Query

aws::cloudfront

Create a CloudFront distribution.

Example

aws::cloudfront cloudfront-example
    enabled: true
    ipv6-enabled: false
    comment: "cloudfront-example - static asset cache"

    origin
        id: $(aws::s3-bucket bucket).name
        domain-name: "www.google.com"

        custom-origin
            http-port: 80
        end
    end

    default-cache-behavior
        target-origin-id: $(aws::s3-bucket bucket).name
        viewer-protocol-policy: "allow-all"
        allowed-methods: ["GET", "HEAD"]
        cached-methods: ["GET", "HEAD"]
        headers: ["Origin"]
    end

    behavior
        path-pattern: "/dims?/*"
        target-origin-id: $(aws::s3-bucket bucket).name
        viewer-protocol-policy: "allow-all"
        allowed-methods: ["GET", "HEAD"]
        query-string: true
    end

    geo-restriction
        type: "whitelist"
        restrictions: ["US"]
    end

    custom-error-response
        error-code: 400
        ttl: 0
    end

    logging
        bucket: $(aws::s3-bucket bucket)
        bucket-prefix: "my-bucket/logs"
        include-cookies: false
    end

    tags: {
        Name: "content cache"
    }
 end

Attributes

Attribute	Description
enabled	Enable or disable this distribution without deleting it.
comment	A comment for this distribution.
cnames list	CNAMES (aliases) for which this distribution will listen for.
http-version	The maximum http version that users can request on this distribution. Valid values are http1.1 or http2.
price-class	The maximum price you want to pay for CloudFront. For information on pricing see Price classes. Valid values are PriceClass_All, PriceClass_200 or PriceClass_100.
default-root-object	The object to request from the origin when a user requests the root URL (i.e. http://www.example.com/).
ipv6-enabled	Enable IPv6 support for this distribution.
web-acl	The Web ACL (WAF) ID to associate with this distribution.
tags map	A map of tags to apply to this distribution.
origin set subresource	List of origins for this distribution. id A unique ID for this origin. domain-name The DNS name of the origin. origin-path Optional path to request content from a specific directory of the origin. custom-headers map A map of custom headers to send the origin on every request. s3-origin subresource S3 configuration for this origin. When configuring the origin if both s3-origin and custom-origin are left blank, defaults to a blank s3-origin. If the domain-name is set to anything other than a bucket a custom-origin needs to be configured. origin-access-identity Origin access identity for serving private content through S3. custom-origin subresource Custom configuration for this origin. If the domain-name is set to anything other than a bucket a custom-origin needs to be configured. http-port The port the origin listens for http. https-port The port the origin listens for https. origin-keep-alive-timeout The amount of time to keep an idle connection to the origin. origin-read-timeout The max amount of a time CloudFront will wait, in seconds, for an initial connection, and subsequent reads. Valid values are between 4 to 60. origin-protocol-policy The protocol CloudFront should use to connect to the origin. Valid values are http-only, https-only or match-viewer. origin-ssl-protocols set SSL protocols CloudFront is allow to connect to the origin with.1``, TLSv1.2. Valid values are SSLv3, TLSv1, TLSv1.1 and TLSv1.2. origin-shield subresource Origin shield for this origin. enabled When set to ``true`, CloudFront routes all requests through Origin Shield. (Required) region The region to check the latency with. origin-access-control The origin access control for this origin.
behavior set subresource	List of cache behaviors for this distribution. target-origin-id The ID for the origin to route requests to when the path pattern matches this cache behavior. path-pattern The URL pattern to match against this pattern. (i.e. /dims?/*). viewer-protocol-policy The protocol the user is allowed to access resources that match this cache behavior. Valid values are allow-all, redirect-to-https or https-only. min-ttl The minimum time objects will be cached in this distribution. allowed-methods set HTTP methods (i.e. GET, POST) that you want to forward to the origin. cached-methods set HTTP methods (i.e. GET, POST) that you want to cache responses from. headers set Headers to include the cache key for an object. forward-cookies Whether to forward to cookies to the origin. cookies set Whitelist of cookies to include the cache key for an object. smooth-streaming Whether you want to distribute media files in the Microsoft Smooth Streaming format. default-ttl The time objects will be cached in this distribution. Only applies when one of Cache-Control: max-age, Cache-Control: s-maxage, or Expires are not returned by the origin. max-ttl The maximum time objects will be cached in this distribution. compress Whether to compress files from origin. query-string Whether to forward query strings to origin. If true, query string parameters become part of the cache key. query-string-cache-keys set Query string parameters that should be used in the cache key. trusted-signers set A list of AWS account numbers that are allowed to generate signed URLs for private content. field-level-encryption-id The Field Level Encryption configuration ID. lambda-functions set subresource The lambda functions associated with this cache behavior. event-type The type of event that triggers a Lambda function invocation. (Required) arn The ARN of the Lambda function. include-body Indicates whether the body of the request is included in the cache key. function-associations set subresource The cloudfront function associations with this cache behavior. function The ARN of the cloudfront function being associated. (Required) event-type The event type of the Lambda function. Valid values are viewer-request, viewer-response, origin-request or origin-response. (Required)
default-cache-behavior subresource	The default cache behavior for this distribution. target-origin-id The ID for the origin to route requests to when the path pattern matches this cache behavior. path-pattern The URL pattern to match against this pattern. (i.e. /dims?/*). viewer-protocol-policy The protocol the user is allowed to access resources that match this cache behavior. Valid values are allow-all, redirect-to-https or https-only. min-ttl The minimum time objects will be cached in this distribution. allowed-methods set HTTP methods (i.e. GET, POST) that you want to forward to the origin. cached-methods set HTTP methods (i.e. GET, POST) that you want to cache responses from. headers set Headers to include the cache key for an object. forward-cookies Whether to forward to cookies to the origin. cookies set Whitelist of cookies to include the cache key for an object. smooth-streaming Whether you want to distribute media files in the Microsoft Smooth Streaming format. default-ttl The time objects will be cached in this distribution. Only applies when one of Cache-Control: max-age, Cache-Control: s-maxage, or Expires are not returned by the origin. max-ttl The maximum time objects will be cached in this distribution. compress Whether to compress files from origin. query-string Whether to forward query strings to origin. If true, query string parameters become part of the cache key. query-string-cache-keys set Query string parameters that should be used in the cache key. trusted-signers set A list of AWS account numbers that are allowed to generate signed URLs for private content. field-level-encryption-id The Field Level Encryption configuration ID. lambda-functions set subresource The lambda functions associated with this cache behavior. event-type The type of event that triggers a Lambda function invocation. (Required) arn The ARN of the Lambda function. include-body Indicates whether the body of the request is included in the cache key. function-associations set subresource The cloudfront function associations with this cache behavior. function The ARN of the cloudfront function being associated. (Required) event-type The event type of the Lambda function. Valid values are viewer-request, viewer-response, origin-request or origin-response. (Required)
viewer-certificate subresource	SSL certificate configuration. cloudfront-default-certificate Use the default CloudFront SSL certificate (i.e. *.cloudfront.net). acm-certificate-arn ARN for an ACM generated certificate. iam-certificate-id ID for certificated uploaded to IAM. minimum-protocol-version Minimum SSL protocol. Valid values are SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018, TLSv1.2_2019 or TLSv1.2_2021. ssl-support-method Whether CloudFront uses a dedicated IP or SNI for serving SSL traffic. There is a significant additional monthly charge for vip`. Valid values are ``vip or sni-only.
logging subresource	Configure logging access logs to S3. bucket The bucket to save access logs. (Required) bucket-prefix Directory within bucket ot save access logs. include-cookies Whether to include cookies logs.
custom-error-response list subresource	Replace HTTP codes with custom error responses as well as define cache TTLs for error responses. ttl The minimum amount of time to cache this error code. error-code HTTP error code to return a custom response for. response-code Custom HTTP status code to return. response-page-path Path to a custom error page.
geo-restriction subresource	Restrict or allow access to this distribution by country. type Type of restriction. Valid values are whitelist or blacklist. restrictions set List of countries to whitelist or blacklist. Uses two letter country codes (i.e. US).
monitoring-subscription subresource	Monitoring subscription configuration for cloudfront. status When set to true enables realtime metric subscription. Valid values are Enabled or Disabled. (Required)

Outputs

Attribute	Description
id	The id of this CloudFront distribution.
arn	The arn of this CloudFront distribution.
domain-name	The domain name for this distribution (i.e. abc123893.cloudfront.net).