This project is not covered by Drupal’s security advisory policy.

You can use AWS CloudFront as a reverse proxy in front of your whole Drupal site.

This module provides a very simple AWS CloudFront Purge Purger plugin.

Required Modules

Because AWS CloudFront does not support cache tags (yet), this module depends on URLs queuer module


This module requires you to have the AWS SDK loaded in your classpath.

The recommended approach is to have a composer file in your project root, and run:

composer require aws/aws-sdk-php:~3.0


You need to specify the Distribution ID in your settings.php.

$config['cloudfront_purger.settings']['distribution_id'] = 'ABCD1234';

Alternatively, you can use drush to set it, then export as part of your site configuration.

drush config-set cloudfront_purger.settings distribution_id ABCD1234

Overriding AWS CloudFront region.

You can override the CloudFront client region by adding the following to your sites services.yml file:

    region: us-east-1
    version: latest

AWS Authentication

This module does not require setting AWS access keys, and assumes you are following best practices and following the SDK Guide on Credentials

This means, either using:

  • IAM Roles
  • Exporting credentials using environment variables
  • Using a profile in a ~/.aws/credentials file

You will need to allow the cloudfront:CreateInvalidation action in your IAM policy.

Supporting organizations: 
Developed By

Project Information