so requests can be processed before ever touching your origin.
Cache control is the central CDN problem. CloudFront respects origin Cache-Control / Expires headers and lets you override TTLs in the distribution config. Invalidation (manual cache busting) has a free quota (1,000 paths/month) but goes per-path beyond that — large-scale invalidations get expensive. The best practice is versioned URLs (like main.abc123.js) so browsers and CDN expire naturally. China is operated separately by local partners (Sinnet / Ningxia), with independent accounts and pricing.
What you can build
- 1Accelerate S3 static site global delivery
- 2Cache API Gateway responses at the edge
- 3Deploy Lambda@Edge / CloudFront Functions for edge logic
- 4Shield origin servers from direct internet access
- 5Cut cross-region egress costs
Strengths & limitations
Strengths
- 400+ edge locations globally
- Native integration with S3, ALB, API Gateway
- Edge functions make per-request customization easy
- Relatively generous free tier (50 GB egress + 2M requests/month for the first year)
Limitations
- Cache invalidations beyond a free quota are billed per path
- Configuration changes take 5–15 minutes to propagate globally
- China region is operated separately (by partner networks) with different pricing and onboarding
Example request
curl https://github.com/mermade/aws2openapi/<endpoint> \
-H "Authorization: Bearer $API_KEY"
# Some providers use X-Api-Key instead — verify in the docs.Getting started
Create a distribution in the AWS Console; point origin to your S3 bucket, ALB, or custom origin. Configure behaviors (path patterns + cache rules) and SSL. SDK calls: CloudFront.createDistribution, createInvalidation, etc.
FAQ
How big is the CloudFront free tier?+
First 12 months: 50 GB egress and 2M HTTP/HTTPS requests/month. Always-free: 1 TB and 10M requests/month (since 2021).
Why is my distribution change not taking effect?+
Config changes take 5–15 minutes to propagate to all edges. Status moves from In Progress to Deployed when complete.
Are invalidations free?+
First 1,000 paths/month free; $0.005 per path beyond. For production, prefer versioned URLs instead of relying on invalidation.
Does it work in mainland China?+
Global CloudFront is reachable but throttled. For localized delivery use AWS China (Sinnet/Ningxia) — separate accounts.
Technical details
- Auth type
- api_key
- Pricing
- paid
- Protocols
- REST
- SDKs
- python, javascript, java, go, ruby, csharp
- Response time
- 19 ms
- Last health check
- 5/12/2026, 7:36:33 AM
Endpoints
Parsed from the OpenAPI spec. Showing 12 of 106 non-deprecated endpoints.
/2020-05-31/cache-policy/2020-05-31/cache-policy/2020-05-31/cache-policy/{Id}/2020-05-31/cache-policy/{Id}/2020-05-31/cache-policy/{Id}/2020-05-31/cache-policy/{Id}/config/2020-05-31/conflicting-alias#DistributionId&Alias/2020-05-31/continuous-deployment-policy/2020-05-31/continuous-deployment-policy/2020-05-31/continuous-deployment-policy/{Id}/2020-05-31/continuous-deployment-policy/{Id}/2020-05-31/continuous-deployment-policy/{Id}94 more endpoints not shown. See the OpenAPI spec for the full list.
More from Amazon Web Services
AWS IAM Access Analyzer API analyzes IAM resource policies for over-privileged access or external access — proactively surfaces security risks.
Amazon Chime SDK API embeds real-time audio/video calling and chat into apps (meetings, messaging, PSTN calls).
Amazon CloudSearch is AWS's managed search service (gradually superseded by OpenSearch Service).
CloudWatch Application Insights API auto-detects application problems — intelligently identifies anomalies (slow SQL queries, memory leaks), reducing manual alarm configuration.
AWS Cognito Identity Pools API issues temporary AWS credentials to frontend apps — identity federation, guest users, direct AWS resource access.
Amazon Cognito User Pools deliver managed user signup, login, password reset, and MFA for applications.
Amazon Connect Contact Lens API uses AI to analyze Amazon Connect calls in real time — sentiment, keywords, compliance detection, auto-summary.
Amazon Connect Customer Profiles API merges contact-center customer info with multi-source CRM data into unified profiles.