How can I configure CloudFront to forward the Authorization header to the origin?

Short description

Configure your distribution to forward the Authorization header to the origin in one of these ways:

• Create a cache policy. Then, associate the cache policy with the cache behavior that must forward the Authorization header.
  Note: You can't use an origin request policy to forward the Authorization header. The header must be a part of the cache key to prevent the cache from satisfying unauthorized requests. CloudFront returns an HTTP 400 error if you create an origin request policy that forwards the Authorization header.
• Edit an existing cache behavior with legacy cache settings.

Important: For Amazon Simple Storage Service (Amazon S3) origins, caching based on the Authorization header isn't supported. For more information, see Selecting the headers to base caching on.

Resolution

Create a cache policy

1. Follow the steps to create a cache policy using the CloudFront console.
2. Under Cache key settings, for Headers, choose Include the following headers. Then, under Add Headers, select Authorization.
3. Complete all other settings of the cache policy based on the requirements of the behavior that you're attaching the policy to. Then, choose Create.
4. After you create the cache policy, follow the steps to attach the policies to the relevant behavior of your CloudFront distribution.

Edit an existing cache behavior with legacy cache settings

1. Open the CloudFront console, and then choose your distribution.
2. Choose the Behaviors tab, and then select the path that you want to forward the Authorization header to.
3. Choose Edit.
4. Under Headers, choose Include the following headers. Then, under Add Headers, select Authorization.
5. Choose Save changes.