AWS Classic

v4.30.0 published on Tuesday, Nov 30, 2021 by Pulumi

Distribution

Creates an Amazon CloudFront web distribution.

For information about CloudFront distributions, see the Amazon CloudFront Developer Guide. For specific information about creating CloudFront web distributions, see the POST Distribution page in the Amazon CloudFront API Reference.

NOTE: CloudFront distributions take about 15 minutes to a deployed state after creation or modification. During this time, deletes to resources will be blocked. If you need to delete a distribution that is enabled and you do not want to wait, you need to use the retain_on_delete flag.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
        {
            Acl = "private",
            Tags = 
            {
                { "Name", "My bucket" },
            },
        });
        var s3OriginId = "myS3Origin";
        var s3Distribution = new Aws.CloudFront.Distribution("s3Distribution", new Aws.CloudFront.DistributionArgs
        {
            Origins = 
            {
                new Aws.CloudFront.Inputs.DistributionOriginArgs
                {
                    DomainName = bucket.BucketRegionalDomainName,
                    OriginId = s3OriginId,
                    S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs
                    {
                        OriginAccessIdentity = "origin-access-identity/cloudfront/ABCDEFG1234567",
                    },
                },
            },
            Enabled = true,
            IsIpv6Enabled = true,
            Comment = "Some comment",
            DefaultRootObject = "index.html",
            LoggingConfig = new Aws.CloudFront.Inputs.DistributionLoggingConfigArgs
            {
                IncludeCookies = false,
                Bucket = "mylogs.s3.amazonaws.com",
                Prefix = "myprefix",
            },
            Aliases = 
            {
                "mysite.example.com",
                "yoursite.example.com",
            },
            DefaultCacheBehavior = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorArgs
            {
                AllowedMethods = 
                {
                    "DELETE",
                    "GET",
                    "HEAD",
                    "OPTIONS",
                    "PATCH",
                    "POST",
                    "PUT",
                },
                CachedMethods = 
                {
                    "GET",
                    "HEAD",
                },
                TargetOriginId = s3OriginId,
                ForwardedValues = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorForwardedValuesArgs
                {
                    QueryString = false,
                    Cookies = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs
                    {
                        Forward = "none",
                    },
                },
                ViewerProtocolPolicy = "allow-all",
                MinTtl = 0,
                DefaultTtl = 3600,
                MaxTtl = 86400,
            },
            OrderedCacheBehaviors = 
            {
                new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorArgs
                {
                    PathPattern = "/content/immutable/*",
                    AllowedMethods = 
                    {
                        "GET",
                        "HEAD",
                        "OPTIONS",
                    },
                    CachedMethods = 
                    {
                        "GET",
                        "HEAD",
                        "OPTIONS",
                    },
                    TargetOriginId = s3OriginId,
                    ForwardedValues = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesArgs
                    {
                        QueryString = false,
                        Headers = 
                        {
                            "Origin",
                        },
                        Cookies = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs
                        {
                            Forward = "none",
                        },
                    },
                    MinTtl = 0,
                    DefaultTtl = 86400,
                    MaxTtl = 31536000,
                    Compress = true,
                    ViewerProtocolPolicy = "redirect-to-https",
                },
                new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorArgs
                {
                    PathPattern = "/content/*",
                    AllowedMethods = 
                    {
                        "GET",
                        "HEAD",
                        "OPTIONS",
                    },
                    CachedMethods = 
                    {
                        "GET",
                        "HEAD",
                    },
                    TargetOriginId = s3OriginId,
                    ForwardedValues = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesArgs
                    {
                        QueryString = false,
                        Cookies = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs
                        {
                            Forward = "none",
                        },
                    },
                    MinTtl = 0,
                    DefaultTtl = 3600,
                    MaxTtl = 86400,
                    Compress = true,
                    ViewerProtocolPolicy = "redirect-to-https",
                },
            },
            PriceClass = "PriceClass_200",
            Restrictions = new Aws.CloudFront.Inputs.DistributionRestrictionsArgs
            {
                GeoRestriction = new Aws.CloudFront.Inputs.DistributionRestrictionsGeoRestrictionArgs
                {
                    RestrictionType = "whitelist",
                    Locations = 
                    {
                        "US",
                        "CA",
                        "GB",
                        "DE",
                    },
                },
            },
            Tags = 
            {
                { "Environment", "production" },
            },
            ViewerCertificate = new Aws.CloudFront.Inputs.DistributionViewerCertificateArgs
            {
                CloudfrontDefaultCertificate = true,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront"
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		bucket, err := s3.NewBucket(ctx, "bucket", &s3.BucketArgs{
			Acl: pulumi.String("private"),
			Tags: pulumi.StringMap{
				"Name": pulumi.String("My bucket"),
			},
		})
		if err != nil {
			return err
		}
		s3OriginId := "myS3Origin"
		_, err = cloudfront.NewDistribution(ctx, "s3Distribution", &cloudfront.DistributionArgs{
			Origins: cloudfront.DistributionOriginArray{
				&cloudfront.DistributionOriginArgs{
					DomainName: bucket.BucketRegionalDomainName,
					OriginId:   pulumi.String(s3OriginId),
					S3OriginConfig: &cloudfront.DistributionOriginS3OriginConfigArgs{
						OriginAccessIdentity: pulumi.String("origin-access-identity/cloudfront/ABCDEFG1234567"),
					},
				},
			},
			Enabled:           pulumi.Bool(true),
			IsIpv6Enabled:     pulumi.Bool(true),
			Comment:           pulumi.String("Some comment"),
			DefaultRootObject: pulumi.String("index.html"),
			LoggingConfig: &cloudfront.DistributionLoggingConfigArgs{
				IncludeCookies: pulumi.Bool(false),
				Bucket:         pulumi.String("mylogs.s3.amazonaws.com"),
				Prefix:         pulumi.String("myprefix"),
			},
			Aliases: pulumi.StringArray{
				pulumi.String("mysite.example.com"),
				pulumi.String("yoursite.example.com"),
			},
			DefaultCacheBehavior: &cloudfront.DistributionDefaultCacheBehaviorArgs{
				AllowedMethods: pulumi.StringArray{
					pulumi.String("DELETE"),
					pulumi.String("GET"),
					pulumi.String("HEAD"),
					pulumi.String("OPTIONS"),
					pulumi.String("PATCH"),
					pulumi.String("POST"),
					pulumi.String("PUT"),
				},
				CachedMethods: pulumi.StringArray{
					pulumi.String("GET"),
					pulumi.String("HEAD"),
				},
				TargetOriginId: pulumi.String(s3OriginId),
				ForwardedValues: &cloudfront.DistributionDefaultCacheBehaviorForwardedValuesArgs{
					QueryString: pulumi.Bool(false),
					Cookies: &cloudfront.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs{
						Forward: pulumi.String("none"),
					},
				},
				ViewerProtocolPolicy: pulumi.String("allow-all"),
				MinTtl:               pulumi.Int(0),
				DefaultTtl:           pulumi.Int(3600),
				MaxTtl:               pulumi.Int(86400),
			},
			OrderedCacheBehaviors: cloudfront.DistributionOrderedCacheBehaviorArray{
				&cloudfront.DistributionOrderedCacheBehaviorArgs{
					PathPattern: pulumi.String("/content/immutable/*"),
					AllowedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("HEAD"),
						pulumi.String("OPTIONS"),
					},
					CachedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("HEAD"),
						pulumi.String("OPTIONS"),
					},
					TargetOriginId: pulumi.String(s3OriginId),
					ForwardedValues: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs{
						QueryString: pulumi.Bool(false),
						Headers: pulumi.StringArray{
							pulumi.String("Origin"),
						},
						Cookies: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs{
							Forward: pulumi.String("none"),
						},
					},
					MinTtl:               pulumi.Int(0),
					DefaultTtl:           pulumi.Int(86400),
					MaxTtl:               pulumi.Int(31536000),
					Compress:             pulumi.Bool(true),
					ViewerProtocolPolicy: pulumi.String("redirect-to-https"),
				},
				&cloudfront.DistributionOrderedCacheBehaviorArgs{
					PathPattern: pulumi.String("/content/*"),
					AllowedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("HEAD"),
						pulumi.String("OPTIONS"),
					},
					CachedMethods: pulumi.StringArray{
						pulumi.String("GET"),
						pulumi.String("HEAD"),
					},
					TargetOriginId: pulumi.String(s3OriginId),
					ForwardedValues: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs{
						QueryString: pulumi.Bool(false),
						Cookies: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs{
							Forward: pulumi.String("none"),
						},
					},
					MinTtl:               pulumi.Int(0),
					DefaultTtl:           pulumi.Int(3600),
					MaxTtl:               pulumi.Int(86400),
					Compress:             pulumi.Bool(true),
					ViewerProtocolPolicy: pulumi.String("redirect-to-https"),
				},
			},
			PriceClass: pulumi.String("PriceClass_200"),
			Restrictions: &cloudfront.DistributionRestrictionsArgs{
				GeoRestriction: &cloudfront.DistributionRestrictionsGeoRestrictionArgs{
					RestrictionType: pulumi.String("whitelist"),
					Locations: pulumi.StringArray{
						pulumi.String("US"),
						pulumi.String("CA"),
						pulumi.String("GB"),
						pulumi.String("DE"),
					},
				},
			},
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("production"),
			},
			ViewerCertificate: &cloudfront.DistributionViewerCertificateArgs{
				CloudfrontDefaultCertificate: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("bucket",
    acl="private",
    tags={
        "Name": "My bucket",
    })
s3_origin_id = "myS3Origin"
s3_distribution = aws.cloudfront.Distribution("s3Distribution",
    origins=[aws.cloudfront.DistributionOriginArgs(
        domain_name=bucket.bucket_regional_domain_name,
        origin_id=s3_origin_id,
        s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(
            origin_access_identity="origin-access-identity/cloudfront/ABCDEFG1234567",
        ),
    )],
    enabled=True,
    is_ipv6_enabled=True,
    comment="Some comment",
    default_root_object="index.html",
    logging_config=aws.cloudfront.DistributionLoggingConfigArgs(
        include_cookies=False,
        bucket="mylogs.s3.amazonaws.com",
        prefix="myprefix",
    ),
    aliases=[
        "mysite.example.com",
        "yoursite.example.com",
    ],
    default_cache_behavior=aws.cloudfront.DistributionDefaultCacheBehaviorArgs(
        allowed_methods=[
            "DELETE",
            "GET",
            "HEAD",
            "OPTIONS",
            "PATCH",
            "POST",
            "PUT",
        ],
        cached_methods=[
            "GET",
            "HEAD",
        ],
        target_origin_id=s3_origin_id,
        forwarded_values=aws.cloudfront.DistributionDefaultCacheBehaviorForwardedValuesArgs(
            query_string=False,
            cookies=aws.cloudfront.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs(
                forward="none",
            ),
        ),
        viewer_protocol_policy="allow-all",
        min_ttl=0,
        default_ttl=3600,
        max_ttl=86400,
    ),
    ordered_cache_behaviors=[
        aws.cloudfront.DistributionOrderedCacheBehaviorArgs(
            path_pattern="/content/immutable/*",
            allowed_methods=[
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            cached_methods=[
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            target_origin_id=s3_origin_id,
            forwarded_values=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs(
                query_string=False,
                headers=["Origin"],
                cookies=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs(
                    forward="none",
                ),
            ),
            min_ttl=0,
            default_ttl=86400,
            max_ttl=31536000,
            compress=True,
            viewer_protocol_policy="redirect-to-https",
        ),
        aws.cloudfront.DistributionOrderedCacheBehaviorArgs(
            path_pattern="/content/*",
            allowed_methods=[
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            cached_methods=[
                "GET",
                "HEAD",
            ],
            target_origin_id=s3_origin_id,
            forwarded_values=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs(
                query_string=False,
                cookies=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs(
                    forward="none",
                ),
            ),
            min_ttl=0,
            default_ttl=3600,
            max_ttl=86400,
            compress=True,
            viewer_protocol_policy="redirect-to-https",
        ),
    ],
    price_class="PriceClass_200",
    restrictions=aws.cloudfront.DistributionRestrictionsArgs(
        geo_restriction=aws.cloudfront.DistributionRestrictionsGeoRestrictionArgs(
            restriction_type="whitelist",
            locations=[
                "US",
                "CA",
                "GB",
                "DE",
            ],
        ),
    ),
    tags={
        "Environment": "production",
    },
    viewer_certificate=aws.cloudfront.DistributionViewerCertificateArgs(
        cloudfront_default_certificate=True,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const bucket = new aws.s3.Bucket("bucket", {
    acl: "private",
    tags: {
        Name: "My bucket",
    },
});
const s3OriginId = "myS3Origin";
const s3Distribution = new aws.cloudfront.Distribution("s3Distribution", {
    origins: [{
        domainName: bucket.bucketRegionalDomainName,
        originId: s3OriginId,
        s3OriginConfig: {
            originAccessIdentity: "origin-access-identity/cloudfront/ABCDEFG1234567",
        },
    }],
    enabled: true,
    isIpv6Enabled: true,
    comment: "Some comment",
    defaultRootObject: "index.html",
    loggingConfig: {
        includeCookies: false,
        bucket: "mylogs.s3.amazonaws.com",
        prefix: "myprefix",
    },
    aliases: [
        "mysite.example.com",
        "yoursite.example.com",
    ],
    defaultCacheBehavior: {
        allowedMethods: [
            "DELETE",
            "GET",
            "HEAD",
            "OPTIONS",
            "PATCH",
            "POST",
            "PUT",
        ],
        cachedMethods: [
            "GET",
            "HEAD",
        ],
        targetOriginId: s3OriginId,
        forwardedValues: {
            queryString: false,
            cookies: {
                forward: "none",
            },
        },
        viewerProtocolPolicy: "allow-all",
        minTtl: 0,
        defaultTtl: 3600,
        maxTtl: 86400,
    },
    orderedCacheBehaviors: [
        {
            pathPattern: "/content/immutable/*",
            allowedMethods: [
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            cachedMethods: [
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            targetOriginId: s3OriginId,
            forwardedValues: {
                queryString: false,
                headers: ["Origin"],
                cookies: {
                    forward: "none",
                },
            },
            minTtl: 0,
            defaultTtl: 86400,
            maxTtl: 31536000,
            compress: true,
            viewerProtocolPolicy: "redirect-to-https",
        },
        {
            pathPattern: "/content/*",
            allowedMethods: [
                "GET",
                "HEAD",
                "OPTIONS",
            ],
            cachedMethods: [
                "GET",
                "HEAD",
            ],
            targetOriginId: s3OriginId,
            forwardedValues: {
                queryString: false,
                cookies: {
                    forward: "none",
                },
            },
            minTtl: 0,
            defaultTtl: 3600,
            maxTtl: 86400,
            compress: true,
            viewerProtocolPolicy: "redirect-to-https",
        },
    ],
    priceClass: "PriceClass_200",
    restrictions: {
        geoRestriction: {
            restrictionType: "whitelist",
            locations: [
                "US",
                "CA",
                "GB",
                "DE",
            ],
        },
    },
    tags: {
        Environment: "production",
    },
    viewerCertificate: {
        cloudfrontDefaultCertificate: true,
    },
});

Create a Distribution Resource

new Distribution(name: string, args: DistributionArgs, opts?: CustomResourceOptions);
@overload
def Distribution(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 aliases: Optional[Sequence[str]] = None,
                 comment: Optional[str] = None,
                 custom_error_responses: Optional[Sequence[DistributionCustomErrorResponseArgs]] = None,
                 default_cache_behavior: Optional[DistributionDefaultCacheBehaviorArgs] = None,
                 default_root_object: Optional[str] = None,
                 enabled: Optional[bool] = None,
                 http_version: Optional[str] = None,
                 is_ipv6_enabled: Optional[bool] = None,
                 logging_config: Optional[DistributionLoggingConfigArgs] = None,
                 ordered_cache_behaviors: Optional[Sequence[DistributionOrderedCacheBehaviorArgs]] = None,
                 origin_groups: Optional[Sequence[DistributionOriginGroupArgs]] = None,
                 origins: Optional[Sequence[DistributionOriginArgs]] = None,
                 price_class: Optional[str] = None,
                 restrictions: Optional[DistributionRestrictionsArgs] = None,
                 retain_on_delete: Optional[bool] = None,
                 tags: Optional[Mapping[str, str]] = None,
                 viewer_certificate: Optional[DistributionViewerCertificateArgs] = None,
                 wait_for_deployment: Optional[bool] = None,
                 web_acl_id: Optional[str] = None)
@overload
def Distribution(resource_name: str,
                 args: DistributionArgs,
                 opts: Optional[ResourceOptions] = None)
func NewDistribution(ctx *Context, name string, args DistributionArgs, opts ...ResourceOption) (*Distribution, error)
public Distribution(string name, DistributionArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args DistributionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args DistributionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args DistributionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args DistributionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Distribution Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Distribution resource accepts the following input properties:

DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs
The default cache behavior for this distribution (maximum one).
Enabled bool
A flag that specifies whether Origin Shield is enabled.
Origins List<DistributionOriginArgs>
One or more origins for this distribution (multiples allowed).
Restrictions DistributionRestrictionsArgs
The restriction configuration for this distribution (maximum one).
ViewerCertificate DistributionViewerCertificateArgs
The SSL configuration for this distribution (maximum one).
Aliases List<string>
Extra CNAMEs (alternate domain names), if any, for this distribution.
Comment string
Any comments you want to include about the distribution.
CustomErrorResponses List<DistributionCustomErrorResponseArgs>
One or more custom error response elements (multiples allowed).
DefaultRootObject string
The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
HttpVersion string
The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
IsIpv6Enabled bool
Whether the IPv6 is enabled for the distribution.
LoggingConfig DistributionLoggingConfigArgs
The logging configuration that controls how logs are written to your distribution (maximum one).
OrderedCacheBehaviors List<DistributionOrderedCacheBehaviorArgs>
An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
OriginGroups List<DistributionOriginGroupArgs>
One or more origin_group for this distribution (multiples allowed).
PriceClass string
The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
RetainOnDelete bool
Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
Tags Dictionary<string, string>
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
WaitForDeployment bool
If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
WebAclId string
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.
DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs
The default cache behavior for this distribution (maximum one).
Enabled bool
A flag that specifies whether Origin Shield is enabled.
Origins []DistributionOriginArgs
One or more origins for this distribution (multiples allowed).
Restrictions DistributionRestrictionsArgs
The restriction configuration for this distribution (maximum one).
ViewerCertificate DistributionViewerCertificateArgs
The SSL configuration for this distribution (maximum one).
Aliases []string
Extra CNAMEs (alternate domain names), if any, for this distribution.
Comment string
Any comments you want to include about the distribution.
CustomErrorResponses []DistributionCustomErrorResponseArgs
One or more custom error response elements (multiples allowed).
DefaultRootObject string
The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
HttpVersion string
The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
IsIpv6Enabled bool
Whether the IPv6 is enabled for the distribution.
LoggingConfig DistributionLoggingConfigArgs
The logging configuration that controls how logs are written to your distribution (maximum one).
OrderedCacheBehaviors []DistributionOrderedCacheBehaviorArgs
An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
OriginGroups []DistributionOriginGroupArgs
One or more origin_group for this distribution (multiples allowed).
PriceClass string
The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
RetainOnDelete bool
Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
Tags map[string]string
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
WaitForDeployment bool
If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
WebAclId string
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.
defaultCacheBehavior DistributionDefaultCacheBehaviorArgs
The default cache behavior for this distribution (maximum one).
enabled boolean
A flag that specifies whether Origin Shield is enabled.
origins DistributionOriginArgs[]
One or more origins for this distribution (multiples allowed).
restrictions DistributionRestrictionsArgs
The restriction configuration for this distribution (maximum one).
viewerCertificate DistributionViewerCertificateArgs
The SSL configuration for this distribution (maximum one).
aliases string[]
Extra CNAMEs (alternate domain names), if any, for this distribution.
comment string
Any comments you want to include about the distribution.
customErrorResponses DistributionCustomErrorResponseArgs[]
One or more custom error response elements (multiples allowed).
defaultRootObject string
The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
httpVersion string
The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
isIpv6Enabled boolean
Whether the IPv6 is enabled for the distribution.
loggingConfig DistributionLoggingConfigArgs
The logging configuration that controls how logs are written to your distribution (maximum one).
orderedCacheBehaviors DistributionOrderedCacheBehaviorArgs[]
An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
originGroups DistributionOriginGroupArgs[]
One or more origin_group for this distribution (multiples allowed).
priceClass string
The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
retainOnDelete boolean
Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
tags {[key: string]: string}
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
waitForDeployment boolean
If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
webAclId string
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.
default_cache_behavior DistributionDefaultCacheBehaviorArgs
The default cache behavior for this distribution (maximum one).
enabled bool
A flag that specifies whether Origin Shield is enabled.
origins Sequence[DistributionOriginArgs]
One or more origins for this distribution (multiples allowed).
restrictions DistributionRestrictionsArgs
The restriction configuration for this distribution (maximum one).
viewer_certificate DistributionViewerCertificateArgs
The SSL configuration for this distribution (maximum one).
aliases Sequence[str]
Extra CNAMEs (alternate domain names), if any, for this distribution.
comment str
Any comments you want to include about the distribution.
custom_error_responses Sequence[DistributionCustomErrorResponseArgs]
One or more custom error response elements (multiples allowed).
default_root_object str
The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
http_version str
The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
is_ipv6_enabled bool
Whether the IPv6 is enabled for the distribution.
logging_config DistributionLoggingConfigArgs
The logging configuration that controls how logs are written to your distribution (maximum one).
ordered_cache_behaviors Sequence[DistributionOrderedCacheBehaviorArgs]
An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
origin_groups Sequence[DistributionOriginGroupArgs]
One or more origin_group for this distribution (multiples allowed).
price_class str
The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
retain_on_delete bool
Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
tags Mapping[str, str]
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
wait_for_deployment bool
If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
web_acl_id str
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

Outputs

All input properties are implicitly available as output properties. Additionally, the Distribution resource produces the following output properties:

Arn string
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
CallerReference string
Internal value used by CloudFront to allow future updates to the distribution configuration.
DomainName string
The DNS domain name of either the S3 bucket, or web site of your custom origin.
Etag string
The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
HostedZoneId string
The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
Id string
The provider-assigned unique ID for this managed resource.
InProgressValidationBatches int
The number of invalidation batches currently in progress.
LastModifiedTime string
The date and time the distribution was last modified.
Status string
The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
TrustedKeyGroups List<DistributionTrustedKeyGroup>
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
TrustedSigners List<DistributionTrustedSigner>
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
Arn string
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
CallerReference string
Internal value used by CloudFront to allow future updates to the distribution configuration.
DomainName string
The DNS domain name of either the S3 bucket, or web site of your custom origin.
Etag string
The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
HostedZoneId string
The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
Id string
The provider-assigned unique ID for this managed resource.
InProgressValidationBatches int
The number of invalidation batches currently in progress.
LastModifiedTime string
The date and time the distribution was last modified.
Status string
The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
TrustedKeyGroups []DistributionTrustedKeyGroup
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
TrustedSigners []DistributionTrustedSigner
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
arn string
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
callerReference string
Internal value used by CloudFront to allow future updates to the distribution configuration.
domainName string
The DNS domain name of either the S3 bucket, or web site of your custom origin.
etag string
The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
hostedZoneId string
The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
id string
The provider-assigned unique ID for this managed resource.
inProgressValidationBatches number
The number of invalidation batches currently in progress.
lastModifiedTime string
The date and time the distribution was last modified.
status string
The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
trustedKeyGroups DistributionTrustedKeyGroup[]
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
trustedSigners DistributionTrustedSigner[]
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
arn str
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
caller_reference str
Internal value used by CloudFront to allow future updates to the distribution configuration.
domain_name str
The DNS domain name of either the S3 bucket, or web site of your custom origin.
etag str
The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
hosted_zone_id str
The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
id str
The provider-assigned unique ID for this managed resource.
in_progress_validation_batches int
The number of invalidation batches currently in progress.
last_modified_time str
The date and time the distribution was last modified.
status str
The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
trusted_key_groups Sequence[DistributionTrustedKeyGroup]
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
trusted_signers Sequence[DistributionTrustedSigner]
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

Look up an Existing Distribution Resource

Get an existing Distribution resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DistributionState, opts?: CustomResourceOptions): Distribution
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        aliases: Optional[Sequence[str]] = None,
        arn: Optional[str] = None,
        caller_reference: Optional[str] = None,
        comment: Optional[str] = None,
        custom_error_responses: Optional[Sequence[DistributionCustomErrorResponseArgs]] = None,
        default_cache_behavior: Optional[DistributionDefaultCacheBehaviorArgs] = None,
        default_root_object: Optional[str] = None,
        domain_name: Optional[str] = None,
        enabled: Optional[bool] = None,
        etag: Optional[str] = None,
        hosted_zone_id: Optional[str] = None,
        http_version: Optional[str] = None,
        in_progress_validation_batches: Optional[int] = None,
        is_ipv6_enabled: Optional[bool] = None,
        last_modified_time: Optional[str] = None,
        logging_config: Optional[DistributionLoggingConfigArgs] = None,
        ordered_cache_behaviors: Optional[Sequence[DistributionOrderedCacheBehaviorArgs]] = None,
        origin_groups: Optional[Sequence[DistributionOriginGroupArgs]] = None,
        origins: Optional[Sequence[DistributionOriginArgs]] = None,
        price_class: Optional[str] = None,
        restrictions: Optional[DistributionRestrictionsArgs] = None,
        retain_on_delete: Optional[bool] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        trusted_key_groups: Optional[Sequence[DistributionTrustedKeyGroupArgs]] = None,
        trusted_signers: Optional[Sequence[DistributionTrustedSignerArgs]] = None,
        viewer_certificate: Optional[DistributionViewerCertificateArgs] = None,
        wait_for_deployment: Optional[bool] = None,
        web_acl_id: Optional[str] = None) -> Distribution
func GetDistribution(ctx *Context, name string, id IDInput, state *DistributionState, opts ...ResourceOption) (*Distribution, error)
public static Distribution Get(string name, Input<string> id, DistributionState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Aliases List<string>
Extra CNAMEs (alternate domain names), if any, for this distribution.
Arn string
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
CallerReference string
Internal value used by CloudFront to allow future updates to the distribution configuration.
Comment string
Any comments you want to include about the distribution.
CustomErrorResponses List<DistributionCustomErrorResponseArgs>
One or more custom error response elements (multiples allowed).
DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs
The default cache behavior for this distribution (maximum one).
DefaultRootObject string
The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
DomainName string
The DNS domain name of either the S3 bucket, or web site of your custom origin.
Enabled bool
A flag that specifies whether Origin Shield is enabled.
Etag string
The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
HostedZoneId string
The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
HttpVersion string
The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
InProgressValidationBatches int
The number of invalidation batches currently in progress.
IsIpv6Enabled bool
Whether the IPv6 is enabled for the distribution.
LastModifiedTime string
The date and time the distribution was last modified.
LoggingConfig DistributionLoggingConfigArgs
The logging configuration that controls how logs are written to your distribution (maximum one).
OrderedCacheBehaviors List<DistributionOrderedCacheBehaviorArgs>
An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
OriginGroups List<DistributionOriginGroupArgs>
One or more origin_group for this distribution (multiples allowed).
Origins List<DistributionOriginArgs>
One or more origins for this distribution (multiples allowed).
PriceClass string
The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
Restrictions DistributionRestrictionsArgs
The restriction configuration for this distribution (maximum one).
RetainOnDelete bool
Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
Status string
The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
Tags Dictionary<string, string>
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
TrustedKeyGroups List<DistributionTrustedKeyGroupArgs>
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
TrustedSigners List<DistributionTrustedSignerArgs>
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
ViewerCertificate DistributionViewerCertificateArgs
The SSL configuration for this distribution (maximum one).
WaitForDeployment bool
If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
WebAclId string
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.
Aliases []string
Extra CNAMEs (alternate domain names), if any, for this distribution.
Arn string
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
CallerReference string
Internal value used by CloudFront to allow future updates to the distribution configuration.
Comment string
Any comments you want to include about the distribution.
CustomErrorResponses []DistributionCustomErrorResponseArgs
One or more custom error response elements (multiples allowed).
DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs
The default cache behavior for this distribution (maximum one).
DefaultRootObject string
The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
DomainName string
The DNS domain name of either the S3 bucket, or web site of your custom origin.
Enabled bool
A flag that specifies whether Origin Shield is enabled.
Etag string
The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
HostedZoneId string
The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
HttpVersion string
The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
InProgressValidationBatches int
The number of invalidation batches currently in progress.
IsIpv6Enabled bool
Whether the IPv6 is enabled for the distribution.
LastModifiedTime string
The date and time the distribution was last modified.
LoggingConfig DistributionLoggingConfigArgs
The logging configuration that controls how logs are written to your distribution (maximum one).
OrderedCacheBehaviors []DistributionOrderedCacheBehaviorArgs
An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
OriginGroups []DistributionOriginGroupArgs
One or more origin_group for this distribution (multiples allowed).
Origins []DistributionOriginArgs
One or more origins for this distribution (multiples allowed).
PriceClass string
The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
Restrictions DistributionRestrictionsArgs
The restriction configuration for this distribution (maximum one).
RetainOnDelete bool
Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
Status string
The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
Tags map[string]string
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
TrustedKeyGroups []DistributionTrustedKeyGroupArgs
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
TrustedSigners []DistributionTrustedSignerArgs
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
ViewerCertificate DistributionViewerCertificateArgs
The SSL configuration for this distribution (maximum one).
WaitForDeployment bool
If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
WebAclId string
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.
aliases string[]
Extra CNAMEs (alternate domain names), if any, for this distribution.
arn string
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
callerReference string
Internal value used by CloudFront to allow future updates to the distribution configuration.
comment string
Any comments you want to include about the distribution.
customErrorResponses DistributionCustomErrorResponseArgs[]
One or more custom error response elements (multiples allowed).
defaultCacheBehavior DistributionDefaultCacheBehaviorArgs
The default cache behavior for this distribution (maximum one).
defaultRootObject string
The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
domainName string
The DNS domain name of either the S3 bucket, or web site of your custom origin.
enabled boolean
A flag that specifies whether Origin Shield is enabled.
etag string
The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
hostedZoneId string
The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
httpVersion string
The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
inProgressValidationBatches number
The number of invalidation batches currently in progress.
isIpv6Enabled boolean
Whether the IPv6 is enabled for the distribution.
lastModifiedTime string
The date and time the distribution was last modified.
loggingConfig DistributionLoggingConfigArgs
The logging configuration that controls how logs are written to your distribution (maximum one).
orderedCacheBehaviors DistributionOrderedCacheBehaviorArgs[]
An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
originGroups DistributionOriginGroupArgs[]
One or more origin_group for this distribution (multiples allowed).
origins DistributionOriginArgs[]
One or more origins for this distribution (multiples allowed).
priceClass string
The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
restrictions DistributionRestrictionsArgs
The restriction configuration for this distribution (maximum one).
retainOnDelete boolean
Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
status string
The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
tags {[key: string]: string}
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
trustedKeyGroups DistributionTrustedKeyGroupArgs[]
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
trustedSigners DistributionTrustedSignerArgs[]
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
viewerCertificate DistributionViewerCertificateArgs
The SSL configuration for this distribution (maximum one).
waitForDeployment boolean
If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
webAclId string
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.
aliases Sequence[str]
Extra CNAMEs (alternate domain names), if any, for this distribution.
arn str
The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
caller_reference str
Internal value used by CloudFront to allow future updates to the distribution configuration.
comment str
Any comments you want to include about the distribution.
custom_error_responses Sequence[DistributionCustomErrorResponseArgs]
One or more custom error response elements (multiples allowed).
default_cache_behavior DistributionDefaultCacheBehaviorArgs
The default cache behavior for this distribution (maximum one).
default_root_object str
The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
domain_name str
The DNS domain name of either the S3 bucket, or web site of your custom origin.
enabled bool
A flag that specifies whether Origin Shield is enabled.
etag str
The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
hosted_zone_id str
The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
http_version str
The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
in_progress_validation_batches int
The number of invalidation batches currently in progress.
is_ipv6_enabled bool
Whether the IPv6 is enabled for the distribution.
last_modified_time str
The date and time the distribution was last modified.
logging_config DistributionLoggingConfigArgs
The logging configuration that controls how logs are written to your distribution (maximum one).
ordered_cache_behaviors Sequence[DistributionOrderedCacheBehaviorArgs]
An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
origin_groups Sequence[DistributionOriginGroupArgs]
One or more origin_group for this distribution (multiples allowed).
origins Sequence[DistributionOriginArgs]
One or more origins for this distribution (multiples allowed).
price_class str
The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
restrictions DistributionRestrictionsArgs
The restriction configuration for this distribution (maximum one).
retain_on_delete bool
Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
status str
The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
tags Mapping[str, str]
A map of tags to assign to the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
trusted_key_groups Sequence[DistributionTrustedKeyGroupArgs]
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
trusted_signers Sequence[DistributionTrustedSignerArgs]
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
viewer_certificate DistributionViewerCertificateArgs
The SSL configuration for this distribution (maximum one).
wait_for_deployment bool
If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
web_acl_id str
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN, for example aws_wafv2_web_acl.example.arn. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example aws_waf_web_acl.example.id. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned.

Supporting Types

DistributionCustomErrorResponse

ErrorCode int
The 4xx or 5xx HTTP status code that you want to customize.
ErrorCachingMinTtl int
The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
ResponseCode int
The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
ResponsePagePath string
The path of the custom error page (for example, /custom_404.html).
ErrorCode int
The 4xx or 5xx HTTP status code that you want to customize.
ErrorCachingMinTtl int
The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
ResponseCode int
The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
ResponsePagePath string
The path of the custom error page (for example, /custom_404.html).
errorCode number
The 4xx or 5xx HTTP status code that you want to customize.
errorCachingMinTtl number
The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
responseCode number
The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
responsePagePath string
The path of the custom error page (for example, /custom_404.html).
error_code int
The 4xx or 5xx HTTP status code that you want to customize.
error_caching_min_ttl int
The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
response_code int
The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
response_page_path str
The path of the custom error page (for example, /custom_404.html).

DistributionDefaultCacheBehavior

AllowedMethods List<string>
Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
CachedMethods List<string>
Controls whether CloudFront caches the response to requests using the specified HTTP methods.
TargetOriginId string
The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
ViewerProtocolPolicy string
Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
CachePolicyId string
The unique identifier of the cache policy that is attached to the cache behavior.
Compress bool
Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
DefaultTtl int
The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.
FieldLevelEncryptionId string
Field level encryption configuration ID
ForwardedValues DistributionDefaultCacheBehaviorForwardedValues
The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
FunctionAssociations List<DistributionDefaultCacheBehaviorFunctionAssociation>
A config block that triggers a cloudfront function with specific actions (maximum 2).
LambdaFunctionAssociations List<DistributionDefaultCacheBehaviorLambdaFunctionAssociation>
A config block that triggers a lambda function with specific actions (maximum 4).
MaxTtl int
The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.
MinTtl int
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
OriginRequestPolicyId string
The unique identifier of the origin request policy that is attached to the behavior.
RealtimeLogConfigArn string
The ARN of the real-time log configuration that is attached to this cache behavior.
ResponseHeadersPolicyId string
The identifier for a response headers policy.
SmoothStreaming bool
Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
TrustedKeyGroups List<string>
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
TrustedSigners List<string>
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
AllowedMethods []string
Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
CachedMethods []string
Controls whether CloudFront caches the response to requests using the specified HTTP methods.
TargetOriginId string
The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
ViewerProtocolPolicy string
Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
CachePolicyId string
The unique identifier of the cache policy that is attached to the cache behavior.
Compress bool
Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
DefaultTtl int
The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.
FieldLevelEncryptionId string
Field level encryption configuration ID
ForwardedValues DistributionDefaultCacheBehaviorForwardedValues
The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
FunctionAssociations []DistributionDefaultCacheBehaviorFunctionAssociation
A config block that triggers a cloudfront function with specific actions (maximum 2).
LambdaFunctionAssociations []DistributionDefaultCacheBehaviorLambdaFunctionAssociation
A config block that triggers a lambda function with specific actions (maximum 4).
MaxTtl int
The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.
MinTtl int
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
OriginRequestPolicyId string
The unique identifier of the origin request policy that is attached to the behavior.
RealtimeLogConfigArn string
The ARN of the real-time log configuration that is attached to this cache behavior.
ResponseHeadersPolicyId string
The identifier for a response headers policy.
SmoothStreaming bool
Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
TrustedKeyGroups []string
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
TrustedSigners []string
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
allowedMethods string[]
Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
cachedMethods string[]
Controls whether CloudFront caches the response to requests using the specified HTTP methods.
targetOriginId string
The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
viewerProtocolPolicy string
Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
cachePolicyId string
The unique identifier of the cache policy that is attached to the cache behavior.
compress boolean
Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
defaultTtl number
The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.
fieldLevelEncryptionId string
Field level encryption configuration ID
forwardedValues DistributionDefaultCacheBehaviorForwardedValues
The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
functionAssociations DistributionDefaultCacheBehaviorFunctionAssociation[]
A config block that triggers a cloudfront function with specific actions (maximum 2).
lambdaFunctionAssociations DistributionDefaultCacheBehaviorLambdaFunctionAssociation[]
A config block that triggers a lambda function with specific actions (maximum 4).
maxTtl number
The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.
minTtl number
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
originRequestPolicyId string
The unique identifier of the origin request policy that is attached to the behavior.
realtimeLogConfigArn string
The ARN of the real-time log configuration that is attached to this cache behavior.
responseHeadersPolicyId string
The identifier for a response headers policy.
smoothStreaming boolean
Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
trustedKeyGroups string[]
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
trustedSigners string[]
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
allowed_methods Sequence[str]
Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
cached_methods Sequence[str]
Controls whether CloudFront caches the response to requests using the specified HTTP methods.
target_origin_id str
The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
viewer_protocol_policy str
Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
cache_policy_id str
The unique identifier of the cache policy that is attached to the cache behavior.
compress bool
Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
default_ttl int
The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.
field_level_encryption_id str
Field level encryption configuration ID
forwarded_values DistributionDefaultCacheBehaviorForwardedValues
The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
function_associations Sequence[DistributionDefaultCacheBehaviorFunctionAssociation]
A config block that triggers a cloudfront function with specific actions (maximum 2).
lambda_function_associations Sequence[DistributionDefaultCacheBehaviorLambdaFunctionAssociation]
A config block that triggers a lambda function with specific actions (maximum 4).
max_ttl int
The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.
min_ttl int
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
origin_request_policy_id str
The unique identifier of the origin request policy that is attached to the behavior.
realtime_log_config_arn str
The ARN of the real-time log configuration that is attached to this cache behavior.
response_headers_policy_id str
The identifier for a response headers policy.
smooth_streaming bool
Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
trusted_key_groups Sequence[str]
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
trusted_signers Sequence[str]
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

DistributionDefaultCacheBehaviorForwardedValues

Cookies DistributionDefaultCacheBehaviorForwardedValuesCookies
The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
QueryString bool
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
Headers List<string>
Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
QueryStringCacheKeys List<string>
When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.
Cookies DistributionDefaultCacheBehaviorForwardedValuesCookies
The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
QueryString bool
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
Headers []string
Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
QueryStringCacheKeys []string
When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.
cookies DistributionDefaultCacheBehaviorForwardedValuesCookies
The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
queryString boolean
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
headers string[]
Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
queryStringCacheKeys string[]
When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.
cookies DistributionDefaultCacheBehaviorForwardedValuesCookies
The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
query_string bool
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
headers Sequence[str]
Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
query_string_cache_keys Sequence[str]
When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

DistributionDefaultCacheBehaviorForwardedValuesCookies

Forward string
Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
WhitelistedNames List<string>
If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.
Forward string
Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
WhitelistedNames []string
If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.
forward string
Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
whitelistedNames string[]
If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.
forward str
Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
whitelisted_names Sequence[str]
If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

DistributionDefaultCacheBehaviorFunctionAssociation

EventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
FunctionArn string
ARN of the Cloudfront function.
EventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
FunctionArn string
ARN of the Cloudfront function.
eventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
functionArn string
ARN of the Cloudfront function.
event_type str
The specific event to trigger this function. Valid values: viewer-request or viewer-response
function_arn str
ARN of the Cloudfront function.

DistributionDefaultCacheBehaviorLambdaFunctionAssociation

EventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
LambdaArn string
ARN of the Lambda function.
IncludeBody bool
When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.
EventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
LambdaArn string
ARN of the Lambda function.
IncludeBody bool
When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.
eventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
lambdaArn string
ARN of the Lambda function.
includeBody boolean
When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.
event_type str
The specific event to trigger this function. Valid values: viewer-request or viewer-response
lambda_arn str
ARN of the Lambda function.
include_body bool
When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

DistributionLoggingConfig

Bucket string
The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.
IncludeCookies bool
Specifies whether you want CloudFront to include cookies in access logs (default: false).
Prefix string
An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.
Bucket string
The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.
IncludeCookies bool
Specifies whether you want CloudFront to include cookies in access logs (default: false).
Prefix string
An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.
bucket string
The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.
includeCookies boolean
Specifies whether you want CloudFront to include cookies in access logs (default: false).
prefix string
An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.
bucket str
The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.
include_cookies bool
Specifies whether you want CloudFront to include cookies in access logs (default: false).
prefix str
An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.

DistributionOrderedCacheBehavior

AllowedMethods List<string>
Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
CachedMethods List<string>
Controls whether CloudFront caches the response to requests using the specified HTTP methods.
PathPattern string
The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.
TargetOriginId string
The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
ViewerProtocolPolicy string
Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
CachePolicyId string
The unique identifier of the cache policy that is attached to the cache behavior.
Compress bool
Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
DefaultTtl int
The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.
FieldLevelEncryptionId string
Field level encryption configuration ID
ForwardedValues DistributionOrderedCacheBehaviorForwardedValues
The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
FunctionAssociations List<DistributionOrderedCacheBehaviorFunctionAssociation>
A config block that triggers a cloudfront function with specific actions (maximum 2).
LambdaFunctionAssociations List<DistributionOrderedCacheBehaviorLambdaFunctionAssociation>
A config block that triggers a lambda function with specific actions (maximum 4).
MaxTtl int
The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.
MinTtl int
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
OriginRequestPolicyId string
The unique identifier of the origin request policy that is attached to the behavior.
RealtimeLogConfigArn string
The ARN of the real-time log configuration that is attached to this cache behavior.
ResponseHeadersPolicyId string
The identifier for a response headers policy.
SmoothStreaming bool
Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
TrustedKeyGroups List<string>
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
TrustedSigners List<string>
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
AllowedMethods []string
Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
CachedMethods []string
Controls whether CloudFront caches the response to requests using the specified HTTP methods.
PathPattern string
The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.
TargetOriginId string
The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
ViewerProtocolPolicy string
Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
CachePolicyId string
The unique identifier of the cache policy that is attached to the cache behavior.
Compress bool
Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
DefaultTtl int
The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.
FieldLevelEncryptionId string
Field level encryption configuration ID
ForwardedValues DistributionOrderedCacheBehaviorForwardedValues
The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
FunctionAssociations []DistributionOrderedCacheBehaviorFunctionAssociation
A config block that triggers a cloudfront function with specific actions (maximum 2).
LambdaFunctionAssociations []DistributionOrderedCacheBehaviorLambdaFunctionAssociation
A config block that triggers a lambda function with specific actions (maximum 4).
MaxTtl int
The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.
MinTtl int
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
OriginRequestPolicyId string
The unique identifier of the origin request policy that is attached to the behavior.
RealtimeLogConfigArn string
The ARN of the real-time log configuration that is attached to this cache behavior.
ResponseHeadersPolicyId string
The identifier for a response headers policy.
SmoothStreaming bool
Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
TrustedKeyGroups []string
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
TrustedSigners []string
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
allowedMethods string[]
Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
cachedMethods string[]
Controls whether CloudFront caches the response to requests using the specified HTTP methods.
pathPattern string
The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.
targetOriginId string
The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
viewerProtocolPolicy string
Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
cachePolicyId string
The unique identifier of the cache policy that is attached to the cache behavior.
compress boolean
Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
defaultTtl number
The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.
fieldLevelEncryptionId string
Field level encryption configuration ID
forwardedValues DistributionOrderedCacheBehaviorForwardedValues
The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
functionAssociations DistributionOrderedCacheBehaviorFunctionAssociation[]
A config block that triggers a cloudfront function with specific actions (maximum 2).
lambdaFunctionAssociations DistributionOrderedCacheBehaviorLambdaFunctionAssociation[]
A config block that triggers a lambda function with specific actions (maximum 4).
maxTtl number
The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.
minTtl number
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
originRequestPolicyId string
The unique identifier of the origin request policy that is attached to the behavior.
realtimeLogConfigArn string
The ARN of the real-time log configuration that is attached to this cache behavior.
responseHeadersPolicyId string
The identifier for a response headers policy.
smoothStreaming boolean
Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
trustedKeyGroups string[]
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
trustedSigners string[]
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.
allowed_methods Sequence[str]
Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
cached_methods Sequence[str]
Controls whether CloudFront caches the response to requests using the specified HTTP methods.
path_pattern str
The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.
target_origin_id str
The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
viewer_protocol_policy str
Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
cache_policy_id str
The unique identifier of the cache policy that is attached to the cache behavior.
compress bool
Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
default_ttl int
The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header.
field_level_encryption_id str
Field level encryption configuration ID
forwarded_values DistributionOrderedCacheBehaviorForwardedValues
The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
function_associations Sequence[DistributionOrderedCacheBehaviorFunctionAssociation]
A config block that triggers a cloudfront function with specific actions (maximum 2).
lambda_function_associations Sequence[DistributionOrderedCacheBehaviorLambdaFunctionAssociation]
A config block that triggers a lambda function with specific actions (maximum 4).
max_ttl int
The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers.
min_ttl int
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
origin_request_policy_id str
The unique identifier of the origin request policy that is attached to the behavior.
realtime_log_config_arn str
The ARN of the real-time log configuration that is attached to this cache behavior.
response_headers_policy_id str
The identifier for a response headers policy.
smooth_streaming bool
Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
trusted_key_groups Sequence[str]
A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies. See the CloudFront User Guide for more information about this feature.
trusted_signers Sequence[str]
List of AWS account IDs (or self) that you want to allow to create signed URLs for private content. See the CloudFront User Guide for more information about this feature.

DistributionOrderedCacheBehaviorForwardedValues

Cookies DistributionOrderedCacheBehaviorForwardedValuesCookies
The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
QueryString bool
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
Headers List<string>
Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
QueryStringCacheKeys List<string>
When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.
Cookies DistributionOrderedCacheBehaviorForwardedValuesCookies
The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
QueryString bool
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
Headers []string
Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
QueryStringCacheKeys []string
When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.
cookies DistributionOrderedCacheBehaviorForwardedValuesCookies
The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
queryString boolean
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
headers string[]
Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
queryStringCacheKeys string[]
When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.
cookies DistributionOrderedCacheBehaviorForwardedValuesCookies
The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
query_string bool
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
headers Sequence[str]
Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
query_string_cache_keys Sequence[str]
When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

DistributionOrderedCacheBehaviorForwardedValuesCookies

Forward string
Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
WhitelistedNames List<string>
If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.
Forward string
Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
WhitelistedNames []string
If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.
forward string
Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
whitelistedNames string[]
If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.
forward str
Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
whitelisted_names Sequence[str]
If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

DistributionOrderedCacheBehaviorFunctionAssociation

EventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
FunctionArn string
ARN of the Cloudfront function.
EventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
FunctionArn string
ARN of the Cloudfront function.
eventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
functionArn string
ARN of the Cloudfront function.
event_type str
The specific event to trigger this function. Valid values: viewer-request or viewer-response
function_arn str
ARN of the Cloudfront function.

DistributionOrderedCacheBehaviorLambdaFunctionAssociation

EventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
LambdaArn string
ARN of the Lambda function.
IncludeBody bool
When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.
EventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
LambdaArn string
ARN of the Lambda function.
IncludeBody bool
When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.
eventType string
The specific event to trigger this function. Valid values: viewer-request or viewer-response
lambdaArn string
ARN of the Lambda function.
includeBody boolean
When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.
event_type str
The specific event to trigger this function. Valid values: viewer-request or viewer-response
lambda_arn str
ARN of the Lambda function.
include_body bool
When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

DistributionOrigin

DomainName string
The DNS domain name of either the S3 bucket, or web site of your custom origin.
OriginId string
The unique identifier of the member origin
ConnectionAttempts int
The number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.
ConnectionTimeout int
The number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.
CustomHeaders List<DistributionOriginCustomHeader>
One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).
CustomOriginConfig DistributionOriginCustomOriginConfig
The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.
OriginPath string
An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
OriginShield DistributionOriginOriginShield
The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.
S3OriginConfig DistributionOriginS3OriginConfig
The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.
DomainName string
The DNS domain name of either the S3 bucket, or web site of your custom origin.
OriginId string
The unique identifier of the member origin
ConnectionAttempts int
The number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.
ConnectionTimeout int
The number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.
CustomHeaders []DistributionOriginCustomHeader
One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).
CustomOriginConfig DistributionOriginCustomOriginConfig
The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.
OriginPath string
An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
OriginShield DistributionOriginOriginShield
The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.
S3OriginConfig DistributionOriginS3OriginConfig
The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.
domainName string
The DNS domain name of either the S3 bucket, or web site of your custom origin.
originId string
The unique identifier of the member origin
connectionAttempts number
The number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.
connectionTimeout number
The number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.
customHeaders DistributionOriginCustomHeader[]
One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).
customOriginConfig DistributionOriginCustomOriginConfig
The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.
originPath string
An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
originShield DistributionOriginOriginShield
The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.
s3OriginConfig DistributionOriginS3OriginConfig
The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.
domain_name str
The DNS domain name of either the S3 bucket, or web site of your custom origin.
origin_id str
The unique identifier of the member origin
connection_attempts int
The number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.
connection_timeout int
The number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.
custom_headers Sequence[DistributionOriginCustomHeader]
One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).
custom_origin_config DistributionOriginCustomOriginConfig
The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.
origin_path str
An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
origin_shield DistributionOriginOriginShield
The CloudFront Origin Shield configuration information. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.
s3_origin_config DistributionOriginS3OriginConfig
The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

DistributionOriginCustomHeader

Name string
Value string
Name string
Value string
name string
value string
name str
value str

DistributionOriginCustomOriginConfig

HttpPort int
The HTTP port the custom origin listens on.
HttpsPort int
The HTTPS port the custom origin listens on.
OriginProtocolPolicy string
The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.
OriginSslProtocols List<string>
The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.
OriginKeepaliveTimeout int
The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
OriginReadTimeout int
The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
HttpPort int
The HTTP port the custom origin listens on.
HttpsPort int
The HTTPS port the custom origin listens on.
OriginProtocolPolicy string
The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.
OriginSslProtocols []string
The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.
OriginKeepaliveTimeout int
The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
OriginReadTimeout int
The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
httpPort number
The HTTP port the custom origin listens on.
httpsPort number
The HTTPS port the custom origin listens on.
originProtocolPolicy string
The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.
originSslProtocols string[]
The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.
originKeepaliveTimeout number
The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
originReadTimeout number
The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
http_port int
The HTTP port the custom origin listens on.
https_port int
The HTTPS port the custom origin listens on.
origin_protocol_policy str
The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.
origin_ssl_protocols Sequence[str]
The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.
origin_keepalive_timeout int
The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
origin_read_timeout int
The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

DistributionOriginGroup

FailoverCriteria DistributionOriginGroupFailoverCriteria
The failover criteria for when to failover to the secondary origin
Members List<DistributionOriginGroupMember>
Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.
OriginId string
The unique identifier of the member origin
FailoverCriteria DistributionOriginGroupFailoverCriteria
The failover criteria for when to failover to the secondary origin
Members []DistributionOriginGroupMember
Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.
OriginId string
The unique identifier of the member origin
failoverCriteria DistributionOriginGroupFailoverCriteria
The failover criteria for when to failover to the secondary origin
members DistributionOriginGroupMember[]
Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.
originId string
The unique identifier of the member origin
failover_criteria DistributionOriginGroupFailoverCriteria
The failover criteria for when to failover to the secondary origin
members Sequence[DistributionOriginGroupMember]
Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.
origin_id str
The unique identifier of the member origin

DistributionOriginGroupFailoverCriteria

StatusCodes List<int>
A list of HTTP status codes for the origin group
StatusCodes []int
A list of HTTP status codes for the origin group
statusCodes number[]
A list of HTTP status codes for the origin group
status_codes Sequence[int]
A list of HTTP status codes for the origin group

DistributionOriginGroupMember

OriginId string
The unique identifier of the member origin
OriginId string
The unique identifier of the member origin
originId string
The unique identifier of the member origin
origin_id str
The unique identifier of the member origin

DistributionOriginOriginShield

Enabled bool
A flag that specifies whether Origin Shield is enabled.
OriginShieldRegion string
The AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.
Enabled bool
A flag that specifies whether Origin Shield is enabled.
OriginShieldRegion string
The AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.
enabled boolean
A flag that specifies whether Origin Shield is enabled.
originShieldRegion string
The AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.
enabled bool
A flag that specifies whether Origin Shield is enabled.
origin_shield_region str
The AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.

DistributionOriginS3OriginConfig

OriginAccessIdentity string
The [CloudFront origin access identity][5] to associate with the origin.
OriginAccessIdentity string
The [CloudFront origin access identity][5] to associate with the origin.
originAccessIdentity string
The [CloudFront origin access identity][5] to associate with the origin.
origin_access_identity str
The [CloudFront origin access identity][5] to associate with the origin.

DistributionRestrictions

DistributionRestrictionsGeoRestriction

RestrictionType string
The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.
Locations List<string>
The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).
RestrictionType string
The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.
Locations []string
The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).
restrictionType string
The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.
locations string[]
The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).
restriction_type str
The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.
locations Sequence[str]
The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).

DistributionTrustedKeyGroup

Enabled bool
A flag that specifies whether Origin Shield is enabled.
Items List<DistributionTrustedKeyGroupItem>
List of nested attributes for each trusted signer
Enabled bool
A flag that specifies whether Origin Shield is enabled.
Items []DistributionTrustedKeyGroupItem
List of nested attributes for each trusted signer
enabled boolean
A flag that specifies whether Origin Shield is enabled.
items DistributionTrustedKeyGroupItem[]
List of nested attributes for each trusted signer
enabled bool
A flag that specifies whether Origin Shield is enabled.
items Sequence[DistributionTrustedKeyGroupItem]
List of nested attributes for each trusted signer

DistributionTrustedKeyGroupItem

KeyGroupId string
The ID of the key group that contains the public keys
KeyPairIds List<string>
Set of active CloudFront key pairs associated with the signer account
KeyGroupId string
The ID of the key group that contains the public keys
KeyPairIds []string
Set of active CloudFront key pairs associated with the signer account
keyGroupId string
The ID of the key group that contains the public keys
keyPairIds string[]
Set of active CloudFront key pairs associated with the signer account
key_group_id str
The ID of the key group that contains the public keys
key_pair_ids Sequence[str]
Set of active CloudFront key pairs associated with the signer account

DistributionTrustedSigner

Enabled bool
A flag that specifies whether Origin Shield is enabled.
Items List<DistributionTrustedSignerItem>
List of nested attributes for each trusted signer
Enabled bool
A flag that specifies whether Origin Shield is enabled.
Items []DistributionTrustedSignerItem
List of nested attributes for each trusted signer
enabled boolean
A flag that specifies whether Origin Shield is enabled.
items DistributionTrustedSignerItem[]
List of nested attributes for each trusted signer
enabled bool
A flag that specifies whether Origin Shield is enabled.
items Sequence[DistributionTrustedSignerItem]
List of nested attributes for each trusted signer

DistributionTrustedSignerItem

AwsAccountNumber string
AWS account ID or self
KeyPairIds List<string>
Set of active CloudFront key pairs associated with the signer account
AwsAccountNumber string
AWS account ID or self
KeyPairIds []string
Set of active CloudFront key pairs associated with the signer account
awsAccountNumber string
AWS account ID or self
keyPairIds string[]
Set of active CloudFront key pairs associated with the signer account
aws_account_number str
AWS account ID or self
key_pair_ids Sequence[str]
Set of active CloudFront key pairs associated with the signer account

DistributionViewerCertificate

AcmCertificateArn string
The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.
CloudfrontDefaultCertificate bool
true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.
IamCertificateId string
The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.
MinimumProtocolVersion string
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under “Security policy.” Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.
SslSupportMethod string
AcmCertificateArn string
The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.
CloudfrontDefaultCertificate bool
true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.
IamCertificateId string
The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.
MinimumProtocolVersion string
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under “Security policy.” Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.
SslSupportMethod string
acmCertificateArn string
The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.
cloudfrontDefaultCertificate boolean
true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.
iamCertificateId string
The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.
minimumProtocolVersion string
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under “Security policy.” Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.
sslSupportMethod string
acm_certificate_arn str
The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.
cloudfront_default_certificate bool
true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.
iam_certificate_id str
The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.
minimum_protocol_version str
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. See all possible values in this table under “Security policy.” Some examples include: TLSv1.2_2019 and TLSv1.2_2021. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.
ssl_support_method str

Import

Cloudfront Distributions can be imported using the id, e.g.,

 $ pulumi import aws:cloudfront/distribution:Distribution distribution E74FTE3EXAMPLE

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.