[philsnow]

What makes you think that when cloudfront requests objects internally from s3, it's using http?

It could just as easily be connecting with s2n and authenticating both endpoints of the connection.

[colinbartlett]

This article[1] states the following, though it doesn't cite any specific source:

> CloudFront will use encryption when retrieving data from its storage service S3 (Simple Storage Service), so the content is protected all the way from where it is stored to the user's computer, according to Amazon.

1. http://www.computerworld.com/article/2518747/data-center/use...

[nitrogen]

It says so in the CloudFront distribution setup, when you point it at an s3-website-[region] URL instead of directly at an S3 bucket.