AWS Managed CloudFront


Could anyone verify their knowledge of the default (AWS managed) CloudFront settings for origin, behavior, etc., when an API Gateway is connected to a custom domain name? If we intend to substitute the custom domain name with a user-managed CloudFront domain, could someone provide insights to better understand the AWS managed settings?

1 Answer

Hey there!,

For your first question, when you connect an API Gateway to a custom domain in AWS, it automatically configures **CloudFront **with settings aimed at security and efficient request handling. Key points include HTTPS as the only protocol, using port 443, and a strict TLSv1.2 minimum for secure connections. The setup is optimized for dynamic content, meaning caching is generally disabled to ensure live data is always served.

If you're thinking of switching to a user-managed CloudFront setup instead of the default AWS managed one, it's crucial to replicate these security and performance settings closely. Ensure your **CloudFront **distribution sticks to HTTPS, maintains high security standards with TLSv1.2, and carefully considers any caching strategies to suit your dynamic content. Adjustments like custom paths, headers, and timeout settings will help match AWS's default setup but give you the freedom to tailor your configuration further.

Hope this helps clarify things!

profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions