Package-level declarations
Types
A cache policy configuration. This configuration determines the following:
An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and in requests that CloudFront sends to the origin.
An object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and in requests that CloudFront sends to the origin.
This object determines the values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find an object in its cache that matches the request's cache key. If you want to send values to the origin but not include them in the cache key, use `OriginRequestPolicy`.
An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and in requests that CloudFront sends to the origin.
Origin access identity configuration. Send a `GET` request to the `/CloudFront API version/CloudFront/identity ID/config` resource.
Contains the configuration for a continuous deployment policy.
This configuration determines which HTTP requests are sent to the staging distribution. If the HTTP request contains a header and value that matches what you specify here, the request is sent to the staging distribution. Otherwise the request is sent to the primary distribution.
This configuration determines the percentage of HTTP requests that are sent to the staging distribution.
Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to your staging distribution, while others are sent to your primary distribution. Define the session duration using TTL values.
Determines which HTTP requests are sent to the staging distribution.
This configuration determines the percentage of HTTP requests that are sent to the staging distribution.
The traffic configuration of your continuous deployment.
A complex type that describes how CloudFront processes requests. You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used. For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see Quotas in the Amazon CloudFront Developer Guide. If you don't want to specify any cache behaviors, include only an empty `CacheBehaviors` element. Don't specify an empty individual `CacheBehavior` element, because this is invalid. For more information, see CacheBehaviors. To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty `CacheBehaviors` element. To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution. For more information about cache behaviors, see Cache Behavior Settings in the Amazon CloudFront Developer Guide.
A distribution configuration.
A distribution tenant configuration.
This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. If you want to include cookies in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide. If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide. A complex type that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. For more information about forwarding cookies to the origin, see How CloudFront Forwards, Caches, and Logs Cookies in the Amazon CloudFront Developer Guide.
A complex type that controls:
A custom origin. A custom origin is any origin that is not an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is configured with static website hostingis a custom origin.
A complex type that describes the default cache behavior if you don't specify a `CacheBehavior` element or if request URLs don't match any of the values of `PathPattern` in `CacheBehavior` elements. You must create exactly one default cache behavior.
This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. If you want to include values in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide. If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide. A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.
A CloudFront function that is associated with a cache behavior in a CloudFront distribution.
A complex type that controls the countries in which your content is distributed. CF determines the location of your users using `MaxMind` GeoIP databases. To disable geo restriction, remove the Restrictions property from your stack template.
Amazon CloudFront supports gRPC, an open-source remote procedure call (RPC) framework built on HTTP/2. gRPC offers bi-directional streaming and binary protocol that buffers payloads, making it suitable for applications that require low latency communications. To enable your distribution to handle gRPC requests, you must include HTTP/2 as one of the supported `HTTP` versions and allow `HTTP` methods, including `POST`. For more information, see Using gRPC with CloudFront distributions in the Amazon CloudFront Developer Guide.
A complex type that contains a Lambda@Edge function association.
A custom origin. A custom origin is any origin that is not an S3 bucket, with one exception. An S3 bucket that is configured with static website hostingis a custom origin. This property is legacy. We recommend that you use Origin instead.
The origin as an S3 bucket. This property is legacy. We recommend that you use Origin instead.
A complex type that specifies whether access logs are written for the distribution. If you already enabled standard logging (legacy) and you want to enable standard logging (v2) to send your access logs to Amazon S3, we recommend that you specify a different Amazon S3 bucket or use a separate path in the same bucket (for example, use a log prefix or partitioning). This helps you keep track of which log files are associated with which logging subscription and prevents log files from overwriting each other. For more information, see Standard logging (access logs) in the Amazon CloudFront Developer Guide.
An origin. An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin:
A complex type that contains `HeaderName` and `HeaderValue` elements, if any, for this distribution.
An origin group includes two origins (a primary origin and a secondary origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specify the origin group instead of a single origin, and CloudFront will failover from the primary origin to the secondary origin under the failover conditions that you've chosen. Optionally, you can choose selection criteria for your origin group to specify how your origins are selected when your distribution routes viewer requests.
A complex data type that includes information about the failover criteria for an origin group, including the status codes for which CloudFront will failover from the primary origin to the second origin.
An origin in an origin group.
A complex data type for the origins included in an origin group.
A complex data type for the origin groups specified for a distribution.
CloudFront Origin Shield. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.
A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.
The value that you assigned to the parameter.
A complex type that identifies ways in which you want to restrict distribution of your content.
A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin or an S3 bucket that is configured as a website endpoint, use the `CustomOriginConfig` element instead.
A complex data type for the status codes that you specify that, when returned by a primary origin, trigger CloudFront to failover to a second origin.
The ACMlong (ACM) certificate associated with your distribution.
Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.
The details about the domain result.
The customizations that you specified for the distribution tenant for geographic restrictions.
An object that represents the request for the Amazon CloudFront managed ACM certificate.
A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.
The WAF web ACL customization specified for the distribution tenant.
A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. If the distribution doesn't use `Aliases` (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as `d111111abcdef8.cloudfront.net`—set `CloudFrontDefaultCertificate` to `true` and leave all other fields empty. If the distribution uses `Aliases` (alternate domain names or CNAMEs), use the fields in this type to specify the following settings:
An Amazon CloudFront VPC origin configuration.
Contains configuration information about a CloudFront function.
The key value store association.
Contains metadata about a CloudFront function.
A key group configuration. A key group contains a list of public keys that you can use with CloudFront signed URLs and signed cookies.
The import source for the key value store.
A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.
A subscription configuration for additional CloudWatch metrics.
Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin. This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront. For more information about using a CloudFront origin access control, see Restricting access to an origin in the Amazon CloudFront Developer Guide.
An origin request policy configuration. This configuration determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following:
An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin.
An object that determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin.
An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin.
Configuration information about a public key that you can use with signed URLs and signed cookies, or with field-level encryption.
Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.
Contains information about the Amazon Kinesis data stream where you are sending real-time log data.
A list of HTTP header names that CloudFront includes as values for the `Access-Control-Allow-Headers` HTTP response header. For more information about the `Access-Control-Allow-Headers` HTTP response header, see Access-Control-Allow-Headers in the MDN Web Docs.
A list of HTTP methods that CloudFront includes as values for the `Access-Control-Allow-Methods` HTTP response header. For more information about the `Access-Control-Allow-Methods` HTTP response header, see Access-Control-Allow-Methods in the MDN Web Docs.
A list of origins (domain names) that CloudFront can use as the value for the `Access-Control-Allow-Origin` HTTP response header. For more information about the `Access-Control-Allow-Origin` HTTP response header, see Access-Control-Allow-Origin in the MDN Web Docs.
A list of HTTP headers that CloudFront includes as values for the `Access-Control-Expose-Headers` HTTP response header. For more information about the `Access-Control-Expose-Headers` HTTP response header, see Access-Control-Expose-Headers in the MDN Web Docs.
A response headers policy configuration. A response headers policy configuration contains metadata about the response headers policy, and configurations for sets of HTTP response headers.
The policy directives and their values that CloudFront includes as values for the `Content-Security-Policy` HTTP response header. For more information about the `Content-Security-Policy` HTTP response header, see Content-Security-Policy in the MDN Web Docs.
Determines whether CloudFront includes the `X-Content-Type-Options` HTTP response header with its value set to `nosniff`. For more information about the `X-Content-Type-Options` HTTP response header, see X-Content-Type-Options in the MDN Web Docs.
A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy. For more information about CORS, see Cross-Origin Resource Sharing (CORS) in the MDN Web Docs.
An HTTP response header name and its value. CloudFront includes this header in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy.
A list of HTTP response header names and their values. CloudFront includes these headers in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy.
Determines whether CloudFront includes the `X-Frame-Options` HTTP response header and the header's value. For more information about the `X-Frame-Options` HTTP response header, see X-Frame-Options in the MDN Web Docs.
Determines whether CloudFront includes the `Referrer-Policy` HTTP response header and the header's value. For more information about the `Referrer-Policy` HTTP response header, see Referrer-Policy in the MDN Web Docs.
The name of an HTTP header that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to.
A list of HTTP header names that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to.
A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.
A configuration for enabling the `Server-Timing` header in HTTP responses sent from CloudFront.
Determines whether CloudFront includes the `Strict-Transport-Security` HTTP response header and the header's value. For more information about the `Strict-Transport-Security` HTTP response header, see Strict-Transport-Security in the MDN Web Docs.
Determines whether CloudFront includes the `X-XSS-Protection` HTTP response header and the header's value. For more information about the `X-XSS-Protection` HTTP response header, see X-XSS-Protection in the MDN Web Docs.