cloudfront

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.cloudfront.Distribution(resource_name, opts=None, aliases=None, comment=None, custom_error_responses=None, default_cache_behavior=None, default_root_object=None, enabled=None, http_version=None, is_ipv6_enabled=None, logging_config=None, ordered_cache_behaviors=None, origins=None, origin_groups=None, price_class=None, restrictions=None, retain_on_delete=None, tags=None, viewer_certificate=None, wait_for_deployment=None, web_acl_id=None, __props__=None, __name__=None, __opts__=None)

Creates an Amazon CloudFront web distribution.

For information about CloudFront distributions, see the [Amazon CloudFront Developer Guide][1]. For specific information about creating CloudFront web distributions, see the [POST Distribution][2] page in the Amazon CloudFront API Reference.

NOTE: CloudFront distributions take about 15 minutes to a deployed state after creation or modification. During this time, deletes to resources will be blocked. If you need to delete a distribution that is enabled and you do not want to wait, you need to use the retain_on_delete flag.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • aliases (pulumi.Input[list]) – Extra CNAMEs (alternate domain names), if any, for this distribution.

  • comment (pulumi.Input[str]) – Any comments you want to include about the distribution.

  • custom_error_responses (pulumi.Input[list]) – One or more custom error response elements (multiples allowed).

  • default_cache_behavior (pulumi.Input[dict]) – The default cache behavior for this distribution (maximum one).

  • default_root_object (pulumi.Input[str]) – The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

  • enabled (pulumi.Input[bool]) – Whether the distribution is enabled to accept end user requests for content.

  • http_version (pulumi.Input[str]) – The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.

  • is_ipv6_enabled (pulumi.Input[bool]) – Whether the IPv6 is enabled for the distribution.

  • logging_config (pulumi.Input[dict]) – The logging configuration that controls how logs are written to your distribution (maximum one).

  • ordered_cache_behaviors (pulumi.Input[list]) – An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

  • origins (pulumi.Input[list]) – One or more origins for this distribution (multiples allowed).

  • origin_groups (pulumi.Input[list]) – One or more origin_group for this distribution (multiples allowed).

  • price_class (pulumi.Input[str]) – The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100

  • restrictions (pulumi.Input[dict]) – The restriction configuration for this distribution (maximum one).

  • retain_on_delete (pulumi.Input[bool]) – Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • viewer_certificate (pulumi.Input[dict]) – The SSL configuration for this distribution (maximum one).

  • wait_for_deployment (pulumi.Input[bool]) – If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

  • web_acl_id (pulumi.Input[str]) – If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

The custom_error_responses object supports the following:

  • errorCachingMinTtl (pulumi.Input[float]) - The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.

  • errorCode (pulumi.Input[float]) - The 4xx or 5xx HTTP status code that you want to customize.

  • responseCode (pulumi.Input[float]) - The HTTP status code that you want CloudFront to return with the custom error page to the viewer.

  • responsePagePath (pulumi.Input[str]) - The path of the custom error page (for example, /custom_404.html).

The default_cache_behavior object supports the following:

  • allowedMethods (pulumi.Input[list]) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

  • cachedMethods (pulumi.Input[list]) - Controls whether CloudFront caches the response to requests using the specified HTTP methods.

  • compress (pulumi.Input[bool]) - Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

  • defaultTtl (pulumi.Input[float]) - The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.

  • fieldLevelEncryptionId (pulumi.Input[str]) - Field level encryption configuration ID

  • forwardedValues (pulumi.Input[dict]) - The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

    • cookies (pulumi.Input[dict]) - The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

      • forward (pulumi.Input[str]) - Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names

      • whitelistedNames (pulumi.Input[list]) - If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

    • headers (pulumi.Input[list]) - Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

    • queryString (pulumi.Input[bool]) - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

    • queryStringCacheKeys (pulumi.Input[list]) - When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

  • lambdaFunctionAssociations (pulumi.Input[list]) - A config block that triggers a lambda function with specific actions. Defined below, maximum 4.

    • eventType (pulumi.Input[str]) - The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response

    • includeBody (pulumi.Input[bool]) - When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

    • lambdaArn (pulumi.Input[str]) - ARN of the Lambda function.

  • maxTtl (pulumi.Input[float]) - The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.

  • minTtl (pulumi.Input[float]) - The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

  • smoothStreaming (pulumi.Input[bool]) - Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

  • targetOriginId (pulumi.Input[str]) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

  • trustedSigners (pulumi.Input[list]) - The AWS accounts, if any, that you want to allow to create signed URLs for private content.

  • viewerProtocolPolicy (pulumi.Input[str]) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

The logging_config object supports the following:

  • bucket (pulumi.Input[str]) - The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

  • includeCookies (pulumi.Input[bool]) - Specifies whether you want CloudFront to include cookies in access logs (default: false).

  • prefix (pulumi.Input[str]) - An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.

The ordered_cache_behaviors object supports the following:

  • allowedMethods (pulumi.Input[list]) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

  • cachedMethods (pulumi.Input[list]) - Controls whether CloudFront caches the response to requests using the specified HTTP methods.

  • compress (pulumi.Input[bool]) - Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

  • defaultTtl (pulumi.Input[float]) - The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.

  • fieldLevelEncryptionId (pulumi.Input[str]) - Field level encryption configuration ID

  • forwardedValues (pulumi.Input[dict]) - The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

    • cookies (pulumi.Input[dict]) - The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

      • forward (pulumi.Input[str]) - Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names

      • whitelistedNames (pulumi.Input[list]) - If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

    • headers (pulumi.Input[list]) - Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

    • queryString (pulumi.Input[bool]) - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

    • queryStringCacheKeys (pulumi.Input[list]) - When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

  • lambdaFunctionAssociations (pulumi.Input[list]) - A config block that triggers a lambda function with specific actions. Defined below, maximum 4.

    • eventType (pulumi.Input[str]) - The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response

    • includeBody (pulumi.Input[bool]) - When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

    • lambdaArn (pulumi.Input[str]) - ARN of the Lambda function.

  • maxTtl (pulumi.Input[float]) - The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.

  • minTtl (pulumi.Input[float]) - The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

  • pathPattern (pulumi.Input[str]) - The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.

  • smoothStreaming (pulumi.Input[bool]) - Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

  • targetOriginId (pulumi.Input[str]) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

  • trustedSigners (pulumi.Input[list]) - The AWS accounts, if any, that you want to allow to create signed URLs for private content.

  • viewerProtocolPolicy (pulumi.Input[str]) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

The origin_groups object supports the following:

  • failoverCriteria (pulumi.Input[dict]) - The failover criteria for when to failover to the secondary origin

    • statusCodes (pulumi.Input[list]) - A list of HTTP status codes for the origin group

  • members (pulumi.Input[list]) - Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. Minimum 2.

    • originId (pulumi.Input[str]) - The unique identifier of the member origin

  • originId (pulumi.Input[str]) - The unique identifier of the member origin

The origins object supports the following:

  • customHeaders (pulumi.Input[list]) - One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).

    • name (pulumi.Input[str])

    • value (pulumi.Input[str])

  • customOriginConfig (pulumi.Input[dict]) - The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.

    • httpPort (pulumi.Input[float]) - The HTTP port the custom origin listens on.

    • httpsPort (pulumi.Input[float]) - The HTTPS port the custom origin listens on.

    • originKeepaliveTimeout (pulumi.Input[float]) - The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

    • originProtocolPolicy (pulumi.Input[str]) - The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.

    • originReadTimeout (pulumi.Input[float]) - The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

    • originSslProtocols (pulumi.Input[list]) - The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

  • domain_name (pulumi.Input[str]) - The DNS domain name of either the S3 bucket, or web site of your custom origin.

  • originId (pulumi.Input[str]) - The unique identifier of the member origin

  • originPath (pulumi.Input[str]) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

  • s3OriginConfig (pulumi.Input[dict]) - The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

    • originAccessIdentity (pulumi.Input[str]) - The [CloudFront origin access identity][5] to associate with the origin.

The restrictions object supports the following:

  • geoRestriction (pulumi.Input[dict])

    • locations (pulumi.Input[list]) - The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).

    • restrictionType (pulumi.Input[str]) - The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.

The viewer_certificate object supports the following:

  • acmCertificateArn (pulumi.Input[str]) - The ARN of the [AWS Certificate Manager][6] certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.

  • cloudfrontDefaultCertificate (pulumi.Input[bool]) - true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.

  • iamCertificateId (pulumi.Input[str]) - The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.

  • minimumProtocolVersion (pulumi.Input[str]) - The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

  • sslSupportMethod (pulumi.Input[str])

active_trusted_signers = None

The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.

aliases = None

Extra CNAMEs (alternate domain names), if any, for this distribution.

arn = None

The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

caller_reference = None

Internal value used by CloudFront to allow future updates to the distribution configuration.

comment = None

Any comments you want to include about the distribution.

custom_error_responses = None

One or more custom error response elements (multiples allowed).

  • errorCachingMinTtl (float) - The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.

  • errorCode (float) - The 4xx or 5xx HTTP status code that you want to customize.

  • responseCode (float) - The HTTP status code that you want CloudFront to return with the custom error page to the viewer.

  • responsePagePath (str) - The path of the custom error page (for example, /custom_404.html).

default_cache_behavior = None

The default cache behavior for this distribution (maximum one).

  • allowedMethods (list) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

  • cachedMethods (list) - Controls whether CloudFront caches the response to requests using the specified HTTP methods.

  • compress (bool) - Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

  • defaultTtl (float) - The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.

  • fieldLevelEncryptionId (str) - Field level encryption configuration ID

  • forwardedValues (dict) - The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

    • cookies (dict) - The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

      • forward (str) - Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names

      • whitelistedNames (list) - If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

    • headers (list) - Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

    • queryString (bool) - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

    • queryStringCacheKeys (list) - When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

  • lambdaFunctionAssociations (list) - A config block that triggers a lambda function with specific actions. Defined below, maximum 4.

    • eventType (str) - The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response

    • includeBody (bool) - When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

    • lambdaArn (str) - ARN of the Lambda function.

  • maxTtl (float) - The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.

  • minTtl (float) - The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

  • smoothStreaming (bool) - Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

  • targetOriginId (str) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

  • trustedSigners (list) - The AWS accounts, if any, that you want to allow to create signed URLs for private content.

  • viewerProtocolPolicy (str) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

default_root_object = None

The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

domain_name = None

The DNS domain name of either the S3 bucket, or web site of your custom origin.

enabled = None

Whether the distribution is enabled to accept end user requests for content.

etag = None

The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.

hosted_zone_id = None

The CloudFront Route 53 zone ID that can be used to route an [Alias Resource Record Set][7] to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

http_version = None

The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.

in_progress_validation_batches = None

The number of invalidation batches currently in progress.

is_ipv6_enabled = None

Whether the IPv6 is enabled for the distribution.

last_modified_time = None

The date and time the distribution was last modified.

logging_config = None

The logging configuration that controls how logs are written to your distribution (maximum one).

  • bucket (str) - The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

  • includeCookies (bool) - Specifies whether you want CloudFront to include cookies in access logs (default: false).

  • prefix (str) - An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.

ordered_cache_behaviors = None

An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

  • allowedMethods (list) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

  • cachedMethods (list) - Controls whether CloudFront caches the response to requests using the specified HTTP methods.

  • compress (bool) - Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

  • defaultTtl (float) - The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.

  • fieldLevelEncryptionId (str) - Field level encryption configuration ID

  • forwardedValues (dict) - The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

    • cookies (dict) - The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

      • forward (str) - Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names

      • whitelistedNames (list) - If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

    • headers (list) - Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

    • queryString (bool) - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

    • queryStringCacheKeys (list) - When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

  • lambdaFunctionAssociations (list) - A config block that triggers a lambda function with specific actions. Defined below, maximum 4.

    • eventType (str) - The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response

    • includeBody (bool) - When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

    • lambdaArn (str) - ARN of the Lambda function.

  • maxTtl (float) - The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.

  • minTtl (float) - The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

  • pathPattern (str) - The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.

  • smoothStreaming (bool) - Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

  • targetOriginId (str) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

  • trustedSigners (list) - The AWS accounts, if any, that you want to allow to create signed URLs for private content.

  • viewerProtocolPolicy (str) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

origins = None

One or more origins for this distribution (multiples allowed).

  • customHeaders (list) - One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).

    • name (str)

    • value (str)

  • customOriginConfig (dict) - The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.

    • httpPort (float) - The HTTP port the custom origin listens on.

    • httpsPort (float) - The HTTPS port the custom origin listens on.

    • originKeepaliveTimeout (float) - The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

    • originProtocolPolicy (str) - The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.

    • originReadTimeout (float) - The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

    • originSslProtocols (list) - The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

  • domain_name (str) - The DNS domain name of either the S3 bucket, or web site of your custom origin.

  • originId (str) - The unique identifier of the member origin

  • originPath (str) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

  • s3OriginConfig (dict) - The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

    • originAccessIdentity (str) - The [CloudFront origin access identity][5] to associate with the origin.

origin_groups = None

One or more origin_group for this distribution (multiples allowed).

  • failoverCriteria (dict) - The failover criteria for when to failover to the secondary origin

    • statusCodes (list) - A list of HTTP status codes for the origin group

  • members (list) - Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. Minimum 2.

    • originId (str) - The unique identifier of the member origin

  • originId (str) - The unique identifier of the member origin

price_class = None

The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100

restrictions = None

The restriction configuration for this distribution (maximum one).

  • geoRestriction (dict)

    • locations (list) - The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).

    • restrictionType (str) - The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.

retain_on_delete = None

Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

status = None

The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.

tags = None

A mapping of tags to assign to the resource.

viewer_certificate = None

The SSL configuration for this distribution (maximum one).

  • acmCertificateArn (str) - The ARN of the [AWS Certificate Manager][6] certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.

  • cloudfrontDefaultCertificate (bool) - true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.

  • iamCertificateId (str) - The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.

  • minimumProtocolVersion (str) - The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

  • sslSupportMethod (str)

wait_for_deployment = None

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

web_acl_id = None

If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

static get(resource_name, id, opts=None, active_trusted_signers=None, aliases=None, arn=None, caller_reference=None, comment=None, custom_error_responses=None, default_cache_behavior=None, default_root_object=None, domain_name=None, enabled=None, etag=None, hosted_zone_id=None, http_version=None, in_progress_validation_batches=None, is_ipv6_enabled=None, last_modified_time=None, logging_config=None, ordered_cache_behaviors=None, origins=None, origin_groups=None, price_class=None, restrictions=None, retain_on_delete=None, status=None, tags=None, viewer_certificate=None, wait_for_deployment=None, web_acl_id=None)

Get an existing Distribution resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • active_trusted_signers (pulumi.Input[dict]) – The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.

  • aliases (pulumi.Input[list]) – Extra CNAMEs (alternate domain names), if any, for this distribution.

  • arn (pulumi.Input[str]) – The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

  • caller_reference (pulumi.Input[str]) – Internal value used by CloudFront to allow future updates to the distribution configuration.

  • comment (pulumi.Input[str]) – Any comments you want to include about the distribution.

  • custom_error_responses (pulumi.Input[list]) – One or more custom error response elements (multiples allowed).

  • default_cache_behavior (pulumi.Input[dict]) – The default cache behavior for this distribution (maximum one).

  • default_root_object (pulumi.Input[str]) – The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

  • domain_name (pulumi.Input[str]) – The DNS domain name of either the S3 bucket, or web site of your custom origin.

  • enabled (pulumi.Input[bool]) – Whether the distribution is enabled to accept end user requests for content.

  • etag (pulumi.Input[str]) – The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.

  • hosted_zone_id (pulumi.Input[str]) – The CloudFront Route 53 zone ID that can be used to route an [Alias Resource Record Set][7] to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

  • http_version (pulumi.Input[str]) – The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.

  • in_progress_validation_batches (pulumi.Input[float]) – The number of invalidation batches currently in progress.

  • is_ipv6_enabled (pulumi.Input[bool]) – Whether the IPv6 is enabled for the distribution.

  • last_modified_time (pulumi.Input[str]) – The date and time the distribution was last modified.

  • logging_config (pulumi.Input[dict]) – The logging configuration that controls how logs are written to your distribution (maximum one).

  • ordered_cache_behaviors (pulumi.Input[list]) – An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

  • origins (pulumi.Input[list]) – One or more origins for this distribution (multiples allowed).

  • origin_groups (pulumi.Input[list]) – One or more origin_group for this distribution (multiples allowed).

  • price_class (pulumi.Input[str]) – The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100

  • restrictions (pulumi.Input[dict]) – The restriction configuration for this distribution (maximum one).

  • retain_on_delete (pulumi.Input[bool]) – Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

  • status (pulumi.Input[str]) – The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • viewer_certificate (pulumi.Input[dict]) – The SSL configuration for this distribution (maximum one).

  • wait_for_deployment (pulumi.Input[bool]) – If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

  • web_acl_id (pulumi.Input[str]) – If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

The custom_error_responses object supports the following:

  • errorCachingMinTtl (pulumi.Input[float]) - The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.

  • errorCode (pulumi.Input[float]) - The 4xx or 5xx HTTP status code that you want to customize.

  • responseCode (pulumi.Input[float]) - The HTTP status code that you want CloudFront to return with the custom error page to the viewer.

  • responsePagePath (pulumi.Input[str]) - The path of the custom error page (for example, /custom_404.html).

The default_cache_behavior object supports the following:

  • allowedMethods (pulumi.Input[list]) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

  • cachedMethods (pulumi.Input[list]) - Controls whether CloudFront caches the response to requests using the specified HTTP methods.

  • compress (pulumi.Input[bool]) - Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

  • defaultTtl (pulumi.Input[float]) - The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.

  • fieldLevelEncryptionId (pulumi.Input[str]) - Field level encryption configuration ID

  • forwardedValues (pulumi.Input[dict]) - The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

    • cookies (pulumi.Input[dict]) - The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

      • forward (pulumi.Input[str]) - Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names

      • whitelistedNames (pulumi.Input[list]) - If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

    • headers (pulumi.Input[list]) - Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

    • queryString (pulumi.Input[bool]) - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

    • queryStringCacheKeys (pulumi.Input[list]) - When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

  • lambdaFunctionAssociations (pulumi.Input[list]) - A config block that triggers a lambda function with specific actions. Defined below, maximum 4.

    • eventType (pulumi.Input[str]) - The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response

    • includeBody (pulumi.Input[bool]) - When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

    • lambdaArn (pulumi.Input[str]) - ARN of the Lambda function.

  • maxTtl (pulumi.Input[float]) - The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.

  • minTtl (pulumi.Input[float]) - The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

  • smoothStreaming (pulumi.Input[bool]) - Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

  • targetOriginId (pulumi.Input[str]) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

  • trustedSigners (pulumi.Input[list]) - The AWS accounts, if any, that you want to allow to create signed URLs for private content.

  • viewerProtocolPolicy (pulumi.Input[str]) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

The logging_config object supports the following:

  • bucket (pulumi.Input[str]) - The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

  • includeCookies (pulumi.Input[bool]) - Specifies whether you want CloudFront to include cookies in access logs (default: false).

  • prefix (pulumi.Input[str]) - An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.

The ordered_cache_behaviors object supports the following:

  • allowedMethods (pulumi.Input[list]) - Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

  • cachedMethods (pulumi.Input[list]) - Controls whether CloudFront caches the response to requests using the specified HTTP methods.

  • compress (pulumi.Input[bool]) - Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

  • defaultTtl (pulumi.Input[float]) - The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.

  • fieldLevelEncryptionId (pulumi.Input[str]) - Field level encryption configuration ID

  • forwardedValues (pulumi.Input[dict]) - The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

    • cookies (pulumi.Input[dict]) - The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

      • forward (pulumi.Input[str]) - Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names

      • whitelistedNames (pulumi.Input[list]) - If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

    • headers (pulumi.Input[list]) - Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

    • queryString (pulumi.Input[bool]) - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

    • queryStringCacheKeys (pulumi.Input[list]) - When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

  • lambdaFunctionAssociations (pulumi.Input[list]) - A config block that triggers a lambda function with specific actions. Defined below, maximum 4.

    • eventType (pulumi.Input[str]) - The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response

    • includeBody (pulumi.Input[bool]) - When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

    • lambdaArn (pulumi.Input[str]) - ARN of the Lambda function.

  • maxTtl (pulumi.Input[float]) - The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.

  • minTtl (pulumi.Input[float]) - The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

  • pathPattern (pulumi.Input[str]) - The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.

  • smoothStreaming (pulumi.Input[bool]) - Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

  • targetOriginId (pulumi.Input[str]) - The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

  • trustedSigners (pulumi.Input[list]) - The AWS accounts, if any, that you want to allow to create signed URLs for private content.

  • viewerProtocolPolicy (pulumi.Input[str]) - Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

The origin_groups object supports the following:

  • failoverCriteria (pulumi.Input[dict]) - The failover criteria for when to failover to the secondary origin

    • statusCodes (pulumi.Input[list]) - A list of HTTP status codes for the origin group

  • members (pulumi.Input[list]) - Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. Minimum 2.

    • originId (pulumi.Input[str]) - The unique identifier of the member origin

  • originId (pulumi.Input[str]) - The unique identifier of the member origin

The origins object supports the following:

  • customHeaders (pulumi.Input[list]) - One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).

    • name (pulumi.Input[str])

    • value (pulumi.Input[str])

  • customOriginConfig (pulumi.Input[dict]) - The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.

    • httpPort (pulumi.Input[float]) - The HTTP port the custom origin listens on.

    • httpsPort (pulumi.Input[float]) - The HTTPS port the custom origin listens on.

    • originKeepaliveTimeout (pulumi.Input[float]) - The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

    • originProtocolPolicy (pulumi.Input[str]) - The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.

    • originReadTimeout (pulumi.Input[float]) - The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

    • originSslProtocols (pulumi.Input[list]) - The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

  • domain_name (pulumi.Input[str]) - The DNS domain name of either the S3 bucket, or web site of your custom origin.

  • originId (pulumi.Input[str]) - The unique identifier of the member origin

  • originPath (pulumi.Input[str]) - An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

  • s3OriginConfig (pulumi.Input[dict]) - The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

    • originAccessIdentity (pulumi.Input[str]) - The [CloudFront origin access identity][5] to associate with the origin.

The restrictions object supports the following:

  • geoRestriction (pulumi.Input[dict])

    • locations (pulumi.Input[list]) - The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).

    • restrictionType (pulumi.Input[str]) - The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.

The viewer_certificate object supports the following:

  • acmCertificateArn (pulumi.Input[str]) - The ARN of the [AWS Certificate Manager][6] certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.

  • cloudfrontDefaultCertificate (pulumi.Input[bool]) - true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.

  • iamCertificateId (pulumi.Input[str]) - The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.

  • minimumProtocolVersion (pulumi.Input[str]) - The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

  • sslSupportMethod (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.cloudfront.OriginAccessIdentity(resource_name, opts=None, comment=None, __props__=None, __name__=None, __opts__=None)

Creates an Amazon CloudFront origin access identity.

For information about CloudFront distributions, see the [Amazon CloudFront Developer Guide][1]. For more information on generating origin access identities, see [Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2].

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • comment (pulumi.Input[str]) – An optional comment for the origin access identity.

caller_reference = None

Internal value used by CloudFront to allow future updates to the origin access identity.

cloudfront_access_identity_path = None

A shortcut to the full path for the origin access identity to use in CloudFront, see below.

comment = None

An optional comment for the origin access identity.

etag = None

The current version of the origin access identity’s information. For example: E2QWRUHAPOMQZL.

iam_arn = None

A pre-generated ARN for use in S3 bucket policies (see below). Example: arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2QWRUHAPOMQZL.

s3_canonical_user_id = None

The Amazon S3 canonical user ID for the origin access identity, which you use when giving the origin access identity read permission to an object in Amazon S3.

static get(resource_name, id, opts=None, caller_reference=None, cloudfront_access_identity_path=None, comment=None, etag=None, iam_arn=None, s3_canonical_user_id=None)

Get an existing OriginAccessIdentity resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • caller_reference (pulumi.Input[str]) – Internal value used by CloudFront to allow future updates to the origin access identity.

  • cloudfront_access_identity_path (pulumi.Input[str]) – A shortcut to the full path for the origin access identity to use in CloudFront, see below.

  • comment (pulumi.Input[str]) – An optional comment for the origin access identity.

  • etag (pulumi.Input[str]) – The current version of the origin access identity’s information. For example: E2QWRUHAPOMQZL.

  • iam_arn (pulumi.Input[str]) – A pre-generated ARN for use in S3 bucket policies (see below). Example: arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E2QWRUHAPOMQZL.

  • s3_canonical_user_id (pulumi.Input[str]) – The Amazon S3 canonical user ID for the origin access identity, which you use when giving the origin access identity read permission to an object in Amazon S3.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.cloudfront.PublicKey(resource_name, opts=None, comment=None, encoded_key=None, name=None, name_prefix=None, __props__=None, __name__=None, __opts__=None)

Create a PublicKey resource with the given unique name, props, and options.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • comment (pulumi.Input[str]) – An optional comment about the public key.

  • encoded_key (pulumi.Input[str]) – The encoded public key that you want to add to CloudFront to use with features like field-level encryption.

  • name (pulumi.Input[str]) – The name for the public key. By default generated by this provider.

  • name_prefix (pulumi.Input[str]) – The name for the public key. Conflicts with name.

caller_reference = None

Internal value used by CloudFront to allow future updates to the public key configuration.

comment = None

An optional comment about the public key.

encoded_key = None

The encoded public key that you want to add to CloudFront to use with features like field-level encryption.

etag = None

The current version of the public key. For example: E2QWRUHAPOMQZL.

name = None

The name for the public key. By default generated by this provider.

name_prefix = None

The name for the public key. Conflicts with name.

static get(resource_name, id, opts=None, caller_reference=None, comment=None, encoded_key=None, etag=None, name=None, name_prefix=None)

Get an existing PublicKey resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • caller_reference (pulumi.Input[str]) – Internal value used by CloudFront to allow future updates to the public key configuration.

  • comment (pulumi.Input[str]) – An optional comment about the public key.

  • encoded_key (pulumi.Input[str]) – The encoded public key that you want to add to CloudFront to use with features like field-level encryption.

  • etag (pulumi.Input[str]) – The current version of the public key. For example: E2QWRUHAPOMQZL.

  • name (pulumi.Input[str]) – The name for the public key. By default generated by this provider.

  • name_prefix (pulumi.Input[str]) – The name for the public key. Conflicts with name.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str