AWSInsider Release Radar

Blog archive

AWS Adds Mutual TLS Support for Amazon CloudFront Origins

Key Takeaways

  • AWS CloudFront adds mutual TLS origin authentication using client certificates for secure edge-to-origin traffic.
  • mTLS reduces reliance on network trust by enforcing identity-based verification between CloudFront and origins.
  • Native CloudFront mTLS simplifies zero-trust security for APIs and sensitive content at global scale.

Amazon Web Services has added mutual TLS (mTLS) support for Amazon CloudFront origins, allowing customers to authenticate connections between CloudFront and their origin servers using TLS certificates. The feature enables CloudFront to present a client certificate when connecting to an origin, while also validating the origin’s certificate, reducing reliance on network-based trust or shared secrets. The update is designed to help customers secure sensitive content and APIs with stronger, identity-based controls. By enforcing strict authentication for proprietary content, the update ensures that only verified CloudFront distributions can establish secure connections. Customers can configure mTLS using AWS Management Console, CLI, SDK, CDK or CloudFormation.

As content delivery networks increasingly sit in front of APIs and application backends, securing origin communication has become a higher priority. By natively supporting mTLS for origins, AWS simplifies adoption of zero-trust principles for edge-to-origin traffic. For security and platform teams, the update provides a more robust way to protect backend services while maintaining CloudFront’s performance and global scale.

The "AWS Release Radar" blog is researched, fact-checked, edited and updated by the editors of AWSInsider.net, with writing assistance from AI. To submit your channel company's press release for consideration, contact Ammaarah Mohamed.

Posted by AWS Editors on 02/03/2026


Featured

Most   Popular

Subscribe on YouTube