AWS Security ChangesHomeSearch

AWS AmazonCloudFront documentation change

Service: AmazonCloudFront · 2026-04-10 · Documentation low

File: AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.md

Summary

Added documentation for using Amazon S3 Multi-Region Access Point as a CloudFront origin, including hostname format and a link to access restriction guidance.

Security assessment

The change introduces a new origin option and references a security feature (restricting access to the S3 Multi-Region Access Point origin). It does not address a specific security vulnerability but adds documentation about a security configuration option to protect origins.

Diff

diff --git a/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.md b/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.md
index 9b21bd6d7..71f28d128 100644
--- a//AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.md
+++ b//AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.md
@@ -55,0 +56,2 @@ The following topics describe the different ways that you can use an Amazon S3 b
+  * Use an Amazon S3 Multi-Region Access Point
+
@@ -504,0 +507,8 @@ To force a faster update to CloudFront's records, you can update your CloudFront
+### Use an Amazon S3 Multi-Region Access Point
+
+You can also use an Amazon S3 Multi-Region Access Point as a CloudFront origin. Amazon S3 Multi-Region Access Points provide a global endpoint that automatically routes requests to the closest Amazon S3 bucket based on network latency. When you use an Amazon S3 Multi-Region Access Point as an origin, specify the Multi-Region Access Point hostname as the origin domain name:
+
+``multi-region-access-point-alias`.accesspoint.s3-global.amazonaws.com`
+
+To restrict access to the S3 Multi-Region Access Point so that it's only accessible through your CloudFront distribution, see [Restrict access to an Amazon S3 Multi-Region Access Point origin](./private-content-restricting-access-to-s3-mrap.html).
+