Amazon CloudFront Announces WebSocket Support for VPC Origins

Amazon CloudFront now supports WebSockets traffic through Virtual Private Cloud (VPC) origins, enabling you to use CloudFront as the single entry point for real-time applications hosted entirely in private subnets. WebSockets support extends VPC origins to applications that require persistent, bidirectional connections between clients and servers, such as chat platforms, collaborative editing tools, live dashboards, and IoT device management systems. Previously, customers running real-time applications over WebSockets had to keep their origins in public subnets and use Access Control Lists and other mechanisms to restrict access to their WebSockets-enabled servers. Customers had to spend ongoing effort to implement and maintain these solutions. Now, customers can place their Application Load Balancers (ALB), Network Load Balancers (NLB), and EC2 instances serving WebSockets traffic in private subnets accessible only through their CloudFront distributions. CloudFront serves as the single front door for both traditional HTTP traffic and real-time WebSockets connections, reducing attack surface, simplifying security management, and providing built-in DDoS protection. WebSockets support for VPC origins is available in all AWS Commercial Regions where VPC origins is supported. There is no additional cost for WebSockets traffic through VPC origins. To learn more, visit [CloudFront VPC origins](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-vpc-origins.html).