Distribution
A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. If the distribution doesn't use `Aliases` (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as `d111111abcdef8.cloudfront.net`—set `CloudFrontDefaultCertificate` to `true` and leave all other fields empty. If the distribution uses `Aliases` (alternate domain names or CNAMEs), use the fields in this type to specify the following settings:
Which viewers the distribution accepts HTTPS connections from: only viewers that support server name indication (SNI) (recommended), or all viewers including those that don't support SNI.
To accept HTTPS connections from only viewers that support SNI, set
`SSLSupportMethod`to`sni-only`. This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is`SslSupportMethod`. Note the different capitalization.)To accept HTTPS connections from all viewers, including those that don't support SNI, set
`SSLSupportMethod`to`vip`. This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is`SslSupportMethod`. Note the different capitalization.)The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for
`MinimumProtocolVersion`. For more information, see Security Policy in the Amazon CloudFront Developer Guide.The location of the SSL/TLS certificate, (ACM) (recommended) or (IAM). You specify the location by setting a value in one of the following fields (not both):
`ACMCertificateArn`(In CloudFormation, this field name is`AcmCertificateArn`. Note the different capitalization.)`IAMCertificateId`(In CloudFormation, this field name is`IamCertificateId`. Note the different capitalization.) All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use`ViewerProtocolPolicy`in the`CacheBehavior`or`DefaultCacheBehavior`. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use`CustomOriginConfig`. For more information, see Using HTTPS with CloudFront and Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
Properties
In CloudFormation, this field name is `AcmCertificateArn`. Note the different capitalization. If the distribution uses `Aliases` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in (ACM), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (`us-east-1`). If you specify an ACM certificate ARN, you must also specify values for `MinimumProtocolVersion` and `SSLSupportMethod`. (In CloudFormation, the field name is `SslSupportMethod`. Note the different capitalization.)
If the distribution uses the CloudFront domain name such as `d111111abcdef8.cloudfront.net`, set this field to `true`. If the distribution uses `Aliases` (alternate domain names or CNAMEs), omit this field and specify values for the following fields:
In CloudFormation, this field name is `IamCertificateId`. Note the different capitalization. If the distribution uses `Aliases` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in (IAM), provide the ID of the IAM certificate. If you specify an IAM certificate ID, you must also specify values for `MinimumProtocolVersion` and `SSLSupportMethod`. (In CloudFormation, the field name is `SslSupportMethod`. Note the different capitalization.)
If the distribution uses `Aliases` (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:
In CloudFormation, this field name is `SslSupportMethod`. Note the different capitalization. If the distribution uses `Aliases` (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.