AWS Security ChangesHomeSearch

AWS AmazonCloudFront high security documentation change

Service: AmazonCloudFront · 2025-07-19 · Security-related high

File: AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesCacheBehavior.md

Summary

Added warning about minimum TTL overriding Cache-Control headers

Security assessment

Warns that CloudFront may cache sensitive content despite 'no-cache' headers when minimum TTL >0. This could lead to unintended data exposure if misconfigured, making it security-relevant.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesCacheBehavior.md b/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesCacheBehavior.md
index 73906f671..8b390a54a 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesCacheBehavior.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesCacheBehavior.md
@@ -288,0 +289,4 @@ Specify the minimum amount of time, in seconds, that you want objects to stay in
+###### Warning
+
+If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the `Cache-Control: no-cache`, `no-store`, or `private` directives are present in the origin headers.
+