Configure AWS CloudFront as Reverse Proxy

Availability varies by Auth0 plan and login method

Both the login implementation you use and your Auth0 plan or custom agreement affect whether this feature is available. To learn more, read Universal Login vs. Classic Login and Pricing.

You can configure AWS CloudFront for use as the reverse proxy with custom domain names for your Auth0 tenant.

  1. Log in to AWS, and navigate to CloudFront.

  2. Click Create Distribution.

  3. You can choose the delivery method for your content. Click Get Started under the Web section.

  4. Configure your distribution settings. Here are the values you'll need to change.

    Setting Value
    Origin Domain Name Set this to the Origin Domain Name value obtained from the Auth0 Dashboard during the Custom Domains setup process
    Origin ID A description for the origin. This value lets you distinguish between multiple origins in the same distribution and therefore must be unique.
    Origin Protocol Policy Set to HTTPS Only
    Alternate Domain Names (CNAMEs) Set to your custom domain name (the same one your configured in the Auth0 Dashboard)
    SSL Certificate Set to the SSL Certificate for your custom domain stored in AWS Certificate Manager (ACM) in the US East(N. Virginia) Region or in IAM.

  5. Provide information on the Origin Custom Headers (the Header Name and Value fields appear only after you've provided an Origin Domain Name)

    Setting Value
    Header Name Set to cname-api-key
    Value Set to the CNAME API Key value that you were given immediately after you verified ownership of your domain name with Auth0

  6. Configure the Default Cache Behavior Settings. Here are the values you'll need to change

    Setting Value
    Viewer Protocol Policy Select Redirect HTTP to HTTPS
    Allowed HTTP Methods Select GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
    Cache and origin request settings Select Legacy cache settings
    Cache Based on Selected Request Headers Select Include the following headers
    Add Headers Enter User-Agent and click Add Custom >> to add the custom header. Do the same for Authorization, Origin, Referer, Accept-Language, and Accept headers.
    Forward Cookies Select All
    Query Strings Select All

  7. Scroll to the bottom of the page and click Create Distribution. You'll see your newly-created distribution in your CloudFront Distributions list. Note that the Status will reflect In progress until the distribution is Deployed.

  8. Add a new CNAME record to your DNS for your custom domain pointing to the CloudFront Domain Name for your Distribution. This can be found by clicking on your Distribution ID, under the General tab, Domain Name (for example, e2zwy42nt1feu7.cloudfront.net).

Learn more