aws::cloudfront¶

Create a CloudFront distribution.

Example¶

aws::cloudfront cloudfront-example
    enabled: true
    ipv6-enabled: false
    comment: "$(project) - static asset cache"

    origin
        id: "S3-$(project)-brightspot"
        domain-name: "$(project)-brightspot.s3.us-east-1.amazonaws.com"
    end

    origin
        id: "elb-$(project)-web"
        domain-name: "www.google.com"

        custom-origin
            http-port: 80
        end
    end

    default-cache-behavior
        target-origin-id: "S3-$(project)-brightspot"
        viewer-protocol-policy: "allow-all"
        allowed-methods: ["GET", "HEAD"]
        cached-methods: ["GET", "HEAD"]
        cache-policy: $(aws::cloudfront-cache-policy cache-policy-example)
        origin-request-policy: $(aws::cloudfront-origin-request-policy origin-request-policy-example)
    end

    behavior
        path-pattern: "/dims?/*"
        target-origin-id: "elb-$(project)-web"
        viewer-protocol-policy: "allow-all"
        allowed-methods: ["GET", "HEAD"]
        query-string: true
    end

    geo-restriction
        type: "whitelist"
        restrictions: ["US"]
    end

Attributes¶

Attribute	Description
enabled	Enable or disable this distribution without deleting it.
comment	A comment for this distribution.
cnames list	CNAMES (aliases) for which this distribution will listen for.
http-version	The maximum http version that users can request on this distribution. Valid values are `http1.1`, `http2`, `http3` or `http2and3`.
price-class	The maximum price you want to pay for CloudFront. For information on pricing see Price classes. Valid values are `PriceClass_All`, `PriceClass_200` or `PriceClass_100`.
default-root-object	The object to request from the origin when a user requests the root URL (i.e. http://www.example.com/).
ipv6-enabled	Enable IPv6 support for this distribution.
web-acl	The Web ACL (WAF) ID to associate with this distribution.
tags map	A map of tags to apply to this distribution.
origin set subresource	List of origins for this distribution. id A unique ID for this origin. domain-name The DNS name of the origin. origin-path Optional path to request content from a specific directory of the origin. custom-headers map A map of custom headers to send the origin on every request. s3-origin subresource S3 configuration for this origin. When configuring the origin if both s3-origin and custom-origin are left blank, defaults to a blank s3-origin. If the domain-name is set to anything other than a bucket a custom-origin needs to be configured. origin-access-identity Origin access identity for serving private content through S3. custom-origin subresource Custom configuration for this origin. If the domain-name is set to anything other than a bucket a custom-origin needs to be configured. http-port The port the origin listens for http. https-port The port the origin listens for https. origin-keep-alive-timeout The amount of time to keep an idle connection to the origin. origin-read-timeout The max amount of a time CloudFront will wait, in seconds, for an initial connection, and subsequent reads. Valid values are between `4` to `60`. origin-protocol-policy The protocol CloudFront should use to connect to the origin. Valid values are `http-only`, `https-only` or `match-viewer`. origin-ssl-protocols set SSL protocols CloudFront is allow to connect to the origin with.1``, `TLSv1.2`. Valid values are `SSLv3`, `TLSv1`, `TLSv1.1` and `TLSv1.2`. origin-shield subresource Origin shield for this origin. enabled When set to ``true`, CloudFront routes all requests through Origin Shield. (Required) region The region to check the latency with. origin-access-control The origin access control for this origin.
behavior set subresource	List of cache behaviors for this distribution. target-origin-id The ID for the origin to route requests to when the path pattern matches this cache behavior. path-pattern The URL pattern to match against this pattern. (i.e. `/dims?/*`). viewer-protocol-policy The protocol the user is allowed to access resources that match this cache behavior. Valid values are `allow-all`, `redirect-to-https` or `https-only`. min-ttl The minimum time objects will be cached in this distribution. Deprecated in favor of {@link CachePolicyResource}. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> Cannot be set if `cache-policy` is set. allowed-methods set HTTP methods (i.e. `GET`, `POST`) that you want to forward to the origin. cached-methods set HTTP methods (i.e. `GET`, `POST`) that you want to cache responses from. headers set Headers to include the cache key for an object. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. forward-cookies Whether to forward to cookies to the origin. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. cookies set Whitelist of cookies to include the cache key for an object. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. smooth-streaming Whether you want to distribute media files in the Microsoft Smooth Streaming format. default-ttl The time objects will be cached in this distribution. Only applies when one of `Cache-Control: max-age`, `Cache-Control: s-maxage`, or `Expires` are not returned by the origin. Deprecated in favor of {@link CachePolicyResource}. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> Cannot be set if `cache-policy` is set. max-ttl The maximum time objects will be cached in this distribution. Deprecated in favor of {@link CachePolicyResource}. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> Cannot be set if `cache-policy` is set. compress Whether to compress files from origin. query-string Whether to forward query strings to origin. If true, query string parameters become part of the cache key. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. query-string-cache-keys set Query string parameters that should be used in the cache key. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. trusted-signers set A list of AWS account numbers that are allowed to generate signed URLs for private content. field-level-encryption-id The Field Level Encryption configuration ID. lambda-functions set subresource The lambda functions associated with this cache behavior. event-type The type of event that triggers a Lambda function invocation. (Required) arn The ARN of the Lambda function. include-body Indicates whether the body of the request is included in the cache key. function-associations set subresource The cloudfront function associations with this cache behavior. function The ARN of the cloudfront function being associated. (Required) event-type The event type of the Lambda function. Valid values are `viewer-request`, `viewer-response`, `origin-request` or `origin-response`. (Required) cache-policy The cache policy that is attached to this cache behavior. origin-request-policy The origin request policy that is attached to this cache behavior.
default-cache-behavior subresource	The default cache behavior for this distribution. target-origin-id The ID for the origin to route requests to when the path pattern matches this cache behavior. path-pattern The URL pattern to match against this pattern. (i.e. `/dims?/*`). viewer-protocol-policy The protocol the user is allowed to access resources that match this cache behavior. Valid values are `allow-all`, `redirect-to-https` or `https-only`. min-ttl The minimum time objects will be cached in this distribution. Deprecated in favor of {@link CachePolicyResource}. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> Cannot be set if `cache-policy` is set. allowed-methods set HTTP methods (i.e. `GET`, `POST`) that you want to forward to the origin. cached-methods set HTTP methods (i.e. `GET`, `POST`) that you want to cache responses from. headers set Headers to include the cache key for an object. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. forward-cookies Whether to forward to cookies to the origin. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. cookies set Whitelist of cookies to include the cache key for an object. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. smooth-streaming Whether you want to distribute media files in the Microsoft Smooth Streaming format. default-ttl The time objects will be cached in this distribution. Only applies when one of `Cache-Control: max-age`, `Cache-Control: s-maxage`, or `Expires` are not returned by the origin. Deprecated in favor of {@link CachePolicyResource}. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> Cannot be set if `cache-policy` is set. max-ttl The maximum time objects will be cached in this distribution. Deprecated in favor of {@link CachePolicyResource}. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> Cannot be set if `cache-policy` is set. compress Whether to compress files from origin. query-string Whether to forward query strings to origin. If true, query string parameters become part of the cache key. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. query-string-cache-keys set Query string parameters that should be used in the cache key. Deprecated in favor of {@link CachePolicyResource} or {@link OriginRequestPolicyResource} If you want to include values in the cache key, use a cache policy. For more information, See Creating cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy”> or Using the managed cache policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html”> If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, See Creating origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy”> or Using the managed origin request policies <”https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html”> Cannot be set if `cache-policy` is set. trusted-signers set A list of AWS account numbers that are allowed to generate signed URLs for private content. field-level-encryption-id The Field Level Encryption configuration ID. lambda-functions set subresource The lambda functions associated with this cache behavior. event-type The type of event that triggers a Lambda function invocation. (Required) arn The ARN of the Lambda function. include-body Indicates whether the body of the request is included in the cache key. function-associations set subresource The cloudfront function associations with this cache behavior. function The ARN of the cloudfront function being associated. (Required) event-type The event type of the Lambda function. Valid values are `viewer-request`, `viewer-response`, `origin-request` or `origin-response`. (Required) cache-policy The cache policy that is attached to this cache behavior. origin-request-policy The origin request policy that is attached to this cache behavior.
viewer-certificate subresource	SSL certificate configuration. cloudfront-default-certificate Use the default CloudFront SSL certificate (i.e. `*.cloudfront.net`). acm-certificate-arn ARN for an ACM generated certificate. iam-certificate-id ID for certificated uploaded to IAM. minimum-protocol-version Minimum SSL protocol. Valid values are `SSLv3`, `TLSv1`, `TLSv1_2016`, `TLSv1.1_2016`, `TLSv1.2_2018`, `TLSv1.2_2019` or `TLSv1.2_2021`. ssl-support-method Whether CloudFront uses a dedicated IP or SNI for serving SSL traffic. There is a significant additional monthly charge for vip`. Valid values are ``vip or `sni-only`.
logging subresource	Configure logging access logs to S3. bucket The bucket to save access logs. (Required) bucket-prefix Directory within bucket ot save access logs. include-cookies Whether to include cookies logs.
custom-error-response list subresource	Replace HTTP codes with custom error responses as well as define cache TTLs for error responses. ttl The minimum amount of time to cache this error code. error-code HTTP error code to return a custom response for. response-code Custom HTTP status code to return. response-page-path Path to a custom error page.
geo-restriction subresource	Restrict or allow access to this distribution by country. type Type of restriction. Valid values are `whitelist` or `blacklist`. restrictions set List of countries to whitelist or blacklist. Uses two letter country codes (i.e. US).
monitoring-subscription subresource	Monitoring subscription configuration for cloudfront. status When set to `true` enables realtime metric subscription. Valid values are `Enabled` or `Disabled`. (Required)

Outputs¶

Attribute	Description
id	The id of this CloudFront distribution.
arn	The arn of this CloudFront distribution.
domain-name	The domain name for this distribution (i.e. `abc123893.cloudfront.net`).