These rules identify CloudFront distributions using the most expensive price class when a cheaper option may be sufficient for your audience's geographic distribution.
| Rule ID | Scan Type | Name |
|---|---|---|
| CLDBRN-AWS-CLOUDFRONT-1 | Discovery | CloudFront Distribution Price Class All |
CLDBRN-AWS-CLOUDFRONT-1
CloudFront Distribution Price Class All
Scan type: Discovery
What it checks
Flags CloudFront distributions configured with PriceClass_All, which includes edge locations in every AWS region, including the most expensive ones (South America, Australia, Asia). If your audience is concentrated in North America and Europe, a cheaper price class delivers the same experience at lower cost.
Why it matters
CloudFront pricing varies significantly by edge location. Requests served from South American or Australian edge locations cost 2-3x more per GB than the same request from a US or European edge. PriceClass_All routes traffic to these expensive regions even when the audience there is negligible. Switching to PriceClass_100 (US, Canada, Europe) or PriceClass_200 (adds Asia, Middle East, Africa) can cut per-request costs substantially for distributions that don't need global edge coverage.
What triggers a finding
The distribution's priceClass is PriceClass_All.
How to remediate
Update the distribution's price class based on where your users actually are. Check your CloudFront access logs or CloudWatch metrics to see which edge locations serve the most traffic:
aws cloudfront update-distribution \
--id E1EXAMPLE \
--distribution-config file://updated-config.json
In the config, set PriceClass to PriceClass_100 (cheapest, US/Canada/Europe only) or PriceClass_200 (adds Asia/Middle East/Africa). Users outside the selected edge regions still get served, just from the nearest included edge location with slightly higher latency.
See Also
- CLI discover command - scan live CloudFront distributions
- SDK Reference - run discovery programmatically