> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.
> Learn how to configure AWS CloudFront for use as the custom domain proxy for Auth0.
# Configure AWS CloudFront as Reverse Proxy
Both your specific login implementation and your Auth0 plan or custom agreement affect whether this feature is available. To learn more, read [Pricing](https://auth0.com/pricing).
You can configure AWS CloudFront for use as the reverse proxy with custom domain names for your Auth0 tenant.
1. Log in to AWS, and navigate to [CloudFront](https://console.aws.amazon.com/cloudfront).
2. Click **Create Distribution**.
3. You can choose the delivery method for your content. Click **Get Started** under the **Web** section.
4. Configure your distribution settings. Here are the values you'll need to change.
| Setting | Value |
| ------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------- |
| Origin Domain Name | Set this to the **Origin Domain Name** value obtained from the Auth0 Dashboard during the Custom Domains setup process |
| Origin ID | A description for the origin. This value lets you distinguish between multiple origins in the same distribution and therefore must be unique. |
| Origin Protocol Policy | Set to `HTTPS Only` |
| Alternate Domain Names (CNAMEs) | Set to your custom domain name (the same one your configured in the Auth0 Dashboard) |
| SSL Certificate | Set to the SSL Certificate for your custom domain stored in AWS Certificate Manager (ACM) in the US East(N. Virginia) Region or in IAM. |
5. Provide information on the **Origin Custom Headers** (the **Header Name** and **Value** fields appear only after you've provided an **Origin Domain Name**)
| Setting | Value |
| ----------- | -------------------------------------------------------------------------------------------------------------------------- |
| Header Name | Set to `cname-api-key` |
| Value | Set to the CNAME API Key value that you were given immediately after you verified ownership of your domain name with Auth0 |
6. Configure the **Default Cache Behavior Settings**. Here are the values you'll need to change
| Setting | Value |
| --------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Viewer Protocol Policy | Select **Redirect HTTP to HTTPS** |
| Allowed HTTP Methods | Select **GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE** |
| Cache and origin request settings | Select **Legacy cache settings** |
| Cache Based on Selected Request Headers | Select **Include the following headers** |
| Add Headers | Enter `User-Agent` and click **Add Custom >>** to add the custom header. Do the same for `Authorization`, `Origin`, `Referer`, `Accept-Language`, and `Accept` headers. |
| Forward Cookies | Select **All** |
| Query Strings | Select **All** |
7. Scroll to the bottom of the page and click **Create Distribution**.
You'll see your newly-created distribution in your CloudFront Distributions list. Note that the Status will reflect `In progress` until the distribution is Deployed.
8. Add a new CNAME record to your DNS for your custom domain pointing to the CloudFront Domain Name for your Distribution. This can be found by clicking on your Distribution ID, under the General tab, Domain Name (for example, `e2zwy42nt1feu7.cloudfront.net`). You can also use an Alias record if Route 53 is configured for your domain.
## Learn more
* [Configure Features to Use Custom Domains](/docs/customize/custom-domains/configure-features-to-use-custom-domains)
* [TLS (SSL) Versions and Ciphers](/docs/customize/custom-domains/self-managed-certificates/tls-ssl)