aws logo
AWS Classic v5.41.0, May 15 23

aws.cloudfront.Distribution

Explore with Pulumi AI

Creates an Amazon CloudFront web distribution.

For information about CloudFront distributions, see the Amazon CloudFront Developer Guide. For specific information about creating CloudFront web distributions, see the POST Distribution page in the Amazon CloudFront API Reference.

NOTE: CloudFront distributions take about 15 minutes to reach a deployed state after creation or modification. During this time, deletes to resources will be blocked. If you need to delete a distribution that is enabled and you do not want to wait, you need to use the retain_on_delete flag.

Example Usage

The following example below creates a CloudFront distribution with an S3 origin.

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var bucketV2 = new Aws.S3.BucketV2("bucketV2", new()
    {
        Tags = 
        {
            { "Name", "My bucket" },
        },
    });

    var bAcl = new Aws.S3.BucketAclV2("bAcl", new()
    {
        Bucket = bucketV2.Id,
        Acl = "private",
    });

    var s3OriginId = "myS3Origin";

    var s3Distribution = new Aws.CloudFront.Distribution("s3Distribution", new()
    {
        Origins = new[]
        {
            new Aws.CloudFront.Inputs.DistributionOriginArgs
            {
                DomainName = bucketV2.BucketRegionalDomainName,
                OriginAccessControlId = aws_cloudfront_origin_access_control.Default.Id,
                OriginId = s3OriginId,
            },
        },
        Enabled = true,
        IsIpv6Enabled = true,
        Comment = "Some comment",
        DefaultRootObject = "index.html",
        LoggingConfig = new Aws.CloudFront.Inputs.DistributionLoggingConfigArgs
        {
            IncludeCookies = false,
            Bucket = "mylogs.s3.amazonaws.com",
            Prefix = "myprefix",
        },
        Aliases = new[]
        {
            "mysite.example.com",
            "yoursite.example.com",
        },
        DefaultCacheBehavior = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorArgs
        {
            AllowedMethods = new[]
            {
                "DELETE",
                "GET",
                "HEAD",
                "OPTIONS",
                "PATCH",
                "POST",
                "PUT",
            },
            CachedMethods = new[]
            {
                "GET",
                "HEAD",
            },
            TargetOriginId = s3OriginId,
            ForwardedValues = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorForwardedValuesArgs
            {
                QueryString = false,
                Cookies = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs
                {
                    Forward = "none",
                },
            },
            ViewerProtocolPolicy = "allow-all",
            MinTtl = 0,
            DefaultTtl = 3600,
            MaxTtl = 86400,
        },
        OrderedCacheBehaviors = new[]
        {
            new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorArgs
            {
                PathPattern = "/content/immutable/*",
                AllowedMethods = new[]
                {
                    "GET",
                    "HEAD",
                    "OPTIONS",
                },
                CachedMethods = new[]
                {
                    "GET",
                    "HEAD",
                    "OPTIONS",
                },
                TargetOriginId = s3OriginId,
                ForwardedValues = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesArgs
                {
                    QueryString = false,
                    Headers = new[]
                    {
                        "Origin",
                    },
                    Cookies = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs
                    {
                        Forward = "none",
                    },
                },
                MinTtl = 0,
                DefaultTtl = 86400,
                MaxTtl = 31536000,
                Compress = true,
                ViewerProtocolPolicy = "redirect-to-https",
            },
            new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorArgs
            {
                PathPattern = "/content/*",
                AllowedMethods = new[]
                {
                    "GET",
                    "HEAD",
                    "OPTIONS",
                },
                CachedMethods = new[]
                {
                    "GET",
                    "HEAD",
                },
                TargetOriginId = s3OriginId,
                ForwardedValues = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesArgs
                {
                    QueryString = false,
                    Cookies = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs
                    {
                        Forward = "none",
                    },
                },
                MinTtl = 0,
                DefaultTtl = 3600,
                MaxTtl = 86400,
                Compress = true,
                ViewerProtocolPolicy = "redirect-to-https",
            },
        },
        PriceClass = "PriceClass_200",
        Restrictions = new Aws.CloudFront.Inputs.DistributionRestrictionsArgs
        {
            GeoRestriction = new Aws.CloudFront.Inputs.DistributionRestrictionsGeoRestrictionArgs
            {
                RestrictionType = "whitelist",
                Locations = new[]
                {
                    "US",
                    "CA",
                    "GB",
                    "DE",
                },
            },
        },
        Tags = 
        {
            { "Environment", "production" },
        },
        ViewerCertificate = new Aws.CloudFront.Inputs.DistributionViewerCertificateArgs
        {
            CloudfrontDefaultCertificate = true,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cloudfront"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucketV2, err := s3.NewBucketV2(ctx, "bucketV2", &s3.BucketV2Args{
			Tags: pulumi.StringMap{
				"Name": pulumi.String("My bucket"),
			},
		})
		if err != nil {
			return err
		}
		_, err = s3.NewBucketAclV2(ctx, "bAcl", &s3.BucketAclV2Args{
			Bucket: bucketV2.ID(),
			Acl:    pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		s3OriginId := "myS3Origin"
		_, err = cloudfront.NewDistribution(ctx, "s3Distribution", &cloudfront.DistributionArgs{
			Origins: cloudfront.DistributionOriginArray{
				&cloudfront.DistributionOriginArgs{
					DomainName:            bucketV2.BucketRegionalDomainName,
					OriginAccessControlId: pulumi.Any(aws_cloudfront_origin_access_control.Default.Id),
					OriginId:              pulumi.String(s3OriginId),
				},
			},
			Enabled:           pulumi.Bool(true),
			IsIpv6Enabled:     pulumi.Bool(true),
			Comment:           pulumi.String("Some comment"),
			DefaultRootObject: pulumi.String("index.html"),
			LoggingConfig: &cloudfront.DistributionLoggingConfigArgs{
				IncludeCookies: pulumi.Bool(false),
				Bucket:         pulumi.String("mylogs.s3.amazonaws.com"),
				Prefix:         pulumi.String("myprefix"),
			},
			Aliases: pulumi.StringArray{
				pulumi.String("mysite.example.com"),
				pulumi.String("yoursite.example.com"),
			},
			DefaultCacheBehavior: &cloudfront.DistributionDefaultCacheBehaviorArgs{
				AllowedMethods: pulumi.StringArray{
					pulumi.String("DELETE"),
					pulumi.String("GET"),
					pulumi.String("HEAD"),
					pulumi.String("OPTIONS"),
					pulumi.String("PATCH"),
					pulumi.String("POST"),
					pulumi.String("PUT"),
				},
				CachedMethods: pulumi.StringArray{
					pulumi.String("GET"),
					pulumi.String("HEAD"),
				},
				TargetOriginId: pulumi.String(s3OriginId),
				ForwardedValues: &cloudfront.DistributionDefaultCacheBehaviorForwardedValuesArgs{
					QueryString: pulumi.Bool(false),
					Cookies: &cloudfront.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs{
						Forward: pulumi.String("none"),
					},
				},
				ViewerProtocolPolicy: pulumi.String("allow-all"),
				MinTtl:               pulumi.Int(0),
				DefaultTtl:           pulumi.Int(3600),
				MaxTtl:               pulumi.Int(86400),
			},
			OrderedCacheBehaviors: cloudfront.DistributionOrderedCacheBehaviorArray{
				&cloudfront.DistributionOrderedCacheBehaviorArgs{
					PathPattern: pulumi.String("/content/immutable/*"),
					AllowedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("HEAD"),
						pulumi.String("OPTIONS"),
					},
					CachedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("HEAD"),
						pulumi.String("OPTIONS"),
					},
					TargetOriginId: pulumi.String(s3OriginId),
					ForwardedValues: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs{
						QueryString: pulumi.Bool(false),
						Headers: pulumi.StringArray{
							pulumi.String("Origin"),
						},
						Cookies: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs{
							Forward: pulumi.String("none"),
						},
					},
					MinTtl:               pulumi.Int(0),
					DefaultTtl:           pulumi.Int(86400),
					MaxTtl:               pulumi.Int(31536000),
					Compress:             pulumi.Bool(true),
					ViewerProtocolPolicy: pulumi.String("redirect-to-https"),
				},
				&cloudfront.DistributionOrderedCacheBehaviorArgs{
					PathPattern: pulumi.String("/content/*"),
					AllowedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("HEAD"),
						pulumi.String("OPTIONS"),
					},
					CachedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("HEAD"),
					},
					TargetOriginId: pulumi.String(s3OriginId),
					ForwardedValues: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs{
						QueryString: pulumi.Bool(false),
						Cookies: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs{
							Forward: pulumi.String("none"),
						},
					},
					MinTtl:               pulumi.Int(0),
					DefaultTtl:           pulumi.Int(3600),
					MaxTtl:               pulumi.Int(86400),
					Compress:             pulumi.Bool(true),
					ViewerProtocolPolicy: pulumi.String("redirect-to-https"),
				},
			},
			PriceClass: pulumi.String("PriceClass_200"),
			Restrictions: &cloudfront.DistributionRestrictionsArgs{
				GeoRestriction: &cloudfront.DistributionRestrictionsGeoRestrictionArgs{
					RestrictionType: pulumi.String("whitelist"),
					Locations: pulumi.StringArray{
						pulumi.String("US"),
						pulumi.String("CA"),
						pulumi.String("GB"),
						pulumi.String("DE"),
					},
				},
			},
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("production"),
			},
			ViewerCertificate: &cloudfront.DistributionViewerCertificateArgs{
				CloudfrontDefaultCertificate: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.s3.BucketV2Args;
import com.pulumi.aws.s3.BucketAclV2;
import com.pulumi.aws.s3.BucketAclV2Args;
import com.pulumi.aws.cloudfront.Distribution;
import com.pulumi.aws.cloudfront.DistributionArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionLoggingConfigArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionDefaultCacheBehaviorArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionDefaultCacheBehaviorForwardedValuesArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOrderedCacheBehaviorArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOrderedCacheBehaviorForwardedValuesArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionRestrictionsArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionRestrictionsGeoRestrictionArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionViewerCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var bucketV2 = new BucketV2("bucketV2", BucketV2Args.builder()        
            .tags(Map.of("Name", "My bucket"))
            .build());

        var bAcl = new BucketAclV2("bAcl", BucketAclV2Args.builder()        
            .bucket(bucketV2.id())
            .acl("private")
            .build());

        final var s3OriginId = "myS3Origin";

        var s3Distribution = new Distribution("s3Distribution", DistributionArgs.builder()        
            .origins(DistributionOriginArgs.builder()
                .domainName(bucketV2.bucketRegionalDomainName())
                .originAccessControlId(aws_cloudfront_origin_access_control.default().id())
                .originId(s3OriginId)
                .build())
            .enabled(true)
            .isIpv6Enabled(true)
            .comment("Some comment")
            .defaultRootObject("index.html")
            .loggingConfig(DistributionLoggingConfigArgs.builder()
                .includeCookies(false)
                .bucket("mylogs.s3.amazonaws.com")
                .prefix("myprefix")
                .build())
            .aliases(            
                "mysite.example.com",
                "yoursite.example.com")
            .defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()
                .allowedMethods(                
                    "DELETE",
                    "GET",
                    "HEAD",
                    "OPTIONS",
                    "PATCH",
                    "POST",
                    "PUT")
                .cachedMethods(                
                    "GET",
                    "HEAD")
                .targetOriginId(s3OriginId)
                .forwardedValues(DistributionDefaultCacheBehaviorForwardedValuesArgs.builder()
                    .queryString(false)
                    .cookies(DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs.builder()
                        .forward("none")
                        .build())
                    .build())
                .viewerProtocolPolicy("allow-all")
                .minTtl(0)
                .defaultTtl(3600)
                .maxTtl(86400)
                .build())
            .orderedCacheBehaviors(            
                DistributionOrderedCacheBehaviorArgs.builder()
                    .pathPattern("/content/immutable/*")
                    .allowedMethods(                    
                        "GET",
                        "HEAD",
                        "OPTIONS")
                    .cachedMethods(                    
                        "GET",
                        "HEAD",
                        "OPTIONS")
                    .targetOriginId(s3OriginId)
                    .forwardedValues(DistributionOrderedCacheBehaviorForwardedValuesArgs.builder()
                        .queryString(false)
                        .headers("Origin")
                        .cookies(DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs.builder()
                            .forward("none")
                            .build())
                        .build())
                    .minTtl(0)
                    .defaultTtl(86400)
                    .maxTtl(31536000)
                    .compress(true)
                    .viewerProtocolPolicy("redirect-to-https")
                    .build(),
                DistributionOrderedCacheBehaviorArgs.builder()
                    .pathPattern("/content/*")
                    .allowedMethods(                    
                        "GET",
                        "HEAD",
                        "OPTIONS")
                    .cachedMethods(                    
                        "GET",
                        "HEAD")
                    .targetOriginId(s3OriginId)
                    .forwardedValues(DistributionOrderedCacheBehaviorForwardedValuesArgs.builder()
                        .queryString(false)
                        .cookies(DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs.builder()
                            .forward("none")
                            .build())
                        .build())
                    .minTtl(0)
                    .defaultTtl(3600)
                    .maxTtl(86400)
                    .compress(true)
                    .viewerProtocolPolicy("redirect-to-https")
                    .build())
            .priceClass("PriceClass_200")
            .restrictions(DistributionRestrictionsArgs.builder()
                .geoRestriction(DistributionRestrictionsGeoRestrictionArgs.builder()
                    .restrictionType("whitelist")
                    .locations(                    
                        "US",
                        "CA",
                        "GB",
                        "DE")
                    .build())
                .build())
            .tags(Map.of("Environment", "production"))
            .viewerCertificate(DistributionViewerCertificateArgs.builder()
                .cloudfrontDefaultCertificate(true)
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

bucket_v2 = aws.s3.BucketV2("bucketV2", tags={
    "Name": "My bucket",
})
b_acl = aws.s3.BucketAclV2("bAcl",
    bucket=bucket_v2.id,
    acl="private")
s3_origin_id = "myS3Origin"
s3_distribution = aws.cloudfront.Distribution("s3Distribution",
    origins=[aws.cloudfront.DistributionOriginArgs(
        domain_name=bucket_v2.bucket_regional_domain_name,
        origin_access_control_id=aws_cloudfront_origin_access_control["default"]["id"],
        origin_id=s3_origin_id,
    )],
    enabled=True,
    is_ipv6_enabled=True,
    comment="Some comment",
    default_root_object="index.html",
    logging_config=aws.cloudfront.DistributionLoggingConfigArgs(
        include_cookies=False,
        bucket="mylogs.s3.amazonaws.com",
        prefix="myprefix",
    ),
    aliases=[
        "mysite.example.com",
        "yoursite.example.com",
    ],
    default_cache_behavior=aws.cloudfront.DistributionDefaultCacheBehaviorArgs(
        allowed_methods=[
            "DELETE",
            "GET",
            "HEAD",
            "OPTIONS",
            "PATCH",
            "POST",
            "PUT",
        ],
        cached_methods=[
            "GET",
            "HEAD",
        ],
        target_origin_id=s3_origin_id,
        forwarded_values=aws.cloudfront.DistributionDefaultCacheBehaviorForwardedValuesArgs(
            query_string=False,
            cookies=aws.cloudfront.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs(
                forward="none",
            ),
        ),
        viewer_protocol_policy="allow-all",
        min_ttl=0,
        default_ttl=3600,
        max_ttl=86400,
    ),
    ordered_cache_behaviors=[
        aws.cloudfront.DistributionOrderedCacheBehaviorArgs(
            path_pattern="/content/immutable/*",
            allowed_methods=[
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            cached_methods=[
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            target_origin_id=s3_origin_id,
            forwarded_values=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs(
                query_string=False,
                headers=["Origin"],
                cookies=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs(
                    forward="none",
                ),
            ),
            min_ttl=0,
            default_ttl=86400,
            max_ttl=31536000,
            compress=True,
            viewer_protocol_policy="redirect-to-https",
        ),
        aws.cloudfront.DistributionOrderedCacheBehaviorArgs(
            path_pattern="/content/*",
            allowed_methods=[
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            cached_methods=[
                "GET",
                "HEAD",
            ],
            target_origin_id=s3_origin_id,
            forwarded_values=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs(
                query_string=False,
                cookies=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs(
                    forward="none",
                ),
            ),
            min_ttl=0,
            default_ttl=3600,
            max_ttl=86400,
            compress=True,
            viewer_protocol_policy="redirect-to-https",
        ),
    ],
    price_class="PriceClass_200",
    restrictions=aws.cloudfront.DistributionRestrictionsArgs(
        geo_restriction=aws.cloudfront.DistributionRestrictionsGeoRestrictionArgs(
            restriction_type="whitelist",
            locations=[
                "US",
                "CA",
                "GB",
                "DE",
            ],
        ),
    ),
    tags={
        "Environment": "production",
    },
    viewer_certificate=aws.cloudfront.DistributionViewerCertificateArgs(
        cloudfront_default_certificate=True,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucketV2 = new aws.s3.BucketV2("bucketV2", {tags: {
    Name: "My bucket",
}});
const bAcl = new aws.s3.BucketAclV2("bAcl", {
    bucket: bucketV2.id,
    acl: "private",
});
const s3OriginId = "myS3Origin";
const s3Distribution = new aws.cloudfront.Distribution("s3Distribution", {
    origins: [{
        domainName: bucketV2.bucketRegionalDomainName,
        originAccessControlId: aws_cloudfront_origin_access_control["default"].id,
        originId: s3OriginId,
    }],
    enabled: true,
    isIpv6Enabled: true,
    comment: "Some comment",
    defaultRootObject: "index.html",
    loggingConfig: {
        includeCookies: false,
        bucket: "mylogs.s3.amazonaws.com",
        prefix: "myprefix",
    },
    aliases: [
        "mysite.example.com",
        "yoursite.example.com",
    ],
    defaultCacheBehavior: {
        allowedMethods: [
            "DELETE",
            "GET",
            "HEAD",
            "OPTIONS",
            "PATCH",
            "POST",
            "PUT",
        ],
        cachedMethods: [
            "GET",
            "HEAD",
        ],
        targetOriginId: s3OriginId,
        forwardedValues: {
            queryString: false,
            cookies: {
                forward: "none",
            },
        },
        viewerProtocolPolicy: "allow-all",
        minTtl: 0,
        defaultTtl: 3600,
        maxTtl: 86400,
    },
    orderedCacheBehaviors: [
        {
            pathPattern: "/content/immutable/*",
            allowedMethods: [
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            cachedMethods: [
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            targetOriginId: s3OriginId,
            forwardedValues: {
                queryString: false,
                headers: ["Origin"],
                cookies: {
                    forward: "none",
                },
            },
            minTtl: 0,
            defaultTtl: 86400,
            maxTtl: 31536000,
            compress: true,
            viewerProtocolPolicy: "redirect-to-https",
        },
        {
            pathPattern: "/content/*",
            allowedMethods: [
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            cachedMethods: [
                "GET",
                "HEAD",
            ],
            targetOriginId: s3OriginId,
            forwardedValues: {
                queryString: false,
                cookies: {
                    forward: "none",
                },
            },
            minTtl: 0,
            defaultTtl: 3600,
            maxTtl: 86400,
            compress: true,
            viewerProtocolPolicy: "redirect-to-https",
        },
    ],
    priceClass: "PriceClass_200",
    restrictions: {
        geoRestriction: {
            restrictionType: "whitelist",
            locations: [
                "US",
                "CA",
                "GB",
                "DE",
            ],
        },
    },
    tags: {
        Environment: "production",
    },
    viewerCertificate: {
        cloudfrontDefaultCertificate: true,
    },
});
resources:
  bucketV2:
    type: aws:s3:BucketV2
    properties:
      tags:
        Name: My bucket
  bAcl:
    type: aws:s3:BucketAclV2
    properties:
      bucket: ${bucketV2.id}
      acl: private
  s3Distribution:
    type: aws:cloudfront:Distribution
    properties:
      origins:
        - domainName: ${bucketV2.bucketRegionalDomainName}
          originAccessControlId: ${aws_cloudfront_origin_access_control.default.id}
          originId: ${s3OriginId}
      enabled: true
      isIpv6Enabled: true
      comment: Some comment
      defaultRootObject: index.html
      loggingConfig:
        includeCookies: false
        bucket: mylogs.s3.amazonaws.com
        prefix: myprefix
      aliases:
        - mysite.example.com
        - yoursite.example.com
      defaultCacheBehavior:
        allowedMethods:
          - DELETE
          - GET
          - HEAD
          - OPTIONS
          - PATCH
          - POST
          - PUT
        cachedMethods:
          - GET
          - HEAD
        targetOriginId: ${s3OriginId}
        forwardedValues:
          queryString: false
          cookies:
            forward: none
        viewerProtocolPolicy: allow-all
        minTtl: 0
        defaultTtl: 3600
        maxTtl: 86400
      # Cache behavior with precedence 0
      orderedCacheBehaviors:
        - pathPattern: /content/immutable/*
          allowedMethods:
            - GET
            - HEAD
            - OPTIONS
          cachedMethods:
            - GET
            - HEAD
            - OPTIONS
          targetOriginId: ${s3OriginId}
          forwardedValues:
            queryString: false
            headers:
              - Origin
            cookies:
              forward: none
          minTtl: 0
          defaultTtl: 86400
          maxTtl: 3.1536e+07
          compress: true
          viewerProtocolPolicy: redirect-to-https
        - pathPattern: /content/*
          allowedMethods:
            - GET
            - HEAD
            - OPTIONS
          cachedMethods:
            - GET
            - HEAD
          targetOriginId: ${s3OriginId}
          forwardedValues:
            queryString: false
            cookies:
              forward: none
          minTtl: 0
          defaultTtl: 3600
          maxTtl: 86400
          compress: true
          viewerProtocolPolicy: redirect-to-https
      priceClass: PriceClass_200
      restrictions:
        geoRestriction:
          restrictionType: whitelist
          locations:
            - US
            - CA
            - GB
            - DE
      tags:
        Environment: production
      viewerCertificate:
        cloudfrontDefaultCertificate: true
variables:
  s3OriginId: myS3Origin

The example below creates a CloudFront distribution with an origin group for failover routing

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var s3Distribution = new Aws.CloudFront.Distribution("s3Distribution", new()
    {
        OriginGroups = new[]
        {
            new Aws.CloudFront.Inputs.DistributionOriginGroupArgs
            {
                OriginId = "groupS3",
                FailoverCriteria = new Aws.CloudFront.Inputs.DistributionOriginGroupFailoverCriteriaArgs
                {
                    StatusCodes = new[]
                    {
                        403,
                        404,
                        500,
                        502,
                    },
                },
                Members = new[]
                {
                    new Aws.CloudFront.Inputs.DistributionOriginGroupMemberArgs
                    {
                        OriginId = "primaryS3",
                    },
                    new Aws.CloudFront.Inputs.DistributionOriginGroupMemberArgs
                    {
                        OriginId = "failoverS3",
                    },
                },
            },
        },
        Origins = new[]
        {
            new Aws.CloudFront.Inputs.DistributionOriginArgs
            {
                DomainName = aws_s3_bucket.Primary.Bucket_regional_domain_name,
                OriginId = "primaryS3",
                S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs
                {
                    OriginAccessIdentity = aws_cloudfront_origin_access_identity.Default.Cloudfront_access_identity_path,
                },
            },
            new Aws.CloudFront.Inputs.DistributionOriginArgs
            {
                DomainName = aws_s3_bucket.Failover.Bucket_regional_domain_name,
                OriginId = "failoverS3",
                S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs
                {
                    OriginAccessIdentity = aws_cloudfront_origin_access_identity.Default.Cloudfront_access_identity_path,
                },
            },
        },
        DefaultCacheBehavior = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorArgs
        {
            TargetOriginId = "groupS3",
        },
    });

    // ... other configuration ...
});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/cloudfront"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudfront.NewDistribution(ctx, "s3Distribution", &cloudfront.DistributionArgs{
			OriginGroups: cloudfront.DistributionOriginGroupArray{
				&cloudfront.DistributionOriginGroupArgs{
					OriginId: pulumi.String("groupS3"),
					FailoverCriteria: &cloudfront.DistributionOriginGroupFailoverCriteriaArgs{
						StatusCodes: pulumi.IntArray{
							pulumi.Int(403),
							pulumi.Int(404),
							pulumi.Int(500),
							pulumi.Int(502),
						},
					},
					Members: cloudfront.DistributionOriginGroupMemberArray{
						&cloudfront.DistributionOriginGroupMemberArgs{
							OriginId: pulumi.String("primaryS3"),
						},
						&cloudfront.DistributionOriginGroupMemberArgs{
							OriginId: pulumi.String("failoverS3"),
						},
					},
				},
			},
			Origins: cloudfront.DistributionOriginArray{
				&cloudfront.DistributionOriginArgs{
					DomainName: pulumi.Any(aws_s3_bucket.Primary.Bucket_regional_domain_name),
					OriginId:   pulumi.String("primaryS3"),
					S3OriginConfig: &cloudfront.DistributionOriginS3OriginConfigArgs{
						OriginAccessIdentity: pulumi.Any(aws_cloudfront_origin_access_identity.Default.Cloudfront_access_identity_path),
					},
				},
				&cloudfront.DistributionOriginArgs{
					DomainName: pulumi.Any(aws_s3_bucket.Failover.Bucket_regional_domain_name),
					OriginId:   pulumi.String("failoverS3"),
					S3OriginConfig: &cloudfront.DistributionOriginS3OriginConfigArgs{
						OriginAccessIdentity: pulumi.Any(aws_cloudfront_origin_access_identity.Default.Cloudfront_access_identity_path),
					},
				},
			},
			DefaultCacheBehavior: &cloudfront.DistributionDefaultCacheBehaviorArgs{
				TargetOriginId: pulumi.String("groupS3"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudfront.Distribution;
import com.pulumi.aws.cloudfront.DistributionArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOriginGroupArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOriginGroupFailoverCriteriaArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOriginS3OriginConfigArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionDefaultCacheBehaviorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var s3Distribution = new Distribution("s3Distribution", DistributionArgs.builder()        
            .originGroups(DistributionOriginGroupArgs.builder()
                .originId("groupS3")
                .failoverCriteria(DistributionOriginGroupFailoverCriteriaArgs.builder()
                    .statusCodes(                    
                        403,
                        404,
                        500,
                        502)
                    .build())
                .members(                
                    DistributionOriginGroupMemberArgs.builder()
                        .originId("primaryS3")
                        .build(),
                    DistributionOriginGroupMemberArgs.builder()
                        .originId("failoverS3")
                        .build())
                .build())
            .origins(            
                DistributionOriginArgs.builder()
                    .domainName(aws_s3_bucket.primary().bucket_regional_domain_name())
                    .originId("primaryS3")
                    .s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()
                        .originAccessIdentity(aws_cloudfront_origin_access_identity.default().cloudfront_access_identity_path())
                        .build())
                    .build(),
                DistributionOriginArgs.builder()
                    .domainName(aws_s3_bucket.failover().bucket_regional_domain_name())
                    .originId("failoverS3")
                    .s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()
                        .originAccessIdentity(aws_cloudfront_origin_access_identity.default().cloudfront_access_identity_path())
                        .build())
                    .build())
            .defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()
                .targetOriginId("groupS3")
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

s3_distribution = aws.cloudfront.Distribution("s3Distribution",
    origin_groups=[aws.cloudfront.DistributionOriginGroupArgs(
        origin_id="groupS3",
        failover_criteria=aws.cloudfront.DistributionOriginGroupFailoverCriteriaArgs(
            status_codes=[
                403,
                404,
                500,
                502,
            ],
        ),
        members=[
            aws.cloudfront.DistributionOriginGroupMemberArgs(
                origin_id="primaryS3",
            ),
            aws.cloudfront.DistributionOriginGroupMemberArgs(
                origin_id="failoverS3",
            ),
        ],
    )],
    origins=[
        aws.cloudfront.DistributionOriginArgs(
            domain_name=aws_s3_bucket["primary"]["bucket_regional_domain_name"],
            origin_id="primaryS3",
            s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(
                origin_access_identity=aws_cloudfront_origin_access_identity["default"]["cloudfront_access_identity_path"],
            ),
        ),
        aws.cloudfront.DistributionOriginArgs(
            domain_name=aws_s3_bucket["failover"]["bucket_regional_domain_name"],
            origin_id="failoverS3",
            s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(
                origin_access_identity=aws_cloudfront_origin_access_identity["default"]["cloudfront_access_identity_path"],
            ),
        ),
    ],
    default_cache_behavior=aws.cloudfront.DistributionDefaultCacheBehaviorArgs(
        target_origin_id="groupS3",
    ))
# ... other configuration ...
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const s3Distribution = new aws.cloudfront.Distribution("s3Distribution", {
    originGroups: [{
        originId: "groupS3",
        failoverCriteria: {
            statusCodes: [
                403,
                404,
                500,
                502,
            ],
        },
        members: [
            {
                originId: "primaryS3",
            },
            {
                originId: "failoverS3",
            },
        ],
    }],
    origins: [
        {
            domainName: aws_s3_bucket.primary.bucket_regional_domain_name,
            originId: "primaryS3",
            s3OriginConfig: {
                originAccessIdentity: aws_cloudfront_origin_access_identity["default"].cloudfront_access_identity_path,
            },
        },
        {
            domainName: aws_s3_bucket.failover.bucket_regional_domain_name,
            originId: "failoverS3",
            s3OriginConfig: {
                originAccessIdentity: aws_cloudfront_origin_access_identity["default"].cloudfront_access_identity_path,
            },
        },
    ],
    defaultCacheBehavior: {
        targetOriginId: "groupS3",
    },
});
// ... other configuration ...
resources:
  s3Distribution:
    type: aws:cloudfront:Distribution
    properties:
      originGroups:
        - originId: groupS3
          failoverCriteria:
            statusCodes:
              - 403
              - 404
              - 500
              - 502
          members:
            - originId: primaryS3
            - originId: failoverS3
      origins:
        - domainName: ${aws_s3_bucket.primary.bucket_regional_domain_name}
          originId: primaryS3
          s3OriginConfig:
            originAccessIdentity: ${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}
        - domainName: ${aws_s3_bucket.failover.bucket_regional_domain_name}
          originId: failoverS3
          s3OriginConfig:
            originAccessIdentity: ${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}
      defaultCacheBehavior:
        targetOriginId: groupS3

(ex: CachingDisabled)

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cloudfront.Distribution;
import com.pulumi.aws.cloudfront.DistributionArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOriginArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionOriginS3OriginConfigArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionDefaultCacheBehaviorArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionRestrictionsArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionRestrictionsGeoRestrictionArgs;
import com.pulumi.aws.cloudfront.inputs.DistributionViewerCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var s3OriginId = "myS3Origin";

        var s3Distribution = new Distribution("s3Distribution", DistributionArgs.builder()        
            .origins(DistributionOriginArgs.builder()
                .domainName(aws_s3_bucket.primary().bucket_regional_domain_name())
                .originId("myS3Origin")
                .s3OriginConfig(DistributionOriginS3OriginConfigArgs.builder()
                    .originAccessIdentity(aws_cloudfront_origin_access_identity.default().cloudfront_access_identity_path())
                    .build())
                .build())
            .enabled(true)
            .isIpv6Enabled(true)
            .comment("Some comment")
            .defaultRootObject("index.html")
            .defaultCacheBehavior(DistributionDefaultCacheBehaviorArgs.builder()
                .cachePolicyId("4135ea2d-6df8-44a3-9df3-4b5a84be39ad")
                .allowedMethods(                
                    "GET",
                    "HEAD",
                    "OPTIONS")
                .pathPattern("/content/*")
                .targetOriginId(s3OriginId)
                .build())
            .restrictions(DistributionRestrictionsArgs.builder()
                .geoRestriction(DistributionRestrictionsGeoRestrictionArgs.builder()
                    .restrictionType("whitelist")
                    .locations(                    
                        "US",
                        "CA",
                        "GB",
                        "DE")
                    .build())
                .build())
            .viewerCertificate(DistributionViewerCertificateArgs.builder()
                .cloudfrontDefaultCertificate(true)
                .build())
            .build());

    }
}

Coming soon!

Coming soon!

resources:
  s3Distribution:
    type: aws:cloudfront:Distribution
    properties:
      origins:
        - domainName: ${aws_s3_bucket.primary.bucket_regional_domain_name}
          originId: myS3Origin
          s3OriginConfig:
            originAccessIdentity: ${aws_cloudfront_origin_access_identity.default.cloudfront_access_identity_path}
      enabled: true
      isIpv6Enabled: true
      comment: Some comment
      defaultRootObject: index.html
      defaultCacheBehavior:
        cachePolicyId: 4135ea2d-6df8-44a3-9df3-4b5a84be39ad
        allowedMethods:
          - GET
          - HEAD
          - OPTIONS
        pathPattern: /content/*
        targetOriginId: ${s3OriginId}
      restrictions:
        geoRestriction:
          restrictionType: whitelist
          locations:
            - US
            - CA
            - GB
            - DE
      viewerCertificate:
        cloudfrontDefaultCertificate: true
variables:
  s3OriginId: myS3Origin

Create Distribution Resource

new Distribution(name: string, args: DistributionArgs, opts?: CustomResourceOptions);
@overload
def Distribution(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 aliases: Optional[Sequence[str]] = None,
                 comment: Optional[str] = None,
                 custom_error_responses: Optional[Sequence[DistributionCustomErrorResponseArgs]] = None,
                 default_cache_behavior: Optional[DistributionDefaultCacheBehaviorArgs] = None,
                 default_root_object: Optional[str] = None,
                 enabled: Optional[bool] = None,
                 http_version: Optional[str] = None,
                 is_ipv6_enabled: Optional[bool] = None,
                 logging_config: Optional[DistributionLoggingConfigArgs] = None,
                 ordered_cache_behaviors: Optional[Sequence[DistributionOrderedCacheBehaviorArgs]] = None,
                 origin_groups: Optional[Sequence[DistributionOriginGroupArgs]] = None,
                 origins: Optional[Sequence[DistributionOriginArgs]] = None,
                 price_class: Optional[str] = None,
                 restrictions: Optional[DistributionRestrictionsArgs] = None,
                 retain_on_delete: Optional[bool] = None,
                 tags: Optional[Mapping[str, str]] = None,
                 viewer_certificate: Optional[DistributionViewerCertificateArgs] = None,
                 wait_for_deployment: Optional[bool] = None,
                 web_acl_id: Optional[str] = None)
@overload
def Distribution(resource_name: str,
                 args: DistributionArgs,
                 opts: Optional[ResourceOptions] = None)
func NewDistribution(ctx *Context, name string, args DistributionArgs, opts ...ResourceOption) (*Distribution, error)
public Distribution(string name, DistributionArgs args, CustomResourceOptions? opts = null)
public Distribution(String name, DistributionArgs args)
public Distribution(String name, DistributionArgs args, CustomResourceOptions options)
type: aws:cloudfront:Distribution
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args DistributionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args DistributionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args DistributionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args DistributionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args DistributionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Distribution Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Distribution resource accepts the following input properties:

DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

Origins List<DistributionOriginArgs>

One or more origins for this distribution (multiples allowed).

Restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

ViewerCertificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

Aliases List<string>

Extra CNAMEs (alternate domain names), if any, for this distribution.

Comment string

Any comments you want to include about the distribution.

CustomErrorResponses List<DistributionCustomErrorResponseArgs>

One or more custom error response elements (multiples allowed).

DefaultRootObject string

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

HttpVersion string

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

IsIpv6Enabled bool

Whether the IPv6 is enabled for the distribution.

LoggingConfig DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

OrderedCacheBehaviors List<DistributionOrderedCacheBehaviorArgs>

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

OriginGroups List<DistributionOriginGroupArgs>

One or more origin_group for this distribution (multiples allowed).

PriceClass string

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

RetainOnDelete bool

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

Tags Dictionary<string, string>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

WaitForDeployment bool

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

WebAclId string

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

Origins []DistributionOriginArgs

One or more origins for this distribution (multiples allowed).

Restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

ViewerCertificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

Aliases []string

Extra CNAMEs (alternate domain names), if any, for this distribution.

Comment string

Any comments you want to include about the distribution.

CustomErrorResponses []DistributionCustomErrorResponseArgs

One or more custom error response elements (multiples allowed).

DefaultRootObject string

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

HttpVersion string

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

IsIpv6Enabled bool

Whether the IPv6 is enabled for the distribution.

LoggingConfig DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

OrderedCacheBehaviors []DistributionOrderedCacheBehaviorArgs

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

OriginGroups []DistributionOriginGroupArgs

One or more origin_group for this distribution (multiples allowed).

PriceClass string

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

RetainOnDelete bool

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

Tags map[string]string

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

WaitForDeployment bool

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

WebAclId string

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

defaultCacheBehavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

origins List<DistributionOriginArgs>

One or more origins for this distribution (multiples allowed).

restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

viewerCertificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

aliases List<String>

Extra CNAMEs (alternate domain names), if any, for this distribution.

comment String

Any comments you want to include about the distribution.

customErrorResponses List<DistributionCustomErrorResponseArgs>

One or more custom error response elements (multiples allowed).

defaultRootObject String

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

httpVersion String

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

isIpv6Enabled Boolean

Whether the IPv6 is enabled for the distribution.

loggingConfig DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

orderedCacheBehaviors List<DistributionOrderedCacheBehaviorArgs>

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

originGroups List<DistributionOriginGroupArgs>

One or more origin_group for this distribution (multiples allowed).

priceClass String

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

retainOnDelete Boolean

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

tags Map<String,String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

waitForDeployment Boolean

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

webAclId String

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

defaultCacheBehavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

enabled boolean

Whether the distribution is enabled to accept end user requests for content.

origins DistributionOriginArgs[]

One or more origins for this distribution (multiples allowed).

restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

viewerCertificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

aliases string[]

Extra CNAMEs (alternate domain names), if any, for this distribution.

comment string

Any comments you want to include about the distribution.

customErrorResponses DistributionCustomErrorResponseArgs[]

One or more custom error response elements (multiples allowed).

defaultRootObject string

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

httpVersion string

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

isIpv6Enabled boolean

Whether the IPv6 is enabled for the distribution.

loggingConfig DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

orderedCacheBehaviors DistributionOrderedCacheBehaviorArgs[]

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

originGroups DistributionOriginGroupArgs[]

One or more origin_group for this distribution (multiples allowed).

priceClass string

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

retainOnDelete boolean

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

tags {[key: string]: string}

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

waitForDeployment boolean

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

webAclId string

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

default_cache_behavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

enabled bool

Whether the distribution is enabled to accept end user requests for content.

origins Sequence[DistributionOriginArgs]

One or more origins for this distribution (multiples allowed).

restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

viewer_certificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

aliases Sequence[str]

Extra CNAMEs (alternate domain names), if any, for this distribution.

comment str

Any comments you want to include about the distribution.

custom_error_responses Sequence[DistributionCustomErrorResponseArgs]

One or more custom error response elements (multiples allowed).

default_root_object str

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

http_version str

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

is_ipv6_enabled bool

Whether the IPv6 is enabled for the distribution.

logging_config DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

ordered_cache_behaviors Sequence[DistributionOrderedCacheBehaviorArgs]

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

origin_groups Sequence[DistributionOriginGroupArgs]

One or more origin_group for this distribution (multiples allowed).

price_class str

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

retain_on_delete bool

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

tags Mapping[str, str]

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

wait_for_deployment bool

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

web_acl_id str

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

defaultCacheBehavior Property Map

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

origins List<Property Map>

One or more origins for this distribution (multiples allowed).

restrictions Property Map

The restriction configuration for this distribution (maximum one).

viewerCertificate Property Map

The SSL configuration for this distribution (maximum one).

aliases List<String>

Extra CNAMEs (alternate domain names), if any, for this distribution.

comment String

Any comments you want to include about the distribution.

customErrorResponses List<Property Map>

One or more custom error response elements (multiples allowed).

defaultRootObject String

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

httpVersion String

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

isIpv6Enabled Boolean

Whether the IPv6 is enabled for the distribution.

loggingConfig Property Map

The logging configuration that controls how logs are written to your distribution (maximum one).

orderedCacheBehaviors List<Property Map>

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

originGroups List<Property Map>

One or more origin_group for this distribution (multiples allowed).

priceClass String

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

retainOnDelete Boolean

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

tags Map<String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

waitForDeployment Boolean

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

webAclId String

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

Outputs

All input properties are implicitly available as output properties. Additionally, the Distribution resource produces the following output properties:

Arn string

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

CallerReference string

Internal value used by CloudFront to allow future updates to the distribution configuration.

DomainName string

DNS domain name of either the S3 bucket, or web site of your custom origin.

Etag string

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

HostedZoneId string

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

Id string

The provider-assigned unique ID for this managed resource.

InProgressValidationBatches int

Number of invalidation batches currently in progress.

LastModifiedTime string

Date and time the distribution was last modified.

Status string

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

TrustedKeyGroups List<DistributionTrustedKeyGroup>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

TrustedSigners List<DistributionTrustedSigner>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

Arn string

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

CallerReference string

Internal value used by CloudFront to allow future updates to the distribution configuration.

DomainName string

DNS domain name of either the S3 bucket, or web site of your custom origin.

Etag string

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

HostedZoneId string

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

Id string

The provider-assigned unique ID for this managed resource.

InProgressValidationBatches int

Number of invalidation batches currently in progress.

LastModifiedTime string

Date and time the distribution was last modified.

Status string

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

TrustedKeyGroups []DistributionTrustedKeyGroup

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

TrustedSigners []DistributionTrustedSigner

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

arn String

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

callerReference String

Internal value used by CloudFront to allow future updates to the distribution configuration.

domainName String

DNS domain name of either the S3 bucket, or web site of your custom origin.

etag String

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

hostedZoneId String

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

id String

The provider-assigned unique ID for this managed resource.

inProgressValidationBatches Integer

Number of invalidation batches currently in progress.

lastModifiedTime String

Date and time the distribution was last modified.

status String

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

trustedKeyGroups List<DistributionTrustedKeyGroup>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners List<DistributionTrustedSigner>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

arn string

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

callerReference string

Internal value used by CloudFront to allow future updates to the distribution configuration.

domainName string

DNS domain name of either the S3 bucket, or web site of your custom origin.

etag string

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

hostedZoneId string

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

id string

The provider-assigned unique ID for this managed resource.

inProgressValidationBatches number

Number of invalidation batches currently in progress.

lastModifiedTime string

Date and time the distribution was last modified.

status string

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

trustedKeyGroups DistributionTrustedKeyGroup[]

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners DistributionTrustedSigner[]

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

arn str

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

caller_reference str

Internal value used by CloudFront to allow future updates to the distribution configuration.

domain_name str

DNS domain name of either the S3 bucket, or web site of your custom origin.

etag str

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

hosted_zone_id str

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

id str

The provider-assigned unique ID for this managed resource.

in_progress_validation_batches int

Number of invalidation batches currently in progress.

last_modified_time str

Date and time the distribution was last modified.

status str

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

trusted_key_groups Sequence[DistributionTrustedKeyGroup]

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trusted_signers Sequence[DistributionTrustedSigner]

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

arn String

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

callerReference String

Internal value used by CloudFront to allow future updates to the distribution configuration.

domainName String

DNS domain name of either the S3 bucket, or web site of your custom origin.

etag String

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

hostedZoneId String

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

id String

The provider-assigned unique ID for this managed resource.

inProgressValidationBatches Number

Number of invalidation batches currently in progress.

lastModifiedTime String

Date and time the distribution was last modified.

status String

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

trustedKeyGroups List<Property Map>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners List<Property Map>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

Look up Existing Distribution Resource

Get an existing Distribution resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DistributionState, opts?: CustomResourceOptions): Distribution
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        aliases: Optional[Sequence[str]] = None,
        arn: Optional[str] = None,
        caller_reference: Optional[str] = None,
        comment: Optional[str] = None,
        custom_error_responses: Optional[Sequence[DistributionCustomErrorResponseArgs]] = None,
        default_cache_behavior: Optional[DistributionDefaultCacheBehaviorArgs] = None,
        default_root_object: Optional[str] = None,
        domain_name: Optional[str] = None,
        enabled: Optional[bool] = None,
        etag: Optional[str] = None,
        hosted_zone_id: Optional[str] = None,
        http_version: Optional[str] = None,
        in_progress_validation_batches: Optional[int] = None,
        is_ipv6_enabled: Optional[bool] = None,
        last_modified_time: Optional[str] = None,
        logging_config: Optional[DistributionLoggingConfigArgs] = None,
        ordered_cache_behaviors: Optional[Sequence[DistributionOrderedCacheBehaviorArgs]] = None,
        origin_groups: Optional[Sequence[DistributionOriginGroupArgs]] = None,
        origins: Optional[Sequence[DistributionOriginArgs]] = None,
        price_class: Optional[str] = None,
        restrictions: Optional[DistributionRestrictionsArgs] = None,
        retain_on_delete: Optional[bool] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        trusted_key_groups: Optional[Sequence[DistributionTrustedKeyGroupArgs]] = None,
        trusted_signers: Optional[Sequence[DistributionTrustedSignerArgs]] = None,
        viewer_certificate: Optional[DistributionViewerCertificateArgs] = None,
        wait_for_deployment: Optional[bool] = None,
        web_acl_id: Optional[str] = None) -> Distribution
func GetDistribution(ctx *Context, name string, id IDInput, state *DistributionState, opts ...ResourceOption) (*Distribution, error)
public static Distribution Get(string name, Input<string> id, DistributionState? state, CustomResourceOptions? opts = null)
public static Distribution get(String name, Output<String> id, DistributionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Aliases List<string>

Extra CNAMEs (alternate domain names), if any, for this distribution.

Arn string

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

CallerReference string

Internal value used by CloudFront to allow future updates to the distribution configuration.

Comment string

Any comments you want to include about the distribution.

CustomErrorResponses List<DistributionCustomErrorResponseArgs>

One or more custom error response elements (multiples allowed).

DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

DefaultRootObject string

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

DomainName string

DNS domain name of either the S3 bucket, or web site of your custom origin.

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

Etag string

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

HostedZoneId string

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

HttpVersion string

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

InProgressValidationBatches int

Number of invalidation batches currently in progress.

IsIpv6Enabled bool

Whether the IPv6 is enabled for the distribution.

LastModifiedTime string

Date and time the distribution was last modified.

LoggingConfig DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

OrderedCacheBehaviors List<DistributionOrderedCacheBehaviorArgs>

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

OriginGroups List<DistributionOriginGroupArgs>

One or more origin_group for this distribution (multiples allowed).

Origins List<DistributionOriginArgs>

One or more origins for this distribution (multiples allowed).

PriceClass string

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

Restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

RetainOnDelete bool

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

Status string

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

Tags Dictionary<string, string>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

TrustedKeyGroups List<DistributionTrustedKeyGroupArgs>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

TrustedSigners List<DistributionTrustedSignerArgs>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

ViewerCertificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

WaitForDeployment bool

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

WebAclId string

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

Aliases []string

Extra CNAMEs (alternate domain names), if any, for this distribution.

Arn string

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

CallerReference string

Internal value used by CloudFront to allow future updates to the distribution configuration.

Comment string

Any comments you want to include about the distribution.

CustomErrorResponses []DistributionCustomErrorResponseArgs

One or more custom error response elements (multiples allowed).

DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

DefaultRootObject string

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

DomainName string

DNS domain name of either the S3 bucket, or web site of your custom origin.

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

Etag string

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

HostedZoneId string

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

HttpVersion string

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

InProgressValidationBatches int

Number of invalidation batches currently in progress.

IsIpv6Enabled bool

Whether the IPv6 is enabled for the distribution.

LastModifiedTime string

Date and time the distribution was last modified.

LoggingConfig DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

OrderedCacheBehaviors []DistributionOrderedCacheBehaviorArgs

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

OriginGroups []DistributionOriginGroupArgs

One or more origin_group for this distribution (multiples allowed).

Origins []DistributionOriginArgs

One or more origins for this distribution (multiples allowed).

PriceClass string

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

Restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

RetainOnDelete bool

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

Status string

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

Tags map[string]string

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

TrustedKeyGroups []DistributionTrustedKeyGroupArgs

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

TrustedSigners []DistributionTrustedSignerArgs

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

ViewerCertificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

WaitForDeployment bool

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

WebAclId string

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

aliases List<String>

Extra CNAMEs (alternate domain names), if any, for this distribution.

arn String

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

callerReference String

Internal value used by CloudFront to allow future updates to the distribution configuration.

comment String

Any comments you want to include about the distribution.

customErrorResponses List<DistributionCustomErrorResponseArgs>

One or more custom error response elements (multiples allowed).

defaultCacheBehavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

defaultRootObject String

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

domainName String

DNS domain name of either the S3 bucket, or web site of your custom origin.

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

etag String

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

hostedZoneId String

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

httpVersion String

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

inProgressValidationBatches Integer

Number of invalidation batches currently in progress.

isIpv6Enabled Boolean

Whether the IPv6 is enabled for the distribution.

lastModifiedTime String

Date and time the distribution was last modified.

loggingConfig DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

orderedCacheBehaviors List<DistributionOrderedCacheBehaviorArgs>

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

originGroups List<DistributionOriginGroupArgs>

One or more origin_group for this distribution (multiples allowed).

origins List<DistributionOriginArgs>

One or more origins for this distribution (multiples allowed).

priceClass String

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

retainOnDelete Boolean

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

status String

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

tags Map<String,String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

trustedKeyGroups List<DistributionTrustedKeyGroupArgs>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners List<DistributionTrustedSignerArgs>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

viewerCertificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

waitForDeployment Boolean

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

webAclId String

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

aliases string[]

Extra CNAMEs (alternate domain names), if any, for this distribution.

arn string

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

callerReference string

Internal value used by CloudFront to allow future updates to the distribution configuration.

comment string

Any comments you want to include about the distribution.

customErrorResponses DistributionCustomErrorResponseArgs[]

One or more custom error response elements (multiples allowed).

defaultCacheBehavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

defaultRootObject string

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

domainName string

DNS domain name of either the S3 bucket, or web site of your custom origin.

enabled boolean

Whether the distribution is enabled to accept end user requests for content.

etag string

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

hostedZoneId string

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

httpVersion string

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

inProgressValidationBatches number

Number of invalidation batches currently in progress.

isIpv6Enabled boolean

Whether the IPv6 is enabled for the distribution.

lastModifiedTime string

Date and time the distribution was last modified.

loggingConfig DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

orderedCacheBehaviors DistributionOrderedCacheBehaviorArgs[]

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

originGroups DistributionOriginGroupArgs[]

One or more origin_group for this distribution (multiples allowed).

origins DistributionOriginArgs[]

One or more origins for this distribution (multiples allowed).

priceClass string

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

retainOnDelete boolean

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

status string

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

tags {[key: string]: string}

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

trustedKeyGroups DistributionTrustedKeyGroupArgs[]

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners DistributionTrustedSignerArgs[]

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

viewerCertificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

waitForDeployment boolean

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

webAclId string

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

aliases Sequence[str]

Extra CNAMEs (alternate domain names), if any, for this distribution.

arn str

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

caller_reference str

Internal value used by CloudFront to allow future updates to the distribution configuration.

comment str

Any comments you want to include about the distribution.

custom_error_responses Sequence[DistributionCustomErrorResponseArgs]

One or more custom error response elements (multiples allowed).

default_cache_behavior DistributionDefaultCacheBehaviorArgs

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

default_root_object str

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

domain_name str

DNS domain name of either the S3 bucket, or web site of your custom origin.

enabled bool

Whether the distribution is enabled to accept end user requests for content.

etag str

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

hosted_zone_id str

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

http_version str

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

in_progress_validation_batches int

Number of invalidation batches currently in progress.

is_ipv6_enabled bool

Whether the IPv6 is enabled for the distribution.

last_modified_time str

Date and time the distribution was last modified.

logging_config DistributionLoggingConfigArgs

The logging configuration that controls how logs are written to your distribution (maximum one).

ordered_cache_behaviors Sequence[DistributionOrderedCacheBehaviorArgs]

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

origin_groups Sequence[DistributionOriginGroupArgs]

One or more origin_group for this distribution (multiples allowed).

origins Sequence[DistributionOriginArgs]

One or more origins for this distribution (multiples allowed).

price_class str

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

restrictions DistributionRestrictionsArgs

The restriction configuration for this distribution (maximum one).

retain_on_delete bool

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

status str

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

tags Mapping[str, str]

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

trusted_key_groups Sequence[DistributionTrustedKeyGroupArgs]

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trusted_signers Sequence[DistributionTrustedSignerArgs]

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

viewer_certificate DistributionViewerCertificateArgs

The SSL configuration for this distribution (maximum one).

wait_for_deployment bool

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

web_acl_id str

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

aliases List<String>

Extra CNAMEs (alternate domain names), if any, for this distribution.

arn String

ARN for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

callerReference String

Internal value used by CloudFront to allow future updates to the distribution configuration.

comment String

Any comments you want to include about the distribution.

customErrorResponses List<Property Map>

One or more custom error response elements (multiples allowed).

defaultCacheBehavior Property Map

Default cache behavior for this distribution (maximum one). Requires either cache_policy_id (preferred) or forwarded_values (deprecated) be set.

defaultRootObject String

Object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.

domainName String

DNS domain name of either the S3 bucket, or web site of your custom origin.

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

etag String

Current version of the distribution's information. For example: E2QWRUHAPOMQZL.

hostedZoneId String

CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.

httpVersion String

Maximum HTTP version to support on the distribution. Allowed values are http1.1, http2, http2and3 and http3. The default is http2.

inProgressValidationBatches Number

Number of invalidation batches currently in progress.

isIpv6Enabled Boolean

Whether the IPv6 is enabled for the distribution.

lastModifiedTime String

Date and time the distribution was last modified.

loggingConfig Property Map

The logging configuration that controls how logs are written to your distribution (maximum one).

orderedCacheBehaviors List<Property Map>

Ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.

originGroups List<Property Map>

One or more origin_group for this distribution (multiples allowed).

origins List<Property Map>

One or more origins for this distribution (multiples allowed).

priceClass String

Price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100.

restrictions Property Map

The restriction configuration for this distribution (maximum one).

retainOnDelete Boolean

Disables the distribution instead of deleting it when destroying the resource through the provider. If this is set, the distribution needs to be deleted manually afterwards. Default: false.

status String

Current status of the distribution. Deployed if the distribution's information is fully propagated throughout the Amazon CloudFront system.

tags Map<String>

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

trustedKeyGroups List<Property Map>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners List<Property Map>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

viewerCertificate Property Map

The SSL configuration for this distribution (maximum one).

waitForDeployment Boolean

If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.

webAclId String

Unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

Supporting Types

DistributionCustomErrorResponse

ErrorCode int

4xx or 5xx HTTP status code that you want to customize.

ErrorCachingMinTtl int

Minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.

ResponseCode int

HTTP status code that you want CloudFront to return with the custom error page to the viewer.

ResponsePagePath string

Path of the custom error page (for example, /custom_404.html).

ErrorCode int

4xx or 5xx HTTP status code that you want to customize.

ErrorCachingMinTtl int

Minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.

ResponseCode int

HTTP status code that you want CloudFront to return with the custom error page to the viewer.

ResponsePagePath string

Path of the custom error page (for example, /custom_404.html).

errorCode Integer

4xx or 5xx HTTP status code that you want to customize.

errorCachingMinTtl Integer

Minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.

responseCode Integer

HTTP status code that you want CloudFront to return with the custom error page to the viewer.

responsePagePath String

Path of the custom error page (for example, /custom_404.html).

errorCode number

4xx or 5xx HTTP status code that you want to customize.

errorCachingMinTtl number

Minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.

responseCode number

HTTP status code that you want CloudFront to return with the custom error page to the viewer.

responsePagePath string

Path of the custom error page (for example, /custom_404.html).

error_code int

4xx or 5xx HTTP status code that you want to customize.

error_caching_min_ttl int

Minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.

response_code int

HTTP status code that you want CloudFront to return with the custom error page to the viewer.

response_page_path str

Path of the custom error page (for example, /custom_404.html).

errorCode Number

4xx or 5xx HTTP status code that you want to customize.

errorCachingMinTtl Number

Minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.

responseCode Number

HTTP status code that you want CloudFront to return with the custom error page to the viewer.

responsePagePath String

Path of the custom error page (for example, /custom_404.html).

DistributionDefaultCacheBehavior

AllowedMethods List<string>

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

CachedMethods List<string>

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

TargetOriginId string

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

ViewerProtocolPolicy string

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

CachePolicyId string

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

Compress bool

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

DefaultTtl int

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

FieldLevelEncryptionId string

Field level encryption configuration ID.

ForwardedValues DistributionDefaultCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

FunctionAssociations List<DistributionDefaultCacheBehaviorFunctionAssociation>

A config block that triggers a cloudfront function with specific actions (maximum 2).

LambdaFunctionAssociations List<DistributionDefaultCacheBehaviorLambdaFunctionAssociation>

A config block that triggers a lambda function with specific actions (maximum 4).

MaxTtl int

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

MinTtl int

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

OriginRequestPolicyId string

Unique identifier of the origin request policy that is attached to the behavior.

RealtimeLogConfigArn string

ARN of the real-time log configuration that is attached to this cache behavior.

ResponseHeadersPolicyId string

Identifier for a response headers policy.

SmoothStreaming bool

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

TrustedKeyGroups List<string>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

TrustedSigners List<string>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

AllowedMethods []string

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

CachedMethods []string

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

TargetOriginId string

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

ViewerProtocolPolicy string

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

CachePolicyId string

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

Compress bool

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

DefaultTtl int

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

FieldLevelEncryptionId string

Field level encryption configuration ID.

ForwardedValues DistributionDefaultCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

FunctionAssociations []DistributionDefaultCacheBehaviorFunctionAssociation

A config block that triggers a cloudfront function with specific actions (maximum 2).

LambdaFunctionAssociations []DistributionDefaultCacheBehaviorLambdaFunctionAssociation

A config block that triggers a lambda function with specific actions (maximum 4).

MaxTtl int

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

MinTtl int

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

OriginRequestPolicyId string

Unique identifier of the origin request policy that is attached to the behavior.

RealtimeLogConfigArn string

ARN of the real-time log configuration that is attached to this cache behavior.

ResponseHeadersPolicyId string

Identifier for a response headers policy.

SmoothStreaming bool

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

TrustedKeyGroups []string

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

TrustedSigners []string

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

allowedMethods List<String>

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

cachedMethods List<String>

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

targetOriginId String

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

viewerProtocolPolicy String

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

cachePolicyId String

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

compress Boolean

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

defaultTtl Integer

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

fieldLevelEncryptionId String

Field level encryption configuration ID.

forwardedValues DistributionDefaultCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

functionAssociations List<DistributionDefaultCacheBehaviorFunctionAssociation>

A config block that triggers a cloudfront function with specific actions (maximum 2).

lambdaFunctionAssociations List<DistributionDefaultCacheBehaviorLambdaFunctionAssociation>

A config block that triggers a lambda function with specific actions (maximum 4).

maxTtl Integer

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

minTtl Integer

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

originRequestPolicyId String

Unique identifier of the origin request policy that is attached to the behavior.

realtimeLogConfigArn String

ARN of the real-time log configuration that is attached to this cache behavior.

responseHeadersPolicyId String

Identifier for a response headers policy.

smoothStreaming Boolean

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

trustedKeyGroups List<String>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners List<String>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

allowedMethods string[]

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

cachedMethods string[]

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

targetOriginId string

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

viewerProtocolPolicy string

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

cachePolicyId string

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

compress boolean

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

defaultTtl number

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

fieldLevelEncryptionId string

Field level encryption configuration ID.

forwardedValues DistributionDefaultCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

functionAssociations DistributionDefaultCacheBehaviorFunctionAssociation[]

A config block that triggers a cloudfront function with specific actions (maximum 2).

lambdaFunctionAssociations DistributionDefaultCacheBehaviorLambdaFunctionAssociation[]

A config block that triggers a lambda function with specific actions (maximum 4).

maxTtl number

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

minTtl number

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

originRequestPolicyId string

Unique identifier of the origin request policy that is attached to the behavior.

realtimeLogConfigArn string

ARN of the real-time log configuration that is attached to this cache behavior.

responseHeadersPolicyId string

Identifier for a response headers policy.

smoothStreaming boolean

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

trustedKeyGroups string[]

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners string[]

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

allowed_methods Sequence[str]

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

cached_methods Sequence[str]

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

target_origin_id str

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

viewer_protocol_policy str

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

cache_policy_id str

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

compress bool

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

default_ttl int

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

field_level_encryption_id str

Field level encryption configuration ID.

forwarded_values DistributionDefaultCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

function_associations Sequence[DistributionDefaultCacheBehaviorFunctionAssociation]

A config block that triggers a cloudfront function with specific actions (maximum 2).

lambda_function_associations Sequence[DistributionDefaultCacheBehaviorLambdaFunctionAssociation]

A config block that triggers a lambda function with specific actions (maximum 4).

max_ttl int

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

min_ttl int

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

origin_request_policy_id str

Unique identifier of the origin request policy that is attached to the behavior.

realtime_log_config_arn str

ARN of the real-time log configuration that is attached to this cache behavior.

response_headers_policy_id str

Identifier for a response headers policy.

smooth_streaming bool

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

trusted_key_groups Sequence[str]

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trusted_signers Sequence[str]

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

allowedMethods List<String>

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

cachedMethods List<String>

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

targetOriginId String

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

viewerProtocolPolicy String

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

cachePolicyId String

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

compress Boolean

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

defaultTtl Number

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

fieldLevelEncryptionId String

Field level encryption configuration ID.

forwardedValues Property Map

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

functionAssociations List<Property Map>

A config block that triggers a cloudfront function with specific actions (maximum 2).

lambdaFunctionAssociations List<Property Map>

A config block that triggers a lambda function with specific actions (maximum 4).

maxTtl Number

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

minTtl Number

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

originRequestPolicyId String

Unique identifier of the origin request policy that is attached to the behavior.

realtimeLogConfigArn String

ARN of the real-time log configuration that is attached to this cache behavior.

responseHeadersPolicyId String

Identifier for a response headers policy.

smoothStreaming Boolean

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

trustedKeyGroups List<String>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners List<String>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

DistributionDefaultCacheBehaviorForwardedValues

Cookies DistributionDefaultCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

QueryString bool

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

Headers List<string>

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

QueryStringCacheKeys List<string>

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

Cookies DistributionDefaultCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

QueryString bool

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

Headers []string

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

QueryStringCacheKeys []string

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies DistributionDefaultCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

queryString Boolean

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

headers List<String>

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

queryStringCacheKeys List<String>

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies DistributionDefaultCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

queryString boolean

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

headers string[]

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

queryStringCacheKeys string[]

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies DistributionDefaultCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

query_string bool

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

headers Sequence[str]

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

query_string_cache_keys Sequence[str]

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies Property Map

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

queryString Boolean

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

headers List<String>

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

queryStringCacheKeys List<String>

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

DistributionDefaultCacheBehaviorForwardedValuesCookies

Forward string

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

WhitelistedNames List<string>

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

Forward string

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

WhitelistedNames []string

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward String

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

whitelistedNames List<String>

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward string

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

whitelistedNames string[]

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward str

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

whitelisted_names Sequence[str]

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward String

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

whitelistedNames List<String>

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

DistributionDefaultCacheBehaviorFunctionAssociation

EventType string

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

FunctionArn string

ARN of the CloudFront function.

EventType string

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

FunctionArn string

ARN of the CloudFront function.

eventType String

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

functionArn String

ARN of the CloudFront function.

eventType string

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

functionArn string

ARN of the CloudFront function.

event_type str

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

function_arn str

ARN of the CloudFront function.

eventType String

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

functionArn String

ARN of the CloudFront function.

DistributionDefaultCacheBehaviorLambdaFunctionAssociation

EventType string

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

LambdaArn string

ARN of the Lambda function.

IncludeBody bool

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

EventType string

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

LambdaArn string

ARN of the Lambda function.

IncludeBody bool

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType String

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

lambdaArn String

ARN of the Lambda function.

includeBody Boolean

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType string

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

lambdaArn string

ARN of the Lambda function.

includeBody boolean

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

event_type str

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

lambda_arn str

ARN of the Lambda function.

include_body bool

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType String

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

lambdaArn String

ARN of the Lambda function.

includeBody Boolean

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

DistributionLoggingConfig

Bucket string

Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

IncludeCookies bool

Whether to include cookies in access logs (default: false).

Prefix string

Prefix to the access log filenames for this distribution, for example, myprefix/.

Bucket string

Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

IncludeCookies bool

Whether to include cookies in access logs (default: false).

Prefix string

Prefix to the access log filenames for this distribution, for example, myprefix/.

bucket String

Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

includeCookies Boolean

Whether to include cookies in access logs (default: false).

prefix String

Prefix to the access log filenames for this distribution, for example, myprefix/.

bucket string

Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

includeCookies boolean

Whether to include cookies in access logs (default: false).

prefix string

Prefix to the access log filenames for this distribution, for example, myprefix/.

bucket str

Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

include_cookies bool

Whether to include cookies in access logs (default: false).

prefix str

Prefix to the access log filenames for this distribution, for example, myprefix/.

bucket String

Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.

includeCookies Boolean

Whether to include cookies in access logs (default: false).

prefix String

Prefix to the access log filenames for this distribution, for example, myprefix/.

DistributionOrderedCacheBehavior

AllowedMethods List<string>

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

CachedMethods List<string>

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

PathPattern string

Pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.

TargetOriginId string

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

ViewerProtocolPolicy string

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

CachePolicyId string

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

Compress bool

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

DefaultTtl int

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

FieldLevelEncryptionId string

Field level encryption configuration ID.

ForwardedValues DistributionOrderedCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

FunctionAssociations List<DistributionOrderedCacheBehaviorFunctionAssociation>

A config block that triggers a cloudfront function with specific actions (maximum 2).

LambdaFunctionAssociations List<DistributionOrderedCacheBehaviorLambdaFunctionAssociation>

A config block that triggers a lambda function with specific actions (maximum 4).

MaxTtl int

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

MinTtl int

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

OriginRequestPolicyId string

Unique identifier of the origin request policy that is attached to the behavior.

RealtimeLogConfigArn string

ARN of the real-time log configuration that is attached to this cache behavior.

ResponseHeadersPolicyId string

Identifier for a response headers policy.

SmoothStreaming bool

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

TrustedKeyGroups List<string>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

TrustedSigners List<string>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

AllowedMethods []string

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

CachedMethods []string

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

PathPattern string

Pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.

TargetOriginId string

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

ViewerProtocolPolicy string

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

CachePolicyId string

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

Compress bool

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

DefaultTtl int

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

FieldLevelEncryptionId string

Field level encryption configuration ID.

ForwardedValues DistributionOrderedCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

FunctionAssociations []DistributionOrderedCacheBehaviorFunctionAssociation

A config block that triggers a cloudfront function with specific actions (maximum 2).

LambdaFunctionAssociations []DistributionOrderedCacheBehaviorLambdaFunctionAssociation

A config block that triggers a lambda function with specific actions (maximum 4).

MaxTtl int

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

MinTtl int

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

OriginRequestPolicyId string

Unique identifier of the origin request policy that is attached to the behavior.

RealtimeLogConfigArn string

ARN of the real-time log configuration that is attached to this cache behavior.

ResponseHeadersPolicyId string

Identifier for a response headers policy.

SmoothStreaming bool

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

TrustedKeyGroups []string

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

TrustedSigners []string

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

allowedMethods List<String>

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

cachedMethods List<String>

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

pathPattern String

Pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.

targetOriginId String

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

viewerProtocolPolicy String

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

cachePolicyId String

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

compress Boolean

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

defaultTtl Integer

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

fieldLevelEncryptionId String

Field level encryption configuration ID.

forwardedValues DistributionOrderedCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

functionAssociations List<DistributionOrderedCacheBehaviorFunctionAssociation>

A config block that triggers a cloudfront function with specific actions (maximum 2).

lambdaFunctionAssociations List<DistributionOrderedCacheBehaviorLambdaFunctionAssociation>

A config block that triggers a lambda function with specific actions (maximum 4).

maxTtl Integer

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

minTtl Integer

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

originRequestPolicyId String

Unique identifier of the origin request policy that is attached to the behavior.

realtimeLogConfigArn String

ARN of the real-time log configuration that is attached to this cache behavior.

responseHeadersPolicyId String

Identifier for a response headers policy.

smoothStreaming Boolean

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

trustedKeyGroups List<String>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners List<String>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

allowedMethods string[]

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

cachedMethods string[]

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

pathPattern string

Pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.

targetOriginId string

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

viewerProtocolPolicy string

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

cachePolicyId string

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

compress boolean

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

defaultTtl number

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

fieldLevelEncryptionId string

Field level encryption configuration ID.

forwardedValues DistributionOrderedCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

functionAssociations DistributionOrderedCacheBehaviorFunctionAssociation[]

A config block that triggers a cloudfront function with specific actions (maximum 2).

lambdaFunctionAssociations DistributionOrderedCacheBehaviorLambdaFunctionAssociation[]

A config block that triggers a lambda function with specific actions (maximum 4).

maxTtl number

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

minTtl number

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

originRequestPolicyId string

Unique identifier of the origin request policy that is attached to the behavior.

realtimeLogConfigArn string

ARN of the real-time log configuration that is attached to this cache behavior.

responseHeadersPolicyId string

Identifier for a response headers policy.

smoothStreaming boolean

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

trustedKeyGroups string[]

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners string[]

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

allowed_methods Sequence[str]

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

cached_methods Sequence[str]

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

path_pattern str

Pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.

target_origin_id str

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

viewer_protocol_policy str

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

cache_policy_id str

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

compress bool

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

default_ttl int

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

field_level_encryption_id str

Field level encryption configuration ID.

forwarded_values DistributionOrderedCacheBehaviorForwardedValues

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

function_associations Sequence[DistributionOrderedCacheBehaviorFunctionAssociation]

A config block that triggers a cloudfront function with specific actions (maximum 2).

lambda_function_associations Sequence[DistributionOrderedCacheBehaviorLambdaFunctionAssociation]

A config block that triggers a lambda function with specific actions (maximum 4).

max_ttl int

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

min_ttl int

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

origin_request_policy_id str

Unique identifier of the origin request policy that is attached to the behavior.

realtime_log_config_arn str

ARN of the real-time log configuration that is attached to this cache behavior.

response_headers_policy_id str

Identifier for a response headers policy.

smooth_streaming bool

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

trusted_key_groups Sequence[str]

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trusted_signers Sequence[str]

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

allowedMethods List<String>

Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.

cachedMethods List<String>

Controls whether CloudFront caches the response to requests using the specified HTTP methods.

pathPattern String

Pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.

targetOriginId String

Value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.

viewerProtocolPolicy String

Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.

cachePolicyId String

Unique identifier of the cache policy that is attached to the cache behavior. If configuring the default_cache_behavior either cache_policy_id or forwarded_values must be set.

compress Boolean

Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).

defaultTtl Number

Default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.

fieldLevelEncryptionId String

Field level encryption configuration ID.

forwardedValues Property Map

The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).

functionAssociations List<Property Map>

A config block that triggers a cloudfront function with specific actions (maximum 2).

lambdaFunctionAssociations List<Property Map>

A config block that triggers a lambda function with specific actions (maximum 4).

maxTtl Number

Maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.

minTtl Number

Minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.

originRequestPolicyId String

Unique identifier of the origin request policy that is attached to the behavior.

realtimeLogConfigArn String

ARN of the real-time log configuration that is attached to this cache behavior.

responseHeadersPolicyId String

Identifier for a response headers policy.

smoothStreaming Boolean

Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.

trustedKeyGroups List<String>

List of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.

trustedSigners List<String>

List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

DistributionOrderedCacheBehaviorForwardedValues

Cookies DistributionOrderedCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

QueryString bool

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

Headers List<string>

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

QueryStringCacheKeys List<string>

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

Cookies DistributionOrderedCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

QueryString bool

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

Headers []string

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

QueryStringCacheKeys []string

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies DistributionOrderedCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

queryString Boolean

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

headers List<String>

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

queryStringCacheKeys List<String>

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies DistributionOrderedCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

queryString boolean

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

headers string[]

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

queryStringCacheKeys string[]

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies DistributionOrderedCacheBehaviorForwardedValuesCookies

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

query_string bool

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

headers Sequence[str]

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

query_string_cache_keys Sequence[str]

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies Property Map

The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).

queryString Boolean

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.

headers List<String>

Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.

queryStringCacheKeys List<String>

When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

DistributionOrderedCacheBehaviorForwardedValuesCookies

Forward string

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

WhitelistedNames List<string>

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

Forward string

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

WhitelistedNames []string

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward String

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

whitelistedNames List<String>

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward string

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

whitelistedNames string[]

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward str

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

whitelisted_names Sequence[str]

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward String

Whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names.

whitelistedNames List<String>

If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

DistributionOrderedCacheBehaviorFunctionAssociation

EventType string

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

FunctionArn string

ARN of the CloudFront function.

EventType string

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

FunctionArn string

ARN of the CloudFront function.

eventType String

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

functionArn String

ARN of the CloudFront function.

eventType string

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

functionArn string

ARN of the CloudFront function.

event_type str

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

function_arn str

ARN of the CloudFront function.

eventType String

Specific event to trigger this function. Valid values: viewer-request or viewer-response.

functionArn String

ARN of the CloudFront function.

DistributionOrderedCacheBehaviorLambdaFunctionAssociation

EventType string

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

LambdaArn string

ARN of the Lambda function.

IncludeBody bool

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

EventType string

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

LambdaArn string

ARN of the Lambda function.

IncludeBody bool

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType String

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

lambdaArn String

ARN of the Lambda function.

includeBody Boolean

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType string

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

lambdaArn string

ARN of the Lambda function.

includeBody boolean

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

event_type str

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

lambda_arn str

ARN of the Lambda function.

include_body bool

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType String

Specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response.

lambdaArn String

ARN of the Lambda function.

includeBody Boolean

When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

DistributionOrigin

DomainName string

DNS domain name of either the S3 bucket, or web site of your custom origin.

OriginId string

Unique identifier for the origin.

ConnectionAttempts int

Number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.

ConnectionTimeout int

Number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.

CustomHeaders List<DistributionOriginCustomHeader>

One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).

CustomOriginConfig DistributionOriginCustomOriginConfig

The CloudFront custom origin configuration information. If an S3 origin is required, use origin_access_control_id or s3_origin_config instead.

OriginAccessControlId string

Unique identifier of a [CloudFront origin access control][8] for this origin.

OriginPath string

Optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

OriginShield DistributionOriginOriginShield

The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.

S3OriginConfig DistributionOriginS3OriginConfig

The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

DomainName string

DNS domain name of either the S3 bucket, or web site of your custom origin.

OriginId string

Unique identifier for the origin.

ConnectionAttempts int

Number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.

ConnectionTimeout int

Number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.

CustomHeaders []DistributionOriginCustomHeader

One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).

CustomOriginConfig DistributionOriginCustomOriginConfig

The CloudFront custom origin configuration information. If an S3 origin is required, use origin_access_control_id or s3_origin_config instead.

OriginAccessControlId string

Unique identifier of a [CloudFront origin access control][8] for this origin.

OriginPath string

Optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

OriginShield DistributionOriginOriginShield

The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.

S3OriginConfig DistributionOriginS3OriginConfig

The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

domainName String

DNS domain name of either the S3 bucket, or web site of your custom origin.

originId String

Unique identifier for the origin.

connectionAttempts Integer

Number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.

connectionTimeout Integer

Number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.

customHeaders List<DistributionOriginCustomHeader>

One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).

customOriginConfig DistributionOriginCustomOriginConfig

The CloudFront custom origin configuration information. If an S3 origin is required, use origin_access_control_id or s3_origin_config instead.

originAccessControlId String

Unique identifier of a [CloudFront origin access control][8] for this origin.

originPath String

Optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

originShield DistributionOriginOriginShield

The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.

s3OriginConfig DistributionOriginS3OriginConfig

The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

domainName string

DNS domain name of either the S3 bucket, or web site of your custom origin.

originId string

Unique identifier for the origin.

connectionAttempts number

Number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.

connectionTimeout number

Number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.

customHeaders DistributionOriginCustomHeader[]

One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).

customOriginConfig DistributionOriginCustomOriginConfig

The CloudFront custom origin configuration information. If an S3 origin is required, use origin_access_control_id or s3_origin_config instead.

originAccessControlId string

Unique identifier of a [CloudFront origin access control][8] for this origin.

originPath string

Optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

originShield DistributionOriginOriginShield

The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.

s3OriginConfig DistributionOriginS3OriginConfig

The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

domain_name str

DNS domain name of either the S3 bucket, or web site of your custom origin.

origin_id str

Unique identifier for the origin.

connection_attempts int

Number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.

connection_timeout int

Number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.

custom_headers Sequence[DistributionOriginCustomHeader]

One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).

custom_origin_config DistributionOriginCustomOriginConfig

The CloudFront custom origin configuration information. If an S3 origin is required, use origin_access_control_id or s3_origin_config instead.

origin_access_control_id str

Unique identifier of a [CloudFront origin access control][8] for this origin.

origin_path str

Optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

origin_shield DistributionOriginOriginShield

The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.

s3_origin_config DistributionOriginS3OriginConfig

The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

domainName String

DNS domain name of either the S3 bucket, or web site of your custom origin.

originId String

Unique identifier for the origin.

connectionAttempts Number

Number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.

connectionTimeout Number

Number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.

customHeaders List<Property Map>

One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).

customOriginConfig Property Map

The CloudFront custom origin configuration information. If an S3 origin is required, use origin_access_control_id or s3_origin_config instead.

originAccessControlId String

Unique identifier of a [CloudFront origin access control][8] for this origin.

originPath String

Optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.

originShield Property Map

The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.

s3OriginConfig Property Map

The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

DistributionOriginCustomHeader

Name string
Value string
Name string
Value string
name String
value String
name string
value string
name str
value str
name String
value String

DistributionOriginCustomOriginConfig

HttpPort int

HTTP port the custom origin listens on.

HttpsPort int

HTTPS port the custom origin listens on.

OriginProtocolPolicy string

Origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.

OriginSslProtocols List<string>

SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

OriginKeepaliveTimeout int

The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

OriginReadTimeout int

The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

HttpPort int

HTTP port the custom origin listens on.

HttpsPort int

HTTPS port the custom origin listens on.

OriginProtocolPolicy string

Origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.

OriginSslProtocols []string

SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

OriginKeepaliveTimeout int

The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

OriginReadTimeout int

The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

httpPort Integer

HTTP port the custom origin listens on.

httpsPort Integer

HTTPS port the custom origin listens on.

originProtocolPolicy String

Origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.

originSslProtocols List<String>

SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

originKeepaliveTimeout Integer

The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

originReadTimeout Integer

The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

httpPort number

HTTP port the custom origin listens on.

httpsPort number

HTTPS port the custom origin listens on.

originProtocolPolicy string

Origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.

originSslProtocols string[]

SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

originKeepaliveTimeout number

The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

originReadTimeout number

The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

http_port int

HTTP port the custom origin listens on.

https_port int

HTTPS port the custom origin listens on.

origin_protocol_policy str

Origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.

origin_ssl_protocols Sequence[str]

SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

origin_keepalive_timeout int

The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

origin_read_timeout int

The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

httpPort Number

HTTP port the custom origin listens on.

httpsPort Number

HTTPS port the custom origin listens on.

originProtocolPolicy String

Origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.

originSslProtocols List<String>

SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.

originKeepaliveTimeout Number

The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

originReadTimeout Number

The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

DistributionOriginGroup

FailoverCriteria DistributionOriginGroupFailoverCriteria

The failover criteria for when to failover to the secondary origin.

Members List<DistributionOriginGroupMember>

Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.

OriginId string

Unique identifier for the origin.

FailoverCriteria DistributionOriginGroupFailoverCriteria

The failover criteria for when to failover to the secondary origin.

Members []DistributionOriginGroupMember

Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.

OriginId string

Unique identifier for the origin.

failoverCriteria DistributionOriginGroupFailoverCriteria

The failover criteria for when to failover to the secondary origin.

members List<DistributionOriginGroupMember>

Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.

originId String

Unique identifier for the origin.

failoverCriteria DistributionOriginGroupFailoverCriteria

The failover criteria for when to failover to the secondary origin.

members DistributionOriginGroupMember[]

Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.

originId string

Unique identifier for the origin.

failover_criteria DistributionOriginGroupFailoverCriteria

The failover criteria for when to failover to the secondary origin.

members Sequence[DistributionOriginGroupMember]

Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.

origin_id str

Unique identifier for the origin.

failoverCriteria Property Map

The failover criteria for when to failover to the secondary origin.

members List<Property Map>

Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.

originId String

Unique identifier for the origin.

DistributionOriginGroupFailoverCriteria

StatusCodes List<int>

List of HTTP status codes for the origin group.

StatusCodes []int

List of HTTP status codes for the origin group.

statusCodes List<Integer>

List of HTTP status codes for the origin group.

statusCodes number[]

List of HTTP status codes for the origin group.

status_codes Sequence[int]

List of HTTP status codes for the origin group.

statusCodes List<Number>

List of HTTP status codes for the origin group.

DistributionOriginGroupMember

OriginId string

Unique identifier for the origin.

OriginId string

Unique identifier for the origin.

originId String

Unique identifier for the origin.

originId string

Unique identifier for the origin.

origin_id str

Unique identifier for the origin.

originId String

Unique identifier for the origin.

DistributionOriginOriginShield

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

OriginShieldRegion string

AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

OriginShieldRegion string

AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

originShieldRegion String

AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.

enabled boolean

Whether the distribution is enabled to accept end user requests for content.

originShieldRegion string

AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.

enabled bool

Whether the distribution is enabled to accept end user requests for content.

origin_shield_region str

AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

originShieldRegion String

AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.

DistributionOriginS3OriginConfig

OriginAccessIdentity string

The CloudFront origin access identity to associate with the origin.

OriginAccessIdentity string

The CloudFront origin access identity to associate with the origin.

originAccessIdentity String

The CloudFront origin access identity to associate with the origin.

originAccessIdentity string

The CloudFront origin access identity to associate with the origin.

origin_access_identity str

The CloudFront origin access identity to associate with the origin.

originAccessIdentity String

The CloudFront origin access identity to associate with the origin.

DistributionRestrictions

DistributionRestrictionsGeoRestriction

RestrictionType string

Method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.

Locations List<string>

[ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). If the type is specified as none an empty array can be used.

RestrictionType string

Method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.

Locations []string

[ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). If the type is specified as none an empty array can be used.

restrictionType String

Method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.

locations List<String>

[ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). If the type is specified as none an empty array can be used.

restrictionType string

Method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.

locations string[]

[ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). If the type is specified as none an empty array can be used.

restriction_type str

Method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.

locations Sequence[str]

[ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). If the type is specified as none an empty array can be used.

restrictionType String

Method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.

locations List<String>

[ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist). If the type is specified as none an empty array can be used.

DistributionTrustedKeyGroup

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

Items List<DistributionTrustedKeyGroupItem>

List of nested attributes for each trusted signer

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

Items []DistributionTrustedKeyGroupItem

List of nested attributes for each trusted signer

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

items List<DistributionTrustedKeyGroupItem>

List of nested attributes for each trusted signer

enabled boolean

Whether the distribution is enabled to accept end user requests for content.

items DistributionTrustedKeyGroupItem[]

List of nested attributes for each trusted signer

enabled bool

Whether the distribution is enabled to accept end user requests for content.

items Sequence[DistributionTrustedKeyGroupItem]

List of nested attributes for each trusted signer

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

items List<Property Map>

List of nested attributes for each trusted signer

DistributionTrustedKeyGroupItem

KeyGroupId string

ID of the key group that contains the public keys.

KeyPairIds List<string>

Set of active CloudFront key pairs associated with the signer account

KeyGroupId string

ID of the key group that contains the public keys.

KeyPairIds []string

Set of active CloudFront key pairs associated with the signer account

keyGroupId String

ID of the key group that contains the public keys.

keyPairIds List<String>

Set of active CloudFront key pairs associated with the signer account

keyGroupId string

ID of the key group that contains the public keys.

keyPairIds string[]

Set of active CloudFront key pairs associated with the signer account

key_group_id str

ID of the key group that contains the public keys.

key_pair_ids Sequence[str]

Set of active CloudFront key pairs associated with the signer account

keyGroupId String

ID of the key group that contains the public keys.

keyPairIds List<String>

Set of active CloudFront key pairs associated with the signer account

DistributionTrustedSigner

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

Items List<DistributionTrustedSignerItem>

List of nested attributes for each trusted signer

Enabled bool

Whether the distribution is enabled to accept end user requests for content.

Items []DistributionTrustedSignerItem

List of nested attributes for each trusted signer

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

items List<DistributionTrustedSignerItem>

List of nested attributes for each trusted signer

enabled boolean

Whether the distribution is enabled to accept end user requests for content.

items DistributionTrustedSignerItem[]

List of nested attributes for each trusted signer

enabled bool

Whether the distribution is enabled to accept end user requests for content.

items Sequence[DistributionTrustedSignerItem]

List of nested attributes for each trusted signer

enabled Boolean

Whether the distribution is enabled to accept end user requests for content.

items List<Property Map>

List of nested attributes for each trusted signer

DistributionTrustedSignerItem

AwsAccountNumber string

AWS account ID or self

KeyPairIds List<string>

Set of active CloudFront key pairs associated with the signer account

AwsAccountNumber string

AWS account ID or self

KeyPairIds []string

Set of active CloudFront key pairs associated with the signer account

awsAccountNumber String

AWS account ID or self

keyPairIds List<String>

Set of active CloudFront key pairs associated with the signer account

awsAccountNumber string

AWS account ID or self

keyPairIds string[]

Set of active CloudFront key pairs associated with the signer account

aws_account_number str

AWS account ID or self

key_pair_ids Sequence[str]

Set of active CloudFront key pairs associated with the signer account

awsAccountNumber String

AWS account ID or self

keyPairIds List<String>

Set of active CloudFront key pairs associated with the signer account

DistributionViewerCertificate

AcmCertificateArn string

ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.

CloudfrontDefaultCertificate bool

true if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.

IamCertificateId string

IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.

MinimumProtocolVersion string

Minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under "Security policy." Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

SslSupportMethod string

How you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges.

AcmCertificateArn string

ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.

CloudfrontDefaultCertificate bool

true if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.

IamCertificateId string

IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.

MinimumProtocolVersion string

Minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under "Security policy." Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

SslSupportMethod string

How you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges.

acmCertificateArn String

ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.

cloudfrontDefaultCertificate Boolean

true if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.

iamCertificateId String

IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.

minimumProtocolVersion String

Minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under "Security policy." Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

sslSupportMethod String

How you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges.

acmCertificateArn string

ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.

cloudfrontDefaultCertificate boolean

true if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.

iamCertificateId string

IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.

minimumProtocolVersion string

Minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under "Security policy." Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

sslSupportMethod string

How you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges.

acm_certificate_arn str

ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.

cloudfront_default_certificate bool

true if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.

iam_certificate_id str

IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.

minimum_protocol_version str

Minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under "Security policy." Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

ssl_support_method str

How you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges.

acmCertificateArn String

ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.

cloudfrontDefaultCertificate Boolean

true if you want viewers to use HTTPS to request your objects and you're using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.

iamCertificateId String

IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.

minimumProtocolVersion String

Minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under "Security policy." Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.

sslSupportMethod String

How you want CloudFront to serve HTTPS requests. One of vip or sni-only. Required if you specify acm_certificate_arn or iam_certificate_id. NOTE: vip causes CloudFront to use a dedicated IP address and may incur extra charges.

Import

CloudFront Distributions can be imported using the id, e.g.,

 $ pulumi import aws:cloudfront/distribution:Distribution distribution E74FTE3EXAMPLE

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.