aws_cloudfront_distribution cost estimation
A CDN distribution. Priced by data transfer to viewers and request count, with rates varying by region.
An aws_cloudfront_distribution caches and serves content from edge locations close to viewers. There's no per-distribution charge; you pay for what flows through it.
Two pricing dimensions matter. First, data transfer to viewers (egress from CloudFront edge to the user). Rates vary significantly by geographic region: the cheapest tier (North America and Europe) is roughly $0.085/GB for the first 10 TB, dropping with volume. Asia Pacific, South America, and the Middle East are 2-3x more expensive per GB.
Second, HTTPS requests. Roughly $0.0075 per 10,000 HTTPS requests in cheap regions, higher elsewhere. HTTP-only requests are cheaper but rarely used today.
The big win of CloudFront vs serving directly from S3 or an ALB is that data transfer to viewers from CloudFront is cheaper than the same egress from S3 ($0.09/GB) or from EC2 to internet ($0.09/GB), AND CloudFront's "origin pull" (cache miss back to S3 or your origin) is free. So a workload with high cache hit ratio pays only CloudFront egress, not S3 egress.
Additional costs apply for: edge functions (CloudFront Functions, Lambda@Edge), real-time logging, field-level encryption, origin shield, and price class restrictions don't reduce cost (they reduce coverage).
c3x reads the distribution config including price_class. Data transfer and request volumes are usage-based via c3x-usage.yml.
Terraform example
A minimal but realistic configuration that C3X can estimate.
resource "aws_cloudfront_distribution" "site" {
enabled = true
default_root_object = "index.html"
price_class = "PriceClass_100"
origin {
domain_name = aws_s3_bucket.site.bucket_regional_domain_name
origin_id = "s3-origin"
}
default_cache_behavior {
target_origin_id = "s3-origin"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
cache_policy_id = "658327ea-f89d-4fab-a63d-7e88639e58f6"
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = true
}
}Pricing dimensions
What you actually pay for when you provision aws_cloudfront_distribution.
| Dimension | Unit | What's being charged |
|---|---|---|
| Data transfer out to viewers | per GB | Bytes from edge locations to viewer clients. Rates are tiered by region of the edge location and by total monthly volume. $0.085/GB for first 10 TB in North America/Europe |
| HTTPS requests | per 10,000 requests | Each viewer request handled by an edge location. $0.0075/10,000 in North America/Europe |
| Origin requests | per GB | Bytes from your origin (S3, ALB, custom) to CloudFront edges. Free from S3 in the same region; otherwise standard egress applies. |
| CloudFront Functions | per 1M invocations | Edge functions written in JavaScript with constrained runtime. $0.10/1M invocations |
| Lambda@Edge | per request + duration | Full Lambda functions running at the edge. Pricier than CloudFront Functions, but supports any runtime. |
Optimization tips
Common ways to reduce aws_cloudfront_distribution cost without changing the workload.
Restrict price class to where your users are
Up to 50%PriceClass_100 (US, Canada, Europe) is roughly half the cost of PriceClass_All. PriceClass_200 adds Asia and Mexico. Only use PriceClass_All if you have meaningful traffic from South America, India, or the Middle East.
Maximize cache hit ratio with cache policies
Origin compute and egressA 95% cache hit rate means only 5% of requests go to origin. Set long max_ttl on static assets, use cache policies that include only headers/query strings that affect the response.
Use Origin Shield for geographic origin servers
Workload-dependentIf your origin is in one region but viewers are global, Origin Shield gives you a single regional cache layer between edges and origin. Cuts origin requests and egress on cache misses.
CloudFront Functions instead of Lambda@Edge for simple logic
Up to 80% vs Lambda@EdgeHeader manipulation, URL rewrites, simple A/B testing can run in CloudFront Functions at $0.10/M invocations. Lambda@Edge is $0.60/M plus duration. Functions are right for anything that doesn't need Node.js APIs.
FAQ
Is CloudFront cheaper than serving directly from S3?
Almost always yes for public traffic. CloudFront egress is ~5-15% cheaper per GB than S3 egress, AND cache hits eliminate S3 GET request fees. Even with no caching, you're roughly even on egress and ahead on requests. With any caching, CloudFront wins.
Does the free tier apply?
AWS has a CloudFront free tier of 1 TB egress and 10M requests per month, permanent (not just first 12 months). c3x can model this via the usage file's account-level free tier setting.
How does c3x estimate data transfer?
CloudFront cost is dominated by egress, which is usage-based. Add expected monthly_data_transfer_to_internet_gb and monthly_https_requests under the distribution in c3x-usage.yml.
What about CloudFront Functions vs Lambda@Edge in estimates?
c3x estimates declared function associations from the distribution. Lambda@Edge functions are pulled from the aws_lambda_function resource. CloudFront Functions are inline in the distribution config.
Related resources
Estimate this resource in your own Terraform
Free, open source, no API key. C3X parses your Terraform and shows line-item cost for every resource, including aws_cloudfront_distribution.