- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
account_id
Type: STRING
active_trusted_key_groups
Type: STRUCT
Provider name: ActiveTrustedKeyGroups
Description: This field contains a list of key groups and the public keys in each key group that CloudFront can use to verify the signatures of signed URLs or signed cookies.
enabled
BOOLEAN
Enabled
true
if any of the key groups have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false
.items
UNORDERED_LIST_STRUCT
Items
key_group_id
STRING
KeyGroupId
key_pair_ids
STRUCT
KeyPairIds
items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
quantity
INT32
Quantity
active_trusted_signers
Type: STRUCT
Provider name: ActiveTrustedSigners
Description: TrustedKeyGroups
instead of TrustedSigners
.
enabled
BOOLEAN
Enabled
true
if any of the Amazon Web Services accounts in the list are configured as trusted signers. If not, this field is false
.items
UNORDERED_LIST_STRUCT
Items
aws_account_number
STRING
AwsAccountNumber
self
.key_pair_ids
STRUCT
KeyPairIds
items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
quantity
INT32
Quantity
alias_icp_recordals
Type: UNORDERED_LIST_STRUCT
Provider name: AliasICPRecordals
Description: Amazon Web Services services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they’ve added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions. For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with Amazon Web Services services in China.
cname
STRING
CNAME
icp_recordal_status
STRING
ICPRecordalStatus
arn
Type: STRING
Provider name: ARN
Description: The distribution’s Amazon Resource Name (ARN).
distribution_config
Type: STRUCT
Provider name: DistributionConfig
Description: The distribution’s configuration.
aliases
STRUCT
Aliases
items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
cache_behaviors
STRUCT
CacheBehaviors
CacheBehavior
elements.items
UNORDERED_LIST_STRUCT
Items
Quantity
is 0
, you can omit Items
.allowed_methods
STRUCT
AllowedMethods
cached_methods
STRUCT
CachedMethods
items
UNORDERED_LIST_STRING
Items
CachedMethods
include GET
, HEAD
, and OPTIONS
, depending on which caching option you choose. For more information, see the preceding section.quantity
INT32
Quantity
2
(for caching responses to GET
and HEAD
requests) and 3
(for caching responses to GET
, HEAD
, and OPTIONS
requests).items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
GET
and HEAD
requests), 3 (for GET
, HEAD
, and OPTIONS
requests) and 7 (for GET, HEAD, OPTIONS, PUT, PATCH, POST
, and DELETE
requests).cache_policy_id
STRING
CachePolicyId
CacheBehavior
must include either a CachePolicyId
or ForwardedValues
. We recommend that you use a CachePolicyId
.compress
BOOLEAN
Compress
default_ttl
INT64
DefaultTTL
DefaultTTL
field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide. The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age
, Cache-Control s-maxage
, and Expires
to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.field_level_encryption_id
STRING
FieldLevelEncryptionId
ID
for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for this cache behavior.forwarded_values
STRUCT
ForwardedValues
CacheBehavior
must include either a CachePolicyId
or ForwardedValues
. We recommend that you use a CachePolicyId
. A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.cookies
STRUCT
Cookies
forward
STRING
Forward
WhitelistedNames
complex type. Amazon S3 doesn’t process cookies. When the cache behavior is forwarding requests to an Amazon S3 origin, specify none for the Forward
element.whitelisted_names
STRUCT
WhitelistedNames
whitelist
for the value of Forward
. A complex type that specifies how many different cookies you want CloudFront to forward to the origin for this cache behavior and, if you want to forward selected cookies, the names of those cookies. If you specify all
or none
for the value of Forward
, omit WhitelistedNames
. If you change the value of Forward
from whitelist
to all
or none
and you don’t delete the WhitelistedNames
element and its child elements, CloudFront deletes them automatically. For the current limit on the number of cookie names that you can whitelist for each cache behavior, see CloudFront Limits in the Amazon Web Services General Reference.items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
Items
list.headers
STRUCT
Headers
Headers
, if any, that you want CloudFront to forward to the origin for this cache behavior (whitelisted headers). For the headers that you specify, CloudFront also caches separate versions of a specified object that is based on the header values in viewer requests. For more information, see Caching Content Based on Request Headers in the Amazon CloudFront Developer Guide.items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
Items
list.query_string
BOOLEAN
QueryString
QueryString
and on the values that you specify for QueryStringCacheKeys
, if any: If you specify true for QueryString
and you don’t specify any values for QueryStringCacheKeys
, CloudFront forwards all query string parameters to the origin and caches based on all query string parameters. Depending on how many query string parameters and values you have, this can adversely affect performance because CloudFront must forward more requests to the origin. If you specify true for QueryString
and you specify one or more values for QueryStringCacheKeys
, CloudFront forwards all query string parameters to the origin, but it only caches based on the query string parameters that you specify. If you specify false for QueryString
, CloudFront doesn’t forward any query string parameters to the origin, and doesn’t cache based on query string parameters. For more information, see Configuring CloudFront to Cache Based on Query String Parameters in the Amazon CloudFront Developer Guide.query_string_cache_keys
STRUCT
QueryStringCacheKeys
items
UNORDERED_LIST_STRING
Items
Quantity
is 0, you can omit Items
.quantity
INT32
Quantity
whitelisted
query string parameters for a cache behavior.function_associations
STRUCT
FunctionAssociations
LIVE
stage to associate them with a cache behavior.items
UNORDERED_LIST_STRUCT
Items
LIVE
stage to associate them with a cache behavior.event_type
STRING
EventType
viewer-request
or viewer-response
. You cannot use origin-facing event types (origin-request
and origin-response
) with a CloudFront function.function_arn
STRING
FunctionARN
quantity
INT32
Quantity
lambda_function_associations
STRUCT
LambdaFunctionAssociations
items
UNORDERED_LIST_STRUCT
Items
LambdaFunctionAssociation
items for this cache behavior. If Quantity
is 0
, you can omit Items
.event_type
STRING
EventType
viewer-request
: The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache.origin-request
: The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn’t execute.origin-response
: The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn’t execute.viewer-response
: The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache. If the origin returns an HTTP status code other than HTTP 200 (OK), the function doesn’t execute.include_body
BOOLEAN
IncludeBody
lambda_function_arn
STRING
LambdaFunctionARN
quantity
INT32
Quantity
max_ttl
INT64
MaxTTL
MaxTTL
field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide. The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age
, Cache-Control s-maxage
, and Expires
to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.min_ttl
INT64
MinTTL
MinTTL
field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide. The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide. You must specify 0
for MinTTL
if you configure CloudFront to forward all headers to your origin (under Headers
, if you specify 1
for Quantity
and *
for Name
).origin_request_policy_id
STRING
OriginRequestPolicyId
path_pattern
STRING
PathPattern
images/.jpg
) that specifies which requests to apply the behavior to. When CloudFront receives a viewer request, the requested path is compared with path patterns in the order in which cache behaviors are listed in the distribution. /
) at the beginning of the path pattern. For example, /images/.jpg
. CloudFront behavior is the same with or without the leading /
. *
and cannot be changed. If the request for an object does not match the path pattern for any cache behaviors, CloudFront applies the behavior in the default cache behavior. For more information, see Path Pattern in the Amazon CloudFront Developer Guide.realtime_log_config_arn
STRING
RealtimeLogConfigArn
response_headers_policy_id
STRING
ResponseHeadersPolicyId
smooth_streaming
BOOLEAN
SmoothStreaming
true
; if not, specify false
. If you specify true
for SmoothStreaming
, you can still distribute other content using this cache behavior if the content matches the value of PathPattern
.target_origin_id
STRING
TargetOriginId
ID
for the origin that you want CloudFront to route requests to when they match this cache behavior.trusted_key_groups
STRUCT
TrustedKeyGroups
enabled
BOOLEAN
Enabled
true
if any of the key groups in the list have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false
.items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
trusted_signers
STRUCT
TrustedSigners
TrustedKeyGroups
instead of TrustedSigners
. enabled
BOOLEAN
Enabled
true
if any of the Amazon Web Services accounts in the list are configured as trusted signers. If not, this field is false
.items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
viewer_protocol_policy
STRING
ViewerProtocolPolicy
TargetOriginId
when a request matches the path pattern in PathPattern
. You can specify the following options:allow-all
: Viewers can use HTTP or HTTPS.redirect-to-https
: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.https-only
: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).quantity
INT32
Quantity
caller_reference
STRING
CallerReference
CallerReference
is new (regardless of the content of the DistributionConfig
object), CloudFront creates a new distribution. If CallerReference
is a value that you already sent in a previous request to create a distribution, CloudFront returns a DistributionAlreadyExists
error.comment
STRING
Comment
continuous_deployment_policy_id
STRING
ContinuousDeploymentPolicyId
CreateContinuousDeploymentPolicy
.custom_error_responses
STRUCT
CustomErrorResponses
items
UNORDERED_LIST_STRUCT
Items
CustomErrorResponse
element for each HTTP status code for which you want to specify a custom error page and/or a caching duration.error_caching_min_ttl
INT64
ErrorCachingMinTTL
ErrorCode
. When this time period has elapsed, CloudFront queries your origin to see whether the problem that caused the error has been resolved and the requested object is now available. For more information, see Customizing Error Responses in the Amazon CloudFront Developer Guide.error_code
INT32
ErrorCode
response_code
STRING
ResponseCode
200
, the response typically won’t be intercepted.400
or 500
as the ResponseCode
for all 4xx or 5xx errors.200
status code (OK) and static website so your customers don’t know that your website is down.ResponseCode
, you must also specify a value for ResponsePagePath
.response_page_path
STRING
ResponsePagePath
ErrorCode
, for example, /4xx-errors/403-forbidden.html
. If you want to store your objects and your custom error pages in different locations, your distribution must include a cache behavior for which the following is true:PathPattern
matches the path to your custom error messages. For example, suppose you saved custom error pages for 4xx errors in an Amazon S3 bucket in a directory named /4xx-errors
. Your distribution must include a cache behavior for which the path pattern routes requests for your custom error pages to that location, for example, /4xx-errors/*
.TargetOriginId
specifies the value of the ID
element for the origin that contains your custom error pages.ResponsePagePath
, you must also specify a value for ResponseCode
. We recommend that you store custom error pages in an Amazon S3 bucket. If you store custom error pages on an HTTP server and the server starts to return 5xx errors, CloudFront can’t get the files that you want to return to viewers because the origin server is unavailable.quantity
INT32
Quantity
Quantity
is 0
, you can omit Items
.default_cache_behavior
STRUCT
DefaultCacheBehavior
CacheBehavior
element or if files don’t match any of the values of PathPattern
in CacheBehavior
elements. You must create exactly one default cache behavior.allowed_methods
STRUCT
AllowedMethods
cached_methods
STRUCT
CachedMethods
items
UNORDERED_LIST_STRING
Items
CachedMethods
include GET
, HEAD
, and OPTIONS
, depending on which caching option you choose. For more information, see the preceding section.quantity
INT32
Quantity
2
(for caching responses to GET
and HEAD
requests) and 3
(for caching responses to GET
, HEAD
, and OPTIONS
requests).items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
GET
and HEAD
requests), 3 (for GET
, HEAD
, and OPTIONS
requests) and 7 (for GET, HEAD, OPTIONS, PUT, PATCH, POST
, and DELETE
requests).cache_policy_id
STRING
CachePolicyId
DefaultCacheBehavior
must include either a CachePolicyId
or ForwardedValues
. We recommend that you use a CachePolicyId
.compress
BOOLEAN
Compress
true
; if not, specify false
. For more information, see Serving Compressed Files in the Amazon CloudFront Developer Guide.default_ttl
INT64
DefaultTTL
DefaultTTL
field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide. The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age
, Cache-Control s-maxage
, and Expires
to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.field_level_encryption_id
STRING
FieldLevelEncryptionId
ID
for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for the default cache behavior.forwarded_values
STRUCT
ForwardedValues
DefaultCacheBehavior
must include either a CachePolicyId
or ForwardedValues
. We recommend that you use a CachePolicyId
. A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.cookies
STRUCT
Cookies
forward
STRING
Forward
WhitelistedNames
complex type. Amazon S3 doesn’t process cookies. When the cache behavior is forwarding requests to an Amazon S3 origin, specify none for the Forward
element.whitelisted_names
STRUCT
WhitelistedNames
whitelist
for the value of Forward
. A complex type that specifies how many different cookies you want CloudFront to forward to the origin for this cache behavior and, if you want to forward selected cookies, the names of those cookies. If you specify all
or none
for the value of Forward
, omit WhitelistedNames
. If you change the value of Forward
from whitelist
to all
or none
and you don’t delete the WhitelistedNames
element and its child elements, CloudFront deletes them automatically. For the current limit on the number of cookie names that you can whitelist for each cache behavior, see CloudFront Limits in the Amazon Web Services General Reference.items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
Items
list.headers
STRUCT
Headers
Headers
, if any, that you want CloudFront to forward to the origin for this cache behavior (whitelisted headers). For the headers that you specify, CloudFront also caches separate versions of a specified object that is based on the header values in viewer requests. For more information, see Caching Content Based on Request Headers in the Amazon CloudFront Developer Guide.items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
Items
list.query_string
BOOLEAN
QueryString
QueryString
and on the values that you specify for QueryStringCacheKeys
, if any: If you specify true for QueryString
and you don’t specify any values for QueryStringCacheKeys
, CloudFront forwards all query string parameters to the origin and caches based on all query string parameters. Depending on how many query string parameters and values you have, this can adversely affect performance because CloudFront must forward more requests to the origin. If you specify true for QueryString
and you specify one or more values for QueryStringCacheKeys
, CloudFront forwards all query string parameters to the origin, but it only caches based on the query string parameters that you specify. If you specify false for QueryString
, CloudFront doesn’t forward any query string parameters to the origin, and doesn’t cache based on query string parameters. For more information, see Configuring CloudFront to Cache Based on Query String Parameters in the Amazon CloudFront Developer Guide.query_string_cache_keys
STRUCT
QueryStringCacheKeys
items
UNORDERED_LIST_STRING
Items
Quantity
is 0, you can omit Items
.quantity
INT32
Quantity
whitelisted
query string parameters for a cache behavior.function_associations
STRUCT
FunctionAssociations
LIVE
stage to associate them with a cache behavior.items
UNORDERED_LIST_STRUCT
Items
LIVE
stage to associate them with a cache behavior.event_type
STRING
EventType
viewer-request
or viewer-response
. You cannot use origin-facing event types (origin-request
and origin-response
) with a CloudFront function.function_arn
STRING
FunctionARN
quantity
INT32
Quantity
lambda_function_associations
STRUCT
LambdaFunctionAssociations
items
UNORDERED_LIST_STRUCT
Items
LambdaFunctionAssociation
items for this cache behavior. If Quantity
is 0
, you can omit Items
.event_type
STRING
EventType
viewer-request
: The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache.origin-request
: The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn’t execute.origin-response
: The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn’t execute.viewer-response
: The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache. If the origin returns an HTTP status code other than HTTP 200 (OK), the function doesn’t execute.include_body
BOOLEAN
IncludeBody
lambda_function_arn
STRING
LambdaFunctionARN
quantity
INT32
Quantity
max_ttl
INT64
MaxTTL
MaxTTL
field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide. The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age
, Cache-Control s-maxage
, and Expires
to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.min_ttl
INT64
MinTTL
MinTTL
field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide. The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide. You must specify 0
for MinTTL
if you configure CloudFront to forward all headers to your origin (under Headers
, if you specify 1
for Quantity
and *
for Name
).origin_request_policy_id
STRING
OriginRequestPolicyId
realtime_log_config_arn
STRING
RealtimeLogConfigArn
response_headers_policy_id
STRING
ResponseHeadersPolicyId
smooth_streaming
BOOLEAN
SmoothStreaming
true
; if not, specify false
. If you specify true
for SmoothStreaming
, you can still distribute other content using this cache behavior if the content matches the value of PathPattern
.target_origin_id
STRING
TargetOriginId
ID
for the origin that you want CloudFront to route requests to when they use the default cache behavior.trusted_key_groups
STRUCT
TrustedKeyGroups
enabled
BOOLEAN
Enabled
true
if any of the key groups in the list have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false
.items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
trusted_signers
STRUCT
TrustedSigners
TrustedKeyGroups
instead of TrustedSigners
. enabled
BOOLEAN
Enabled
true
if any of the Amazon Web Services accounts in the list are configured as trusted signers. If not, this field is false
.items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
viewer_protocol_policy
STRING
ViewerProtocolPolicy
TargetOriginId
when a request matches the path pattern in PathPattern
. You can specify the following options:allow-all
: Viewers can use HTTP or HTTPS.redirect-to-https
: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.https-only
: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).default_root_object
STRING
DefaultRootObject
index.html
) when a viewer requests the root URL for your distribution (https://www.example.com
) instead of an object in your distribution (https://www.example.com/product-description.html
). Specifying a default root object avoids exposing the contents of your distribution. Specify only the object name, for example, index.html
. Don’t add a /
before the object name. If you don’t want to specify a default root object when you create a distribution, include an empty DefaultRootObject
element. To delete the default root object from an existing distribution, update the distribution configuration and include an empty DefaultRootObject
element. To replace the default root object, update the distribution configuration and specify the new object. For more information about the default root object, see Creating a Default Root Object in the Amazon CloudFront Developer Guide.enabled
BOOLEAN
Enabled
http_version
STRING
HttpVersion
http2
. Viewers that don’t support HTTP/2 automatically use an earlier HTTP version. For viewers and CloudFront to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI). For viewers and CloudFront to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CloudFront supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see Connection Migration at RFC 9000. For more information about supported TLSv1.3 ciphers, see Supported protocols and ciphers between viewers and CloudFront.is_ipv6_enabled
BOOLEAN
IsIPV6Enabled
true
. If you specify false
, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR
and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution. In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you’re using signed URLs or signed cookies to restrict access to your content, and if you’re using a custom policy that includes the IpAddress
parameter to restrict the IP addresses that can access your content, don’t enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide. If you’re using an Route 53 Amazon Web Services Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:logging
STRUCT
Logging
bucket
STRING
Bucket
myawslogbucket.s3.amazonaws.com
.enabled
BOOLEAN
Enabled
false
for Enabled
, and specify empty Bucket
and Prefix
elements. If you specify false
for Enabled
but you specify values for Bucket
, prefix
, and IncludeCookies
, the values are automatically deleted.include_cookies
BOOLEAN
IncludeCookies
true
for IncludeCookies
. If you choose to include cookies in logs, CloudFront logs all cookies regardless of how you configure the cache behaviors for this distribution. If you don’t want to include cookies when you create a distribution or if you want to disable include cookies for an existing distribution, specify false
for IncludeCookies
.prefix
STRING
Prefix
filenames
for this distribution, for example, myprefix/
. If you want to enable logging, but you don’t want to specify a prefix, you still must include an empty Prefix
element in the Logging
element.origin_groups
STRUCT
OriginGroups
items
UNORDERED_LIST_STRUCT
Items
failover_criteria
STRUCT
FailoverCriteria
status_codes
STRUCT
StatusCodes
items
UNORDERED_LIST_INT32
Items
quantity
INT32
Quantity
id
STRING
Id
members
STRUCT
Members
items
UNORDERED_LIST_STRUCT
Items
origin_id
STRING
OriginId
quantity
INT32
Quantity
quantity
INT32
Quantity
origins
STRUCT
Origins
items
UNORDERED_LIST_STRUCT
Items
connection_attempts
INT32
ConnectionAttempts
connection_timeout
INT32
ConnectionTimeout
custom_headers
STRUCT
CustomHeaders
items
UNORDERED_LIST_STRUCT
Items
OriginCustomHeader
element for each custom header that you want CloudFront to forward to the origin. If Quantity is 0
, omit Items
.header_name
STRING
HeaderName
header_value
STRING
HeaderValue
HeaderName
field.quantity
INT32
Quantity
custom_origin_config
STRUCT
CustomOriginConfig
S3OriginConfig
type instead.http_port
INT32
HTTPPort
https_port
INT32
HTTPSPort
origin_keepalive_timeout
INT32
OriginKeepaliveTimeout
origin_protocol_policy
STRING
OriginProtocolPolicy
http-only
– CloudFront always uses HTTP to connect to the origin.match-viewer
– CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront.https-only
– CloudFront always uses HTTPS to connect to the origin.origin_read_timeout
INT32
OriginReadTimeout
origin_ssl_protocols
STRUCT
OriginSslProtocols
SSLv3
, TLSv1
, TLSv1.1
, and TLSv1.2
. For more information, see Minimum Origin SSL Protocol in the Amazon CloudFront Developer Guide.items
UNORDERED_LIST_STRING
Items
quantity
INT32
Quantity
domain_name
STRING
DomainName
id
STRING
Id
TargetOriginId
in a CacheBehavior
or DefaultCacheBehavior
.origin_access_control_id
STRING
OriginAccessControlId
origin_path
STRING
OriginPath
origin_shield
STRUCT
OriginShield
enabled
BOOLEAN
Enabled
origin_shield_region
STRING
OriginShieldRegion
us-east-2
. When you enable CloudFront Origin Shield, you must specify the Amazon Web Services Region for Origin Shield. For the list of Amazon Web Services Regions that you can specify, and for help choosing the best Region for your origin, see Choosing the Amazon Web Services Region for Origin Shield in the Amazon CloudFront Developer Guide.s3_origin_config
STRUCT
S3OriginConfig
CustomOriginConfig
type instead.origin_access_identity
STRING
OriginAccessIdentity
OriginAccessIdentity
element. For more information, see Restricting access to an Amazon Web Services in the Amazon CloudFront Developer Guide. origin-access-identity/cloudfront/ID-of-origin-access-identity
The ID-of-origin-access-identity
is the value that CloudFront returned in the ID
element when you created the origin access identity. If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty OriginAccessIdentity
element. To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty OriginAccessIdentity
element. To replace the origin access identity, update the distribution configuration and specify the new origin access identity. For more information about the origin access identity, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.quantity
INT32
Quantity
price_class
STRING
PriceClass
PriceClass_All
, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than PriceClass_All
, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance. For more information about price classes, see Choosing the Price Class for a CloudFront Distribution in the Amazon CloudFront Developer Guide. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see Amazon CloudFront Pricing.restrictions
STRUCT
Restrictions
geo_restriction
STRUCT
GeoRestriction
MaxMind
GeoIP databases.items
UNORDERED_LIST_STRING
Items
Location
element for each country in which you want CloudFront either to distribute your content (whitelist
) or not distribute your content (blacklist
). The Location
element is a two-letter, uppercase country code for a country that you want to include in your blacklist
or whitelist
. Include one Location
element for each country. CloudFront and MaxMind
both use ISO 3166
country codes. For the current list of countries and the corresponding codes, see ISO 3166-1-alpha-2
code on the International Organization for Standardization website. You can also refer to the country list on the CloudFront console, which includes both country names and codes.quantity
INT32
Quantity
enabled
, this is the number of countries in your whitelist
or blacklist
. Otherwise, when it is not enabled, Quantity
is 0
, and you can omit Items
.restriction_type
STRING
RestrictionType
none
: No geo restriction is enabled, meaning access to content is not restricted by client geo location.blacklist
: The Location
elements specify the countries in which you don’t want CloudFront to distribute your content.whitelist
: The Location
elements specify the countries in which you want CloudFront to distribute your content.staging
BOOLEAN
Staging
true
, this is a staging distribution. When this value is false
, this is not a staging distribution.viewer_certificate
STRUCT
ViewerCertificate
acm_certificate_arn
STRING
ACMCertificateArn
Aliases
(alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Certificate Manager (ACM), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (us-east-1
). If you specify an ACM certificate ARN, you must also specify values for MinimumProtocolVersion
and SSLSupportMethod
.certificate
STRING
Certificate
ACMCertificateArn
IAMCertificateId
CloudFrontDefaultCertificate
certificate_source
STRING
CertificateSource
ACMCertificateArn
IAMCertificateId
CloudFrontDefaultCertificate
cloud_front_default_certificate
BOOLEAN
CloudFrontDefaultCertificate
d111111abcdef8.cloudfront.net
, set this field to true
. If the distribution uses Aliases
(alternate domain names or CNAMEs), set this field to false
and specify values for the following fields:ACMCertificateArn
or IAMCertificateId
(specify a value for one, not both)MinimumProtocolVersion
SSLSupportMethod
iam_certificate_id
STRING
IAMCertificateId
Aliases
(alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Identity and Access Management (IAM), provide the ID of the IAM certificate. If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion
and SSLSupportMethod
.minimum_protocol_version
STRING
MinimumProtocolVersion
Aliases
(alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:SSLSupportMethod
to sni-only
), you must specify TLSv1
or higher. If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net
(you set CloudFrontDefaultCertificate
to true
), CloudFront automatically sets the security policy to TLSv1
regardless of the value that you set here.ssl_support_method
STRING
SSLSupportMethod
Aliases
(alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.sni-only
– The distribution accepts HTTPS connections from only viewers that support server name indication (SNI). This is recommended. Most browsers and clients support SNI.vip
– The distribution accepts HTTPS connections from all viewers including those that don’t support SNI. This is not recommended, and results in additional monthly charges from CloudFront.static-ip
- Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the Amazon Web Services Support Center.d111111abcdef8.cloudfront.net
, don’t set a value for this field.web_acl_id
STRING
WebACLId
arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. To specify a web ACL created using WAF Classic, use the ACL ID, for example a1b2c3d4-5678-90ab-cdef-EXAMPLE11111
. WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the WAF Developer Guide.domain_name
Type: STRING
Provider name: DomainName
Description: The distribution’s CloudFront domain name. For example: d111111abcdef8.cloudfront.net
.
e_tag
Type: STRING
Provider name: ETag
Description: The current version of the distribution’s information. For example: E2QWRUHAPOMQZL
.
id
Type: STRING
Provider name: Id
Description: The distribution’s identifier. For example: E1U5RQF7T870K0
.
in_progress_invalidation_batches
Type: INT32
Provider name: InProgressInvalidationBatches
Description: The number of invalidation batches currently in progress.
last_modified_time
Type: TIMESTAMP
Provider name: LastModifiedTime
Description: The date and time when the distribution was last modified.
status
Type: STRING
Provider name: Status
Description: The distribution’s status. When the status is Deployed
, the distribution’s information is fully propagated to all CloudFront edge locations.
tags
Type: UNORDERED_LIST_STRING