aws::cloudfront

Create a CloudFront distribution.

Example

aws::cloudfront cloudfront-example
    enabled: true
    ipv6-enabled: false
    comment: "cloudfront-example - static asset cache"

    origin
        id: $(aws::s3-bucket bucket).name
        domain-name: "www.google.com"

        custom-origin
            http-port: 80
        end
    end

    default-cache-behavior
        target-origin-id: $(aws::s3-bucket bucket).name
        viewer-protocol-policy: "allow-all"
        allowed-methods: ["GET", "HEAD"]
        cached-methods: ["GET", "HEAD"]
        headers: ["Origin"]
    end

    behavior
        path-pattern: "/dims?/*"
        target-origin-id: $(aws::s3-bucket bucket).name
        viewer-protocol-policy: "allow-all"
        allowed-methods: ["GET", "HEAD"]
        query-string: true
    end

    geo-restriction
        type: "whitelist"
        restrictions: ["US"]
    end

    custom-error-response
        error-code: 400
        ttl: 0
    end

    logging
        bucket: $(aws::s3-bucket bucket)
        bucket-prefix: "my-bucket/logs"
        include-cookies: false
    end

    tags: {
        Name: "content cache"
    }
 end

Attributes

Attribute Description
enabled Enable or disable this distribution without deleting it.
comment A comment for this distribution.
cnames list CNAMES (aliases) for which this distribution will listen for.
http-version The maximum http version that users can request on this distribution. Valid values are http1.1 or http2.
price-class The maximum price you want to pay for CloudFront. For information on pricing see Price classes. Valid values are PriceClass_All, PriceClass_200 or PriceClass_100.
default-root-object The object to request from the origin when a user requests the root URL (i.e. http://www.example.com/).
ipv6-enabled Enable IPv6 support for this distribution.
web-acl The Web ACL (WAF) ID to associate with this distribution.
tags map A map of tags to apply to this distribution.
origin set subresource

List of origins for this distribution.

id
A unique ID for this origin.
domain-name
The DNS name of the origin.
origin-path
Optional path to request content from a specific directory of the origin.
custom-headers map
A map of custom headers to send the origin on every request.
s3-origin subresource

S3 configuration for this origin. When configuring the origin if both s3-origin and custom-origin are left blank, defaults to a blank s3-origin. If the domain-name is set to anything other than a bucket a custom-origin needs to be configured.

origin-access-identity
Origin access identity for serving private content through S3.
custom-origin subresource

Custom configuration for this origin. If the domain-name is set to anything other than a bucket a custom-origin needs to be configured.

http-port
The port the origin listens for http.
https-port
The port the origin listens for https.
origin-keep-alive-timeout
The amount of time to keep an idle connection to the origin.
origin-read-timeout
The max amount of a time CloudFront will wait, in seconds, for an initial connection, and subsequent reads. Valid values are between 4 to 60.
origin-protocol-policy
The protocol CloudFront should use to connect to the origin. Valid values are http-only, https-only or match-viewer.
origin-ssl-protocols set
SSL protocols CloudFront is allow to connect to the origin with.1``, TLSv1.2. Valid values are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
origin-shield subresource

Origin shield for this origin.

enabled
When set to ``true`, CloudFront routes all requests through Origin Shield. (Required)
region
The region to check the latency with.
behavior set subresource

List of cache behaviors for this distribution.

target-origin-id
The ID for the origin to route requests to when the path pattern matches this cache behavior.
path-pattern
The URL pattern to match against this pattern. (i.e. /dims?/*).
viewer-protocol-policy
The protocol the user is allowed to access resources that match this cache behavior. Valid values are allow-all, redirect-to-https or https-only.
min-ttl
The minimum time objects will be cached in this distribution.
allowed-methods set
HTTP methods (i.e. GET, POST) that you want to forward to the origin.
cached-methods set
HTTP methods (i.e. GET, POST) that you want to cache responses from.
headers set
Headers to include the cache key for an object.
forward-cookies
Whether to forward to cookies to the origin.
cookies set
Whitelist of cookies to include the cache key for an object.
smooth-streaming
Whether you want to distribute media files in the Microsoft Smooth Streaming format.
default-ttl
The time objects will be cached in this distribution. Only applies when one of Cache-Control: max-age, Cache-Control: s-maxage, or Expires are not returned by the origin.
max-ttl
The maximum time objects will be cached in this distribution.
compress
Whether to compress files from origin.
query-string
Whether to forward query strings to origin. If true, query string parameters become part of the cache key.
query-string-cache-keys set
Query string parameters that should be used in the cache key.
trusted-signers set
A list of AWS account numbers that are allowed to generate signed URLs for private content.
default-cache-behavior subresource

The default cache behavior for this distribution.

target-origin-id
The ID for the origin to route requests to when the path pattern matches this cache behavior.
path-pattern
The URL pattern to match against this pattern. (i.e. /dims?/*).
viewer-protocol-policy
The protocol the user is allowed to access resources that match this cache behavior. Valid values are allow-all, redirect-to-https or https-only.
min-ttl
The minimum time objects will be cached in this distribution.
allowed-methods set
HTTP methods (i.e. GET, POST) that you want to forward to the origin.
cached-methods set
HTTP methods (i.e. GET, POST) that you want to cache responses from.
headers set
Headers to include the cache key for an object.
forward-cookies
Whether to forward to cookies to the origin.
cookies set
Whitelist of cookies to include the cache key for an object.
smooth-streaming
Whether you want to distribute media files in the Microsoft Smooth Streaming format.
default-ttl
The time objects will be cached in this distribution. Only applies when one of Cache-Control: max-age, Cache-Control: s-maxage, or Expires are not returned by the origin.
max-ttl
The maximum time objects will be cached in this distribution.
compress
Whether to compress files from origin.
query-string
Whether to forward query strings to origin. If true, query string parameters become part of the cache key.
query-string-cache-keys set
Query string parameters that should be used in the cache key.
trusted-signers set
A list of AWS account numbers that are allowed to generate signed URLs for private content.
viewer-certificate subresource

SSL certificate configuration.

cloudfront-default-certificate
Use the default CloudFront SSL certificate (i.e. *.cloudfront.net).
acm-certificate-arn
ARN for an ACM generated certificate.
iam-certificate-id
ID for certificated uploaded to IAM.
minimum-protocol-version
Minimum SSL protocol. Valid values are SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018 or TLSv1.2_2019.
ssl-support-method
Whether CloudFront uses a dedicated IP or SNI for serving SSL traffic. There is a significant additional monthly charge for vip`. Valid values are ``vip or sni-only.
logging subresource

Configure logging access logs to S3.

bucket
The bucket to save access logs. (Required)
bucket-prefix
Directory within bucket ot save access logs.
include-cookies
Whether to include cookies logs.
custom-error-response list subresource

Replace HTTP codes with custom error responses as well as define cache TTLs for error responses.

ttl
The minimum amount of time to cache this error code.
error-code
HTTP error code to return a custom response for.
response-code
Custom HTTP status code to return.
response-page-path
Path to a custom error page.
geo-restriction subresource

Restrict or allow access to this distribution by country.

type
Type of restriction. Valid values are whitelist or blacklist.
restrictions set
List of countries to whitelist or blacklist. Uses two letter country codes (i.e. US).

Outputs

Attribute Description
id The id of this CloudFront distribution.
arn The arn of this CloudFront distribution.
domain-name The domain name for this distribution (i.e. abc123893.cloudfront.net).