AWS AWSCloudFormation medium security documentation change
Summary
Added important note about CloudFront caching behavior when minimum TTL > 0 overriding Cache-Control: no-cache/no-store/private headers
Security assessment
The warning highlights potential security implications where sensitive content might be cached despite origin server's security headers, making users aware of cache policy configuration risks.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-cachebehavior.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-cachebehavior.md index 7e7eeb7f1..88404bb47 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-cachebehavior.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-cachebehavior.md @@ -20,0 +21,4 @@ To add, change, or remove one or more cache behaviors, update the distribution c +###### Important + +If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the `Cache-Control: no-cache`, `no-store`, or `private` directives are present in the origin headers. +