Configure AWS CloudFront for Use as Reverse Proxy

Configure AWS CloudFront for Use as Reverse Proxy

Feature availability

Auth0 custom domains are available with any paid subscription plan. If you want to manage the SSL/TLS certificates yourself, you will need an Enterprise subscription. For more information refer to Auth0 pricing plans.

You can configure AWS CloudFront for use as the reverse proxy with custom domain names for your Auth0 tenant.

  1. Log in to AWS, and navigate to CloudFront.

Cloudfront Getting Started

  1. Click Create Distribution.

  2. You can choose the delivery method for your content. Click Get Started under the Web section.

Select Delivery Method

  1. Configure your distribution settings. Under Origin Settings, here are the values you'll need to change:
Setting Value
Origin Domain Name Set this to the Origin Domain Name value obtained from the Auth0 Dashboard during the Custom Domains setup process
Origin ID A description for the origin. This value lets you distinguish between multiple origins in the same distribution and therefore must be unique.
Origin Protocol Policy Set to HTTPS Only
Alternate Domain Names (CNAMEs) Set to your custom domain name (the same one your configured in the Auth0 Dashboard)

Create Distribution

  1. Provide information on the Origin Custom Headers (the Header Name and Value fields appear only after you've provided an Origin Domain Name):
Setting Value
Header Name Set to cname-api-key
Value Set to the CNAME API Key value that you were given immediately after you verified ownership of your domain name with Auth0

Origin Custom Headers

  1. Configure the Default Cache Behavior Settings. Here are the values you'll need to change:
Setting Value
Viewer Protocol Policy Select Redirect HTTP to HTTPS
Cache Based on Selected Request Headers Select Whitelist
Whitelist Headers Enter User-Agent and click Add Custom >> to add the custom whitelist header. Do the same for Origin and Referer headers.
Forward Cookies Select All
Query String Forwarding and Caching Select Forward all, cache based on all
  1. Scroll to the bottom of the page and click Create Distribution.

You'll see your newly-created distribution in your CloudFront Distributions list. Note that the Status will reflect In progress until the distribution is Deployed.

Cloudfront Distributions

  1. Add a new CNAME record to your DNS for your custom domain pointing to the CloudFront Domain Name for your Distribution. This can be found by clicking on your Distribution ID, under the General tab, Domain Name (for example,

Keep reading