# Serve web content globally with Lightsail content delivery distributions
Distributions

A Lightsail distribution uses a globally distributed network of servers, also known as *edge locations*, to provide faster delivery of your content to your users. To use a distribution, you first create and host your website or web application on a Lightsail instance or container service, or multiple instances attached to a Lightsail load balancer, or store your static content on a Lightsail bucket. You then create and configure a Lightsail distribution to pull, cache, and serve content from your instance, container service, load balancer, or bucket. Your instance, container service, load balancer, or bucket, also known as your distribution's *origin*, is the definitive source of your content.

When your user requests content by visiting your website, which is being served through a distribution, the request is routed to the nearest location in terms of latency. Your distribution then performs one of the following actions:
+ If the content is already being cached in the edge location, your distribution immediately serves it to your user.
+ If the content is not yet being cached in that edge location, your distribution retrieves it from the specified origin, caches it, and serves it to your user.

Your content is cached in edge locations for the duration of the cache lifespan (time to live) that you specify for your distribution, so that other requests at the same location are immediately fulfilled. Your cached content is cleared from the edge location when it reaches its cache lifespan. Your distribution retrieves, caches, and serves content the next time a content request is routed to the edge location.

In the following diagram:
+ 1 represents the origin of your distribution, such as a Lightsail instance or container service that is hosting your website, a load balancer with instances attached to it, or a bucket that is hosting your static content.
+ 2 represents your distribution, or the edge locations that pull, cache, and serve content from your origin.
+ 3 represents your users who are served content from the edge locations.

![\[Lightsail distribution diagram\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/distribution-diagram.png)


**Note**  
This diagram is for illustration purpose only and doesn't show actual edge locations. For more information about edge locations, see [Edge locations and IP address ranges](#edge-locations) later in this guide.

For example, if your website is hosted in France, and a person from another area of France wants to view your content, the page will load in milliseconds.

When your visitor isn't nearby, things get a little difficult.

If a person from Australia wants to view your content, the browser will have to fetch it from a server that is located in France and then show it to that user thousands of miles away. If users from different countries request the same content at the same time, the server becomes clogged with requests and takes longer to load and serve the content. This affects the speed at which the content loads for the end user.

![\[Lightsail distribution example\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-use-cases.png)


A CDN resolves this situation by caching your website content at edge locations. This method of serving content is faster and more efficient than the traditional method of serving content from one central resource. When a viewer makes a request on your website or through your application, DNS routes the request to the location that can best serve the user’s request. Your users access your content from locations that are nearby, as opposed to all of your users accessing the same central resource that may be far away.

## Use cases


**Deliver fast, secure websites**  
A Lightsail distribution speeds up the delivery of your content (for example, website pages, images, style sheets, JavaScript, and so on) to viewers *worldwide*. By using a distribution, you can take advantage of the AWS backbone network and edge servers to give your viewers a fast, safe, and reliable experience when they visit your website.

**Improve your site’s security**  
Strengthen your website and increase its performance by taking advantage of TLS termination, which reduces the load on your origin by offloading the cryptographic processing to your distribution. You can use your registered domain name together with a Lightsail SSL/TLS certificate to enable Hypertext Transfer Protocol Secure (HTTPS) for your distribution. Your users establish an encrypted HTTPS connection to your distribution, while your distribution pulls content from your origin using HTTP.

**Application optimization**  
Easily optimize your distributions for a variety of applications, including WordPress and static websites. Using a distribution to cache and serve your content also reduces the load on your origin, because most requests are served by your distribution and not your instance, container service, load balancer, or bucket.

## Configure your distribution


These are the general steps to follow to serve your website or web application using a Lightsail instance and a distribution.

1. Complete one of the following, depending on whether you want to use an instance, container service, or a bucket with your distribution.
   + **Create a Lightsail instance to host your content.** The instance serves as the origin of your distribution. The origin stores the original, definitive version of your content. For more information, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md).

     Attach a Lightsail static IP to your instance. Your instance's default public IP address changes if you stop and start your instance, which will break the connection between your distribution and your origin instance. A static IP does not change if you stop and start your instance. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).

     Upload your content and files to your instance. Your files, also known as *objects*, typically include web pages, images, and media files, but can be anything that can be served over HTTP.
   + **Create a Lightsail container service to host your website or web application.** The container service serves as the origin of your distribution. The origin stores the original, definitive version of your content. For more information, see [Create Amazon Lightsail container services](amazon-lightsail-creating-container-services.md).
   + **Create a Lightsail bucket to store your static content.** The bucket serves as the origin of your distribution. The origin stores the original, definitive version of your content. For more information, see [Create a bucket](amazon-lightsail-creating-buckets.md).

     Upload files to your bucket using the Lightsail console, AWS Command Line Interface (AWS CLI), and AWS APIs. For more information about uploading files, see [Upload files to a bucket](amazon-lightsail-uploading-files-to-a-bucket.md#amazon-lightsail-uploading-files-to-a-bucket.title).

1. **(Optional) Create a Lightsail load balancer if your website being hosted on an instance requires fault tolerance.** Then attach multiple copies of your instance to your load balancer. You can configure your load balancer (with one or more instances attached to it) as the origin of your distribution, instead of configuring your instance as the origin. For more information, see [Create a load balancer and attach instances to it](create-lightsail-load-balancer-and-attach-lightsail-instances.md).

1. **Create a Lightsail distribution, and configure your instance, container service, load balancer, or bucket as the origin.** At the same time, you specify details such as the cache lifespan of your content, and which elements of your website or web application are cached. For more information, see [Create a distribution](amazon-lightsail-creating-content-delivery-network-distribution.md).

1. (Optional) If your distribution's origin is a WordPress instance, you must edit the WordPress configuration file in your instance to make your WordPress website work with your distribution. For more information, see [Configure your WordPress instance to work with your distribution](amazon-lightsail-editing-wp-config-for-distribution.md).

1. **(Optional) Create a Lightsail DNS zone to manage your domain's DNS in the Lightsail console.** This allows you to easily map your domain to your Lightsail resources. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). Alternately, you can continue hosting your domain's DNS where it's currently being hosted.

1. **Create a Lightsail SSL/TLS certificate for your domain to use it with your distribution.** Lightsail distributions require HTTPS, so you must request an SSL/TLS certificate for your domain before you can use it with your distribution. For more information, see [Create SSL/TLS certificates for your distribution](amazon-lightsail-create-a-distribution-certificate.md).

1. **Enable custom domains for your distribution to use your registered domain names with your distributions.** Enabling custom domains requires that you specify the Lightsail SSL/TLS certificate that you created for your domains. This adds your domains to your distribution and enables HTTPS. For more information, see [Enable custom domains for your distribution](amazon-lightsail-enabling-distribution-custom-domains.md).

1. **Add an alias record to your domain's DNS to begin routing traffic for your domain to your distribution.** After you add the alias record, users who visit your domain are routed through your distribution. For more information, see [Point your domain to a distribution](amazon-lightsail-point-domain-to-distribution.md).

1. **Test that your distribution is caching your content.** For more information, see [Test your distribution](amazon-lightsail-testing-distribution.md).

## Edge locations and IP address ranges


Lightsail distributions use the same edge servers and IP address ranges as Amazon CloudFront. For a list of the locations of CloudFront edge servers, see the [Amazon CloudFront Product Details page](http://aws.amazon.com/cloudfront/details). For a list of the CloudFront IP ranges, see the [CloudFront global IP list](http://d7uri8nf7uskq.cloudfront.net/tools/list-cloudfront-ips).

# Create a Lightsail content delivery network distribution
Create a distribution

In this guide, we show you how to create an Amazon Lightsail distribution using the Lightsail console, and describe the distribution settings that you can configure. For more information about distributions, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md).

**Contents**
+ [Prerequisites](#distribution-prerequisites)
+ [Origin resource](#distribution-origin-resource)
+ [Origin protocol policy](#distribution-origin-protocol-policy)
+ [Caching behavior and caching presets](#distribution-caching-preset)
+ [Best for WordPress caching preset](#wordpress-distribution-preset)
+ [Default behavior](#distribution-default-behavior)
+ [Directory and file overrides](#distribution-directory-file-overrides)
+ [Advanced cache settings](#distribution-advanced-settings)
+ [Distribution plan](#distribution-plan)
+ [Creating a distribution](#creating-a-distribution)
+ [Next steps](#creating-distribution-next-steps)

## Prerequisites


Complete the following prerequisites before you get started with creating a distribution:

1. Complete one of the following, depending on whether you want to use an instance, container service, or a bucket with your distribution.
   + **Create a Lightsail instance to host your content.** The instance serves as the origin of your distribution. The origin stores the original, definitive version of your content. For more information, see [Create an instance](how-to-create-amazon-lightsail-instance-virtual-private-server-vps.md).

     **Attach a Lightsail static IP to your instance.** Your instance's default public IP address changes if you stop and start your instance, which will break the connection between your distribution and your origin instance. A static IP does not change if you stop and start your instance. For more information, see [Create a static IP and attach it to an instance](lightsail-create-static-ip.md).

     **Upload your content and files to your instance.** Your files, also known as *objects*, typically include web pages, images, and media files, but can be anything that can be served over HTTP.
   + **Create a Lightsail container service to host your website or web application.** The container service serves as the origin of your distribution. The origin stores the original, definitive version of your content. For more information, see [Creating Amazon Lightsail container services](amazon-lightsail-creating-container-services.md).
   + **Create a Lightsail bucket to store your static content.** The bucket serves as the origin of your distribution. The origin stores the original, definitive version of your content. For more information, see [Create a bucket](amazon-lightsail-creating-buckets.md).

     Upload files to your bucket using the Lightsail console, AWS Command Line Interface (AWS CLI), and AWS APIs. For more information about uploading files, see [Upload files to a bucket](amazon-lightsail-uploading-files-to-a-bucket.md).

1. (Optional) Create a Lightsail load balancer if your website requires fault tolerance. Then attach multiple copies of your instance to your load balancer. You can configure your load balancer (with one or more instances attached to it) as the origin of your distribution, instead of configuring your instance as the origin. For more information, see [Create a load balancer and attach instances to it](create-lightsail-load-balancer-and-attach-lightsail-instances.md).

## Origin resource


An *origin* is the definitive source of content for your distribution. When you create your distribution, you choose the Lightsail instance, container service, bucket, or load balancer (with one or more instances attached to it) that hosts the content of your website or web application.

**Note**  
IPv6-only instances cannot be configured as the origin for a Lightsail content delivery network (CDN) distribution at this time.

You can choose only one origin per distribution. You can change the origin at any time after you create your distribution. For more information, see [Change the origin of your distribution](amazon-lightsail-changing-distribution-origin.md).

![\[Distribution origin selector\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-distribution-choose-origin.png)


## Origin protocol policy


The origin protocol policy is the protocol policy that your distribution uses when pulling content from your origin. After you choose an origin for your distribution, you should determine if your distribution should use Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) when pulling content from your origin. If your origin is not configured for HTTPS, then you must use HTTP.

You can choose one of the following origin protocol policies for your distribution:
+ **HTTP Only** - Your distribution uses only HTTP to access the origin. This is the default setting.
+ **HTTPS Only** - Your distribution uses only HTTPS to access the origin.

The steps to edit your origin protocol policy are included in the [Create a distribution](#creating-a-distribution) section later in this guide.

**Note**  
When you select a Lightsail bucket as the origin of your distribution, the **Origin protocol policy** defaults to **HTTPS only**. You cannot change the origin protocol policy when a bucket is the origin of your distribution.

## Caching behavior and caching presets


A *caching preset* automatically configures the settings of your distribution for the type of content that you host on your origin. For example, choosing the **Best for static content** preset automatically configures your distribution with settings that work best with static websites. If your website is hosted on a WordPress instance, then choose the **Best for WordPress** preset to have your distribution automatically configured to work with your WordPress website.

**Note**  
The caching preset options are not available when you select a Lightsail bucket as the origin of your distribution. We automatically apply distribution settings that are best for static content being stored in a bucket.

You can choose one of the follow caching presets for your distribution:
+ **Best for static content** - This preset configures your distribution to *cache everything*. This preset is ideal if you host static content (e.g., static HTML pages) on your origin, or content that does not change for each user who visits your website. All content on your distribution is cached when you choose this preset.
+ **Best for dynamic content** - This preset configures your distribution to cache nothing except the files that you specify as **Cache** in the **Directory and file overrides** section of the **Create a distribution** page. For more information, see [Directory and file overrides](#distribution-directory-file-overrides) later in this guide. This preset is ideal if you host dynamic content on your origin, or content that may change for each user who visits your website or web application.
+ **Best for WordPress** - This preset configures your distribution to *cache nothing* except the files in the `wp-includes/` and `wp-content/` directories of your WordPress instance. This preset is ideal if your origin is an instance that uses the **WordPress Certified by Bitnami and Automattic** blueprint (excluding the multisite blueprint). For more information about this preset, see [Best for WordPress caching preset](#wordpress-distribution-preset).
**Note**  
The **Custom settings** preset cannot be selected. It is automatically selected for you if you choose a preset but then manually modify your distribution's settings.

A caching preset can be specified only in the Lightsail console. It cannot be specified using the Lightsail API, AWS CLI, and SDKs.

## Best for WordPress caching preset


When you select an instance that uses the **WordPress Certified by Bitnami and Automattic** blueprint as the origin of your distribution, Lightsail asks if you want to apply the **Best for WordPress** caching preset to your distribution. If you apply the present, then your distribution is automatically configured to work best with your WordPress website. There are no other distribution settings that you need to apply. The Best for WordPress preset to *cache nothing* except the files in the `wp-includes/` and `wp-content/` directories of your WordPress website. It also configures your distribution to clear its cache every day (cache lifespan of 1 day), allow all HTTP methods, forward only the `Host` header, forward no cookies, and forwards all query strings.

**Important**  
You must edit the WordPress configuration file in your instance to make your WordPress website work with your distribution. For more information, see [Configure your WordPress instance to work with your distribution](amazon-lightsail-editing-wp-config-for-distribution.md).

## Default behavior


A *default behavior* specifies how your distribution handles content caching. The default behavior of your distribution is automatically specified for you depending on the [caching preset](#distribution-caching-preset) that you select. If you select a different default behavior, then the caching preset is automatically changed to **Custom settings**.

**Note**  
The default behavior options are not available when you select a Lightsail bucket as the origin of your distribution. We automatically apply distribution settings that are best for static content being stored in a bucket.

You can choose one of the follow default behaviors for your distribution:
+ **Cache everything** - This behavior configures your distribution to cache and serve your entire website as static content. This option is ideal if your origin hosts content that doesn't change depending on who views it, or if your website does not use cookies, headers, or query strings to personalize content.
+ **Cache nothing** - This behavior configures your distribution to cache only the origin files and folder paths that you specify. This option is ideal if your website or web application uses cookies, headers, and query strings to personalize content for individual users. If you select this option, you *must* specify the [directory and file path overrides](#distribution-directory-file-overrides) to cache.

## Directory and file overrides


A *directory and file override* can be used to override, or add an exception to, the default behavior you selected. For example, if you chose to *cache everything*, use an override to specify a directory, file, or file type that your distribution shouldn't cache. Alternately, if you chose to *cache nothing*, use an override to specify a directory, file, or file type that your distribution should cache.

In the **Directory and file overrides** section of the page, you can specify a path to a directory or a file to cache, or not cache. Use an asterisk symbol to specify wildcard directories (`path/to/assets/*`), and file types (`*.html`, `*jpg`, `*js`). Directories and file paths are case-sensitive.

**Note**  
The directory and file override options are not available when you select a Lightsail bucket as the origin of your distribution. Everything that is stored in the selected bucket is cached.

These are just a few examples of how you can specify directory and file overrides:
+ Specify the following to cache all files in the document root of an Apache web server running on a Lightsail instance.

  ```
  var/www/html/
  ```
+ Specify the following file to cache only the index page in the document root of an Apache web server.

  ```
  var/www/html/index.html
  ```
+ Specify the following to cache only the .html files in the document root of an Apache web server.

  ```
  var/www/html/*.html
  ```
+ Specify the following to cache only the .jpg, .png, and .gif files in the images sub-directory of the document root of an Apache web server.

  ```
  var/www/html/images/*.jpg
  ```

  ```
  var/www/html/images/*.png
  ```

  ```
  var/www/html/images/*.gif
  ```

  Specify the following to cache all files in the images sub-directory of the document root of an Apache web server.

  ```
  var/www/html/images/
  ```

## Advanced cache settings


The *advanced settings* can be used to specify the cache lifespan of content on your distribution, the allowed HTTP methods, HTTP header forwarding, cookie forwarding, and query string forwarding. The advanced settings that you specify apply only to the directory and files that your distribution caches, including the directory and file overrides that you specify as **Cache**.

**Note**  
The advanced cache settings are not available on the **Create distribution** page when you select a Lightsail bucket as the origin of your distribution. We automatically apply distribution settings that are best for static content being stored in a bucket. However, you can modify the advanced cache settings in the distribution management page after your distribution is created.

You can configure the following advanced settings:

**Cache lifespan (TTL)**

Controls the amount of time your content stays in your distribution's cache before your distribution forwards another request to your origin to determine if your content has been updated. The default value is one day. Reducing the duration allows you to better serve dynamic content. Increasing the duration means that your users get better performance because your files are more likely to be served directly from the edge location. Increasing the duration also reduces the load on your origin, because your distribution pulls content less frequently.

**Note**  
The cache lifespan value that you specify applies only when your origin does not add HTTP headers such as `Cache-Control max-age`, `Cache-Control s-maxage`, or `Expires` to your content.

**Allowed HTTP methods**

Controls the HTTP methods that your distribution processes and forwards to your origin. HTTP methods indicate the desired action to be performed on the origin. For example, the GET method retrieves data from your origin, and the PUT method requests that the enclosed entity be stored on your origin.

You can choose one of the following HTTP method options for your distribution:
+ **Allow GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE methods**
+ **Allow the GET, HEAD, and OPTIONS methods**
+ **Allow the GET and HEAD methods**

Your distribution always caches responses to the GET and HEAD requests. Your distribution also caches responses to the OPTIONS requests, if you choose to allow those requests. Your distribution does not cache responses to any other HTTP methods. For more information, see [HTTP methods](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-distribution-request-and-response#RequestCustomHTTPMethods).

**Important**  
If you configure your distribution to allow all of the HTTP methods that are supported, you must configure your origin instance to handle all methods. For example, if you configure your distribution to allow these methods because you want to use POST, you must configure your origin server to handle DELETE requests appropriately so viewers can't delete resources that you don't want them to. For more information, search the documentation for your website or web application.

**HTTP header forwarding**

Controls whether your distribution caches your content based on the values of specified headers, and if so, which ones. HTTP headers carry information about the client browser, the requested page, the origin and more. For example, the `Accept-Language` header sends the language of the client (e.g., `en-US` for English), so that the origin can respond with content in the language of the client, if it's available.

You can choose one of the following HTTP header options for your distribution:
+ **Forward no headers**
+ **Forward only the headers I specify**

When you select **Forward no headers**, your distribution doesn't cache your content based on header values. Regardless of the option that you select, your distribution forwards certain headers to your origin and takes specific actions based on the headers that you forward. For more information about how your distribution handles header forwarding, see [HTTP request headers and distribution behavior](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-distribution-request-and-response#request-custom-headers-behavior).

**Cookie forwarding**

Controls whether your distribution forwards cookies to your origin and, if so, which ones. A cookie contains a small piece of data sent to the origin, such as information about a visitor's actions on a web page of your origin, as well as any information the visitor has provided, such as their name and interests.

You can choose one of the following cookie forwarding options for your distribution:
+ **Don't forward cookies**
+ **Forward all cookies**
+ **Forward cookies I specify**

If you choose **Forward all cookies**, your distribution forwards all cookies regardless of how many your application uses. If you chose **Forward cookies I specify**, then enter the names of cookies that you want your distribution to forward in the text box that appears. You can specify the following wildcards when you specify cookie names:
+ \$1 matches 0 or more characters in the cookie name
+ ? matches exactly one character in the cookie name

For example, suppose that a viewer's request for an object includes a cookie named `userid_member-number`. Where each of your users has a unique value for `member-number` (`userid_123`, `userid_124`, `userid_125`, etc.). You want your distribution to cache a separate version of the content for each member. You could accomplish this by forwarding all cookies to your origin, but the viewer requests include some cookies that you don't want your distribution to cache. You could specify the following value as a cookie name, which causes your distribution to forward all of the cookies that begin with `userid_` to your origin: `userid_*`

**Query string forwarding**

Controls whether your distribution forwards query strings to your origin and, if so, which ones. A query string is a part of a URL that assigns values to specified parameters. For example, the `https://example.com/over/there?name=ferret` URL contains the `name=ferret` query string. When a server receives a request for such a page, it may run a program, passing the `name=ferret` query string unchanged, to the program. The question mark is used as a separator, and is not part of the query string.

You can choose to have your distribution forward no query strings, or forward only the query strings that you specify. Choose not to forward query strings if your origin returns the same version of your content regardless of the values of query string parameters. This increases the likelihood that your distribution can serve a request from the cache, which improves performance and reduces the load on your origin. Choose to forward only the query strings that you specify if your origin server returns different versions of your content based on one or more query string parameters.

## Distribution plan


A *distribution plan* specifies the monthly data transfer quota and cost of your distribution. If your distribution transfers more data than your plan's monthly data transfer quota, you are charged an overage. For more information, see the [Lightsail pricing page](https://aws.amazon.com/lightsail/pricing/).

To avoid an overage fee, change your distribution's current plan to a different plan that offers a greater amount of monthly data transfer before your distribution exceeds its monthly quota. You can change your distribution's plan only one time during each AWS billing cycle. For more information about changing your distributions plan after you create it, see [Change the plan of your distribution](amazon-lighstail-changing-distribution-plan.md).

## Create a distribution


Complete the following procedure to create a distribution.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose **Create distribution**.

1. In the **Choose your origin** section of the page, choose the AWS Region in which your origin resource was created.

   Distributions are global resources. They can reference an origin in any AWS Region, and distribute its content globally.

1. Choose your origin. An origin can be a Lightsail instance, container service, bucket, or a load balancer (with one or more instances attached to it). For more information, see [Origin resource](#distribution-origin-resource).
**Important**  
If you choose a Lightsail container service as the origin of your distribution, Lightsail automatically adds the default domain name of your distribution as a custom domain on your container service. This enables traffic to be routed between your distribution and your container service. However, there are some circumstances in which you might need to manually add the default domain name of your distribution to your container service. For more information, see [Add the default domain of a distribution to a container service](amazon-lightsail-adding-distribution-default-domain-to-container-service.md).

1. (Optional) To change your origin protocol policy, choose the pencil icon displayed next to the current origin protocol policy that your distribution uses. For more information, see [Origin protocol policy](#distribution-origin-protocol-policy).

   This option is listed in the **Choose your origin** section of the page, under the origin resource you selected for your distribution.
**Note**  
When you select a Lightsail bucket as the origin of your distribution, the **Origin protocol policy** defaults to **HTTPS only**. You cannot change the origin protocol policy when a bucket is the origin of your distribution.  
![\[Origin protocol policy\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/origin-protocol-policy.png)

1. Choose the caching behavior (also known as a caching preset) for your distribution. For more information, see [Caching behavior and caching preset](#distribution-caching-preset).
**Note**  
The caching preset options are not available when you select a Lightsail bucket as the origin of your distribution. We automatically apply distribution settings that are best for static content being stored in a bucket.

1. (Optional) Choose **Show all settings** to view additional caching behavior settings for your distribution.
**Note**  
The caching behavior settings are not available when you select a Lightsail bucket as the origin of your distribution. We automatically apply distribution settings that are best for static content being stored in a bucket.

1. (Optional) Choose the default behavior for your distribution. For more information, see [Default behavior](#distribution-default-behavior).
**Note**  
The default behavior options are not available when you select a Lightsail bucket as the origin of your distribution. We automatically apply distribution settings that are best for static content being stored in a bucket.

1. (Optional) Choose **Add path** to add a directory and file override to your distribution's caching behavior. For more information, see [Directory and file overrides](#distribution-directory-file-overrides).
**Note**  
The directory and file override options are not available when you select a Lightsail bucket as the origin of your distribution. We automatically apply distribution settings that are best for static content being stored in a bucket.

1. (Optional) Choose the pencil icon displayed next to the advanced setting you want to edit for your distribution. For more information, see [Advanced cache settings](#distribution-advanced-settings).
**Note**  
The advanced cache settings are not available on the **Create distribution** page when you select a Lightsail bucket as the origin of your distribution. We automatically apply distribution settings that are best for static content being stored in a bucket. However, you can modify the advanced cache settings in the distribution management page after your distribution is created.

1. Choose your distribution plan. For more information, see [Distribution plans](#distribution-plan).

1. Enter a name for your distribution.

   Resource names:
   + Must be unique within each AWS Region in your Lightsail account.
   + Must contain 2 to 255 characters.
   + Must start and end with an alphanumeric character or number.
   + Can include alphanumeric characters, numbers, periods, dashes, and underscores.

1. Review the cost of your distribution.

1. Choose **Create distribution**.

   Your distribution is created after a few moments.

## Next steps


We recommend that you complete the following next steps after your distribution is up and running.

1. If your distribution's origin is a WordPress instance, you must edit the WordPress configuration file in your instance to make your WordPress website work with your distribution. For more information, see [Configure your WordPress instance to work with your distribution](amazon-lightsail-editing-wp-config-for-distribution.md).

1. (Optional) Create a Lightsail DNS zone to manage your domain's DNS in the Lightsail console. This allows you to easily map your domain to your Lightsail resources. For more information, see [Create a DNS zone to manage your domain’s DNS records](lightsail-how-to-create-dns-entry.md). Alternately, you can continue hosting your domain's DNS where it's currently being hosted.

1. Create a Lightsail SSL/TLS certificate for your domain to use it with your distribution. Lightsail distributions require HTTPS, so you must request an SSL/TLS certificate for your domain before you can use it with your distribution. For more information, see [Create SSL/TLS certificates for your distribution](amazon-lightsail-create-a-distribution-certificate.md).

1. Enable custom domains for your distribution to use your domain with your distribution. Enabling custom domains requires that you specify the Lightsail SSL/TLS certificate that you created for your domain. This adds your domain to your distribution and enables HTTPS. For more information, see [Enable custom domains for your distribution](amazon-lightsail-enabling-distribution-custom-domains.md).

1. Add an alias record to your domain's DNS to begin routing traffic for your domain to your distribution. After you add the alias record, users who visit your domain are routed through your distribution. For more information, see [Point your domain to a distribution](amazon-lightsail-point-domain-to-distribution.md).

1. Test that your distribution is caching your content. For more information, see [Test your distribution](amazon-lightsail-testing-distribution.md).

# Delete Lightsail distributions
Delete a distribution

You can delete your Amazon Lightsail distribution at any time if you're no longer using it.

## Delete your distribution


Complete the following procedure to delete a distribution.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose the name of the distribution you want to delete.

1. Choose the **Delete** tab on your distribution's management page.

1. Choose **Delete distribution** to delete your distribution.

1. Choose **Yes, delete** to confirm the deletion.

# Configure caching for your Lightsail distribution
Caching behavior

A cache behavior lets you configure what is cached or isn't cached from your origin by your Amazon Lightsail distribution. For example, you can specify to cache individual directories, files, or file types from your origin. You can also specify the HTML methods and headers that are forwarded to your origin. In this guide, we show you how to change the caching behavior of your distribution. For more information about distributions, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md).

**Contents**
+ [Caching preset](#changing-caching-behavior-distribution-caching-preset)
+ [Best for WordPress caching preset](#changing-caching-behavior-wordpress-distribution-preset)
+ [Default behavior](#changing-caching-behavior-distribution-default-behavior)
+ [Directory and file overrides](#changing-caching-behavior-distribution-directory-file-overrides)
+ [Advanced cache settings](#changing-caching-behavior-distribution-advanced-settings)
+ [Change your distribution's cache behavior](#change-distribution-cache-behavior)

## Caching preset


A *caching preset* automatically configures the settings of your distribution for the type of content that you host on your origin. For example, choosing the **Best for static content** preset automatically configures your distribution with settings that work best with static websites. If your website is hosted on a WordPress instance, then choose the **Best for WordPress** preset to have your distribution automatically configured to work with your WordPress website.

You can choose one of the follow caching presets for your distribution:
+ **Best for static content** - This preset configures your distribution to *cache everything*. This preset is ideal if you host static content (e.g., static HTML pages) on your origin, or content that does not change for each user who visits your website. All content on your distribution is cached when you choose this preset.
+ **Best for dynamic content** - This preset configures your distribution to cache nothing except the files that you specify as **Cache** in the **Directory and file overrides** section of the **Create a distribution** page. For more information, see [Directory and file overrides](#changing-caching-behavior-distribution-directory-file-overrides) later in this guide. This preset is ideal if you host dynamic content on your origin, or content that may change for each user who visits your website or web application.
+ **Best for WordPress** - This preset configures your distribution to *cache nothing* except the files in the `wp-includes/` and `wp-content/` directories of your WordPress instance. This preset is ideal if your origin is an instance that uses the **WordPress Certified by Bitnami and Automattic** blueprint (excluding the multisite blueprint). For more information about this preset, see [Best for WordPress caching preset](#changing-caching-behavior-wordpress-distribution-preset).
**Note**  
The **Custom settings** preset cannot be selected. It is automatically selected for you if you choose a preset but then manually modify your distribution's settings.

A caching preset can be specified only in the Lightsail console. It cannot be specified using the Lightsail API, AWS CLI, and SDKs.

## Best for WordPress caching preset


When you select an instance that uses the **WordPress Certified by Bitnami and Automattic** blueprint as the origin of your distribution, Lightsail asks if you want to apply the **Best for WordPress** caching preset to your distribution. If you apply the present, then your distribution is automatically configured to work best with your WordPress website. There are no other distribution settings that you need to apply. The Best for WordPress preset to *cache nothing* except the files in the `wp-includes/` and `wp-content/` directories of your WordPress website. It also configures your distribution to clear its cache every day (cache lifespan of 1 day), allow all HTTP methods, forward only the `Host` header, forward no cookies, and forwards all query strings.

**Important**  
You must edit the WordPress configuration file in your instance to make your WordPress website work with your distribution. For more information, see [Configure your WordPress instance to work with your distribution](amazon-lightsail-editing-wp-config-for-distribution.md).

## Default behavior


A *default behavior* specifies how your distribution handles content caching. The default behavior of your distribution is automatically specified for you depending on the [caching preset](#changing-caching-behavior-distribution-caching-preset) that you select. If you select a different default behavior, then the caching preset is automatically changed to **Custom settings**.

You can choose one of the follow default behaviors for your distribution:
+ **Cache everything** - This behavior configures your distribution to cache and serve your entire website as static content. This option is ideal if your origin hosts content that doesn't change depending on who views it, or if your website does not use cookies, headers, or query strings to personalize content.
+ **Cache nothing** - This behavior configures your distribution to cache only the origin files and folder paths that you specify. This option is ideal if your website or web application uses cookies, headers, and query strings to personalize content for individual users. If you select this option, you *must* specify the [directory and file path overrides](#changing-caching-behavior-distribution-directory-file-overrides) to cache.

## Directory and file overrides


A *directory and file override* can be used to override, or add an exception to, the default behavior you selected. For example, if you chose to *cache everything*, use an override to specify a directory, file, or file type that your distribution shouldn't cache. Alternately, if you chose to *cache nothing*, use an override to specify a directory, file, or file type that your distribution should cache.

In the **Directory and file overrides** section of the page, you can specify a path to a directory or a file to cache, or not cache. Use an asterisk symbol to specify wildcard directories (`path/to/assets/*`), and file types (`*.html`, `*jpg`, `*js`). Directories and file paths are case-sensitive.

These are a few examples of how you can specify directory and file overrides:
+ Specify the following to cache all files in the document root of an Apache web server running on a Lightsail instance.

  ```
  var/www/html/
  ```
+ Specify the following to cache only the index page in the document root of an Apache web server.

  ```
  var/www/html/index.html
  ```
+ Specify the following to cache only the .html files in the document root of an Apache web server.

  ```
  var/www/html/*.html
  ```
+ Specify the following to cache only the .jpg, .png, and .gif files in the images sub-directory of the document root of an Apache web server.

  ```
  var/www/html/images/*.jpg
  ```

  ```
  var/www/html/images/*.png
  ```

  ```
  var/www/html/images/*.gif
  ```

  Specify the following to cache all files in the images sub-directory of the document root of an Apache web server.

  ```
  var/www/html/images/
  ```

## Advanced cache settings


The *advanced settings* can be used to specify the cache lifespan of content on your distribution, the allowed HTTP methods, HTTP header forwarding, cookie forwarding, and query string forwarding. The advanced settings that you specify apply only to the directory and files that your distribution caches, including the directory and file overrides that you specify as **Cache**.

You can configure the following advanced settings:

**Cache lifespan (TTL)**

Controls the amount of time your content stays in your distribution's cache before your distribution forwards another request to your origin to determine if your content has been updated. The default value is one day. Reducing the duration allows you to better serve dynamic content. Increasing the duration means that your users get better performance because your files are more likely to be served directly from the edge location. Increasing the duration also reduces the load on your origin, because your distribution pulls content less frequently.

**Note**  
The cache lifespan value that you specify applies only when your origin does not add HTTP headers such as `Cache-Control max-age`, `Cache-Control s-maxage`, or `Expires` to your content.

**Allowed HTTP methods**

Controls the HTTP methods that your distribution processes and forwards to your origin. HTTP methods indicate the desired action to be performed on the origin. For example, the GET method retrieves data from your origin, and the PUT method requests that the enclosed entity be stored on your origin.

You can choose one of the following HTTP method options for your distribution:
+ **Allow GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE methods**
+ **Allow the GET, HEAD, and OPTIONS methods**
+ **Allow the GET and HEAD methods**

Your distribution always caches responses to the GET and HEAD requests. Your distribution also caches responses to the OPTIONS requests, if you choose to allow those requests. Your distribution does not cache responses to any other HTTP methods.

**Important**  
If you configure your distribution to allow all of the HTTP methods that are supported, you must configure your origin instance to handle all methods. For example, if you configure your distribution to allow these methods because you want to use POST, you must configure your origin server to handle DELETE requests appropriately so viewers can't delete resources that you don't want them to. For more information, search the documentation for your website or web application.

**HTTP header forwarding**

Controls whether your distribution caches your content based on the values of specified headers, and if so, which ones. HTTP headers carry information about the client browser, the requested page, the origin and more. For example, the `Accept-Language` header sends the language of the client (e.g., `en-US` for English), so that the origin can respond with content in the language of the client, if it's available. 

You can choose one of the following HTTP header options for your distribution:
+ **Forward no headers**
+ **Forward only the headers I specify**

When you select **Forward no headers**, your distribution doesn't cache your content based on header values. Regardless of the option that you select, your distribution forwards certain headers to your origin and takes specific actions based on the headers that you forward.

**Cookie forwarding**

Controls whether your distribution forwards cookies to your origin and, if so, which ones. A cookie contains a small piece of data sent to the origin, such as information about a visitor's actions on a web page of your origin, as well as any information the visitor has provided, such as their name and interests. 

You can choose one of the following cookie forwarding options for your distribution:
+ **Don't forward cookies**
+ **Forward all cookies**
+ **Forward cookies I specify**

If you choose **Forward all cookies**, your distribution forwards all cookies regardless of how many your application uses. If you chose **Forward cookies I specify**, then enter the names of cookies that you want your distribution to forward in the text box that appears. You can specify the following wildcard symbols when you specify cookie names:
+ \$1 matches 0 or more characters in the cookie name
+ ? matches exactly one character in the cookie name

For example, suppose that a viewer's request for an object includes a cookie named `userid_member-number`. Where each of your users has a unique value for `member-number` (`userid_123`, `userid_124`, `userid_125`, etc.). You want your distribution to cache a separate version of the content for each member. You could accomplish this by forwarding all cookies to your origin, but the viewer requests include some cookies that you don't want your distribution to cache. You could specify the following value as a cookie name, which causes your distribution to forward all of the cookies that begin with `userid_` to your origin: `userid_*`

**Query string forwarding**

Controls whether your distribution forwards query strings to your origin and, if so, which ones. A query string is a part of a URL that assigns values to specified parameters. For example, the `https://example.com/over/there?name=ferret` URL contains the `name=ferret` query string. When a server receives a request for such a page, it may run a program, passing the `name=ferret` query string unchanged, to the program. The question mark is used as a separator, and is not part of the query string. 

You can choose to have your distribution forward no query strings, or forward only the query strings that you specify. Choose not to forward query strings if your origin returns the same version of your content regardless of the values of query string parameters. This increases the likelihood that your distribution can serve a request from the cache, which improves performance and reduces the load on your origin. Choose to forward only the query strings that you specify if your origin server returns different versions of your content based on one or more query string parameters.

## Change your distribution's cache behavior


Complete the following procedure to change the default cache behavior of your distribution.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose the name of the distribution for which you want to change the default cache behavior.

1. Choose the **Cache** tab on your distribution's management page.

1. In the **Configure caching** section of the page, choose the caching preset for your distribution. For more information, see [Caching preset](#changing-caching-behavior-distribution-caching-preset).

1. Choose **Change default cache behavior** to change the default behavior for your distribution. Then, choose a default behavior for your distribution. For more information, see [Default behavior](#changing-caching-behavior-distribution-default-behavior).

1. Choose **Add path** to add a directory and file override to your distribution's caching behavior. For more information, see [Directory and file overrides](#changing-caching-behavior-distribution-directory-file-overrides).

1. Choose the pencil icon displayed next to the advanced setting you want to edit for your distribution. For more information, see [Advanced cache settings](#changing-caching-behavior-distribution-advanced-settings).

When you save changes to your distribution's configuration, your distribution starts to propagate the changes to all edge locations. Until your configuration is updated in an edge location, your distribution continues to serve your content from that location based on the previous configuration. After your configuration is updated in an edge location, your distribution immediately starts to serve your content from that location based on the new configuration.

Your changes don't propagate to every edge location instantaneously. When propagation is complete, the status of your distribution changes from **InProgress** to **Enabled**. While your distribution is propagating your changes, we can't determine whether a given edge location is serving your content based on the previous configuration or the new configuration.

**Topics**
+ [

## Caching preset
](#changing-caching-behavior-distribution-caching-preset)
+ [

## Best for WordPress caching preset
](#changing-caching-behavior-wordpress-distribution-preset)
+ [

## Default behavior
](#changing-caching-behavior-distribution-default-behavior)
+ [

## Directory and file overrides
](#changing-caching-behavior-distribution-directory-file-overrides)
+ [

## Advanced cache settings
](#changing-caching-behavior-distribution-advanced-settings)
+ [

## Change your distribution's cache behavior
](#change-distribution-cache-behavior)
+ [Reset cache](amazon-lightsail-resetting-distribution-cache.md)

# Reset the cache of your Lightsail distribution
Reset cache

The cache lifespan (time to live) setting controls the amount of time your content stays in your Amazon Lightsail distribution's cache. You can also manually reset the cache on your distribution if you need to clear it before the cache lifespan interval. After you clear the cache, the next time a user requests content, your distribution pulls the latest version of your content from your origin and caches it. In this guide, we show you how to manually reset the cache on your distribution. For more information about distributions, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md).

## Reset the cache of your distribution


Complete the following procedure to reset the cache of your distribution.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose the name of the distribution for which you want to reset the cache.

1. Choose the **Cache** tab on your distribution's management page.

1. Scroll to the **Reset cache** section of the page, and choose **Reset cache**.

1. At the confirmation prompt, choose **Yes, reset** to confirm that you want to reset your distribution's cache. Or choose **No, cancel** to not reset your distribution's cache.

# Change content origin for Lightsail distributions
Change origin

In this guide, we show you how to change the origin of your Amazon Lightsail distribution after you create it. An origin is the definitive source of content for your distribution. When you create your distribution, you choose the Lightsail instance, Lightsail bucket, or Lightsail load balancer (with one or more instances attached to it) that hosts the content of your website or web application. For more information, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md).

You can change the origin at any time after you create your distribution. When you change the origin, your distribution immediately begins replicating the change to the edge locations. Your distribution will continue to forward requests to the previous origin in a given edge location until the distribution is updated to the new origin in that edge location.

Changing the origin does not require your distribution to repopulate edge caches with content from your new origin. As long as the user requests in your website or web application have not changed, your distribution continues to serve content that is already in an edge cache until the cache lifespan for your content expires.

## Origin protocol policy


The origin protocol policy is the protocol policy that your distribution uses when pulling content from your origin. After you choose an origin for your distribution, you should determine if your distribution should use Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) when pulling content from your origin. If your origin is not configured for HTTPS, then you must use HTTP.

You can choose one of the following origin protocol policies for your distribution:
+ **HTTP Only** - Your distribution uses only HTTP to access the origin. This is the default setting.
+ **HTTPS Only** - Your distribution uses only HTTPS to access the origin.

The steps to edit your origin protocol policy are included in the following [Change your distribution's origin](#changing-distribution-origin) section of this guide.

## Change your distribution's origin


Complete the following procedure to change your distribution's origin.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose the name of the distribution for which you want to change the origin.

1. Choose the **Details** tab on your distribution's management page, and scroll to the **Choose your origin** section of the page.

   The **Select your origin** section of the page displays your distribution's current origin.

1. Choose **Change origin**.

1. Choose the AWS Region in which your origin resource was created.

   Distributions are global resources. They can reference an origin in any AWS Region, and distribute its content globally.

1. Choose your origin. An origin can be an instance, bucket, or a load balancer (with one or more instances attached to it).

1. Choose **Save** to update your distribution with your new origin.

   After you choose an origin for your distribution, you should determine if your distribution should use Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol Secure (HTTPS) when pulling content from your origin.

1. (Optional) To change your origin protocol policy, choose the pencil icon displayed next to the current origin protocol policy that your distribution uses. For more information, see [Origin protocol policy](#changing-distribution-origin-protocol-policy).

   This option is listed in the **Choose your origin** section of the page, under the origin resource you selected for your distribution.
**Note**  
When you select a Lightsail bucket as the origin of your distribution, the **Origin protocol policy** defaults to **HTTPS only**. You cannot change the origin protocol policy when a bucket is the origin of your distribution.  
![\[Origin protocol policy\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/origin-protocol-policy.png)

1. Choose **HTTP only** or **HTTPS only**, then choose **Save** to save the origin protocol policy.

When you save changes to your distribution's configuration, your distribution starts to propagate the changes to all edge locations. Until your configuration is updated in an edge location, your distribution continues to serve your content from that location based on the previous configuration. After your configuration is updated in an edge location, your distribution immediately starts to serve your content from that location based on the new configuration.

Your changes don't propagate to every edge location instantaneously. When propagation is complete, the status of your distribution changes from **InProgress** to **Enabled**. While your distribution is propagating your changes, we can't determine whether a given edge location is serving your content based on the previous configuration or the new configuration.

# Serve media files efficiently with a Lightsail bucket and CDN distribution
Use buckets with distributions

This tutorial describes the steps required to configure your Amazon Lightsail bucket as the origin of a Lightsail content delivery network (CDN) distribution. It also describes how to configure your WordPress website to upload and store media (such as images and movies files) on your bucket, and deliver media from your distribution. One example of how to do this is with the [WP Offload Media Lite plugin](https://deliciousbrains.com/wp-offload-media/). The following diagram illustrates this configuration.

![\[The WP Offload Media Lite plugin workflow.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-wordpress-bucket-cdn.png)


Storing website media in a Lightsail bucket takes the load off your instance from having to store and serve those files. Caching and serving media from a Lightsail distribution speeds up the delivery of those files to your website visitors, and can improve overall website performance. For more information about distributions, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md). For more information about buckets, see [Object storage](buckets-in-amazon-lightsail.md).

**Contents**
+ [Step 1: Complete the prerequisites](#cdn-bucket-prerequisites)
+ [Step 2: Modify your bucket permissions](#cdn-bucket-modify-bucket-permissions)
+ [Step 3: Create a distribution with a bucket as the origin](#cdn-bucket-create-distribution)
+ [Step 4: Enable a custom subdomain for your distribution](#cdn-bucket-enable-custom-subdomain)
+ [Step 5: Install the WP Offload Media Lite plugin on your WordPress website](#cdn-bucket-install-wp-offload-media)
+ [Step 6: Test the connection between your WordPress website and your Lightsail bucket and distribution](#cdn-bucket-test-connection)

## Step 1: Complete the prerequisites


Complete the following prerequisites if you haven't already:
+ Create and configure a WordPress instance in Lightsail, and get the password to sign in to the administration dashboard. For more information, see [Tutorial: Launch and configure a WordPress instance in Amazon Lightsail](amazon-lightsail-tutorial-launching-and-configuring-wordpress.md).
+ Create a bucket in the Lightsail object storage service. For more information, see [Creating buckets in Lightsail](amazon-lightsail-creating-buckets.md).

## Step 2: Modify your bucket permissions


Complete the following procedure to give your WordPress instance and the WP Offload Media Lite plugin access to your bucket. The permissions of your bucket must be set to **Individual objects can be made public (read only)**. You must also attach your WordPress instance to your bucket. For more information about bucket permissions, see [Bucket permissions](amazon-lightsail-understanding-bucket-permissions.md).

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Storage**.

1. Choose the name of the bucket that you want to use with your WordPress website.  
![\[The Lightsail bucket.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-name-storage-tab.png)

1. Choose the **Permissions** tab on the **Bucket management** page.

1. Choose **Change permissions** under the **Bucket access permissions** section of the page.  
![\[The Change permissions button.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-access-permissions.png)

1. Choose **Individual objects can be made public and read only**.  
![\[The Individual objects can be made public and read only option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-access-permissions-options.png)

1. Choose **Save**.

1. Choose **Yes, save** in the confirmation prompt that appears.  
![\[The Yes, save button.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-access-permissions-confirmation.png)

   After a few moments, your bucket will be configured to allow for individual object access. This ensures that objects uploaded to your bucket from your WordPress website using the Offload Media Lite plugin are readable to your customers.

1. Scroll to the **Resource access** section of the page, and choose **Attach instance**.  
![\[The Attach instance option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-resource-access.png)

1. Choose the name of your WordPress instance in the drop-down that appears, and then choose **Attach**.  
![\[The Attach option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-attach-resource-access.png)

   After a few moments, your WordPress instance is attached to your bucket. This gives your WordPress instance access to manage your bucket and its objects.

## Step 3: Create a distribution with a bucket as the origin


Complete the following procedure to create a Lightsail distribution and choose your Lightsail bucket as the origin.

1. Choose **Home** on the top navigation menu of the Lightsail console.

1. In the left navigation pane, choose **Networking**.

1. Choose **Create distribution**.  
![\[The Create distribution button in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-create-distribution.png)

1. In the **Choose your origin** section of the page, choose the AWS Region in which you created your bucket.

   Distributions are global resources. They can reference a bucket in any AWS Region, and distribute its content globally.  
![\[The AWS Region selector in the Choose your origin pane.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-choose-origin-region.png)

1. Choose your bucket as the origin.  
![\[The bucket dropdown list in the Choose your origin pane.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-choose-origin.png)
**Note**  
The permissions of your bucket must be set to **Individual objects can be made public (read only)**. Only individual objects that are public will be cached and served by the distribution. When you choose a bucket as the origin of a distribution, the options to specify the origin protocol policy, caching behavior, default behavior, and directory and file overrides become unavailable and cannot be edited. The origin protocol policy defaults to **HTTPS only** for buckets, and the caching behavior defaults to **Cache everything**. You can change the advanced cache settings of the distribution after it's created.

1. Choose your distribution plan.

1. Enter a name for your distribution.  
![\[The name input field for your distribution.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-name-distribution.png)

   Distribution names:
   + Must be unique within each AWS Region in your Lightsail account.
   + Must contain 2-255 characters.
   + Must start and end with an alphanumeric character or number.
   + Can include alphanumeric characters, numbers, periods, dashes, and underscores.

1. Choose **Create distribution**.  
![\[The Create distribution button.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-create-distribution-button.png)

   Your distribution is created after a few moments. When your new distribution reaches an **Enabled** state, it is ready to serve and cache objects that are in your bucket.

## Step 4: Enable a custom subdomain for your distribution


When you create your distribution, it is configured with a default domain that is similar to `123abc.cloudfront.net`. You can specify that default domain as the source of your media files when you configure the WP Offload Media Lite plugin. But we highly recommend that you enable a custom domain for your distribution. The custom domain that you enable for your distribution should be a subdomain of the domain that you're using with your WordPress website. For example, if you're using `mycustomdomain.com` with your WordPress website, then you might choose to use the custom domain `media.mycustomdomain.com` with your distribution. Using the same domain and subdomain combination between your WordPress website and your distribution helps improve the search engine optimization score of your website.

Complete the following steps to configure a custom domain for your distribution:

1. Create a Lightsail SSL/TLS certificate for your domain to use it with your distribution. Lightsail distributions require HTTPS, so you must request an SSL/TLS certificate for your domain before you can use it with your distribution. For more information, see [Create SSL/TLS certificates for your distribution](amazon-lightsail-create-a-distribution-certificate.md).

1. Enable custom domains for your distribution to use your domain with your distribution. Enabling custom domains requires that you specify the Lightsail SSL/TLS certificate that you created for your domain. This adds your domain to your distribution and enables HTTPS. For more information, see [Enable custom domains for your distribution](amazon-lightsail-enabling-distribution-custom-domains.md).

1. Add an alias record to your domain's DNS. After you add the alias record, users who visit your domain are routed through your distribution. For more information, see [Point your domain to a distribution](amazon-lightsail-point-domain-to-distribution.md).

## Step 5: Install the WP Offload Media Lite plugin on your WordPress website


Complete the following procedure to install the WP Offload Media Lite plugin on your WordPress website. This plugin automatically copies images, videos, documents, and any other media added through WordPress' media uploader to your Lightsail bucket. It can also be configured to serve media from your bucket through your Lightsail distribution. For more information, see [WP Offload Media Lite](https://wordpress.org/plugins/amazon-s3-and-cloudfront/) in the *WordPress website*.

1. Sign in to the dashboard of your WordPress website as an administrator.

   For more information, see [Getting the application user name and password for your Bitnami instance in Amazon Lightsail](log-in-to-your-bitnami-application-running-on-amazon-lightsail.md).

1. Pause on **Plugins** in the left navigation menu, and choose **Add New**.  
![\[Add new plugin menu item in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-plugin-add-new.png)

1. Search for **WP Offload Media Lite**.

1. In the search results, choose **Install Now** next to the **WP Offload Media Lite** plugin.  
![\[WP Offload Media Lite plugin for WordPress.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-plugin-install-now.png)

1. Choose **Activate** after the plugin is done installing.  
![\[Activate the WP Offload Media Lite plugin for WordPress.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-plugin-activate.png)

1. In the left navigation menu, choose **Settings**, then choose **Offload Media**.  
![\[Wordpress dashboard settings.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-offload-media-settings-menu.png)

1. In the **Offload Media Lite** page, choose **Amazon S3** as the storage provider.  
![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-offload-media-storage-provider.png)

1. Choose **My server is on Amazon Web Services and I'd like to use IAM Roles**.  
![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-offload-media-iam-roles.png)

1. Choose **Next**.

1. Choose **Browse existing buckets** in the **What bucket would you like to use?** page that appears.  
![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-offload-media-browse-buckets.png)

1. Choose the name of the bucket that you created to use with your WordPress instance.  
![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-offload-media-existing-buckets.png)

1. In the **Offload Media Lite Settings** page that appears, turn on **Force HTTPS** and **Remove Files From Server**.
   + The **Force HTTPS** setting must be turned on because Lightsail buckets use HTTPS by default to serve media files. If you don't turn this feature on, media files that are uploaded to your Lightsail bucket from your WordPress website won't be served correctly to your website visitors.

     The **Remove Files From Server** setting ensures that media that is uploaded to your Lightsail bucket isn't also stored on your instance's disk. If you don't turn this feature on, media files that are uploaded to your Lightsail bucket are also stored on the local storage of your WordPress instance.  
![\[WP Offload Media page.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-offload-media-options.png)

1. Under the **Delivery** section of the page, choose **Change** next to the Amazon S3 label.  
![\[The Change option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-offload-media-change-delivery.png)

1. In the **How would you like to deliver your media?** page that appears, select **Amazon CloudFront**.  
![\[The Amazon CloudFront option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-offload-media-amazon-cloudfront.png)

1. Choose **Save Delivery Provider**.

1. In the **Offload Media Lite Settings** page that appears, turn on **Custom Domain (CNAME)**. Then, enter the domain of your Lightsail distribution into the text box. This could be the default domain of your distribution (for example, `123abc.cloudfront.net`) or the custom domain for your distribution (for example, `media.mycustomdomain.com`), if you enabled it.  
![\[The Turn on Custom Domain (CNAME) option.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-offload-media-custom-domain.png)

1. Choose **Save Changes**.
**Note**  
To return to the **Offload Media Lite Settings** page later, pause on **Settings** in the left navigation menu, and choose **Offload Media**.

   Your WordPress website is now configured to use the Media Lite Plugin. The next time you upload a media file through WordPress, that file is automatically uploaded to your Lightsail bucket, and is served by the distribution. To test the configuration, continue to the next section of this tutorial.

## Step 6: Test the connection between your WordPress website and your Lightsail bucket and distribution


Complete the following procedure to upload a media file to your WordPress instance and confirm that it is uploaded to your Lightsail bucket and is served from your distribution.

1. Pause on **Media** in the left navigation menu of the WordPress dashboard, and choose **Add New**.  
![\[The add new media file menu item in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-wordpress-media-add-new.png)

1. Choose **Select Files** on the **Upload New Media** page that appears.  
![\[The Select files button in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-wordpress-select-files.png)

1. Choose a media file to upload from your local computer, and choose **Open**.  
![\[The Open button in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-wordpress-open-file.png)

1. When the file is done uploading, choose **Library** under **Media** in the left navigation menu.  
![\[The Library menu item in the WordPress dashboard.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-wordpress-library.png)

1. Choose the file that you recently uploaded.  
![\[The selected file.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-wordpress-media-library.png)

1. In the details panel of the file, the name of your bucket appears in the **Bucket** field. The URL of your distribution appears in the **File URL** field.  
![\[The name of your bucket and it's URL in the Attachment details panel.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-cdn-bucket-wordpress-media-details.png)

1. If you go to the **Objects** tab of the Lightsail bucket management page, you should see a **wp-content** folder. This folder is created by the Offload Media Lite plugin, and is used to store your uploaded media files.  
![\[The wp-content folder in a bucket\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-bucket-objects-wp-content-folder.png)

## Manage buckets and objects


These are the general steps to manage your Lightsail object storage bucket:

1. Learn about objects and buckets in the Amazon Lightsail object storage service. For more information, see [Object storage in Amazon Lightsail](buckets-in-amazon-lightsail.md).

1. Learn about the names that you can give your buckets in Amazon Lightsail. For more information, see [Bucket naming rules in Amazon Lightsail](bucket-naming-rules-in-amazon-lightsail.md).

1. Get started with the Lightsail object storage service by creating a bucket. For more information, see [Creating buckets in Amazon Lightsail](amazon-lightsail-creating-buckets.md).

1. Learn about security best practices for buckets and the access permissions that you can configure for your bucket. You can make all objects in your bucket public or private, or you can choose to make individual objects public. You can also grant access to your bucket by creating access keys, attaching instances to your bucket, and granting access to other AWS accounts. For more information, see [Security Best Practices for Amazon Lightsail object storage](amazon-lightsail-bucket-security-best-practices.md) and [Understanding bucket permissions in Amazon Lightsail](amazon-lightsail-understanding-bucket-permissions.md).

   After learning about bucket access permissions, see the following guides to grant access to your bucket:
   + [Block public access for buckets in Amazon Lightsail](amazon-lightsail-block-public-access-for-buckets.md)
   + [Configuring bucket access permissions in Amazon Lightsail](amazon-lightsail-configuring-bucket-permissions.md)
   + [Configuring access permissions for individual objects in a bucket in Amazon Lightsail](amazon-lightsail-configuring-individual-object-access.md)
   + [Creating access keys for a bucket in Amazon Lightsail](amazon-lightsail-creating-bucket-access-keys.md)
   + [Configuring resource access for a bucket in Amazon Lightsail](amazon-lightsail-configuring-bucket-resource-access.md)
   + [Configuring cross-account access for a bucket in Amazon Lightsail](amazon-lightsail-configuring-bucket-cross-account-access.md)

1. Learn how to enable access logging for your bucket, and how to use access logs to audit the security of your bucket. For more information, see the following guides.
   + [Access logging for buckets in the Amazon Lightsail object storage service](amazon-lightsail-bucket-access-logs.md)
   + [Access log format for a bucket in the Amazon Lightsail object storage service](amazon-lightsail-bucket-access-log-format.md)
   + [Enabling access logging for a bucket in the Amazon Lightsail object storage service](amazon-lightsail-enabling-bucket-access-logs.md)
   + [Using access logs for a bucket in Amazon Lightsail to identify requests](amazon-lightsail-using-bucket-access-logs.md)

1. Create an IAM policy that grants a user the ability to manage a bucket in Lightsail. For more information, see [IAM policy to manage buckets in Amazon Lightsail](amazon-lightsail-bucket-management-policies.md).

1. Learn about the way that objects in your bucket are labeled and identified. For more information, see [Understanding object key names in Amazon Lightsail](understanding-bucket-object-key-names-in-amazon-lightsail.md).

1. Learn how to upload files and manage objects in your buckets. For more information, see the following guides.
   + [Uploading files to a bucket in Amazon Lightsail](amazon-lightsail-uploading-files-to-a-bucket.md)
   + [Uploading files to a bucket in Amazon Lightsail using multipart upload](amazon-lightsail-uploading-files-to-a-bucket-using-multipart-upload.md)
   + [Viewing objects in a bucket in Amazon Lightsail](amazon-lightsail-viewing-objects-in-a-bucket.md)
   + [Copying or moving objects in a bucket in Amazon Lightsail](amazon-lightsail-copying-moving-bucket-objects.md)
   + [Downloading objects from a bucket in Amazon Lightsail](amazon-lightsail-downloading-bucket-objects.md)
   + [Filtering objects in a bucket in Amazon Lightsail](amazon-lightsail-filtering-bucket-objects.md)
   + [Tagging objects in a bucket in Amazon Lightsail](amazon-lightsail-tagging-bucket-objects.md)
   + [Deleting objects in a bucket in Amazon Lightsail](amazon-lightsail-deleting-bucket-objects.md)

1. Enable object versioning to preserve, retrieve, and restore every version of every object stored in your bucket. For more information, see [Enabling and suspending object versioning in a bucket in Amazon Lightsail](amazon-lightsail-managing-bucket-object-versioning.md).

1. After enabling object versioning, you can restore previous versions of objects in your bucket. For more information, see [Restoring previous versions of objects in a bucket in Amazon Lightsail](amazon-lightsail-restoring-bucket-object-versions.md).

1. Monitor the utilization of your bucket. For more information, see [Viewing metrics for your bucket in Amazon Lightsail](amazon-lightsail-viewing-bucket-metrics.md).

1. Configure an alarm for bucket metrics to be notified when the utilization of your bucket crosses a threshold. For more information, see [Creating bucket metric alarms in Amazon Lightsail](amazon-lightsail-adding-bucket-metric-alarms.md).

1. Change the storage plan of your bucket if it's running low on storage and network transfer. For more information, see [Changing the plan of your bucket in Amazon Lightsail](amazon-lightsail-changing-bucket-plans.md).

1. Learn how to connect your bucket to other resources. For more information, see the following tutorials.
   + [Tutorial: Connecting a WordPress instance to an Amazon Lightsail bucket](amazon-lightsail-connecting-buckets-to-wordpress.md)
   + [Tutorial: Using an Amazon Lightsail bucket with a Lightsail content delivery network distribution](#amazon-lightsail-using-distributions-with-buckets)

1. Delete your bucket if you're no longer using it. For more information, see [Deleting buckets in Amazon Lightsail](amazon-lightsail-deleting-buckets.md).

# Adjust the data transfer quota for your Lightsail distribution
Change plan

When you create a Amazon Lightsail distribution, you choose a distribution plan that specifies the monthly data transfer quota and cost of your distribution. If your distribution transfers more data than your plan's monthly data transfer quota, you are charged an overage. For more information about overage pricing, see the [Lightsail pricing page](https://aws.amazon.com/lightsail/pricing/).

To avoid an overage fee, change your distribution's current plan to a different plan that offers a greater amount of monthly data transfer before your distribution exceeds its monthly quota. You can change your distribution's plan only one time during each AWS billing cycle. In this guide, we show you how to change your distribution's plan.

For more information about distributions, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md).

## Change your distribution plan


Complete the following procedure to change your distribution's plan.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose the name of the distribution for which you want to view the current monthly data transfer.

1. Choose the **Details** tab on your distribution's management page.

1. In the **Data transfer** section of the page, choose **Change distribution plan**.

1. At the confirmation prompt, choose **Yes, change** to confirm that you want to change your distribution's plan.

1. On the next prompt, choose the new plan for your distribution, and choose **Select plan**.

1. On the next prompt, choose **Yes, apply** to confirm that you want to apply the new plan to your distribution. Or choose **No, go back** to not apply the new plan to your distribution.

# Serve content with custom domains for your Lightsail distribution
Distribution custom domains

Enable custom domains for your Amazon Lightsail distribution to use your registered domain names with your distribution. Before you enable custom domains, your distribution accepts traffic only for the default domain that is associated with your distribution when you first create it (e.g., `123456abcdef.cloudfront.net`). When you enable custom domains, you must choose the Lightsail SSL/TLS certificate that you created for the domains that you want to use with your distribution. After you enable custom domains, your distribution accepts traffic for all of the domains that are associated with the certificate that you chose.

**Important**  
Only one certificate can be in use at a time per distribution. If you disable custom domains on your distribution, your distribution is no longer able to handle HTTPS traffic for your registered domain until you enable custom domains again.  
The domain names associated with the SSL/TLS certificate cannot be in use by another distribution across all Amazon Web Services (AWS) accounts, including distributions on the Amazon CloudFront service. You will be able to create the certificate for the domains, but you will not be able to use it with your distribution.

For more information about distributions, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md).

## Prerequisites


Before you get started, you need to create a Lightsail distribution. For more information, see [Create a distribution](amazon-lightsail-creating-content-delivery-network-distribution.md).

You also should have created and validated an SSL/TLS certificate for your distribution. For more information, see [Create SSL/TLS certificates for your distribution](amazon-lightsail-create-a-distribution-certificate.md) and [Validate SSL/TLS certificates for your distribution](amazon-lightsail-validating-a-distribution-certificate.md).

## Enable custom domains for your distribution


Complete the following procedure to enable custom domains for your distribution.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose the name of the distribution for which want to enable custom domains.

1. Choose the **Custom domains** tab on your distribution's management page.

1. Choose **Attach certificate**.

   If you have no certificates, then you must first create and validate an SSL/TLS certificate for your domains, before you can attach it to your distribution. For more information, see [Create SSL/TLS certificates for your distribution](amazon-lightsail-create-a-distribution-certificate.md).

1. In the dropdown menu that appears, select a valid certificate for the domain(s) that you want to use with your distribution.

1. Verify the certificate information is correct, then choose **Attach**.

1. The distribution's **Status** will change to **Updating**. After the status changes to **Enabled**, the certificate's domain will appear in the **Custom domains** section. 

1. Choose **Add domain assignment** to point the domain to your distribution.

1. Verify the certificate and DNS information are correct, then choose **Add assignment**. After a few moments, traffic for the domain that you selected will begin to be accepted by your distribution.

**Topics**
+ [

## Prerequisites
](#enable-distribution-custom-domains-prerequisite)
+ [

## Enable custom domains for your distribution
](#enable-distribution-custom-domains)
+ [Point your domain to a distribution](amazon-lightsail-point-domain-to-distribution.md)
+ [Change custom domain](amazon-lightsail-changing-distribution-custom-domains.md)
+ [Disable distribution custom domains](amazon-lightsail-disabling-distribution-custom-domains.md)
+ [Add distribution domain to container service](amazon-lightsail-adding-distribution-default-domain-to-container-service.md)

# Point custom domains to Lightsail distributions
Point your domain to a distribution

You must point your registered domain names to your Amazon Lightsail distribution after you enabled custom domains for your distribution. You do this by adding an alias record to the DNS zone of each of the domains specified on the certificate that you're using with your distribution. All of the records that you add should point to the default domain (e.g., `123456abcdef.cloudfront.net`) of your distribution.

In this guide, we provide you with the procedure to point your domains to your distribution using a Lightsail DNS zone. The procedure to point your domains to your distribution using a different DNS hosting provider, like Domain.com or GoDaddy, may be similar. For more information about Lightsail DNS zones, see [DNS](understanding-dns-in-amazon-lightsail.md).

For more information about distributions, see [Create a distribution](amazon-lightsail-creating-content-delivery-network-distribution.md).

**Contents**
+ [Step 1: Complete the prerequisite](#point-domain-to-distribution-prerequisite)
+ [Step 2: Get the default domain of your distribution](#get-distribution-default-domain-name)
+ [Step 3: Add a record to your domain's DNS zone](#add-distribution-alias-record-to-dns-zone)

## Step 1: Complete the prerequisite


Before you get started, you should enable custom domains for your Lightsail distribution. For more information, see [Enable custom domains for your distribution](amazon-lightsail-enabling-distribution-custom-domains.md).

## Step 2: Get the default domain of your distribution


Complete the following procedure to get default domain name of your distribution, which you specify when you add an alias record to the DNS of your domain.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose the name of the distribution for which want get the default domain name.

1. In the header section of your distribution's management page, make note of your distribution's default domain name. Your distribution's default domain name is similar to `123456abcdef.cloudfront.net`.

   You must add this value as part of an alias record in the DNS of your domains. We recommend that you copy and paste this value into a text file that you can refer to later. Continue to the next [Step 3: Add a record to your domain's DNS zone](#add-distribution-alias-record-to-dns-zone) section of this tutorial.

## Step 3: Add a record to your domain's DNS zone


Complete the following procedure to add a record to your domain's DNS zone.

1. In the left navigation pane, choose **Domains & DNS**.

1. Under the **DNS zones** section of the page, choose the domain name to which you want to add the record that will direct traffic for your domain to your distribution.

1. Choose the **DNS records** tab. Then, choose **Add record**.

1. Complete one of the following steps depending on the type of domain that you want to point to your distribution:
   + Choose an address (A) record to point an apex domain (e.g., `example.com`) to your distribution.

     If an A record for the apex of your domain is already present in your DNS zone, then you will need to edit that existing record instead of adding another A record.
   + Choose a canonical name (CNAME) to point a sub domain, such as `website.example.com`, to your distribution.

1. If you're adding an A record, then in the **Resolves to** text box choose the name of your distribution. If you're adding a CNAME record, then in the **Maps to** text box enter the default domain name of your distribution.
**Note**  
When you add an A record to your DNS zone, and choose the name of your distribution, you are in fact adding an alias record, which is different than an address record. Lightsail makes it easy for you to add alias records without the additional steps that are typically required at other DNS hosting providers.

1. Choose the save icon to save the record to your DNS zone.

   Repeat these steps to add additional DNS records for domains on your certificate that you are using with your distribution. Allow time for changes to propagate through the Internet’s DNS. After a few minutes, you should see if your domain is pointing to your distribution. You should also test your distribution. For more information, see the following [Test your distribution](amazon-lightsail-testing-distribution.md).

# Update SSL/TLS certificate domains for your Lightsail distribution
Change custom domain

You can change the custom domains used by your Amazon Lightsail distribution to another domain or set of domains. To do so, you must first create a new SSL/TLS certificate for the domains that you want to use with your distribution. For more information, see [Create SSL/TLS certificates for your distribution](amazon-lightsail-create-a-distribution-certificate.md). After the new certificate is validated, you swap the old certificate for the new one, thereby changing the custom domains for your distribution.

For more information about distributions, see [Create a distribution](amazon-lightsail-creating-content-delivery-network-distribution.md).

## Change custom domains for your distribution


Complete the following procedure to change the custom domains for your distribution.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose the name of the distribution for which you want to change the custom domains.

1. Choose the **Custom domains** tab on your distribution's management page.

1. Detach the SSL/TLS certificate that is currently attached to the distribution.

   The status of the distribution will change to **In progress**.

1. After the distribution's status changes back to **Enabled**, choose **Attach certificate**.

1. In the dropdown menu that appears, select a valid certificate for the domain(s) that you want to use with your distribution.

1. Verify the certificate information is correct, then choose **Attach**.

1. Add a domain assignment to the DNS of your domain to point the domain to your distribution.

   The distribution's **Status** will change to **Updating**. After the status changes to **Ready**, the certificate's domain will appear in the **Custom domains** section. Choose **Add domain assignment** to point the domain to your distribution.

1. Choose **Add assignment**. After a few moments, traffic for the domain that you selected will begin to be accepted by your distribution.

1. Choose **Save**.

# Disable custom domains for Lightsail distributions
Disable distribution custom domains

Disable custom domains for your Amazon Lightsail distribution to stop using your registered domain names with your distribution. After you disable custom domains, your distribution accepts traffic only for the default domain that is associated with your distribution when you first create it (e.g., `123456abcdef.cloudfront.net`), and traffic for the previously associated custom domains will see a 403 error.

For more information about distributions, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md).

## Disable custom domains for your distribution


Complete the following procedure to disable custom domains for your distribution.

1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).

1. In the left navigation pane, choose **Networking**.

1. Choose the name of the distribution for which want to disable custom domains.

1. Choose the **Custom domains** tab on your distribution's management page.

   The **Custom domains** page displays the SSL/TLS certificates currently attached to your distribution, if any.

1. Choose one of the following options:

   1. Choose **Configure distribution domains** to either deselect domains that were previously selected, or to select more domains that are associated to the distribution.

   1. Choose **Detach** to detach the certificate from the distribution, and remove all of its associated domains.

1. Your request to disable custom domains is submitted, and the status of your distribution is changed to **In progress**. After a while, the status of your distribution changes to **Enabled**.

After you disable custom domains, your distribution accepts traffic only for the default domain that is associated with your distribution when you first create it (e.g., `123456abcdef.cloudfront.net`), and traffic for the previously associated custom domains will see a 403 error. You should update the DNS records of the domains so that traffic for those domains is directed to another resource.

# Add the default domain of a distribution to a Lightsail container service
Add distribution domain to container service

You can choose an Amazon Lightsail container service as the origin of a content delivery network (CDN) distribution. The distribution then caches and serves the website or web application hosted on your container service. If you're using a Lightsail distribution with your Lightsail container service, Lightsail automatically adds the default domain name of your distribution as a custom domain on your container service. This enables traffic to be routed between your distribution and your container service. However, you *must* perform the steps outlined in this guide to manually add the default domain name of your distribution to your container service under the following circumstances:
+ If something goes wrong and your distribution's default domain name is not automatically added to your container service.
+ If you're using a distribution other than a Lightsail distribution with your container service.

You can manually add the default domain name of your distribution to your container service only by using the AWS Command Line Interface (AWS CLI). For more information about container services, see [Container services](amazon-lightsail-container-services.md). For more information about distributions, see [Object storage](buckets-in-amazon-lightsail.md).

## Add the default domain of a distribution to a container service


Complete the following procedure to add the default domain of a distribution to a container service in Lightsail using the AWS Command Line Interface (AWS CLI). You do this by using the `update-container-service` command. For more information, see [update-container-service](https://docs.aws.amazon.com/cli/latest/reference/lightsail/update-container-service.html) in the *AWS CLI Command Reference*.

**Note**  
You must install the AWS CLI and configure it for Lightsail before continuing with this procedure. For more information, see [Configure the AWS CLI to work with Lightsail](lightsail-how-to-set-up-and-configure-aws-cli.md).

1. Open a Command Prompt or Terminal window.

1. Enter one of the following commands to add the default domain of a distribution to a container service.
**Note**  
If you added a custom domain to your container service, then you will need to specify both your custom domain and the default domain of your distribution.

   **No custom domain is configured on the container service:**

   ```
   aws lightsail update-container-service --service-name ContainerServiceName --public-domain-names '{"_": ["DistributionDefaultDomain"]}'
   ```

   **One or more custom domains are configured on the container service:**

   ```
   aws lightsail update-container-service --service-name ContainerServiceName --public-domain-names '{"CertificateName": ["ExistingCustomDomain"],"_": ["DistributionDefaultDomain"]}'
   ```

   In the command, replace the following example text with your own:
   + *ContainerServiceName* - The name of the Lightsail container service that was specified as the origin of the distribution.
   + *DistributionDefaultDomain* - The default domain of the distribution that is using the container service as the origin. For example, `example123.cloudfront.net`.
   + *CertificateName*" - The name of the Lightsail certificate of the custom domains that are currently attached to the container service, if any. If there are no custom domains attached to the container service, then use the command labeled as **No custom domain is configured on the container service**.
   + *DistributionDefaultDomain* - The custom domain currently attached to the container service.

   Examples:
   + **No custom domain is configured on the container service:**

     ```
     aws lightsail update-container-service --service-name ContainerServiceName --public-domain-names '{"_": ["example123.cloudfront.net"]}'
     ```
   + **One or more custom domains are configured on the container service:**

     ```
     aws lightsail update-container-service --service-name ContainerServiceName --public-domain-names '{"example-com": ["example.com"],"_": ["example123.cloudfront.net"]}'
     ```

# Manage request and response behaviors for Lightsail distributions
Request and response behaviors

In this guide, we describe the way your Amazon Lightsail distribution behaves when processing and forwarding requests to your origin, and processing responses from your origin. For more information about distributions, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md).

**Topics**
+ [How your distribution processes and forwards requests to your origin](#distribution-process-and-forward-requests)
+ [How your distribution processes responses from your origin](#distribution-process-responses)

## How your distribution processes and forwards requests to your origin


This section contains information about how your distribution processes viewer requests and forwards the requests to your origin.

**Contents**
+ [Authentication](#RequestCustomClientAuth)
+ [Caching duration](#RequestCustomCaching)
+ [Client IP addresses](#RequestCustomIPAddresses)
+ [Client-side SSL authentication](#RequestCustomClientSideSslAuth)
+ [Compression](#RequestCustomCompression)
+ [Conditional requests](#RequestCustomConditionalGETs)
+ [Cookies](#RequestCustomCookies)
+ [Cross-origin resource sharing (CORS)](#request-custom-cors)
+ [Encryption](#RequestCustomEncryption)
+ [GET requests that include a body](#RequestCustom-get-body)
+ [HTTP methods](#RequestCustomHTTPMethods)
+ [HTTP request headers and distribution behavior](#request-custom-headers-behavior)
+ [HTTP version](#RequestCustomHTTPVersion)
+ [Maximum length of a request and maximum length of a URL](#RequestCustomMaxRequestStringLength)
+ [OCSP stapling](#request-custom-ocsp-stapling)
+ [Persistent connections](#request-custom-persistent-connections)
+ [Protocols](#RequestCustomProtocols)
+ [Query strings](#RequestCustomQueryStrings)
+ [Origin connection timeout and attempts](#custom-origin-timeout-attempts)
+ [Origin response timeout](#request-custom-request-timeout)
+ [Simultaneous requests for the same object (traffic spikes)](#request-custom-traffic-spikes)
+ [User-agent header](#request-custom-user-agent-header)

### Authentication


For `DELETE`, `GET`, `HEAD`, `PATCH`, `POST`, and `PUT` requests, if you configure your distribution to forward the `Authorization` header to your origin, you can configure your origin server to request client authentication.

For `OPTIONS` requests, you can configure your origin server to request client authentication only if you use the following distribution settings:
+ Configure your distribution to forward the `Authorization` header to your origin.
+ Configure your distribution to not cache the response to `OPTIONS` requests.

You can configure your distribution to forward requests to your origin using either HTTP or HTTPS.

### Caching duration


To control how long your objects stay in your distribution's cache before your distribution forwards another request to your origin, you can:
+ Configure your origin to add a `Cache-Control` or an `Expires` header field to each object.
+ Use the default value of 1 day for the cache lifespan (TTL).

For more information, see [distribution advanced settings](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-changing-default-cache-behavior#changing-caching-behavior-distribution-advanced-settings).

### Client IP addresses


If a viewer sends a request to your distribution and does not include an `X-Forwarded-For` request header, your distribution gets the IP address of the viewer from the TCP connection, adds an `X-Forwarded-For` header that includes the IP address, and forwards the request to the origin. For example, if your distribution gets the IP address `192.0.2.2` from the TCP connection, it forwards the following header to the origin:

`X-Forwarded-For: 192.0.2.2`

If a viewer sends a request to your distribution and includes an `X-Forwarded-For` request header, your distribution gets the IP address of the viewer from the TCP connection, appends it to the end of the `X-Forwarded-For` header, and forwards the request to the origin. For example, if the viewer request includes `X-Forwarded-For: 192.0.2.4,192.0.2.3` and your distribution gets the IP address `192.0.2.2` from the TCP connection, it forwards the following header to the origin:

`X-Forwarded-For: 192.0.2.4,192.0.2.3,192.0.2.2`

Some applications, such as load balancers, web application firewalls, reverse proxies, intrusion prevention systems, and API Gateway, append the IP address of the distribution edge server that forwarded the request onto the end of the `X-Forwarded-For` header. For example, if your distribution includes `X-Forwarded-For: 192.0.2.2` in a request that it forwards to ELB and if the IP address of the distribution edge server is 192.0.2.199, the request that your instance receives contains the following header:

`X-Forwarded-For: 192.0.2.2,192.0.2.199`

**Note**  
The `X-Forwarded-For` header contains IPv4 addresses (such as 192.0.2.44) and IPv6 addresses (such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334).

### Client-side SSL authentication


Lightsail distributions don't support client authentication with client-side SSL certificates. If an origin requests a client-side certificate, your distribution drops the request. 

### Compression


Lightsail distributions forward requests that have the `Accept-Encoding` field values `"identity"` and `"gzip"`.

### Conditional requests


When your distribution receives a request for an object that has expired from an edge cache, it forwards the request to your origin either to get the latest version of the object or to get confirmation from the origin that the distribution edge cache already has the latest version. Typically, when the origin last sent the object to your distribution, it included an `ETag` value, a `LastModified` value, or both values in the response. In the new request that your distribution forwards to your origin, your distribution adds one or both of the following:
+ An `If-Match` or `If-None-Match` header that contains the `ETag` value for the expired version of the object.
+ An `If-Modified-Since` header that contains the `LastModified` value for the expired version of the object.

The origin uses this information to determine whether the object has been updated and, therefore, whether to return the entire object to your distribution or to return only an HTTP 304 status code (not modified).

### Cookies


You can configure your distribution to forward cookies to your origin. For more information, see [distribution advanced settings](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-changing-default-cache-behavior#changing-caching-behavior-distribution-advanced-settings).

### Cross-origin resource sharing (CORS)


If you want your distribution to respect cross-origin resource sharing settings, configure your origin to forward the `Origin` header to your origin.

### Encryption


You can require viewers to connect to your distribution using HTTPS and require your distribution to forward requests to your origin by using HTTP or HTTPS. 

Your distribution forwards HTTPS requests to your origin using the SSLv3, TLSv1.0, TLSv1.1, and TLSv1.2 protocols. Other versions of SSL and TLS are not supported.

### GET requests that include a body


If a viewer `GET` request includes a body, your distribution returns an HTTP status code 403 (Forbidden) to the viewer.

### HTTP methods


If you configure your distribution to allow all of the HTTP methods that it supports, your distribution accepts the following requests from viewers and forwards them to your origin:
+ `DELETE`
+ `GET`
+ `HEAD`
+ `OPTIONS`
+ `PATCH`
+ `POST`
+ `PUT`

Your distribution always caches responses to `GET` and `HEAD` requests. You can also configure your distribution to cache responses to `OPTIONS` requests. Your distribution does not cache responses to requests that use the other methods.

For information about configuring whether your origin processes these methods, see the documentation for your origin.

**Important**  
If you configure your distribution to accept and forward to your origin all of the HTTP methods that it supports, configure your origin server to handle all methods. For example, if you configure your distribution to accept and forward these methods because you want to use `POST`, you must configure your origin server to handle `DELETE` requests appropriately so viewers can't delete resources that you don't want them to. For more information, see the documentation for your HTTP server. 

### HTTP request headers and distribution behavior


The following list contains the HTTP request headers that you can forward to your origin (with the exceptions that are noted). For each header, the list includes information about the following:
+ **Supported** - Whether you can configure your distribution to cache objects based on header values for that header. 

  You can configure your distribution to cache objects based on values in the `Date` and `User-Agent` headers, but we don't recommend it. These headers have many possible values, and caching based on their values would cause your distribution to forward significantly more requests to your origin.
+ **Behavior if you not configured** - The behavior of your distribution if you don't configure it to forward the header to your origin, which causes your distribution to cache your objects based on header values.
+ **Header** - Other-defined headers

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the headers to your origin.
+ **Header** - `Accept`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `Accept-Charset`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `Accept-Encoding`

  **Supported** - Yes

  **Behavior if not configured** - If the value contains `gzip`, Your distribution forwards `Accept-Encoding: gzip` to your origin. If the value does not contain `gzip`, Your distribution removes the `Accept-Encoding` header field before forwarding the request to your origin.
+ **Header** - `Accept-Language`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `Authorization`

  **Supported** - Yes

  **Behavior if not configured**:
  + `GET` and `HEAD` requests – Your distribution removes the `Authorization` header field before forwarding the request to your origin.
  + `OPTIONS` requests – Your distribution removes the `Authorization` header field before forwarding the request to your origin if you configure your distribution to cache responses to `OPTIONS` requests.

    Your distribution forwards the `Authorization` header field to your origin if you do not configure your distribution to cache responses to OPTIONS requests.
  + `DELETE`, `PATCH`, `POST`, and `PUT` requests – Your distribution does not remove the header field before forwarding the request to your origin.
+ **Header** - `Cache-Control`

  **Supported** - No

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `CloudFront-Forwarded-Proto`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution does not add the header before forwarding the request to your origin.
+ **Header** - `CloudFront-Is-Desktop-Viewer`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution does not add the header before forwarding the request to your origin.
+ **Header** - `CloudFront-Is-Mobile-Viewer`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution does not add the header before forwarding the request to your origin.
+ **Header** - `CloudFront-Is-Tablet-Viewer`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution does not add the header before forwarding the request to your origin.
+ **Header** - `CloudFront-Viewer-Country`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution does not add the header before forwarding the request to your origin.
+ **Header** - `Connection`

  **Supported** - No

  **Behavior if not configured** - Your distribution replaces this header with `Connection: Keep-Alive` before forwarding the request to your origin.
+ **Header** - `Content-Length`

  **Supported** - No

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Content-MD5`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Content-Type`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Cookie`

  **Supported** - No

  **Behavior if not configured** - If you configure Your distribution to forward cookies, it will forward the `Cookie` header field to your origin. If you don't, your distribution removes the `Cookie` header field.
+ **Header** - `Date`

  **Supported** - Yes, but not recommended

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Expect`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `From`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Host`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution sets the value to the domain name of the origin that is associated with the requested object. 
+ **Header** - `If-Match`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `If-Modified-Since`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `If-None-Match`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `If-Range`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `If-Unmodified-Since`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Max-Forwards`

  **Supported** - No

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Origin`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Pragma`

  **Supported** - No

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Proxy-Authenticate`

  **Supported** - No

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `Proxy-Authorization`

  **Supported** - No

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `Proxy-Connection`

  **Supported** - No

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `Range`

  **Supported** - Yes, by default

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Referer`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `Request-Range`

  **Supported** - No

  **Behavior if not configured** - >Your distribution forwards the header to your origin.
+ **Header** - `TE`

  **Supported** - No

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `Trailer`

  **Supported** - No

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `Transfer-Encoding`

  **Supported** - No

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Upgrade`

  **Supported** - No (except for WebSocket connections)

  **Behavior if not configured** - Your distribution removes the header, unless you've established a WebSocket connection.
+ **Header** - `User-Agent`

  **Supported** - Yes, but not recommended

  **Behavior if not configured** - Your distribution replaces the value of this header field with `Amazon CloudFront`.
+ **Header** - `Via`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `Warning`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `X-Amz-Cf-Id`

  **Supported** - No

  **Behavior if not configured** - Your distribution adds the header to the viewer request before forwarding the request to your origin. The header value contains an encrypted string that uniquely identifies the request.
+ **Header** - `X-Edge-*`

  **Supported** - No

  **Behavior if not configured** - Your distribution removes all `X-Edge-*` headers.
+ **Header** - `X-Forwarded-For`

  **Supported** - Yes

  **Behavior if not configured** - Your distribution forwards the header to your origin.
+ **Header** - `X-Forwarded-Proto`

  **Supported** - No

  **Behavior if not configured** - Your distribution removes the header.
+ **Header** - `X-Real-IP`

  **Supported** - No

  **Behavior if not configured** - Your distribution removes the header.

### HTTP version


Your distribution forwards requests to your origin using HTTP/1.1.

### Maximum length of a request and maximum length of a URL


The maximum length of a request, including the path, the query string (if any), and headers, is 20,480 bytes.

Your distribution constructs a URL from the request. The maximum length of this URL is 8192 bytes.

If a request or a URL exceeds these maximums, your distribution returns HTTP status code 413, Request Entity Too Large, to the viewer, and then terminates the TCP connection to the viewer.

### OCSP stapling


When a viewer submits an HTTPS request for an object, either your distribution or the viewer must confirm with the certificate authority (CA) that the SSL certificate for the domain has not been revoked. OCSP stapling speeds up certificate validation by allowing your distribution to validate the certificate and to cache the response from the CA, so the client doesn't need to validate the certificate directly with the CA.

The performance improvement of OCSP stapling is more pronounced when your distribution receives numerous HTTPS requests for objects in the same domain. Each server in a distribution edge location must submit a separate validation request. When your distribution receives a lot of HTTPS requests for the same domain, every server in the edge location soon has a response from the CA that it can "staple" to a packet in the SSL handshake; when the viewer is satisfied that the certificate is valid, your distribution can serve the requested object. If your distribution doesn't get much traffic in an edge location, new requests are more likely to be directed to a server that hasn't validated the certificate with the CA yet. In that case, the viewer separately performs the validation step and the distribution server serves the object. That distribution server also submits a validation request to the CA, so the next time it receives a request that includes the same domain name, it has a validation response from the CA.

### Persistent connections


When your distribution gets a response from your origin, it tries to maintain the connection for several seconds in case another request arrives during that period. Maintaining a persistent connection saves the time required to re-establish the TCP connection and perform another TLS handshake for subsequent requests.

### Protocols


Your distribution forwards HTTP or HTTPS requests to the origin server based on value of the **Origin protocol policy** field in the Lightsail console . In the Lightsail console, the options are **HTTP only**, and **HTTPS only**. 

If you specify **HTTP Only** or **HTTPS Only**, your distribution forwards requests to your origin using the specified protocol, regardless of the protocol in the viewer request.

**Important**  
If your distribution forwards a request to your origin using the HTTPS protocol, and if the origin server returns an invalid certificate or a self-signed certificate, your distribution drops the TCP connection.

### Query strings


You can configure whether your distribution forwards query string parameters to your origin. 

### Origin connection timeout and attempts


By default, your distribution waits as long as 30 seconds (3 attempts of 10 seconds each) before returning an error response to the viewer.



### Origin response timeout


The *origin response timeout*, also known as the *origin read timeout* or *origin request timeout*, applies to both of the following:
+ The amount of time, in seconds, that your distribution waits for a response after forwarding a request to the origin.
+ The amount of time, in seconds, that your distribution waits after receiving a packet of a response from the origin and before receiving the next packet.

Your distribution's behavior depends on the HTTP method of the viewer request:
+ `GET` and `HEAD` requests – If the origin doesn’t respond or stops responding within the duration of the response timeout, your distribution drops the connection. If the specified number of origin connection attempts is more than 1, your distribution tries again to get a complete response. Your distribution tries up to 3 times, as determined by the value of the *origin connection attempts* setting. If the origin doesn’t respond during the final attempt, your distribution doesn’t try again until it receives another request for content on the same origin. 
+ `DELETE`, `OPTIONS`, `PATCH`, `PUT`, and `POST` requests – If the origin doesn’t respond within 30 seconds, your distribution drops the connection and doesn’t try again to contact the origin. The client can resubmit the request if necessary.

### Simultaneous requests for the same object (traffic spikes)


When a distribution edge location receives a request for an object and either the object isn't currently in the cache or the object has expired, your distribution immediately sends the request to your origin. If there's a traffic spike—if additional requests for the same object arrive at the edge location before your origin responds to the first request—your distribution pauses briefly before forwarding additional requests for the object to your origin. Typically, the response to the first request will arrive at the distribution edge location before the response to subsequent requests. This brief pause helps to reduce unnecessary load on your origin server. If additional requests are not identical because, for example, you configured your distribution to cache based on request headers or cookies, your distribution forwards all of the unique requests to your origin.

### User-agent header


If you want your distribution to cache different versions of your objects based on the device that a user is using to view your content, we recommend that you configure your distribution to forward one or more of the following headers to your origin:
+ `CloudFront-Is-Desktop-Viewer`
+ `CloudFront-Is-Mobile-Viewer`
+ `CloudFront-Is-SmartTV-Viewer`
+ `CloudFront-Is-Tablet-Viewer`

Based on the value of the `User-Agent` header, your distribution sets the value of these headers to `true` or `false` before forwarding the request to your origin. If a device falls into more than one category, more than one value might be `true`. For example, for some tablet devices, your distribution might set both `CloudFront-Is-Mobile-Viewer` and `CloudFront-Is-Tablet-Viewer` to `true`.

You can configure your distribution to cache objects based on values in the `User-Agent` header, but we don't recommend it. The `User-Agent` header has many possible values, and caching based on those values would cause your distribution to forward significantly more requests to your origin. 

If you do not configure your distribution to cache objects based on values in the `User-Agent` header, your distribution adds a `User-Agent` header with the following value before it forwards a request to your origin:

`User-Agent = Amazon CloudFront`

Your distribution adds this header regardless of whether the request from the viewer includes a `User-Agent` header. If the request from the viewer includes a `User-Agent` header, your distribution removes it.

## How your distribution processes responses from your origin


This section contains information about how your distribution processes responses from your origin.

**Contents**
+ [100-Continue responses](#Response100Continue)
+ [Caching](#ResponseCustomCaching)
+ [Canceled requests](#response-custom-canceled-requests)
+ [Content negotiation](#ResponseCustomContentNegotiation)
+ [Cookies](#ResponseCustomCookies)
+ [Dropped TCP connections](#ResponseCustomDroppedTCPConnections)
+ [HTTP response headers that your distribution removes or replaces](#ResponseCustomRemovedHeaders)
+ [Maximum file size](#ResponseCustomMaxFileSize)
+ [Origin unavailable](#ResponseCustomOriginUnavailable)
+ [Redirects](#ResponseCustomRedirects)
+ [Transfer encoding](#ResponseCustomTransferEncoding)

### 100-Continue responses


Your origin cannot send more than one 100-Continue response to your distribution. After the first 100-Continue response, your distribution expects an HTTP 200 OK response. If your origin sends another 100-Continue response after the first one, your distribution returns an error.

### Caching

+ Ensure that your origin sets valid and accurate values for the `Date` and `Last-Modified` header fields.
+ If requests from viewers include the `If-Match` or `If-None-Match` request header fields, set the `ETag` response header field. If you do not specify an `ETag` value, your distribution ignores subsequent `If-Match` or `If-None-Match` headers.
+ Your distribution normally respects a `Cache-Control: no-cache` header in the response from the origin. For an exception, see [Simultaneous requests for the same object (traffic spikes)](#request-custom-traffic-spikes).

### Canceled requests


If an object is not in the edge cache, and if a viewer terminates a session (for example, closes a browser) after your distribution gets the object from your origin but before it can deliver the requested object, your distribution does not cache the object in the edge location.

### Content negotiation


If your origin returns `Vary:*` in the response, and if the value of **Minimum TTL** for the corresponding cache behavior is **0**, your distribution caches the object but still forwards every subsequent request for the object to the origin to confirm that the cache contains the latest version of the object. Your distribution doesn't include any conditional headers, such as `If-None-Match` or `If-Modified-Since`. As a result, your origin returns the object to your distribution in response to every request. 

If your origin returns `Vary:*` in the response, and if the value of **Minimum TTL** for the corresponding cache behavior is any other value, CloudFront processes the `Vary` header as described in [HTTP response headers that your distribution removes or replaces](#ResponseCustomRemovedHeaders). 

### Cookies


If you enable cookies for a cache behavior, and if the origin returns cookies with an object, your distribution caches both the object and the cookies. Note that this reduces cache-ability for an object.

### Dropped TCP connections


If the TCP connection between your distribution and your origin drops while your origin is returning an object to your distribution, your distribution's behavior depends on whether your origin included a `Content-Length` header in the response:
+ **Content-Length header** – Your distribution returns the object to the viewer as it gets the object from your origin. However, if the value of the `Content-Length` header doesn't match the size of the object, your distribution doesn't cache the object.
+ **Transfer-Encoding: Chunked** – Your distribution returns the object to the viewer as it gets the object from your origin. However, if the chunked response is not complete, your distribution does not cache the object.
+ **No Content-Length header** – Your distribution returns the object to the viewer and caches it, but the object may not be complete. Without a `Content-Length` header, your distribution cannot determine whether the TCP connection was dropped accidentally or on purpose.

We recommend that you configure your HTTP server to add a `Content-Length` header to prevent your distribution from caching partial objects.

### HTTP response headers that your distribution removes or replaces


Your distribution removes or updates the following header fields before forwarding the response from your origin to the viewer:
+ `Set-Cookie` – If you configure your distribution to forward cookies, it will forward the `Set-Cookie` header field to clients.
+ `Trailer`
+ `Transfer-Encoding` – If your origin returns this header field, your distribution sets the value to `chunked` before returning the response to the viewer.
+ `Upgrade`
+ `Vary` – Note the following:
  + If you configure your distribution to forward any of the device-specific headers to your origin (`CloudFront-Is-Desktop-Viewer`, `CloudFront-Is-Mobile-Viewer`, `CloudFront-Is-SmartTV-Viewer`, `CloudFront-Is-Tablet-Viewer`) and you configure your origin to return `Vary:User-Agent` to your distribution, your distribution returns `Vary:User-Agent` to the viewer.
  + If you configure your origin to include either `Accept-Encoding` or `Cookie` in the `Vary` header, Your distribution includes the values in the response to the viewer.
  + If you configure your distribution to forward an allow list of headers to your origin, and if you configure your origin to return the header names to your distribution in the `Vary` header (for example, `Vary:Accept-Charset,Accept-Language`), Your distribution returns the `Vary` header with those values to the viewer.
  + For information about how your distribution processes a value of `*` in the `Vary` header, see [Content negotiation](#ResponseCustomContentNegotiation).
  + If you configure your origin to include any other values in the `Vary` header, your distribution removes the values before returning the response to the viewer.
+ `Via` – Your distribution sets the value to the following in the response to the viewer:

  `Via: `*http-version* *alphanumeric-string*`.cloudfront.net (CloudFront)`

  For example, if the client makes a request over HTTP/1.1, the value is something like the following:

  `Via: 1.1 1026589cc7887e7a0dc7827b4example.cloudfront.net (CloudFront)`

### Maximum file size


The maximum size of a response body that your distribution will return to the viewer is 20 GB. This includes chunked transfer responses that don't specify the `Content-Length` header value.

### Origin unavailable


If your origin server is unavailable and your distribution gets a request for an object that is in the edge cache but that has expired (for example, because the period of time specified in the `Cache-Control max-age` directive has passed), your distribution either serves the expired version of the object or serves a custom error page.

In some cases, an object that is seldom requested is evicted and is no longer available in the edge cache. Your distribution can't serve an object that has been evicted.

### Redirects


If you change the location of an object on your origin server, you can configure your web server to redirect requests to the new location. After you configure the redirect, the first time a viewer submits a request for the object, your distribution sends the request to the origin, and the origin responds with a redirect (for example, `302 Moved Temporarily`). Your distribution caches the redirect and returns it to the viewer. Your distribution does not follow the redirect.

You can configure your web server to redirect requests to one of the following locations:
+ The new URL of the object on the origin server. When the viewer follows the redirect to the new URL, the viewer bypasses your distribution and goes straight to the origin. As a result, we recommend that you not redirect requests to the new URL of the object on the origin.
+ The new distribution URL for the object. When the viewer submits the request that contains the new distribution URL, your distribution gets the object from the new location on your origin, caches it at the edge location, and returns the object to the viewer. Subsequent requests for the object will be served by the edge location. This avoids the latency and load associated with viewers requesting the object from the origin. However, every new request for the object will incur charges for two requests to your distribution.

### Transfer encoding


Lightsail distributions support only the `chunked` value of the `Transfer-Encoding` header. If your origin returns `Transfer-Encoding: chunked`, your distribution returns the object to the client as the object is received at the edge location, and caches the object in chunked format for subsequent requests.

If the viewer makes a `Range GET` request and the origin returns `Transfer-Encoding: chunked`, your distribution returns the entire object to the viewer instead of the requested range.

We recommend that you use chunked encoding if the content length of your response cannot be predetermined. For more information, see [Dropped TCP Connections](#ResponseCustomDroppedTCPConnections).

# Validate your Lightsail distribution's content caching
Test distribution

In this guide, you will learn how to test that your Amazon Lightsail distribution is caching and serving content from your origin. You should perform this test after you add your registered domain name to your distribution. For more information about distributions, see [Content delivery network distributions](amazon-lightsail-content-delivery-network-distributions.md).

## Test your distribution


Complete the following procedure to test your distribution. We use the Chrome web browser in this procedure; other browsers may use similar steps.

1. Open the Chrome web browser.

1. Open the **Chrome Menu** in the upper-right-hand corner of the browser window and select **More Tools** > **Developer Tools**.

   You can also use the shortcut Option \$1 ⌘ \$1 J (on macOS), or Shift \$1 CTRL \$1 J (on Windows/Linux).

1. In the developer tools pane, choose the **Network** tab.

1. Browse to the domain of your distribution (e.g., `https://www.example.com`).

   The **Network** tab of the Chrome developer tools should will populate with a list of objects from your website. 

1. Choose a static object, such as an image file (.jpg, .png, .gif).

1. In the **Header** panel that appears, you should see that the `via` and `x-cache` headers both mention CloudFront. This confirms that your distribution is caching and serving content from your origin. your   
![\[Distribution test result\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/distribution-test-result.png)