I am trying to add all the required AWS console sites to IE trusted Sites so our Servers can access the AWS Console.
I have added all the other AWS domains with wildcards via GPO/Registry settings but the registry setting for https://*.cloudfront.net does not work.
When I try to manually enter it into IE I get the pattern is not accepted error.
I have tried on Windows 10 (IE version 11.557.17763), Windows Server 2016 (IE version 11.557.17763, Server 2012 R2 (IE Version 11.0.9600.19301).
If I change a letter around it works. example https://*.cloudfron.net and https://*.cloudfronts.net work.
I have also tried on a different domain and it also did not work.
IE is protecting you from a dangerous misconfiguration.
It isn't appropriate to add https://*.cloudfront.net to trusted sites, just as it would not be appropriate to add https://*.com to trusted sites. The problem with trusting all of *.com is obvious enough, but why CloudFront?
The reason is because anyone can have a *.cloudfront.net subdomain. CloudFront is a service that is used by AWS customers, in addition to being used by the AWS console and even the amazon.com retail site.
But how does IE know this specific domain should be restricted? It appears to be this:
IE on the Windows 10 Technical Preview switches the parsing of domain names to use the algorithms and domain list found at http://publicsuffix.org.
Presumably this is still true. And, you will observe that cloudfront.net is indeed on the public suffix list. (On the public suffix list, the absence of * wildcards does not mean what you might assume, so the fact that the list includes cloudfront.net but not *.cloudfront.net is not significant, here.)
Unfortunately, it appears that you will need to identify the specific CloudFront subdomains to trust, and configure them individually.