AWS AWSCloudFormation medium security documentation change
Summary
Added important note about CloudFront caching behavior when minimum TTL > 0 overriding Cache-Control: no-cache/no-store/private headers
Security assessment
Documents security-relevant behavior where default cache settings could bypass origin security headers, crucial for preventing accidental exposure of private content through caching.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-defaultcachebehavior.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-defaultcachebehavior.md index 9ead016a1..411a19143 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-defaultcachebehavior.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-defaultcachebehavior.md @@ -10,0 +11,4 @@ A complex type that describes the default cache behavior if you don't specify a +###### Important + +If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the `Cache-Control: no-cache`, `no-store`, or `private` directives are present in the origin headers. +