AWS Security ChangesHomeSearch

AWS AWSCloudFormation medium security documentation change

Service: AWSCloudFormation · 2025-07-19 · Security-related medium

File: AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-cachebehavior.md

Summary

Added important note about CloudFront caching behavior when minimum TTL > 0 overriding Cache-Control: no-cache/no-store/private headers

Security assessment

The warning highlights potential security implications where sensitive content might be cached despite origin server's security headers, making users aware of cache policy configuration risks.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-cachebehavior.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-cachebehavior.md
index 7e7eeb7f1..88404bb47 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-cachebehavior.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-cachebehavior.md
@@ -20,0 +21,4 @@ To add, change, or remove one or more cache behaviors, update the distribution c
+###### Important
+
+If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the `Cache-Control: no-cache`, `no-store`, or `private` directives are present in the origin headers.
+