AWS AmazonCloudFront medium security documentation change
Summary
Added quotas for mTLS/trust stores and Connection Functions, updated terminology from 'real-time logs' to 'real-time access logs'
Security assessment
Documentation of mTLS-related quotas (trust stores, certificates) directly supports security configuration limits. Connection Functions quotas relate to mTLS security feature implementation.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.md b/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.md index c64a21e06..347a4b844 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.md +++ b//AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.md @@ -5 +5 @@ -General quotasGeneral quotas on distributionsGeneral quotas on policiesQuotas on CloudFront FunctionsQuotas on key value storesQuotas on Lambda@EdgeQuotas on SSL certificatesQuotas on invalidationsQuotas on key groupsQuotas on WebSocket connectionsQuotas on field-level encryptionQuotas on cookies (legacy cache settings)Quotas on query strings (legacy cache settings)Quotas on headersQuotas on multi-tenant distributionsRelated information +General quotasGeneral quotas on distributionsGeneral quotas on policiesQuotas on mTLS and trust storesQuotas on CloudFront FunctionsQuotas on Connection FunctionsQuotas on key value storesQuotas on Lambda@EdgeQuotas on SSL certificatesQuotas on invalidationsQuotas on key groupsQuotas on WebSocket connectionsQuotas on field-level encryptionQuotas on cookies (legacy cache settings)Quotas on query strings (legacy cache settings)Quotas on headersQuotas on multi-tenant distributionsRelated information @@ -31,0 +32,2 @@ CloudFront is subject to the following quotas. + * Quotas on mTLS and trust stores + @@ -33,0 +36,2 @@ CloudFront is subject to the following quotas. + * Quotas on Connection Functions + @@ -71 +75 @@ Maximum length of a URL | 8,192 bytes -Maximum number of real-time log delivery configurations per AWS account | 150 +Maximum number of real-time access log delivery configurations per AWS account | 150 @@ -117,0 +122,11 @@ Continuous deployment policies per AWS account | 20 [Request a higher quota](ht +## Quotas on mTLS and trust stores + +Entity | Default quota +---|--- +Trust stores per AWS account | 20 [Request a higher quota](https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase) +Distributions per trust store | 25 +CA bundle size | 64 KB [Request a higher quota](https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase) +Certificate size in CA bundle | 16384 [Request a higher quota](https://console.aws.amazon.com/support/home#/case/create?issueType=service-limit-increase) +Number of certificates in CA bundle | 25 +Certificate chain depth | 4 + @@ -128,0 +144,11 @@ In addition to these quotas, there are some other restrictions when using CloudF +## Quotas on Connection Functions + +Entity | Default quota +---|--- +Connection Functions per AWS account For more information, see [Request a Connection Function quota increase](./connection-functions.html#request-connection-function-quota-increase). | 0 +Maximum Connection Function size This quota isn't adjustable. To store additional data for your Connection Functions, create a key value store and add your key-value pairs. For more information, see [Amazon CloudFront KeyValueStore](./kvs-with-functions.html). | 10 KB +Maximum Connection Function memory | 2 MB +Distributions associated with the same Connection Function | 100 + +In addition to these quotas, there are some other restrictions when using Connection Functions. For more information, see [Associate a CloudFront Connection Function](./connection-functions.html). +