AWS Security ChangesHomeSearch

AWS AmazonCloudFront medium security documentation change

Service: AmazonCloudFront · 2026-03-07 · Security-related medium

File: AmazonCloudFront/latest/DeveloperGuide/flat-rate-pricing-plan.md

Summary

Updated usage allowance documentation to clarify security-related exclusions and performance adjustments

Security assessment

The change explicitly states that blocked DDoS attacks and AWS WAF-blocked requests don't count against usage allowances. This directly documents security feature behavior (attack traffic exclusion) and incentivizes proper WAF configuration. The security-related aspect is concrete evidence of documenting attack mitigation protections.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/flat-rate-pricing-plan.md b/AmazonCloudFront/latest/DeveloperGuide/flat-rate-pricing-plan.md
index 4c7f7eb3d..58834c87e 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/flat-rate-pricing-plan.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/flat-rate-pricing-plan.md
@@ -172 +172 @@ Performance and Delivery | Free | Pro | Business | Premium
-Each flat-rate plan includes a monthly usage allowance designed for optimal performance at that tier. You can track your usage allowance in the CloudFront console at any time. You will also receive automatic email notifications when you reach 50%, 80%, and 100% of your allowance, although notifications may be delayed.
+Each flat-rate plan includes a monthly usage allowance designed for optimal performance at that tier. **Usage allowances are not hard limits** —they represent the baseline usage your plan is designed to support. You can track your usage in the CloudFront console at any time and will receive automatic email notifications when you reach 50%, 80%, and 100% of your allowance.
@@ -174 +174 @@ Each flat-rate plan includes a monthly usage allowance designed for optimal perf
-Select a plan where the monthly usage allowance accommodates your baseline traffic on both requests and data transfer. If you exceed your allowance, you will not incur any overage charges. This allows you to operate your application without worrying about costs from unexpected traffic spikes or attacks. If you outgrow your plan's features or have a change in your baseline traffic, upgrade to the next tier to access more features and increase your monthly usage allowance. If your usage exceeds the allowances in your CloudFront flat-rate pricing plan, AWS may take appropriate action, which may include reducing your performance (for example, serving your traffic from fewer or more distant edge locations, reducing throughput, or throttling) or requiring a change to your pricing structure.
+### What counts toward your usage allowance
@@ -176 +176,20 @@ Select a plan where the monthly usage allowance accommodates your baseline traff
-If your application's baseline usage exceeds 500 M requests or 50 TB per month, [contact us](https://aws.amazon.com/contact-us/sales-support/) for custom pricing.
+**Blocked DDoS attacks and requests blocked by AWS WAF never count against your usage allowance.** Only traffic that makes it past your AWS WAF security rules counts towards your allowance. This means attacks and unwanted traffic won't count against you, and you maintain the ability to define exactly what traffic your application blocks or allows.
+
+### What happens when usage exceeds the allowance
+
+Plans are designed to be flexible and accommodate real-world traffic patterns like traffic variability, organic growth, and viral events. **Most importantly: you will not incur overage charges, regardless of how much you exceed your allowance.** If your usage exceeds your allowance through sustained growth over multiple months or through unusually high usage in a single month, we may adjust how we deliver your traffic. **Most customers never experience performance adjustments.**
+
+Here's how it works:
+
+  * **Your first traffic spike up to 3x your monthly allowance won't affect your service that month.** This one-time accommodation handles unexpected events like viral content or successful product launches without penalizing your success.
+
+  * **Sustained usage above your allowance is evaluated over 2-3 months or more, not immediately.** Minor fluctuations and moderate growth are expected and accommodated. Only substantial, sustained excess usage indicate your application has outgrown your tier.
+
+  * **You'll receive notifications each month as you approach and exceed your allowance.** If your usage consistently and significantly exceeds your plan, we recommend upgrading to a tier that matches your growth and ensures optimal performance as you scale. You control your performance by upgrading when your baseline usage patterns change.
+
+  * **If you continue to substantially exceed your plan's usage allowance without upgrading, we may adjust how we deliver your traffic.** For example, we might serve your traffic from fewer or more distant edge locations or adjust performance. The degree of adjustment is proportional—small excess usage sees minimal changes, larger sustained excess sees more noticeable changes. Upgrading restores full performance.
+
+
+
+
+**Most customers never experience performance adjustments. Plans are designed to accommodate normal growth patterns.**
@@ -183,3 +202 @@ Data transfer | 100 GB | 50 TB | 50 TB | 50 TB
-###### Note
-
-Blocked DDoS attacks and requests blocked by AWS WAF never count against your usage allowance.
+If your application's baseline usage exceeds 500 M requests or 50 TB per month, [contact us](https://aws.amazon.com/contact-us/sales-support/?pg=cloudfrontprice/?GLBL-FY25-CloudFrontWebPageInquiry-ContactUs) for custom pricing.