You can use AWS CloudFront as a reverse proxy in front of your whole Drupal site.

This module provides a very simple AWS CloudFront Purge Purger plugin.

WARNING: You are charged for each invalidation on CloudFront. Do your own calculations before using this module.

Features

  • Path invalidation: Invalidate specific URLs or wildcard patterns
  • Cache tag invalidation: Native CloudFront cache tag support using the Cache-Tag header and tag-based invalidation API

Required Modules

  • Path invalidation: Requies a module like Purge URLs queuer or your own custom code.
  • Cache tag invalidation: enable the CloudFront Purger Tags submodule (experimental).

    Installation

    This module requires you to have the AWS SDK loaded in your classpath.

    The recommended approach is to install this module via composer, which will also
    install the dependency. You can manually install the AWS SDK using the
    following::

    composer require aws/aws-sdk-php:~3.0

    Configuration

    You need to specify the Distribution ID in your settings.php.

    $config['cloudfront_purger.settings']['distribution_id'] = 'ABCD1234';

    Alternatively, you can use drush to set it, then export as part of your site configuration.

    drush config-set cloudfront_purger.settings distribution_id ABCD1234

    Overriding AWS CloudFront region.

    You can override the CloudFront client region by adding the following to your sites services.yml file:

    parameters:
  cloudfront.cloudfront_client.options:
    region: us-east-1
    version: latest

    AWS Authentication

    You can set the AWS key and secret in settings.php:

    $config['cloudfront_purger.settings']['aws_key'] = 'ABCD1234';
$config['cloudfront_purger.settings']['aws_secret'] = 'ABCD1234';

    If you do not explicitly set AWS key and secret in config, it will fall back to:

    • IAM Roles
    • Exporting credentials using environment variables
    • Using a profile in a ~/.aws/credentials file

    See the AWS SDK Guide on Credentials

    You will need to allow the cloudfront:CreateInvalidation action in your IAM policy.

    • Supporting organizations: 
    PreviousNext
    Developed By

    Project information

    Releases

    2.2.0 Stable release covered by the Drupal Security Team released 13 May 2026
    Works with Drupal: ^10.1 || ^11

    tag-based invalidation

    Install:

    Development version: 2.x-dev updated 11 May 2026 at 00:27 UTC

    2.1.0 Stable release covered by the Drupal Security Team released 30 July 2024
    Works with Drupal: ^10.1 || ^11

    Drupal 11 support

    Install:

    Pre-release version: 2.1.1-beta1 released 25 Mar 2025 at 06:31 UTC
    Linting updates and extra logging.

    Development version: 2.x-dev updated 11 May 2026 at 00:27 UTC

    Using Composer to manage Drupal site dependencies