AWS AmazonCloudFront documentation change
Summary
Added documentation for using Amazon S3 Multi-Region Access Point as a CloudFront origin, including hostname format and a link to access restriction guidance.
Security assessment
The change introduces a new origin option and references a security feature (restricting access to the S3 Multi-Region Access Point origin). It does not address a specific security vulnerability but adds documentation about a security configuration option to protect origins.
Diff
diff --git a/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.md b/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.md index 9b21bd6d7..71f28d128 100644 --- a//AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.md +++ b//AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.md @@ -55,0 +56,2 @@ The following topics describe the different ways that you can use an Amazon S3 b + * Use an Amazon S3 Multi-Region Access Point + @@ -504,0 +507,8 @@ To force a faster update to CloudFront's records, you can update your CloudFront +### Use an Amazon S3 Multi-Region Access Point + +You can also use an Amazon S3 Multi-Region Access Point as a CloudFront origin. Amazon S3 Multi-Region Access Points provide a global endpoint that automatically routes requests to the closest Amazon S3 bucket based on network latency. When you use an Amazon S3 Multi-Region Access Point as an origin, specify the Multi-Region Access Point hostname as the origin domain name: + +``multi-region-access-point-alias`.accesspoint.s3-global.amazonaws.com` + +To restrict access to the S3 Multi-Region Access Point so that it's only accessible through your CloudFront distribution, see [Restrict access to an Amazon S3 Multi-Region Access Point origin](./private-content-restricting-access-to-s3-mrap.html). +