What is the difference between the default cache behavior and additional behaviors?

Every CloudFront distribution has exactly one default cache behavior that handles requests not matching any other path pattern. Additional cache behaviors are evaluated in order and matched against the request path. The first matching behavior wins, so ordering matters for overlapping patterns.

How does CloudFront determine what to cache?

CloudFront uses a cache key composed of the URL path and optionally headers, query strings, and cookies as specified in the cache policy. Requests with identical cache keys receive cached responses. A managed cache policy like CachingOptimized caches based on URL only, while custom policies can include specific headers or query strings.

Can I use both CloudFront Functions and Lambda@Edge on the same behavior?

Yes, but they serve different event types. CloudFront Functions run on viewer-request and viewer-response events with sub-millisecond latency, while Lambda@Edge also supports origin-request and origin-response events. You can associate one function per event type on a single behavior.

CloudFront Cache Behavior Builder

NetworkingAWS

Build CloudFront cache behavior configurations with path patterns, cache policies, and function associations in CloudFormation and Terraform.

Example Presets

Cache Behavior Configuration

Path Pattern

Origin ID

Viewer Protocol Policy

Allowed HTTP Methods

Cache Policy

Origin Request Policy

Response Headers Policy

Compress Objects AutomaticallySmooth Streaming

Function Associations

No function associations configured. Add CloudFront Functions or Lambda@Edge triggers.

Summary

/static/*redirect-to-httpsCachingOptimized (Recommended)Compressed

Path: /static/*
Origin: S3-static-assets
Protocol: redirect-to-https
Methods: GET, HEAD
Cache Policy: CachingOptimized (Recommended)
Compress: Yes

CloudFormation YAML

# CloudFront Cache Behavior Configuration
# Add this under Distribution > DistributionConfig > CacheBehaviors
- PathPattern: "/static/*"
  TargetOriginId: "S3-static-assets"
  ViewerProtocolPolicy: redirect-to-https
  AllowedMethods:
    - GET
    - HEAD
  CachedMethods:
    - GET
    - HEAD
  Compress: true
  CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6

About Cache Behaviors

Cache Policies vs Legacy Forwarding

AWS recommends using managed cache policies (like CachingOptimized) instead of legacy forwarded values. Cache policies are reusable, easier to manage, and support newer features. Use custom TTLs only when you need fine-grained control over caching duration that managed policies do not provide.

When to Use Custom TTLs

Custom TTL settings are useful when your origin does not send Cache-Control headers, or when you need to override origin headers. MinTTL sets the floor, DefaultTTL applies when the origin has no cache headers, and MaxTTL caps how long objects stay cached regardless of origin headers.

CloudFront Functions vs Lambda@Edge

CloudFront Functions run at 225+ edge locations, are limited to viewer events, and are ideal for lightweight transformations (URL rewrites, header manipulation). Lambda@Edge runs at regional edge caches, supports all four event types, and handles heavier processing (authentication, origin selection, image transformation).

About This Tool

The CloudFront Cache Behavior Builder helps you configure path-based caching rules for Amazon CloudFront distributions. Cache behaviors control how CloudFront handles requests matching specific URL path patterns, including which origin to forward to, cache key composition, TTL settings, viewer protocol policies, and Lambda@Edge or CloudFront Functions associations. This tool generates valid CloudFormation and Terraform configuration blocks.

When to Use This Tool

•Configuring separate cache behaviors for static assets (/images/*, /css/*) with long TTLs and dynamic API paths (/api/*) with no caching.
•Setting up cache key policies that include specific headers or query strings to ensure correct cache segmentation.
•Adding CloudFront Functions for URL rewriting or header manipulation on specific path patterns.
•Generating infrastructure-as-code for complex multi-origin distributions with ordered behavior precedence.

Frequently Asked Questions

What is the difference between the default cache behavior and additional behaviors?: Every CloudFront distribution has exactly one default cache behavior that handles requests not matching any other path pattern. Additional cache behaviors are evaluated in order and matched against the request path. The first matching behavior wins, so ordering matters for overlapping patterns.
How does CloudFront determine what to cache?: CloudFront uses a cache key composed of the URL path and optionally headers, query strings, and cookies as specified in the cache policy. Requests with identical cache keys receive cached responses. A managed cache policy like CachingOptimized caches based on URL only, while custom policies can include specific headers or query strings.
Can I use both CloudFront Functions and Lambda@Edge on the same behavior?: Yes, but they serve different event types. CloudFront Functions run on viewer-request and viewer-response events with sub-millisecond latency, while Lambda@Edge also supports origin-request and origin-response events. You can associate one function per event type on a single behavior.

Related Learning Guides

CloudFront CDN Guide24 min read
AWS Networking Deep Dive30 min read

Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.