@aws-cdk/aws-cloudfront

@aws-cdk/aws-cloudfront

Version 1.204.0
Published 9 months ago
4.59 MB
11 dependencies
Apache-2.0 license

Install

npm i @aws-cdk/aws-cloudfront

yarn add @aws-cdk/aws-cloudfront

pnpm add @aws-cdk/aws-cloudfront

Overview

The CDK Construct Library for AWS::CloudFront

Index

Classes

class AllowedMethods

class AllowedMethods {}

The HTTP methods that the Behavior will accept requests on.

property ALLOW_ALL

static readonly ALLOW_ALL: AllowedMethods;

All supported HTTP methods

property ALLOW_GET_HEAD

static readonly ALLOW_GET_HEAD: AllowedMethods;

HEAD and GET

property ALLOW_GET_HEAD_OPTIONS

static readonly ALLOW_GET_HEAD_OPTIONS: AllowedMethods;

HEAD, GET, and OPTIONS

property methods

readonly methods: string[];

HTTP methods supported

class CacheCookieBehavior

class CacheCookieBehavior {}

Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin.

property behavior

readonly behavior: string;

The behavior of cookies: allow all, none, an allow list, or a deny list.

property cookies

readonly cookies?: string[];

The cookies to allow or deny, if the behavior is an allow or deny list.

method all

static all: () => CacheCookieBehavior;

All cookies in viewer requests are included in the cache key and are automatically included in requests that CloudFront sends to the origin.

method allowList

static allowList: (...cookies: string[]) => CacheCookieBehavior;

Only the provided cookies are included in the cache key and automatically included in requests that CloudFront sends to the origin.

method denyList

static denyList: (...cookies: string[]) => CacheCookieBehavior;

All cookies except the provided cookies are included in the cache key and automatically included in requests that CloudFront sends to the origin.

method none

static none: () => CacheCookieBehavior;

Cookies in viewer requests are not included in the cache key and are not automatically included in requests that CloudFront sends to the origin.

class CachedMethods

class CachedMethods {}

The HTTP methods that the Behavior will cache requests on.

property CACHE_GET_HEAD

static readonly CACHE_GET_HEAD: CachedMethods;

HEAD and GET

property CACHE_GET_HEAD_OPTIONS

static readonly CACHE_GET_HEAD_OPTIONS: CachedMethods;

HEAD, GET, and OPTIONS

property methods

readonly methods: string[];

HTTP methods supported

class CacheHeaderBehavior

class CacheHeaderBehavior {}

Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin.

property behavior

readonly behavior: string;

If no headers will be passed, or an allow list of headers.

property headers

readonly headers?: string[];

The headers for the allow/deny list, if applicable.

method allowList

static allowList: (...headers: string[]) => CacheHeaderBehavior;

Listed headers are included in the cache key and are automatically included in requests that CloudFront sends to the origin.

method none

static none: () => CacheHeaderBehavior;

HTTP headers are not included in the cache key and are not automatically included in requests that CloudFront sends to the origin.

class CachePolicy

class CachePolicy extends Resource implements ICachePolicy {}

A Cache Policy configuration.
AWS::CloudFront::CachePolicy https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html

constructor

constructor(scope: Construct, id: string, props?: CachePolicyProps);

property AMPLIFY

static readonly AMPLIFY: ICachePolicy;

This policy is designed for use with an origin that is an AWS Amplify web app.

property cachePolicyId

readonly cachePolicyId: string;

property CACHING_DISABLED

static readonly CACHING_DISABLED: ICachePolicy;

Disables caching. This policy is useful for dynamic content and for requests that are not cacheable.

property CACHING_OPTIMIZED

static readonly CACHING_OPTIMIZED: ICachePolicy;

Optimize cache efficiency by minimizing the values that CloudFront includes in the cache key. Query strings and cookies are not included in the cache key, and only the normalized 'Accept-Encoding' header is included.

property CACHING_OPTIMIZED_FOR_UNCOMPRESSED_OBJECTS

static readonly CACHING_OPTIMIZED_FOR_UNCOMPRESSED_OBJECTS: ICachePolicy;

Optimize cache efficiency by minimizing the values that CloudFront includes in the cache key. Query strings and cookies are not included in the cache key, and only the normalized 'Accept-Encoding' header is included. Disables cache compression.

property ELEMENTAL_MEDIA_PACKAGE

static readonly ELEMENTAL_MEDIA_PACKAGE: ICachePolicy;

Designed for use with an origin that is an AWS Elemental MediaPackage endpoint.

method fromCachePolicyId

static fromCachePolicyId: (
    scope: Construct,
    id: string,
    cachePolicyId: string
) => ICachePolicy;

Imports a Cache Policy from its id.

class CacheQueryStringBehavior

class CacheQueryStringBehavior {}

Determines whether any URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin.

property behavior

readonly behavior: string;

The behavior of query strings -- allow all, none, only an allow list, or a deny list.

property queryStrings

readonly queryStrings?: string[];

The query strings to allow or deny, if the behavior is an allow or deny list.

method all

static all: () => CacheQueryStringBehavior;

All query strings in viewer requests are included in the cache key and are automatically included in requests that CloudFront sends to the origin.

method allowList

static allowList: (...queryStrings: string[]) => CacheQueryStringBehavior;

Only the provided queryStrings are included in the cache key and automatically included in requests that CloudFront sends to the origin.

method denyList

static denyList: (...queryStrings: string[]) => CacheQueryStringBehavior;

All query strings except the provided queryStrings are included in the cache key and automatically included in requests that CloudFront sends to the origin.

method none

static none: () => CacheQueryStringBehavior;

Query strings in viewer requests are not included in the cache key and are not automatically included in requests that CloudFront sends to the origin.

class CfnCachePolicy

class CfnCachePolicy extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::CachePolicy
A cache policy.
When it's attached to a cache behavior, the cache policy determines the following:
- The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. - The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.
The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use OriginRequestPolicy .
AWS::CloudFront::CachePolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cachepolicy.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnCachePolicyProps);

Create a new AWS::CloudFront::CachePolicy.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrId

readonly attrId: string;

The unique identifier for the cache policy. For example: 2766f7b2-75c5-41c6-8f06-bf4303a2f2f5 . Id

property attrLastModifiedTime

readonly attrLastModifiedTime: string;

The date and time when the cache policy was last modified. LastModifiedTime

property cachePolicyConfig

cachePolicyConfig: any;

The cache policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cachepolicy.html#cfn-cloudfront-cachepolicy-cachepolicyconfig

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnCloudFrontOriginAccessIdentity

class CfnCloudFrontOriginAccessIdentity
    extends cdk.CfnResource
    implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::CloudFrontOriginAccessIdentity
The request to create a new origin access identity (OAI). An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content. For more information, see [Restricting Access to Amazon S3 Content by Using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) in the *Amazon CloudFront Developer Guide* .
AWS::CloudFront::CloudFrontOriginAccessIdentity external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnCloudFrontOriginAccessIdentityProps
);

Create a new AWS::CloudFront::CloudFrontOriginAccessIdentity.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrId

readonly attrId: string;

The ID for the origin access identity, for example, E74FTE3AJFJ256A . Id

property attrS3CanonicalUserId

readonly attrS3CanonicalUserId: string;

The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3. For example: b970b42360b81c8ddbd79d2f5df0069ba9033c8a79655752abe380cd6d63ba8bcf23384d568fcf89fc49700b5e11a0fd . S3CanonicalUserId

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property cloudFrontOriginAccessIdentityConfig

cloudFrontOriginAccessIdentityConfig: any;

The current configuration information for the identity.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html#cfn-cloudfront-cloudfrontoriginaccessidentity-cloudfrontoriginaccessidentityconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnContinuousDeploymentPolicy

class CfnContinuousDeploymentPolicy
    extends cdk.CfnResource
    implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::ContinuousDeploymentPolicy
Creates a continuous deployment policy that routes a subset of production traffic from a primary distribution to a staging distribution.
After you create and update a staging distribution, you can use a continuous deployment policy to incrementally move traffic to the staging distribution. This enables you to test changes to a distribution's configuration before moving all of your production traffic to the new configuration.
For more information, see [Using CloudFront continuous deployment to safely test CDN configuration changes](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/continuous-deployment.html) in the *Amazon CloudFront Developer Guide* .
AWS::CloudFront::ContinuousDeploymentPolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-continuousdeploymentpolicy.html

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnContinuousDeploymentPolicyProps
);

Create a new AWS::CloudFront::ContinuousDeploymentPolicy.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrId

readonly attrId: string;

The identifier of the cotinuous deployment policy. Id

property attrLastModifiedTime

readonly attrLastModifiedTime: string;

The date and time when the continuous deployment policy was last modified. LastModifiedTime

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property continuousDeploymentPolicyConfig

continuousDeploymentPolicyConfig: any;

Contains the configuration for a continuous deployment policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-continuousdeploymentpolicy.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnDistribution

class CfnDistribution extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::Distribution
A distribution tells CloudFront where you want content to be delivered from, and the details about how to track and manage content delivery.
AWS::CloudFront::Distribution external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnDistributionProps);

Create a new AWS::CloudFront::Distribution.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrDomainName

readonly attrDomainName: string;

The domain name of the resource, such as d111111abcdef8.cloudfront.net . DomainName

property attrId

readonly attrId: string;

The identifier for the distribution, for example EDFDVBD632BHDS5 . Id

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property distributionConfig

distributionConfig: any;

The distribution's configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html#cfn-cloudfront-distribution-distributionconfig

property tags

readonly tags: cdk.TagManager;

A complex type that contains zero or more Tag elements.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html#cfn-cloudfront-distribution-tags

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnFunction

class CfnFunction extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::Function
Creates a CloudFront function.
To create a function, you provide the function code and some configuration information about the function. The response contains an Amazon Resource Name (ARN) that uniquely identifies the function, and the function’s stage.
By default, when you create a function, it’s in the DEVELOPMENT stage. In this stage, you can [test the function](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/test-function.html) in the CloudFront console (or with TestFunction in the CloudFront API).
When you’re ready to use your function with a CloudFront distribution, publish the function to the LIVE stage. You can do this in the CloudFront console, with PublishFunction in the CloudFront API, or by updating the AWS::CloudFront::Function resource with the AutoPublish property set to true . When the function is published to the LIVE stage, you can attach it to a distribution’s cache behavior, using the function’s ARN.
To automatically publish the function to the LIVE stage when it’s created, set the AutoPublish property to true .
AWS::CloudFront::Function external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnFunctionProps);

Create a new AWS::CloudFront::Function.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrFunctionArn

readonly attrFunctionArn: string;

The ARN of the function. For example:
arn:aws:cloudfront::123456789012:function/ExampleFunction .
To get the function ARN, use the following syntax:
!GetAtt *Function_Logical_ID* .FunctionMetadata.FunctionARN FunctionARN

property attrFunctionMetadataFunctionArn

readonly attrFunctionMetadataFunctionArn: string;

The Amazon Resource Name (ARN) of the function. The ARN uniquely identifies the function. FunctionMetadata.FunctionARN

property attrStage

readonly attrStage: string;

Stage

property autoPublish

autoPublish: any;

A flag that determines whether to automatically publish the function to the LIVE stage when it’s created. To automatically publish to the LIVE stage, set this property to true .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-autopublish

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property functionCode

functionCode: string;

The function code. For more information about writing a CloudFront function, see [Writing function code for CloudFront Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/writing-function-code.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functioncode

property functionConfig

functionConfig: any;

Contains configuration information about a CloudFront function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functionconfig

property functionMetadata

functionMetadata: any;

Contains metadata about a CloudFront function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functionmetadata

property name

name: string;

A name to identify the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-name

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnKeyGroup

class CfnKeyGroup extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::KeyGroup
A key group.
A key group contains a list of public keys that you can use with [CloudFront signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) .
AWS::CloudFront::KeyGroup external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnKeyGroupProps);

Create a new AWS::CloudFront::KeyGroup.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrId

readonly attrId: string;

The identifier for the key group. Id

property attrLastModifiedTime

readonly attrLastModifiedTime: string;

The date and time when the key group was last modified. LastModifiedTime

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property keyGroupConfig

keyGroupConfig: any;

The key group configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html#cfn-cloudfront-keygroup-keygroupconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnMonitoringSubscription

class CfnMonitoringSubscription
    extends cdk.CfnResource
    implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::MonitoringSubscription
A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.
AWS::CloudFront::MonitoringSubscription external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnMonitoringSubscriptionProps
);

Create a new AWS::CloudFront::MonitoringSubscription.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property distributionId

distributionId: string;

The ID of the distribution that you are enabling metrics for.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html#cfn-cloudfront-monitoringsubscription-distributionid

property monitoringSubscription

monitoringSubscription: any;

A subscription configuration for additional CloudWatch metrics.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html#cfn-cloudfront-monitoringsubscription-monitoringsubscription

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnOriginAccessControl

class CfnOriginAccessControl extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::OriginAccessControl
Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin.
This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront.
For more information about using a CloudFront origin access control, see [Restricting access to an AWS origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide* .
AWS::CloudFront::OriginAccessControl external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnOriginAccessControlProps
);

Create a new AWS::CloudFront::OriginAccessControl.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrId

readonly attrId: string;

The unique identifier of the origin access control. Id

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property originAccessControlConfig

originAccessControlConfig: any;

The origin access control.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnOriginRequestPolicy

class CfnOriginRequestPolicy extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::OriginRequestPolicy
An origin request policy.
When it's attached to a cache behavior, the origin request policy determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following:
- The request body and the URL path (without the domain name) from the viewer request. - The headers that CloudFront automatically includes in every origin request, including Host , User-Agent , and X-Amz-Cf-Id . - All HTTP headers, cookies, and URL query strings that are specified in the cache policy or the origin request policy. These can include items from the viewer request and, in the case of headers, additional ones that are added by CloudFront.
CloudFront sends a request when it can't find an object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use CachePolicy .
AWS::CloudFront::OriginRequestPolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originrequestpolicy.html

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnOriginRequestPolicyProps
);

Create a new AWS::CloudFront::OriginRequestPolicy.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrId

readonly attrId: string;

The unique identifier for the origin request policy. For example: befd7079-9bbc-4ebf-8ade-498a3694176c . Id

property attrLastModifiedTime

readonly attrLastModifiedTime: string;

The date and time when the origin request policy was last modified. LastModifiedTime

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property originRequestPolicyConfig

originRequestPolicyConfig: any;

The origin request policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originrequestpolicy.html#cfn-cloudfront-originrequestpolicy-originrequestpolicyconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnPublicKey

class CfnPublicKey extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::PublicKey
A public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) , or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) .
AWS::CloudFront::PublicKey external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnPublicKeyProps);

Create a new AWS::CloudFront::PublicKey.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrCreatedTime

readonly attrCreatedTime: string;

The date and time when the public key was uploaded. CreatedTime

property attrId

readonly attrId: string;

The identifier of the public key. Id

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property publicKeyConfig

publicKeyConfig: any;

Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) , or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html#cfn-cloudfront-publickey-publickeyconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnRealtimeLogConfig

class CfnRealtimeLogConfig extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::RealtimeLogConfig
A real-time log configuration.
AWS::CloudFront::RealtimeLogConfig external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html

constructor

constructor(scope: cdk.Construct, id: string, props: CfnRealtimeLogConfigProps);

Create a new AWS::CloudFront::RealtimeLogConfig.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrArn

readonly attrArn: string;

The Amazon Resource Name (ARN) of the real-time log configuration. For example: arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfig . Arn

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property endPoints

endPoints: any;

Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-endpoints

property fields

fields: string[];

A list of fields that are included in each real-time log record. In an API response, the fields are provided in the same order in which they are sent to the Amazon Kinesis data stream.
For more information about fields, see [Real-time log configuration fields](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-fields

property name

name: string;

The unique name of this real-time log configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-name

property samplingRate

samplingRate: number;

The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. The sampling rate is an integer between 1 and 100, inclusive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-samplingrate

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnResponseHeadersPolicy

class CfnResponseHeadersPolicy extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::ResponseHeadersPolicy
A response headers policy.
A response headers policy contains information about a set of HTTP response headers.
After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it's attached to a cache behavior, the response headers policy affects the HTTP headers that CloudFront includes in HTTP responses to requests that match the cache behavior. CloudFront adds or removes response headers according to the configuration of the response headers policy.
For more information, see [Adding or removing HTTP headers in CloudFront responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/modifying-response-headers.html) in the *Amazon CloudFront Developer Guide* .
AWS::CloudFront::ResponseHeadersPolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnResponseHeadersPolicyProps
);

Create a new AWS::CloudFront::ResponseHeadersPolicy.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrId

readonly attrId: string;

The unique identifier for the response headers policy. For example: 57f99797-3b20-4e1b-a728-27972a74082a . Id

property attrLastModifiedTime

readonly attrLastModifiedTime: string;

The date and time when the response headers policy was last modified. LastModifiedTime

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property responseHeadersPolicyConfig

responseHeadersPolicyConfig: any;

A response headers policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CfnStreamingDistribution

class CfnStreamingDistribution extends cdk.CfnResource implements cdk.IInspectable {}

A CloudFormation AWS::CloudFront::StreamingDistribution
This resource is deprecated. Amazon CloudFront is deprecating real-time messaging protocol (RTMP) distributions on December 31, 2020. For more information, [read the announcement](https://docs.aws.amazon.com/ann.jspa?annID=7356) on the Amazon CloudFront discussion forum.
AWS::CloudFront::StreamingDistribution external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnStreamingDistributionProps
);

Create a new AWS::CloudFront::StreamingDistribution.
Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties

property attrDomainName

readonly attrDomainName: string;

The domain name of the resource, such as d111111abcdef8.cloudfront.net . DomainName

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property streamingDistributionConfig

streamingDistributionConfig: any;

The current configuration information for the RTMP distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig

property tags

readonly tags: cdk.TagManager;

A complex type that contains zero or more Tag elements.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html#cfn-cloudfront-streamingdistribution-tags

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

class CloudFrontWebDistribution

class CloudFrontWebDistribution extends cdk.Resource implements IDistribution {}

Amazon CloudFront is a global content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to your viewers with low latency and high transfer speeds. CloudFront fronts user provided content and caches it at edge locations across the world.
Here's how you can use this construct:
const sourceBucket = new s3.Bucket(this, 'Bucket'); const distribution = new cloudfront.CloudFrontWebDistribution(this, 'MyDistribution', { originConfigs: [ { s3OriginSource: { s3BucketSource: sourceBucket, }, behaviors : [ {isDefaultBehavior: true}], }, ], });
This will create a CloudFront distribution that uses your S3Bucket as it's origin.
You can customize the distribution using additional properties from the CloudFrontWebDistributionProps interface.
AWS::CloudFront::Distribution

constructor

constructor(scope: Construct, id: string, props: CloudFrontWebDistributionProps);

property distributionDomainName

readonly distributionDomainName: string;

The domain name created by CloudFront for this distribution. If you are using aliases for your distribution, this is the domainName your DNS records should point to. (In Route53, you could create an ALIAS record to this value, for example.)

property distributionId

readonly distributionId: string;

The distribution ID for this distribution.

property domainName

readonly domainName: string;

The domain name created by CloudFront for this distribution. If you are using aliases for your distribution, this is the domainName your DNS records should point to. (In Route53, you could create an ALIAS record to this value, for example.)
Deprecated
- Use distributionDomainName instead.

property loggingBucket

readonly loggingBucket?: s3.IBucket;

The logging bucket for this CloudFront distribution. If logging is not enabled for this distribution - this property will be undefined.

method fromDistributionAttributes

static fromDistributionAttributes: (
    scope: Construct,
    id: string,
    attrs: CloudFrontWebDistributionAttributes
) => IDistribution;

Creates a construct that represents an external (imported) distribution.

class Distribution

class Distribution extends Resource implements IDistribution {}

A CloudFront distribution with associated origin(s) and caching behavior(s).

constructor

constructor(scope: Construct, id: string, props: DistributionProps);

property distributionDomainName

readonly distributionDomainName: string;

property distributionId

readonly distributionId: string;

property domainName

readonly domainName: string;

method addBehavior

addBehavior: (
    pathPattern: string,
    origin: IOrigin,
    behaviorOptions?: AddBehaviorOptions
) => void;

Adds a new behavior to this distribution for the given pathPattern.
Parameter pathPattern
the path pattern (e.g., 'images/*') that specifies which requests to apply the behavior to.
Parameter origin
the origin to use for this behavior
Parameter behaviorOptions
the options for the behavior at this path.

method fromDistributionAttributes

static fromDistributionAttributes: (
    scope: Construct,
    id: string,
    attrs: DistributionAttributes
) => IDistribution;

Creates a Distribution construct that represents an external (imported) distribution.

class Function

class Function extends Resource implements IFunction {}

A CloudFront Function
AWS::CloudFront::Function

constructor

constructor(scope: Construct, id: string, props: FunctionProps);

property functionArn

readonly functionArn: string;

the ARN of the CloudFront function

property functionName

readonly functionName: string;

the name of the CloudFront function

property functionStage

readonly functionStage: string;

the deployment stage of the CloudFront function

method fromFunctionAttributes

static fromFunctionAttributes: (
    scope: Construct,
    id: string,
    attrs: FunctionAttributes
) => IFunction;

Imports a function by its name and ARN

class FunctionCode

abstract class FunctionCode {}

Represents the function's source code

method fromFile

static fromFile: (options: FileCodeOptions) => FunctionCode;

Code from external file for function
Parameter options
the options for the external file
Returns
code object with contents from file.

method fromInline

static fromInline: (code: string) => FunctionCode;

Inline code for function
Parameter code
The actual function code
Returns
code object with inline code.

method render

abstract render: () => string;

renders the function code

class GeoRestriction

class GeoRestriction {}

Controls the countries in which content is distributed.

property locations

readonly locations: string[];

property restrictionType

readonly restrictionType: 'whitelist' | 'blacklist';

method allowlist

static allowlist: (...locations: string[]) => GeoRestriction;

Allow specific countries which you want CloudFront to distribute your content.
Parameter locations
Two-letter, uppercase country code for a country that you want to allow. Include one element for each country. See ISO 3166-1-alpha-2 code on the *International Organization for Standardization* website

method blacklist

static blacklist: (...locations: string[]) => GeoRestriction;

DEPRECATED
Deprecated
use denylist

method denylist

static denylist: (...locations: string[]) => GeoRestriction;

Deny specific countries which you don't want CloudFront to distribute your content.
Parameter locations
Two-letter, uppercase country code for a country that you want to deny. Include one element for each country. See ISO 3166-1-alpha-2 code on the *International Organization for Standardization* website

method whitelist

static whitelist: (...locations: string[]) => GeoRestriction;

DEPRECATED
Deprecated
use allowlist

class KeyGroup

class KeyGroup extends Resource implements IKeyGroup {}

A Key Group configuration
AWS::CloudFront::KeyGroup

constructor

constructor(scope: Construct, id: string, props: KeyGroupProps);

property keyGroupId

readonly keyGroupId: string;

method fromKeyGroupId

static fromKeyGroupId: (
    scope: Construct,
    id: string,
    keyGroupId: string
) => IKeyGroup;

Imports a Key Group from its id.

class OriginAccessIdentity

class OriginAccessIdentity
    extends OriginAccessIdentityBase
    implements IOriginAccessIdentity {}

An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content.
AWS::CloudFront::CloudFrontOriginAccessIdentity

constructor

constructor(scope: Construct, id: string, props?: OriginAccessIdentityProps);

property cloudFrontOriginAccessIdentityS3CanonicalUserId

readonly cloudFrontOriginAccessIdentityS3CanonicalUserId: string;

The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3.

property grantPrincipal

readonly grantPrincipal: iam.IPrincipal;

Derived principal value for bucket access

property originAccessIdentityName

readonly originAccessIdentityName: string;

The Origin Access Identity Name (physical id)

method fromOriginAccessIdentityName

static fromOriginAccessIdentityName: (
    scope: Construct,
    id: string,
    originAccessIdentityName: string
) => IOriginAccessIdentity;

Creates a OriginAccessIdentity by providing the OriginAccessIdentityName

class OriginBase

abstract class OriginBase implements IOrigin {}

Represents a distribution origin, that describes the Amazon S3 bucket, HTTP server (for example, a web server), Amazon MediaStore, or other server from which CloudFront gets your files.

constructor

protected constructor(domainName: string, props?: OriginProps);

method bind

bind: (_scope: Construct, options: OriginBindOptions) => OriginBindConfig;

Binds the origin to the associated Distribution. Can be used to grant permissions, create dependent resources, etc.

method renderCustomOriginConfig

protected renderCustomOriginConfig: () =>
    | CfnDistribution.CustomOriginConfigProperty
    | undefined;

method renderS3OriginConfig

protected renderS3OriginConfig: () =>
    | CfnDistribution.S3OriginConfigProperty
    | undefined;

class OriginRequestCookieBehavior

class OriginRequestCookieBehavior {}

Determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin.

property behavior

readonly behavior: string;

The behavior of cookies: allow all, none or an allow list.

property cookies

readonly cookies?: string[];

The cookies to allow, if the behavior is an allow list.

method all

static all: () => OriginRequestCookieBehavior;

All cookies in viewer requests are included in requests that CloudFront sends to the origin.

method allowList

static allowList: (...cookies: string[]) => OriginRequestCookieBehavior;

Only the provided cookies are included in requests that CloudFront sends to the origin.

method none

static none: () => OriginRequestCookieBehavior;

Cookies in viewer requests are not included in requests that CloudFront sends to the origin. Any cookies that are listed in a CachePolicy are still included in origin requests.

class OriginRequestHeaderBehavior

class OriginRequestHeaderBehavior {}

Determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin.

property behavior

readonly behavior: string;

The behavior of headers: allow all, none or an allow list.

property headers

readonly headers?: string[];

The headers for the allow list or the included CloudFront headers, if applicable.

method all

static all: (...cloudfrontHeaders: string[]) => OriginRequestHeaderBehavior;

All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Additionally, any additional CloudFront headers provided are included; the additional headers are added by CloudFront.
See Also
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-cloudfront-headers.html

method allowList

static allowList: (...headers: string[]) => OriginRequestHeaderBehavior;

Listed headers are included in requests that CloudFront sends to the origin.

method none

static none: () => OriginRequestHeaderBehavior;

HTTP headers are not included in requests that CloudFront sends to the origin. Any headers that are listed in a CachePolicy are still included in origin requests.

class OriginRequestPolicy

class OriginRequestPolicy extends Resource implements IOriginRequestPolicy {}

A Origin Request Policy configuration.
AWS::CloudFront::OriginRequestPolicy

constructor

constructor(scope: Construct, id: string, props?: OriginRequestPolicyProps);

property ALL_VIEWER

static readonly ALL_VIEWER: IOriginRequestPolicy;

This policy includes all values (query strings, headers, and cookies) in the viewer request.

property CORS_CUSTOM_ORIGIN

static readonly CORS_CUSTOM_ORIGIN: IOriginRequestPolicy;

This policy includes the header that enables cross-origin resource sharing (CORS) requests when the origin is a custom origin.

property CORS_S3_ORIGIN

static readonly CORS_S3_ORIGIN: IOriginRequestPolicy;

This policy includes the headers that enable cross-origin resource sharing (CORS) requests when the origin is an Amazon S3 bucket.

property ELEMENTAL_MEDIA_TAILOR

static readonly ELEMENTAL_MEDIA_TAILOR: IOriginRequestPolicy;

This policy is designed for use with an origin that is an AWS Elemental MediaTailor endpoint.

property originRequestPolicyId

readonly originRequestPolicyId: string;

property USER_AGENT_REFERER_HEADERS

static readonly USER_AGENT_REFERER_HEADERS: IOriginRequestPolicy;

This policy includes only the User-Agent and Referer headers. It doesn’t include any query strings or cookies.

method fromOriginRequestPolicyId

static fromOriginRequestPolicyId: (
    scope: Construct,
    id: string,
    originRequestPolicyId: string
) => IOriginRequestPolicy;

Imports a Origin Request Policy from its id.

class OriginRequestQueryStringBehavior

class OriginRequestQueryStringBehavior {}

Determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin.

property behavior

readonly behavior: string;

The behavior of query strings -- allow all, none, or only an allow list.

property queryStrings

readonly queryStrings?: string[];

The query strings to allow, if the behavior is an allow list.

method all

static all: () => OriginRequestQueryStringBehavior;

All query strings in viewer requests are included in requests that CloudFront sends to the origin.

method allowList

static allowList: (
    ...queryStrings: string[]
) => OriginRequestQueryStringBehavior;

Only the provided queryStrings are included in requests that CloudFront sends to the origin.

method none

static none: () => OriginRequestQueryStringBehavior;

Query strings in viewer requests are not included in requests that CloudFront sends to the origin. Any query strings that are listed in a CachePolicy are still included in origin requests.

class PublicKey

class PublicKey extends Resource implements IPublicKey {}

A Public Key Configuration
AWS::CloudFront::PublicKey

constructor

constructor(scope: Construct, id: string, props: PublicKeyProps);

property publicKeyId

readonly publicKeyId: string;

method fromPublicKeyId

static fromPublicKeyId: (
    scope: Construct,
    id: string,
    publicKeyId: string
) => IPublicKey;

Imports a Public Key from its id.

class ResponseHeadersPolicy

class ResponseHeadersPolicy extends Resource implements IResponseHeadersPolicy {}

A Response Headers Policy configuration
AWS::CloudFront::ResponseHeadersPolicy

constructor

constructor(scope: Construct, id: string, props?: ResponseHeadersPolicyProps);

property CORS_ALLOW_ALL_ORIGINS

static readonly CORS_ALLOW_ALL_ORIGINS: IResponseHeadersPolicy;

Use this managed policy to allow simple CORS requests from any origin.

property CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS

static readonly CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS: IResponseHeadersPolicy;

Use this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers.

property CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT

static readonly CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT: IResponseHeadersPolicy;

Use this managed policy to allow CORS requests from any origin, including preflight requests.

property CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS

static readonly CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS: IResponseHeadersPolicy;

Use this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers.

property responseHeadersPolicyId

readonly responseHeadersPolicyId: string;

property SECURITY_HEADERS

static readonly SECURITY_HEADERS: IResponseHeadersPolicy;

Use this managed policy to add a set of security headers to all responses that CloudFront sends to viewers.

method fromResponseHeadersPolicyId

static fromResponseHeadersPolicyId: (
    scope: Construct,
    id: string,
    responseHeadersPolicyId: string
) => IResponseHeadersPolicy;

Import an existing Response Headers Policy from its ID.

class ViewerCertificate

class ViewerCertificate {}

Viewer certificate configuration class

property aliases

readonly aliases: string[];

property props

readonly props: CfnDistribution.ViewerCertificateProperty;

method fromAcmCertificate

static fromAcmCertificate: (
    certificate: certificatemanager.ICertificate,
    options?: ViewerCertificateOptions
) => ViewerCertificate;

Generate an AWS Certificate Manager (ACM) viewer certificate configuration
Parameter certificate
AWS Certificate Manager (ACM) certificate. Your certificate must be located in the us-east-1 (US East (N. Virginia)) region to be accessed by CloudFront
Parameter options
certificate configuration options

method fromCloudFrontDefaultCertificate

static fromCloudFrontDefaultCertificate: (
    ...aliases: string[]
) => ViewerCertificate;

Generate a viewer certifcate configuration using the CloudFront default certificate (e.g. d111111abcdef8.cloudfront.net) and a SecurityPolicyProtocol.TLS_V1 security policy.
Parameter aliases
Alternative CNAME aliases You also must create a CNAME record with your DNS service to route queries

method fromIamCertificate

static fromIamCertificate: (
    iamCertificateId: string,
    options?: ViewerCertificateOptions
) => ViewerCertificate;

Generate an IAM viewer certificate configuration
Parameter iamCertificateId
Identifier of the IAM certificate
Parameter options
certificate configuration options

Interfaces

interface AddBehaviorOptions

interface AddBehaviorOptions {}

Options for adding a new behavior to a Distribution.

property allowedMethods

readonly allowedMethods?: AllowedMethods;

HTTP methods to allow for this behavior.
AllowedMethods.ALLOW_GET_HEAD

property cachedMethods

readonly cachedMethods?: CachedMethods;

HTTP methods to cache for this behavior.
CachedMethods.CACHE_GET_HEAD

property cachePolicy

readonly cachePolicy?: ICachePolicy;

The cache policy for this behavior. The cache policy determines what values are included in the cache key, and the time-to-live (TTL) values for the cache.
See Also
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html. CachePolicy.CACHING_OPTIMIZED

property compress

readonly compress?: boolean;

Whether you want CloudFront to automatically compress certain files for this cache behavior. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html#compressed-content-cloudfront-file-types for file types CloudFront will compress.
true

property edgeLambdas

readonly edgeLambdas?: EdgeLambda[];

The Lambda@Edge functions to invoke before serving the contents.
- no Lambda functions will be invoked
See Also
- https://aws.amazon.com/lambda/edge

property functionAssociations

readonly functionAssociations?: FunctionAssociation[];

The CloudFront functions to invoke before serving the contents.
- no functions will be invoked

property originRequestPolicy

readonly originRequestPolicy?: IOriginRequestPolicy;

The origin request policy for this behavior. The origin request policy determines which values (e.g., headers, cookies) are included in requests that CloudFront sends to the origin.
- none

property responseHeadersPolicy

readonly responseHeadersPolicy?: IResponseHeadersPolicy;

The response headers policy for this behavior. The response headers policy determines which headers are included in responses
- none

property smoothStreaming

readonly smoothStreaming?: boolean;

Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior.
false

property trustedKeyGroups

readonly trustedKeyGroups?: IKeyGroup[];

A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies.
- no KeyGroups are associated with cache behavior
See Also
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html

property viewerProtocolPolicy

readonly viewerProtocolPolicy?: ViewerProtocolPolicy;

The protocol that viewers can use to access the files controlled by this behavior.
ViewerProtocolPolicy.ALLOW_ALL

interface AliasConfiguration

interface AliasConfiguration {}

Configuration for custom domain names
CloudFront can use a custom domain that you provide instead of a "cloudfront.net" domain. To use this feature you must provide the list of additional domains, and the ACM Certificate that CloudFront should use for these additional domains.
Deprecated
see CloudFrontWebDistributionProps#viewerCertificate with ViewerCertificate#acmCertificate

property acmCertRef

readonly acmCertRef: string;

ARN of an AWS Certificate Manager (ACM) certificate.

property names

readonly names: string[];

Domain names on the certificate
Both main domain name and Subject Alternative Names.

property securityPolicy

readonly securityPolicy?: SecurityPolicyProtocol;

The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify.
- SSLv3 if sslMethod VIP, TLSv1 if sslMethod SNI

property sslMethod

readonly sslMethod?: SSLMethod;

How CloudFront should serve HTTPS requests.
See the notes on SSLMethod if you wish to use other SSL termination types.
SSLMethod.SNI
See Also
- https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html

interface Behavior

interface Behavior {}

A CloudFront behavior wrapper.

property allowedMethods

readonly allowedMethods?: CloudFrontAllowedMethods;

The method this CloudFront distribution responds do.
GET_HEAD

property cachedMethods

readonly cachedMethods?: CloudFrontAllowedCachedMethods;

Which methods are cached by CloudFront by default.
GET_HEAD

property compress

readonly compress?: boolean;

If CloudFront should automatically compress some content types.
true

property defaultTtl

readonly defaultTtl?: cdk.Duration;

The default amount of time CloudFront will cache an object.
This value applies only when your custom origin does not add HTTP headers, such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. 86400 (1 day)

property forwardedValues

readonly forwardedValues?: CfnDistribution.ForwardedValuesProperty;

The values CloudFront will forward to the origin when making a request.
none (no cookies - no headers)

property functionAssociations

readonly functionAssociations?: FunctionAssociation[];

The CloudFront functions to invoke before serving the contents.
- no functions will be invoked

property isDefaultBehavior

readonly isDefaultBehavior?: boolean;

If this behavior is the default behavior for the distribution.
You must specify exactly one default distribution per CloudFront distribution. The default behavior is allowed to omit the "path" property.

property lambdaFunctionAssociations

readonly lambdaFunctionAssociations?: LambdaFunctionAssociation[];

Declares associated lambda@edge functions for this distribution behaviour.
No lambda function associated

property maxTtl

readonly maxTtl?: cdk.Duration;

The max amount of time you want objects to stay in the cache before CloudFront queries your origin.
Duration.seconds(31536000) (one year)

property minTtl

readonly minTtl?: cdk.Duration;

The minimum amount of time that you want objects to stay in the cache before CloudFront queries your origin.

property pathPattern

readonly pathPattern?: string;

The path this behavior responds to. Required for all non-default behaviors. (The default behavior implicitly has "*" as the path pattern. )

property trustedKeyGroups

readonly trustedKeyGroups?: IKeyGroup[];

A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies.
- no KeyGroups are associated with cache behavior
See Also
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html

property trustedSigners

readonly trustedSigners?: string[];

Trusted signers is how CloudFront allows you to serve private content. The signers are the account IDs that are allowed to sign cookies/presigned URLs for this distribution.
If you pass a non empty value, all requests for this behavior must be signed (no public access will be allowed)
Deprecated
- We recommend using trustedKeyGroups instead of trustedSigners.

property viewerProtocolPolicy

readonly viewerProtocolPolicy?: ViewerProtocolPolicy;

The viewer policy for this behavior.
- the distribution wide viewer protocol policy will be used

interface BehaviorOptions

interface BehaviorOptions extends AddBehaviorOptions {}

Options for creating a new behavior.

property origin

readonly origin: IOrigin;

The origin that you want CloudFront to route requests to when they match this behavior.

interface CachePolicyProps

interface CachePolicyProps {}

Properties for creating a Cache Policy

property cachePolicyName

readonly cachePolicyName?: string;

A unique name to identify the cache policy. The name must only include '-', '_', or alphanumeric characters. - generated from the id

property comment

readonly comment?: string;

A comment to describe the cache policy. - no comment

property cookieBehavior

readonly cookieBehavior?: CacheCookieBehavior;

Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. CacheCookieBehavior.none()

property defaultTtl

readonly defaultTtl?: Duration;

The default amount of time for objects to stay in the CloudFront cache. Only used when the origin does not send Cache-Control or Expires headers with the object. - The greater of 1 day and ``minTtl``

property enableAcceptEncodingBrotli

readonly enableAcceptEncodingBrotli?: boolean;

Whether to normalize and include the Accept-Encoding header in the cache key when the Accept-Encoding header is 'br'. false

property enableAcceptEncodingGzip

readonly enableAcceptEncodingGzip?: boolean;

Whether to normalize and include the Accept-Encoding header in the cache key when the Accept-Encoding header is 'gzip'. false

property headerBehavior

readonly headerBehavior?: CacheHeaderBehavior;

Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. CacheHeaderBehavior.none()

property maxTtl

readonly maxTtl?: Duration;

The maximum amount of time for objects to stay in the CloudFront cache. CloudFront uses this value only when the origin sends Cache-Control or Expires headers with the object. - The greater of 1 year and ``defaultTtl``

property minTtl

readonly minTtl?: Duration;

The minimum amount of time for objects to stay in the CloudFront cache. Duration.seconds(0)

property queryStringBehavior

readonly queryStringBehavior?: CacheQueryStringBehavior;

Determines whether any query strings are included in the cache key and automatically included in requests that CloudFront sends to the origin. CacheQueryStringBehavior.none()

interface CfnCachePolicyProps

interface CfnCachePolicyProps {}

Properties for defining a CfnCachePolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cachepolicy.html

property cachePolicyConfig

readonly cachePolicyConfig:
    | CfnCachePolicy.CachePolicyConfigProperty
    | cdk.IResolvable;

The cache policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cachepolicy.html#cfn-cloudfront-cachepolicy-cachepolicyconfig

interface CfnCloudFrontOriginAccessIdentityProps

interface CfnCloudFrontOriginAccessIdentityProps {}

Properties for defining a CfnCloudFrontOriginAccessIdentity
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html

property cloudFrontOriginAccessIdentityConfig

readonly cloudFrontOriginAccessIdentityConfig:
    | CfnCloudFrontOriginAccessIdentity.CloudFrontOriginAccessIdentityConfigProperty
    | cdk.IResolvable;

The current configuration information for the identity.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html#cfn-cloudfront-cloudfrontoriginaccessidentity-cloudfrontoriginaccessidentityconfig

interface CfnContinuousDeploymentPolicyProps

interface CfnContinuousDeploymentPolicyProps {}

Properties for defining a CfnContinuousDeploymentPolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-continuousdeploymentpolicy.html

property continuousDeploymentPolicyConfig

readonly continuousDeploymentPolicyConfig:
    | CfnContinuousDeploymentPolicy.ContinuousDeploymentPolicyConfigProperty
    | cdk.IResolvable;

Contains the configuration for a continuous deployment policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-continuousdeploymentpolicy.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig

interface CfnDistributionProps

interface CfnDistributionProps {}

Properties for defining a CfnDistribution
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html

property distributionConfig

readonly distributionConfig:
    | CfnDistribution.DistributionConfigProperty
    | cdk.IResolvable;

The distribution's configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html#cfn-cloudfront-distribution-distributionconfig

property tags

readonly tags?: cdk.CfnTag[];

A complex type that contains zero or more Tag elements.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html#cfn-cloudfront-distribution-tags

interface CfnFunctionProps

interface CfnFunctionProps {}

Properties for defining a CfnFunction
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html

property autoPublish

readonly autoPublish?: boolean | cdk.IResolvable;

A flag that determines whether to automatically publish the function to the LIVE stage when it’s created. To automatically publish to the LIVE stage, set this property to true .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-autopublish

property functionCode

readonly functionCode: string;

The function code. For more information about writing a CloudFront function, see [Writing function code for CloudFront Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/writing-function-code.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functioncode

property functionConfig

readonly functionConfig: CfnFunction.FunctionConfigProperty | cdk.IResolvable;

Contains configuration information about a CloudFront function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functionconfig

property functionMetadata

readonly functionMetadata?:
    | CfnFunction.FunctionMetadataProperty
    | cdk.IResolvable;

Contains metadata about a CloudFront function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functionmetadata

property name

readonly name: string;

A name to identify the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-name

interface CfnKeyGroupProps

interface CfnKeyGroupProps {}

Properties for defining a CfnKeyGroup
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html

property keyGroupConfig

readonly keyGroupConfig: CfnKeyGroup.KeyGroupConfigProperty | cdk.IResolvable;

The key group configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html#cfn-cloudfront-keygroup-keygroupconfig

interface CfnMonitoringSubscriptionProps

interface CfnMonitoringSubscriptionProps {}

Properties for defining a CfnMonitoringSubscription
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html

property distributionId

readonly distributionId: string;

The ID of the distribution that you are enabling metrics for.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html#cfn-cloudfront-monitoringsubscription-distributionid

property monitoringSubscription

readonly monitoringSubscription:
    | CfnMonitoringSubscription.MonitoringSubscriptionProperty
    | cdk.IResolvable;

A subscription configuration for additional CloudWatch metrics.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html#cfn-cloudfront-monitoringsubscription-monitoringsubscription

interface CfnOriginAccessControlProps

interface CfnOriginAccessControlProps {}

Properties for defining a CfnOriginAccessControl
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html

property originAccessControlConfig

readonly originAccessControlConfig:
    | CfnOriginAccessControl.OriginAccessControlConfigProperty
    | cdk.IResolvable;

The origin access control.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig

interface CfnOriginRequestPolicyProps

interface CfnOriginRequestPolicyProps {}

Properties for defining a CfnOriginRequestPolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originrequestpolicy.html

property originRequestPolicyConfig

readonly originRequestPolicyConfig:
    | CfnOriginRequestPolicy.OriginRequestPolicyConfigProperty
    | cdk.IResolvable;

The origin request policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originrequestpolicy.html#cfn-cloudfront-originrequestpolicy-originrequestpolicyconfig

interface CfnPublicKeyProps

interface CfnPublicKeyProps {}

Properties for defining a CfnPublicKey
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html

property publicKeyConfig

readonly publicKeyConfig: CfnPublicKey.PublicKeyConfigProperty | cdk.IResolvable;

Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) , or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html#cfn-cloudfront-publickey-publickeyconfig

interface CfnRealtimeLogConfigProps

interface CfnRealtimeLogConfigProps {}

Properties for defining a CfnRealtimeLogConfig
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html

property endPoints

readonly endPoints:
    | Array<CfnRealtimeLogConfig.EndPointProperty | cdk.IResolvable>
    | cdk.IResolvable;

Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-endpoints

property fields

readonly fields: string[];

A list of fields that are included in each real-time log record. In an API response, the fields are provided in the same order in which they are sent to the Amazon Kinesis data stream.
For more information about fields, see [Real-time log configuration fields](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-fields

property name

readonly name: string;

The unique name of this real-time log configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-name

property samplingRate

readonly samplingRate: number;

The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. The sampling rate is an integer between 1 and 100, inclusive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-samplingrate

interface CfnResponseHeadersPolicyProps

interface CfnResponseHeadersPolicyProps {}

Properties for defining a CfnResponseHeadersPolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html

property responseHeadersPolicyConfig

readonly responseHeadersPolicyConfig:
    | CfnResponseHeadersPolicy.ResponseHeadersPolicyConfigProperty
    | cdk.IResolvable;

A response headers policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig

interface CfnStreamingDistributionProps

interface CfnStreamingDistributionProps {}

Properties for defining a CfnStreamingDistribution
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html

property streamingDistributionConfig

readonly streamingDistributionConfig:
    | CfnStreamingDistribution.StreamingDistributionConfigProperty
    | cdk.IResolvable;

The current configuration information for the RTMP distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig

property tags

readonly tags: cdk.CfnTag[];

A complex type that contains zero or more Tag elements.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html#cfn-cloudfront-streamingdistribution-tags

interface CloudFrontWebDistributionAttributes

interface CloudFrontWebDistributionAttributes {}

Attributes used to import a Distribution.

property distributionId

readonly distributionId: string;

The distribution ID for this distribution.

property domainName

readonly domainName: string;

The generated domain name of the Distribution, such as d111111abcdef8.cloudfront.net.

interface CloudFrontWebDistributionProps

interface CloudFrontWebDistributionProps {}

property aliasConfiguration

readonly aliasConfiguration?: AliasConfiguration;

AliasConfiguration is used to configured CloudFront to respond to requests on custom domain names.
- None.
Deprecated
see CloudFrontWebDistributionProps#viewerCertificate with ViewerCertificate#acmCertificate

property comment

readonly comment?: string;

A comment for this distribution in the CloudFront console.
- No comment is added to distribution.

property defaultRootObject

readonly defaultRootObject?: string;

The default object to serve.
- "index.html" is served.

property enabled

readonly enabled?: boolean;

Enable or disable the distribution.
true

property enableIpV6

readonly enableIpV6?: boolean;

If your distribution should have IPv6 enabled.
true

property errorConfigurations

readonly errorConfigurations?: CfnDistribution.CustomErrorResponseProperty[];

How CloudFront should handle requests that are not successful (eg PageNotFound)
By default, CloudFront does not replace HTTP status codes in the 4xx and 5xx range with custom error messages. CloudFront does not cache HTTP status codes.
- No custom error configuration.

property geoRestriction

readonly geoRestriction?: GeoRestriction;

Controls the countries in which your content is distributed.
No geo restriction

property httpVersion

readonly httpVersion?: HttpVersion;

The max supported HTTP Versions.
HttpVersion.HTTP2

property loggingConfig

readonly loggingConfig?: LoggingConfiguration;

Optional - if we should enable logging. You can pass an empty object ({}) to have us auto create a bucket for logging. Omission of this property indicates no logging is to be enabled.
- no logging is enabled by default.

property originConfigs

readonly originConfigs: SourceConfiguration[];

The origin configurations for this distribution. Behaviors are a part of the origin.

property priceClass

readonly priceClass?: PriceClass;

The price class for the distribution (this impacts how many locations CloudFront uses for your distribution, and billing)
PriceClass.PRICE_CLASS_100 the cheapest option for CloudFront is picked by default.

property viewerCertificate

readonly viewerCertificate?: ViewerCertificate;

Specifies whether you want viewers to use HTTP or HTTPS to request your objects, whether you're using an alternate domain name with HTTPS, and if so, if you're using AWS Certificate Manager (ACM) or a third-party certificate authority.
ViewerCertificate.fromCloudFrontDefaultCertificate()
See Also
- https://aws.amazon.com/premiumsupport/knowledge-center/custom-ssl-certificate-cloudfront/

property viewerProtocolPolicy

readonly viewerProtocolPolicy?: ViewerProtocolPolicy;

The default viewer policy for incoming clients.
RedirectToHTTPs

property webACLId

readonly webACLId?: string;

Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution.
To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a.
To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.
See Also
- https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
- https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CreateDistribution.html#API_CreateDistribution_RequestParameters.
  - No AWS Web Application Firewall web access control list (web ACL).

interface CustomOriginConfig

interface CustomOriginConfig {}

A custom origin configuration

property allowedOriginSSLVersions

readonly allowedOriginSSLVersions?: OriginSslPolicy[];

The SSL versions to use when interacting with the origin.
OriginSslPolicy.TLS_V1_2

property domainName

readonly domainName: string;

The domain name of the custom origin. Should not include the path - that should be in the parent SourceConfiguration

property httpPort

readonly httpPort?: number;

The origin HTTP port
80

property httpsPort

readonly httpsPort?: number;

The origin HTTPS port
443

property originHeaders

readonly originHeaders?: {
    [key: string]: string;
};

Any additional headers to pass to the origin
- No additional headers are passed.

property originKeepaliveTimeout

readonly originKeepaliveTimeout?: cdk.Duration;

The keep alive timeout when making calls in seconds.
Duration.seconds(5)

property originPath

readonly originPath?: string;

The relative path to the origin root to use for sources.
/

property originProtocolPolicy

readonly originProtocolPolicy?: OriginProtocolPolicy;

The protocol (http or https) policy to use when interacting with the origin.
OriginProtocolPolicy.HttpsOnly

property originReadTimeout

readonly originReadTimeout?: cdk.Duration;

The read timeout when calling the origin in seconds
Duration.seconds(30)

property originShieldRegion

readonly originShieldRegion?: string;

When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
- origin shield not enabled

interface DistributionAttributes

interface DistributionAttributes {}

Attributes used to import a Distribution.

property distributionId

readonly distributionId: string;

The distribution ID for this distribution.

property domainName

readonly domainName: string;

The generated domain name of the Distribution, such as d111111abcdef8.cloudfront.net.

interface DistributionProps

interface DistributionProps {}

Properties for a Distribution

property additionalBehaviors

readonly additionalBehaviors?: Record<string, BehaviorOptions>;

Additional behaviors for the distribution, mapped by the pathPattern that specifies which requests to apply the behavior to.
- no additional behaviors are added.

property certificate

readonly certificate?: acm.ICertificate;

A certificate to associate with the distribution. The certificate must be located in N. Virginia (us-east-1).
- the CloudFront wildcard certificate (*.cloudfront.net) will be used.

property comment

readonly comment?: string;

Any comments you want to include about the distribution.
- no comment

property defaultBehavior

readonly defaultBehavior: BehaviorOptions;

The default behavior for the distribution.

property defaultRootObject

readonly defaultRootObject?: string;

The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/).
- no default root object

property domainNames

readonly domainNames?: string[];

Alternative domain names for this distribution.
If you want to use your own domain name, such as www.example.com, instead of the cloudfront.net domain name, you can add an alternate domain name to your distribution. If you attach a certificate to the distribution, you must add (at least one of) the domain names of the certificate to this list.
- The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)

property enabled

readonly enabled?: boolean;

Enable or disable the distribution.
true

property enableIpv6

readonly enableIpv6?: boolean;

Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address.
If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.
true

property enableLogging

readonly enableLogging?: boolean;

Enable access logging for the distribution.
- false, unless logBucket is specified.

property errorResponses

readonly errorResponses?: ErrorResponse[];

How CloudFront should handle requests that are not successful (e.g., PageNotFound).
- No custom error responses.

property geoRestriction

readonly geoRestriction?: GeoRestriction;

Controls the countries in which your content is distributed.
- No geographic restrictions

property httpVersion

readonly httpVersion?: HttpVersion;

Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront.
For viewers and CloudFront to use HTTP/2, viewers must support TLS 1.2 or later, and must support server name identification (SNI).
HttpVersion.HTTP2

property logBucket

readonly logBucket?: s3.IBucket;

The Amazon S3 bucket to store the access logs in.
- A bucket is created if enableLogging is true

property logFilePrefix

readonly logFilePrefix?: string;

An optional string that you want CloudFront to prefix to the access log filenames for this distribution.
- no prefix

property logIncludesCookies

readonly logIncludesCookies?: boolean;

Specifies whether you want CloudFront to include cookies in access logs
false

property minimumProtocolVersion

readonly minimumProtocolVersion?: SecurityPolicyProtocol;

The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify.
- SecurityPolicyProtocol.TLS_V1_2_2021 if the '@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021' feature flag is set; otherwise, SecurityPolicyProtocol.TLS_V1_2_2019.

property priceClass

readonly priceClass?: PriceClass;

The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class.
PriceClass.PRICE_CLASS_ALL

property sslSupportMethod

readonly sslSupportMethod?: SSLMethod;

The SSL method CloudFront will use for your distribution.
Server Name Indication (SNI) - is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate.
CloudFront can use SNI to host multiple distributions on the same IP - which a large majority of clients will support.
If your clients cannot support SNI however - CloudFront can use dedicated IPs for your distribution - but there is a prorated monthly charge for using this feature. By default, we use SNI - but you can optionally enable dedicated IPs (VIP).
See the CloudFront SSL for more details about pricing : https://aws.amazon.com/cloudfront/custom-ssl-domains/
SSLMethod.SNI

property webAclId

readonly webAclId?: string;

Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution.
To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.
See Also
- https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
- https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CreateDistribution.html#API_CreateDistribution_RequestParameters.
  - No AWS Web Application Firewall web access control list (web ACL).

interface EdgeLambda

interface EdgeLambda {}

Represents a Lambda function version and event type when using Lambda@Edge. The type of the AddBehaviorOptions.edgeLambdas property.

property eventType

readonly eventType: LambdaEdgeEventType;

The type of event in response to which should the function be invoked.

property functionVersion

readonly functionVersion: lambda.IVersion;

The version of the Lambda function that will be invoked.
**Note**: it's not possible to use the '$LATEST' function version for Lambda@Edge!

property includeBody

readonly includeBody?: boolean;

Allows a Lambda function to have read access to the body content. Only valid for "request" event types (ORIGIN_REQUEST or VIEWER_REQUEST). See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html
false

interface ErrorResponse

interface ErrorResponse {}

Options for configuring custom error responses.

property httpStatus

readonly httpStatus: number;

The HTTP status code for which you want to specify a custom error page and/or a caching duration.

property responseHttpStatus

readonly responseHttpStatus?: number;

The HTTP status code that you want CloudFront to return to the viewer along with the custom error page.
If you specify a value for responseHttpStatus, you must also specify a value for responsePagePath.
- the error code will be returned as the response code.

property responsePagePath

readonly responsePagePath?: string;

The path to the custom error page that you want CloudFront to return to a viewer when your origin returns the httpStatus, for example, /4xx-errors/403-forbidden.html
- the default CloudFront response is shown.

property ttl

readonly ttl?: Duration;

The minimum amount of time, in seconds, that you want CloudFront to cache the HTTP status code specified in ErrorCode.
- the default caching TTL behavior applies

interface FileCodeOptions

interface FileCodeOptions {}

Options when reading the function's code from an external file

property filePath

readonly filePath: string;

The path of the file to read the code from

interface FunctionAssociation

interface FunctionAssociation {}

Represents a CloudFront function and event type when using CF Functions. The type of the AddBehaviorOptions.functionAssociations property.

property eventType

readonly eventType: FunctionEventType;

The type of event which should invoke the function.

property function

readonly function: IFunction;

The CloudFront function that will be invoked.

interface FunctionAttributes

interface FunctionAttributes {}

Attributes of an existing CloudFront Function to import it

property functionArn

readonly functionArn: string;

The ARN of the function.

property functionName

readonly functionName: string;

The name of the function.

interface FunctionProps

interface FunctionProps {}

Properties for creating a CloudFront Function

property code

readonly code: FunctionCode;

The source code of the function.

property comment

readonly comment?: string;

A comment to describe the function. - same as functionName

property functionName

readonly functionName?: string;

A name to identify the function. - generated from the id

interface ICachePolicy

interface ICachePolicy {}

Represents a Cache Policy

property cachePolicyId

readonly cachePolicyId: string;

The ID of the cache policy

interface IDistribution

interface IDistribution extends IResource {}

Interface for CloudFront distributions

property distributionDomainName

readonly distributionDomainName: string;

The domain name of the Distribution, such as d111111abcdef8.cloudfront.net.

property distributionId

readonly distributionId: string;

The distribution ID for this distribution.

property domainName

readonly domainName: string;

The domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
Deprecated
- Use distributionDomainName instead.

interface IFunction

interface IFunction extends IResource {}

Represents a CloudFront Function

property functionArn

readonly functionArn: string;

The ARN of the function.

property functionName

readonly functionName: string;

The name of the function.

interface IKeyGroup

interface IKeyGroup extends IResource {}

Represents a Key Group

property keyGroupId

readonly keyGroupId: string;

The ID of the key group.

interface IOrigin

interface IOrigin {}

Represents the concept of a CloudFront Origin. You provide one or more origins when creating a Distribution.

method bind

bind: (scope: Construct, options: OriginBindOptions) => OriginBindConfig;

The method called when a given Origin is added (for the first time) to a Distribution.

interface IOriginAccessIdentity

interface IOriginAccessIdentity extends cdk.IResource, iam.IGrantable {}

Interface for CloudFront OriginAccessIdentity

property originAccessIdentityName

readonly originAccessIdentityName: string;

The Origin Access Identity Name

interface IOriginRequestPolicy

interface IOriginRequestPolicy {}

Represents a Origin Request Policy

property originRequestPolicyId

readonly originRequestPolicyId: string;

The ID of the origin request policy

interface IPublicKey

interface IPublicKey extends IResource {}

Represents a Public Key

property publicKeyId

readonly publicKeyId: string;

The ID of the key group.

interface IResponseHeadersPolicy

interface IResponseHeadersPolicy {}

Represents a response headers policy.

property responseHeadersPolicyId

readonly responseHeadersPolicyId: string;

The ID of the response headers policy

interface KeyGroupProps

interface KeyGroupProps {}

Properties for creating a Public Key

property comment

readonly comment?: string;

A comment to describe the key group. - no comment

property items

readonly items: IPublicKey[];

A list of public keys to add to the key group.

property keyGroupName

readonly keyGroupName?: string;

A name to identify the key group. - generated from the id

interface LambdaFunctionAssociation

interface LambdaFunctionAssociation {}

property eventType

readonly eventType: LambdaEdgeEventType;

The lambda event type defines at which event the lambda is called during the request lifecycle

property includeBody

readonly includeBody?: boolean;

Allows a Lambda function to have read access to the body content. Only valid for "request" event types (ORIGIN_REQUEST or VIEWER_REQUEST). See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html
false

property lambdaFunction

readonly lambdaFunction: lambda.IVersion;

A version of the lambda to associate

interface LoggingConfiguration

interface LoggingConfiguration {}

Logging configuration for incoming requests

property bucket

readonly bucket?: s3.IBucket;

Bucket to log requests to
- A logging bucket is automatically created.

property includeCookies

readonly includeCookies?: boolean;

Whether to include the cookies in the logs
false

property prefix

readonly prefix?: string;

Where in the bucket to store logs
- No prefix.

interface OriginAccessIdentityProps

interface OriginAccessIdentityProps {}

Properties of CloudFront OriginAccessIdentity

property comment

readonly comment?: string;

Any comments you want to include about the origin access identity.
"Allows CloudFront to reach the bucket"

interface OriginBindConfig

interface OriginBindConfig {}

The struct returned from IOrigin.bind.

property failoverConfig

readonly failoverConfig?: OriginFailoverConfig;

The failover configuration for this Origin.
- nothing is returned

property originProperty

readonly originProperty?: CfnDistribution.OriginProperty;

The CloudFormation OriginProperty configuration for this Origin.
- nothing is returned

interface OriginBindOptions

interface OriginBindOptions {}

Options passed to Origin.bind().

property originId

readonly originId: string;

The identifier of this Origin, as assigned by the Distribution this Origin has been used added to.

interface OriginFailoverConfig

interface OriginFailoverConfig {}

The failover configuration used for Origin Groups, returned in OriginBindConfig.failoverConfig.

property failoverOrigin

readonly failoverOrigin: IOrigin;

The origin to use as the fallback origin.

property statusCodes

readonly statusCodes?: number[];

The HTTP status codes of the response that trigger querying the failover Origin.
- 500, 502, 503 and 504

interface OriginOptions

interface OriginOptions {}

Options to define an Origin.

property connectionAttempts

readonly connectionAttempts?: number;

The number of times that CloudFront attempts to connect to the origin; valid values are 1, 2, or 3 attempts.
3

property connectionTimeout

readonly connectionTimeout?: Duration;

The number of seconds that CloudFront waits when trying to establish a connection to the origin. Valid values are 1-10 seconds, inclusive.
Duration.seconds(10)

property customHeaders

readonly customHeaders?: Record<string, string>;

A list of HTTP header names and values that CloudFront adds to requests it sends to the origin.
{}

property originShieldRegion

readonly originShieldRegion?: string;

When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
See Also
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
  - origin shield not enabled

interface OriginProps

interface OriginProps extends OriginOptions {}

Properties to define an Origin.

property originPath

readonly originPath?: string;

An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin. Must begin, but not end, with '/' (e.g., '/production/images').
'/'

interface OriginRequestPolicyProps

interface OriginRequestPolicyProps {}

Properties for creating a Origin Request Policy

property comment

readonly comment?: string;

A comment to describe the origin request policy. - no comment

property cookieBehavior

readonly cookieBehavior?: OriginRequestCookieBehavior;

The cookies from viewer requests to include in origin requests. OriginRequestCookieBehavior.none()

property headerBehavior

readonly headerBehavior?: OriginRequestHeaderBehavior;

The HTTP headers to include in origin requests. These can include headers from viewer requests and additional headers added by CloudFront. OriginRequestHeaderBehavior.none()

property originRequestPolicyName

readonly originRequestPolicyName?: string;

A unique name to identify the origin request policy. The name must only include '-', '_', or alphanumeric characters. - generated from the id

property queryStringBehavior

readonly queryStringBehavior?: OriginRequestQueryStringBehavior;

The URL query strings from viewer requests to include in origin requests. OriginRequestQueryStringBehavior.none()

interface PublicKeyProps

interface PublicKeyProps {}

Properties for creating a Public Key

property comment

readonly comment?: string;

A comment to describe the public key. - no comment

property encodedKey

readonly encodedKey: string;

The public key that you can use with signed URLs and signed cookies, or with field-level encryption. The encodedKey parameter must include -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- lines.
See Also
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html

property publicKeyName

readonly publicKeyName?: string;

A name to identify the public key. - generated from the id

interface ResponseCustomHeader

interface ResponseCustomHeader {}

An HTTP response header name and its value. CloudFront includes this header in HTTP responses that it sends for requests that match a cache behavior that’s associated with this response headers policy.

readonly header: string;

The HTTP response header name.

property override

readonly override: boolean;

A Boolean that determines whether CloudFront overrides a response header with the same name received from the origin with the header specified here.

property value

readonly value: string;

The value for the HTTP response header.

interface ResponseCustomHeadersBehavior

interface ResponseCustomHeadersBehavior {}

Configuration for a set of HTTP response headers that are sent for requests that match a cache behavior that’s associated with this response headers policy.

property customHeaders

readonly customHeaders: ResponseCustomHeader[];

The list of HTTP response headers and their values.

interface ResponseHeadersContentSecurityPolicy

interface ResponseHeadersContentSecurityPolicy {}

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

property contentSecurityPolicy

readonly contentSecurityPolicy: string;

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.

property override

readonly override: boolean;

A Boolean that determines whether CloudFront overrides the Content-Security-Policy HTTP response header received from the origin with the one specified in this response headers policy.

interface ResponseHeadersContentTypeOptions

interface ResponseHeadersContentTypeOptions {}

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.

property override

readonly override: boolean;

A Boolean that determines whether CloudFront overrides the X-Content-Type-Options HTTP response header received from the origin with the one specified in this response headers policy.

interface ResponseHeadersCorsBehavior

interface ResponseHeadersCorsBehavior {}

Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.

property accessControlAllowCredentials

readonly accessControlAllowCredentials: boolean;

A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.

property accessControlAllowHeaders

readonly accessControlAllowHeaders: string[];

A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header. You can specify ['*'] to allow all headers.

property accessControlAllowMethods

readonly accessControlAllowMethods: string[];

A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.

property accessControlAllowOrigins

readonly accessControlAllowOrigins: string[];

A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header. You can specify ['*'] to allow all origins.

property accessControlExposeHeaders

readonly accessControlExposeHeaders?: string[];

A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header. You can specify ['*'] to expose all headers.
- no headers exposed

property accessControlMaxAge

readonly accessControlMaxAge?: Duration;

A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.
- no max age

property originOverride

readonly originOverride: boolean;

A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.

interface ResponseHeadersFrameOptions

interface ResponseHeadersFrameOptions {}

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value.

property frameOption

readonly frameOption: HeadersFrameOption;

The value of the X-Frame-Options HTTP response header.

property override

readonly override: boolean;

A Boolean that determines whether CloudFront overrides the X-Frame-Options HTTP response header received from the origin with the one specified in this response headers policy.

interface ResponseHeadersPolicyProps

interface ResponseHeadersPolicyProps {}

Properties for creating a Response Headers Policy

property comment

readonly comment?: string;

A comment to describe the response headers policy.
- no comment

property corsBehavior

readonly corsBehavior?: ResponseHeadersCorsBehavior;

A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
- no cors behavior

property customHeadersBehavior

readonly customHeadersBehavior?: ResponseCustomHeadersBehavior;

A configuration for a set of custom HTTP response headers.
- no custom headers behavior

property responseHeadersPolicyName

readonly responseHeadersPolicyName?: string;

A unique name to identify the response headers policy.
- generated from the id

property securityHeadersBehavior

readonly securityHeadersBehavior?: ResponseSecurityHeadersBehavior;

A configuration for a set of security-related HTTP response headers.
- no security headers behavior

interface ResponseHeadersReferrerPolicy

interface ResponseHeadersReferrerPolicy {}

Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value.

property override

readonly override: boolean;

A Boolean that determines whether CloudFront overrides the Referrer-Policy HTTP response header received from the origin with the one specified in this response headers policy.

property referrerPolicy

readonly referrerPolicy: HeadersReferrerPolicy;

The value of the Referrer-Policy HTTP response header.

interface ResponseHeadersStrictTransportSecurity

interface ResponseHeadersStrictTransportSecurity {}

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.

property accessControlMaxAge

readonly accessControlMaxAge: Duration;

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.

property includeSubdomains

readonly includeSubdomains?: boolean;

A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.
false

property override

readonly override: boolean;

A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.

property preload

readonly preload?: boolean;

A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.
false

interface ResponseHeadersXSSProtection

interface ResponseHeadersXSSProtection {}

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.

property modeBlock

readonly modeBlock?: boolean;

A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
false

property override

readonly override: boolean;

A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.

property protection

readonly protection: boolean;

A Boolean that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.

property reportUri

readonly reportUri?: string;

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header. You cannot specify a ReportUri when ModeBlock is true.
- no report uri

interface ResponseSecurityHeadersBehavior

interface ResponseSecurityHeadersBehavior {}

Configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.

property contentSecurityPolicy

readonly contentSecurityPolicy?: ResponseHeadersContentSecurityPolicy;

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
- no content security policy

property contentTypeOptions

readonly contentTypeOptions?: ResponseHeadersContentTypeOptions;

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
- no content type options

property frameOptions

readonly frameOptions?: ResponseHeadersFrameOptions;

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value.
- no frame options

property referrerPolicy

readonly referrerPolicy?: ResponseHeadersReferrerPolicy;

Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value.
- no referrer policy

property strictTransportSecurity

readonly strictTransportSecurity?: ResponseHeadersStrictTransportSecurity;

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.
- no strict transport security

property xssProtection

readonly xssProtection?: ResponseHeadersXSSProtection;

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.
- no xss protection

interface S3OriginConfig

interface S3OriginConfig {}

S3 origin configuration for CloudFront

property originAccessIdentity

readonly originAccessIdentity?: IOriginAccessIdentity;

The optional Origin Access Identity of the origin identity cloudfront will use when calling your s3 bucket.
No Origin Access Identity which requires the S3 bucket to be public accessible

property originHeaders

readonly originHeaders?: {
    [key: string]: string;
};

Any additional headers to pass to the origin
- No additional headers are passed.

property originPath

readonly originPath?: string;

The relative path to the origin root to use for sources.
/

property originShieldRegion

readonly originShieldRegion?: string;

When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
- origin shield not enabled

property s3BucketSource

readonly s3BucketSource: s3.IBucket;

The source bucket to serve content from

interface SourceConfiguration

interface SourceConfiguration {}

A source configuration is a wrapper for CloudFront origins and behaviors. An origin is what CloudFront will "be in front of" - that is, CloudFront will pull it's assets from an origin.
If you're using s3 as a source - pass the s3Origin property, otherwise, pass the customOriginSource property.
One or the other must be passed, and it is invalid to pass both in the same SourceConfiguration.

property behaviors

readonly behaviors: Behavior[];

The behaviors associated with this source. At least one (default) behavior must be included.

property connectionAttempts

readonly connectionAttempts?: number;

The number of times that CloudFront attempts to connect to the origin. You can specify 1, 2, or 3 as the number of attempts.
3

property connectionTimeout

readonly connectionTimeout?: cdk.Duration;

The number of seconds that CloudFront waits when trying to establish a connection to the origin. You can specify a number of seconds between 1 and 10 (inclusive).
cdk.Duration.seconds(10)

property customOriginSource

readonly customOriginSource?: CustomOriginConfig;

A custom origin source - for all non-s3 sources.

property failoverCriteriaStatusCodes

readonly failoverCriteriaStatusCodes?: FailoverStatusCode[];

HTTP status code to failover to second origin
[500, 502, 503, 504]

property failoverCustomOriginSource

readonly failoverCustomOriginSource?: CustomOriginConfig;

A custom origin source for failover in case the s3OriginSource returns invalid status code
- no failover configuration

property failoverS3OriginSource

readonly failoverS3OriginSource?: S3OriginConfig;

An s3 origin source for failover in case the s3OriginSource returns invalid status code
- no failover configuration

property originHeaders

readonly originHeaders?: {
    [key: string]: string;
};

Any additional headers to pass to the origin
- No additional headers are passed.
Deprecated
Use originHeaders on s3OriginSource or customOriginSource

property originPath

readonly originPath?: string;

The relative path to the origin root to use for sources.
/
Deprecated
Use originPath on s3OriginSource or customOriginSource

property originShieldRegion

readonly originShieldRegion?: string;

When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
See Also
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
  - origin shield not enabled

property s3OriginSource

readonly s3OriginSource?: S3OriginConfig;

An s3 origin source - if you're using s3 for your assets

interface ViewerCertificateOptions

interface ViewerCertificateOptions {}

property aliases

readonly aliases?: string[];

Domain names on the certificate (both main domain name and Subject Alternative names)

property securityPolicy

readonly securityPolicy?: SecurityPolicyProtocol;

The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify.
- SSLv3 if sslMethod VIP, TLSv1 if sslMethod SNI

property sslMethod

readonly sslMethod?: SSLMethod;

How CloudFront should serve HTTPS requests.
See the notes on SSLMethod if you wish to use other SSL termination types.
SSLMethod.SNI
See Also
- https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html

Enums

enum CloudFrontAllowedCachedMethods

enum CloudFrontAllowedCachedMethods {
    GET_HEAD = 'GH',
    GET_HEAD_OPTIONS = 'GHO',
}

Enums for the methods CloudFront can cache.

member GET_HEAD

GET_HEAD = 'GH'

member GET_HEAD_OPTIONS

GET_HEAD_OPTIONS = 'GHO'

enum CloudFrontAllowedMethods

enum CloudFrontAllowedMethods {
    GET_HEAD = 'GH',
    GET_HEAD_OPTIONS = 'GHO',
    ALL = 'ALL',
}

An enum for the supported methods to a CloudFront distribution.

member ALL

ALL = 'ALL'

member GET_HEAD

GET_HEAD = 'GH'

member GET_HEAD_OPTIONS

GET_HEAD_OPTIONS = 'GHO'

enum FailoverStatusCode

enum FailoverStatusCode {
    FORBIDDEN = 403,
    NOT_FOUND = 404,
    INTERNAL_SERVER_ERROR = 500,
    BAD_GATEWAY = 502,
    SERVICE_UNAVAILABLE = 503,
    GATEWAY_TIMEOUT = 504,
}

HTTP status code to failover to second origin

member BAD_GATEWAY

BAD_GATEWAY = 502

Bad Gateway (502)

member FORBIDDEN

FORBIDDEN = 403

Forbidden (403)

member GATEWAY_TIMEOUT

GATEWAY_TIMEOUT = 504

Gateway Timeout (504)

member INTERNAL_SERVER_ERROR

INTERNAL_SERVER_ERROR = 500

Internal Server Error (500)

member NOT_FOUND

NOT_FOUND = 404

Not found (404)

member SERVICE_UNAVAILABLE

SERVICE_UNAVAILABLE = 503

Service Unavailable (503)

enum FunctionEventType

enum FunctionEventType {
    VIEWER_REQUEST = 'viewer-request',
    VIEWER_RESPONSE = 'viewer-response',
}

The type of events that a CloudFront function can be invoked in response to.

member VIEWER_REQUEST

VIEWER_REQUEST = 'viewer-request'

The viewer-request specifies the incoming request

member VIEWER_RESPONSE

VIEWER_RESPONSE = 'viewer-response'

The viewer-response specifies the outgoing response

enum HeadersFrameOption

enum HeadersFrameOption {
    DENY = 'DENY',
    SAMEORIGIN = 'SAMEORIGIN',
}

Enum representing possible values of the X-Frame-Options HTTP response header.

member DENY

DENY = 'DENY'

The page can only be displayed in a frame on the same origin as the page itself.

member SAMEORIGIN

SAMEORIGIN = 'SAMEORIGIN'

The page can only be displayed in a frame on the specified origin.

enum HeadersReferrerPolicy

enum HeadersReferrerPolicy {
    NO_REFERRER = 'no-referrer',
    NO_REFERRER_WHEN_DOWNGRADE = 'no-referrer-when-downgrade',
    ORIGIN = 'origin',
    ORIGIN_WHEN_CROSS_ORIGIN = 'origin-when-cross-origin',
    SAME_ORIGIN = 'same-origin',
    STRICT_ORIGIN = 'strict-origin',
    STRICT_ORIGIN_WHEN_CROSS_ORIGIN = 'strict-origin-when-cross-origin',
    UNSAFE_URL = 'unsafe-url',
}

Enum representing possible values of the Referrer-Policy HTTP response header.

member NO_REFERRER

NO_REFERRER = 'no-referrer'

The referrer policy is not set.

member NO_REFERRER_WHEN_DOWNGRADE

NO_REFERRER_WHEN_DOWNGRADE = 'no-referrer-when-downgrade'

The referrer policy is no-referrer-when-downgrade.

member ORIGIN

ORIGIN = 'origin'

The referrer policy is origin.

member ORIGIN_WHEN_CROSS_ORIGIN

ORIGIN_WHEN_CROSS_ORIGIN = 'origin-when-cross-origin'

The referrer policy is origin-when-cross-origin.

member SAME_ORIGIN

SAME_ORIGIN = 'same-origin'

The referrer policy is same-origin.

member STRICT_ORIGIN

STRICT_ORIGIN = 'strict-origin'

The referrer policy is strict-origin.

member STRICT_ORIGIN_WHEN_CROSS_ORIGIN

STRICT_ORIGIN_WHEN_CROSS_ORIGIN = 'strict-origin-when-cross-origin'

The referrer policy is strict-origin-when-cross-origin.

member UNSAFE_URL

UNSAFE_URL = 'unsafe-url'

The referrer policy is unsafe-url.

enum HttpVersion

enum HttpVersion {
    HTTP1_1 = 'http1.1',
    HTTP2 = 'http2',
}

Maximum HTTP version to support

member HTTP1_1

HTTP1_1 = 'http1.1'

HTTP 1.1

member HTTP2

HTTP2 = 'http2'

HTTP 2

enum LambdaEdgeEventType

enum LambdaEdgeEventType {
    ORIGIN_REQUEST = 'origin-request',
    ORIGIN_RESPONSE = 'origin-response',
    VIEWER_REQUEST = 'viewer-request',
    VIEWER_RESPONSE = 'viewer-response',
}

The type of events that a Lambda@Edge function can be invoked in response to.

member ORIGIN_REQUEST

ORIGIN_REQUEST = 'origin-request'

The origin-request specifies the request to the origin location (e.g. S3)

member ORIGIN_RESPONSE

ORIGIN_RESPONSE = 'origin-response'

The origin-response specifies the response from the origin location (e.g. S3)

member VIEWER_REQUEST

VIEWER_REQUEST = 'viewer-request'

The viewer-request specifies the incoming request

member VIEWER_RESPONSE

VIEWER_RESPONSE = 'viewer-response'

The viewer-response specifies the outgoing response

enum OriginProtocolPolicy

enum OriginProtocolPolicy {
    HTTP_ONLY = 'http-only',
    MATCH_VIEWER = 'match-viewer',
    HTTPS_ONLY = 'https-only',
}

Defines what protocols CloudFront will use to connect to an origin.

member HTTP_ONLY

HTTP_ONLY = 'http-only'

Connect on HTTP only

member HTTPS_ONLY

HTTPS_ONLY = 'https-only'

Connect on HTTPS only

member MATCH_VIEWER

MATCH_VIEWER = 'match-viewer'

Connect with the same protocol as the viewer

enum OriginSslPolicy

enum OriginSslPolicy {
    SSL_V3 = 'SSLv3',
    TLS_V1 = 'TLSv1',
    TLS_V1_1 = 'TLSv1.1',
    TLS_V1_2 = 'TLSv1.2',
}

member SSL_V3

SSL_V3 = 'SSLv3'

member TLS_V1

TLS_V1 = 'TLSv1'

member TLS_V1_1

TLS_V1_1 = 'TLSv1.1'

member TLS_V1_2

TLS_V1_2 = 'TLSv1.2'

enum PriceClass

enum PriceClass {
    PRICE_CLASS_100 = 'PriceClass_100',
    PRICE_CLASS_200 = 'PriceClass_200',
    PRICE_CLASS_ALL = 'PriceClass_All',
}

The price class determines how many edge locations CloudFront will use for your distribution. See https://aws.amazon.com/cloudfront/pricing/ for full list of supported regions.

member PRICE_CLASS_100

PRICE_CLASS_100 = 'PriceClass_100'

USA, Canada, Europe, & Israel

member PRICE_CLASS_200

PRICE_CLASS_200 = 'PriceClass_200'

PRICE_CLASS_100 + South Africa, Kenya, Middle East, Japan, Singapore, South Korea, Taiwan, Hong Kong, & Philippines

member PRICE_CLASS_ALL

PRICE_CLASS_ALL = 'PriceClass_All'

All locations

enum SecurityPolicyProtocol

enum SecurityPolicyProtocol {
    SSL_V3 = 'SSLv3',
    TLS_V1 = 'TLSv1',
    TLS_V1_2016 = 'TLSv1_2016',
    TLS_V1_1_2016 = 'TLSv1.1_2016',
    TLS_V1_2_2018 = 'TLSv1.2_2018',
    TLS_V1_2_2019 = 'TLSv1.2_2019',
    TLS_V1_2_2021 = 'TLSv1.2_2021',
}

The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify.

member SSL_V3

SSL_V3 = 'SSLv3'

member TLS_V1

TLS_V1 = 'TLSv1'

member TLS_V1_1_2016

TLS_V1_1_2016 = 'TLSv1.1_2016'

member TLS_V1_2_2018

TLS_V1_2_2018 = 'TLSv1.2_2018'

member TLS_V1_2_2019

TLS_V1_2_2019 = 'TLSv1.2_2019'

member TLS_V1_2_2021

TLS_V1_2_2021 = 'TLSv1.2_2021'

member TLS_V1_2016

TLS_V1_2016 = 'TLSv1_2016'

enum SSLMethod

enum SSLMethod {
    SNI = 'sni-only',
    VIP = 'vip',
}

The SSL method CloudFront will use for your distribution.
Server Name Indication (SNI) - is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate.
CloudFront can use SNI to host multiple distributions on the same IP - which a large majority of clients will support.
If your clients cannot support SNI however - CloudFront can use dedicated IPs for your distribution - but there is a prorated monthly charge for using this feature. By default, we use SNI - but you can optionally enable dedicated IPs (VIP).
See the CloudFront SSL for more details about pricing : https://aws.amazon.com/cloudfront/custom-ssl-domains/

member SNI

SNI = 'sni-only'

member VIP

VIP = 'vip'

enum ViewerProtocolPolicy

enum ViewerProtocolPolicy {
    HTTPS_ONLY = 'https-only',
    REDIRECT_TO_HTTPS = 'redirect-to-https',
    ALLOW_ALL = 'allow-all',
}

How HTTPs should be handled with your distribution.

member ALLOW_ALL

ALLOW_ALL = 'allow-all'

Both HTTP and HTTPS supported

member HTTPS_ONLY

HTTPS_ONLY = 'https-only'

HTTPS only

member REDIRECT_TO_HTTPS

REDIRECT_TO_HTTPS = 'redirect-to-https'

Will redirect HTTP requests to HTTPS

Namespaces

namespace CfnCachePolicy

namespace CfnCachePolicy {}

interface CachePolicyConfigProperty

interface CachePolicyConfigProperty {}

A cache policy configuration.
This configuration determines the following:
- The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. - The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.
The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use OriginRequestPolicy .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cachepolicyconfig.html

property comment

readonly comment?: string;

A comment to describe the cache policy. The comment cannot be longer than 128 characters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cachepolicyconfig.html#cfn-cloudfront-cachepolicy-cachepolicyconfig-comment

property defaultTtl

readonly defaultTtl: number;

The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. CloudFront uses this value as the object's time to live (TTL) only when the origin does *not* send Cache-Control or Expires headers with the object. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
The default value for this field is 86400 seconds (one day). If the value of MinTTL is more than 86400 seconds, then the default value for this field is the same as the value of MinTTL .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cachepolicyconfig.html#cfn-cloudfront-cachepolicy-cachepolicyconfig-defaultttl

property maxTtl

readonly maxTtl: number;

The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. CloudFront uses this value only when the origin sends Cache-Control or Expires headers with the object. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
The default value for this field is 31536000 seconds (one year). If the value of MinTTL or DefaultTTL is more than 31536000 seconds, then the default value for this field is the same as the value of DefaultTTL .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cachepolicyconfig.html#cfn-cloudfront-cachepolicy-cachepolicyconfig-maxttl

property minTtl

readonly minTtl: number;

The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cachepolicyconfig.html#cfn-cloudfront-cachepolicy-cachepolicyconfig-minttl

property name

readonly name: string;

A unique name to identify the cache policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cachepolicyconfig.html#cfn-cloudfront-cachepolicy-cachepolicyconfig-name

property parametersInCacheKeyAndForwardedToOrigin

readonly parametersInCacheKeyAndForwardedToOrigin:
    | CfnCachePolicy.ParametersInCacheKeyAndForwardedToOriginProperty
    | cdk.IResolvable;

The HTTP headers, cookies, and URL query strings to include in the cache key. The values included in the cache key are also included in requests that CloudFront sends to the origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cachepolicyconfig.html#cfn-cloudfront-cachepolicy-cachepolicyconfig-parametersincachekeyandforwardedtoorigin

interface CookiesConfigProperty

interface CookiesConfigProperty {}

An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and in requests that CloudFront sends to the origin.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cookiesconfig.html

property cookieBehavior

readonly cookieBehavior: string;

Determines whether any cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:
- none – No cookies in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to none , any cookies that are listed in an OriginRequestPolicy *are* included in origin requests. - whitelist – Only the cookies in viewer requests that are listed in the CookieNames type are included in the cache key and in requests that CloudFront sends to the origin. - allExcept – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, **except** for those that are listed in the CookieNames type, which are not included. - all – All cookies in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cookiesconfig.html#cfn-cloudfront-cachepolicy-cookiesconfig-cookiebehavior

property cookies

readonly cookies?: string[];

Contains a list of cookie names.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-cookiesconfig.html#cfn-cloudfront-cachepolicy-cookiesconfig-cookies

interface HeadersConfigProperty

interface HeadersConfigProperty {}

An object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and in requests that CloudFront sends to the origin.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-headersconfig.html

property headerBehavior

readonly headerBehavior: string;

Determines whether any HTTP headers are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:
- none – No HTTP headers are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to none , any headers that are listed in an OriginRequestPolicy *are* included in origin requests. - whitelist – Only the HTTP headers that are listed in the Headers type are included in the cache key and in requests that CloudFront sends to the origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-headersconfig.html#cfn-cloudfront-cachepolicy-headersconfig-headerbehavior

property headers

readonly headers?: string[];

Contains a list of HTTP header names.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-headersconfig.html#cfn-cloudfront-cachepolicy-headersconfig-headers

interface ParametersInCacheKeyAndForwardedToOriginProperty

interface ParametersInCacheKeyAndForwardedToOriginProperty {}

This object determines the values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer.
The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find an object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use OriginRequestPolicy .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin.html

property cookiesConfig

readonly cookiesConfig: CfnCachePolicy.CookiesConfigProperty | cdk.IResolvable;

An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and in requests that CloudFront sends to the origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin.html#cfn-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin-cookiesconfig

property enableAcceptEncodingBrotli

readonly enableAcceptEncodingBrotli?: boolean | cdk.IResolvable;

A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.
This field is related to the EnableAcceptEncodingGzip field. If one or both of these fields is true *and* the viewer request includes the Accept-Encoding header, then CloudFront does the following:
- Normalizes the value of the viewer's Accept-Encoding header - Includes the normalized header in the cache key - Includes the normalized header in the request to the origin, if a request is necessary
For more information, see [Compression support](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-policy-compressed-objects) in the *Amazon CloudFront Developer Guide* .
If you set this value to true , and this cache behavior also has an origin request policy attached, do not include the Accept-Encoding header in the origin request policy. CloudFront always includes the Accept-Encoding header in origin requests when the value of this field is true , so including this header in an origin request policy has no effect.
If both of these fields are false , then CloudFront treats the Accept-Encoding header the same as any other HTTP header in the viewer request. By default, it's not included in the cache key and it's not included in origin requests. In this case, you can manually add Accept-Encoding to the headers whitelist like any other HTTP header.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin.html#cfn-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin-enableacceptencodingbrotli

property enableAcceptEncodingGzip

readonly enableAcceptEncodingGzip: boolean | cdk.IResolvable;

A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.
This field is related to the EnableAcceptEncodingBrotli field. If one or both of these fields is true *and* the viewer request includes the Accept-Encoding header, then CloudFront does the following:
- Normalizes the value of the viewer's Accept-Encoding header - Includes the normalized header in the cache key - Includes the normalized header in the request to the origin, if a request is necessary
For more information, see [Compression support](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-policy-compressed-objects) in the *Amazon CloudFront Developer Guide* .
If you set this value to true , and this cache behavior also has an origin request policy attached, do not include the Accept-Encoding header in the origin request policy. CloudFront always includes the Accept-Encoding header in origin requests when the value of this field is true , so including this header in an origin request policy has no effect.
If both of these fields are false , then CloudFront treats the Accept-Encoding header the same as any other HTTP header in the viewer request. By default, it's not included in the cache key and it's not included in origin requests. In this case, you can manually add Accept-Encoding to the headers whitelist like any other HTTP header.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin.html#cfn-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin-enableacceptencodinggzip

property headersConfig

readonly headersConfig: CfnCachePolicy.HeadersConfigProperty | cdk.IResolvable;

An object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and in requests that CloudFront sends to the origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin.html#cfn-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin-headersconfig

property queryStringsConfig

readonly queryStringsConfig:
    | CfnCachePolicy.QueryStringsConfigProperty
    | cdk.IResolvable;

An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and in requests that CloudFront sends to the origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin.html#cfn-cloudfront-cachepolicy-parametersincachekeyandforwardedtoorigin-querystringsconfig

interface QueryStringsConfigProperty

interface QueryStringsConfigProperty {}

An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and in requests that CloudFront sends to the origin.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-querystringsconfig.html

property queryStringBehavior

readonly queryStringBehavior: string;

Determines whether any URL query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin. Valid values are:
- none – No query strings in viewer requests are included in the cache key or in requests that CloudFront sends to the origin. Even when this field is set to none , any query strings that are listed in an OriginRequestPolicy *are* included in origin requests. - whitelist – Only the query strings in viewer requests that are listed in the QueryStringNames type are included in the cache key and in requests that CloudFront sends to the origin. - allExcept – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin, **except** those that are listed in the QueryStringNames type, which are not included. - all – All query strings in viewer requests are included in the cache key and in requests that CloudFront sends to the origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-querystringsconfig.html#cfn-cloudfront-cachepolicy-querystringsconfig-querystringbehavior

property queryStrings

readonly queryStrings?: string[];

Contains a list of query string names.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cachepolicy-querystringsconfig.html#cfn-cloudfront-cachepolicy-querystringsconfig-querystrings

namespace CfnCloudFrontOriginAccessIdentity

namespace CfnCloudFrontOriginAccessIdentity {}

interface CloudFrontOriginAccessIdentityConfigProperty

interface CloudFrontOriginAccessIdentityConfigProperty {}

Origin access identity configuration. Send a GET request to the / *CloudFront API version* /CloudFront/identity ID/config resource.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cloudfrontoriginaccessidentity-cloudfrontoriginaccessidentityconfig.html

property comment

readonly comment: string;

A comment to describe the origin access identity. The comment cannot be longer than 128 characters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-cloudfrontoriginaccessidentity-cloudfrontoriginaccessidentityconfig.html#cfn-cloudfront-cloudfrontoriginaccessidentity-cloudfrontoriginaccessidentityconfig-comment

namespace CfnContinuousDeploymentPolicy

namespace CfnContinuousDeploymentPolicy {}

interface ContinuousDeploymentPolicyConfigProperty

interface ContinuousDeploymentPolicyConfigProperty {}

Contains the configuration for a continuous deployment policy.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig.html

property enabled

readonly enabled: boolean | cdk.IResolvable;

A Boolean that indicates whether this continuous deployment policy is enabled (in effect). When this value is true , this policy is enabled and in effect. When this value is false , this policy is not enabled and has no effect.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig-enabled

property stagingDistributionDnsNames

readonly stagingDistributionDnsNames: string[];

The CloudFront domain name of the staging distribution. For example: d111111abcdef8.cloudfront.net .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig-stagingdistributiondnsnames

property trafficConfig

readonly trafficConfig?:
    | CfnContinuousDeploymentPolicy.TrafficConfigProperty
    | cdk.IResolvable;

Contains the parameters for routing production traffic from your primary to staging distributions.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig-trafficconfig

interface SessionStickinessConfigProperty

interface SessionStickinessConfigProperty {}

Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to your staging distribution, while others are sent to your primary distribution. Define the session duration using TTL values.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-sessionstickinessconfig.html

property idleTtl

readonly idleTtl: number;

The amount of time after which you want sessions to cease if no requests are received. Allowed values are 300–3600 seconds (5–60 minutes).
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-sessionstickinessconfig.html#cfn-cloudfront-continuousdeploymentpolicy-sessionstickinessconfig-idlettl

property maximumTtl

readonly maximumTtl: number;

The maximum amount of time to consider requests from the viewer as being part of the same session. Allowed values are 300–3600 seconds (5–60 minutes).
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-sessionstickinessconfig.html#cfn-cloudfront-continuousdeploymentpolicy-sessionstickinessconfig-maximumttl

interface SingleHeaderConfigProperty

interface SingleHeaderConfigProperty {}

Determines which HTTP requests are sent to the staging distribution.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleheaderconfig.html

readonly header: string;

The request header name that you want CloudFront to send to your staging distribution. The header must contain the prefix aws-cf-cd- .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleheaderconfig.html#cfn-cloudfront-continuousdeploymentpolicy-singleheaderconfig-header

property value

readonly value: string;

The request header value.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleheaderconfig.html#cfn-cloudfront-continuousdeploymentpolicy-singleheaderconfig-value

interface SingleWeightConfigProperty

interface SingleWeightConfigProperty {}

This configuration determines the percentage of HTTP requests that are sent to the staging distribution.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleweightconfig.html

property sessionStickinessConfig

readonly sessionStickinessConfig?:
    | CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty
    | cdk.IResolvable;

Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to your staging distribution, while others are sent to your primary distribution. Define the session duration using TTL values.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleweightconfig.html#cfn-cloudfront-continuousdeploymentpolicy-singleweightconfig-sessionstickinessconfig

property weight

readonly weight: number;

The percentage of traffic to send to a staging distribution, expressed as a decimal number between 0 and .15.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-singleweightconfig.html#cfn-cloudfront-continuousdeploymentpolicy-singleweightconfig-weight

interface TrafficConfigProperty

interface TrafficConfigProperty {}

The traffic configuration of your continuous deployment.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-trafficconfig.html

property singleHeaderConfig

readonly singleHeaderConfig?:
    | CfnContinuousDeploymentPolicy.SingleHeaderConfigProperty
    | cdk.IResolvable;

Determines which HTTP requests are sent to the staging distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-trafficconfig.html#cfn-cloudfront-continuousdeploymentpolicy-trafficconfig-singleheaderconfig

property singleWeightConfig

readonly singleWeightConfig?:
    | CfnContinuousDeploymentPolicy.SingleWeightConfigProperty
    | cdk.IResolvable;

Contains the percentage of traffic to send to the staging distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-trafficconfig.html#cfn-cloudfront-continuousdeploymentpolicy-trafficconfig-singleweightconfig

property type

readonly type: string;

The type of traffic configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-continuousdeploymentpolicy-trafficconfig.html#cfn-cloudfront-continuousdeploymentpolicy-trafficconfig-type

namespace CfnDistribution

namespace CfnDistribution {}

interface CacheBehaviorProperty

interface CacheBehaviorProperty {}

A complex type that describes how CloudFront processes requests.
You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used.
For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see [Quotas](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) in the *Amazon CloudFront Developer Guide* .
If you don't want to specify any cache behaviors, include only an empty CacheBehaviors element. Don't include an empty CacheBehavior element because this is invalid.
To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty CacheBehaviors element.
To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution.
For more information about cache behaviors, see [Cache Behavior Settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesCacheBehavior) in the *Amazon CloudFront Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html

property allowedMethods

readonly allowedMethods?: string[];

A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. There are three choices:
- CloudFront forwards only GET and HEAD requests. - CloudFront forwards only GET , HEAD , and OPTIONS requests. - CloudFront forwards GET, HEAD, OPTIONS, PUT, PATCH, POST , and DELETE requests.
If you pick the third choice, you may need to restrict access to your Amazon S3 bucket or to your custom origin so users can't perform operations that you don't want them to. For example, you might not want users to have permissions to delete objects from your origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-allowedmethods

property cachedMethods

readonly cachedMethods?: string[];

A complex type that controls whether CloudFront caches the response to requests using the specified HTTP methods. There are two choices:
- CloudFront caches responses to GET and HEAD requests. - CloudFront caches responses to GET , HEAD , and OPTIONS requests.
If you pick the second choice for your Amazon S3 Origin, you may need to forward Access-Control-Request-Method, Access-Control-Request-Headers, and Origin headers for the responses to be cached correctly.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-cachedmethods

property cachePolicyId

readonly cachePolicyId?: string;

The unique identifier of the cache policy that is attached to this cache behavior. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
A CacheBehavior must include either a CachePolicyId or ForwardedValues . We recommend that you use a CachePolicyId .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-cachepolicyid

property compress

readonly compress?: boolean | cdk.IResolvable;

Whether you want CloudFront to automatically compress certain files for this cache behavior. If so, specify true; if not, specify false. For more information, see [Serving Compressed Files](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-compress

property defaultTtl

readonly defaultTtl?: number;

This field is deprecated. We recommend that you use the DefaultTTL field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age , Cache-Control s-maxage , and Expires to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-defaultttl

property fieldLevelEncryptionId

readonly fieldLevelEncryptionId?: string;

The value of ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for this cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-fieldlevelencryptionid

property forwardedValues

readonly forwardedValues?:
    | CfnDistribution.ForwardedValuesProperty
    | cdk.IResolvable;

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. For more information, see [Working with policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/working-with-policies.html) in the *Amazon CloudFront Developer Guide* .
If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) or [Using the managed origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html) in the *Amazon CloudFront Developer Guide* .
A CacheBehavior must include either a CachePolicyId or ForwardedValues . We recommend that you use a CachePolicyId .
A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-forwardedvalues

property functionAssociations

readonly functionAssociations?:
    | Array<CfnDistribution.FunctionAssociationProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of CloudFront functions that are associated with this cache behavior. CloudFront functions must be published to the LIVE stage to associate them with a cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-functionassociations

property lambdaFunctionAssociations

readonly lambdaFunctionAssociations?:
    | Array<CfnDistribution.LambdaFunctionAssociationProperty | cdk.IResolvable>
    | cdk.IResolvable;

A complex type that contains zero or more Lambda@Edge function associations for a cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-lambdafunctionassociations

property maxTtl

readonly maxTtl?: number;

This field is deprecated. We recommend that you use the MaxTTL field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age , Cache-Control s-maxage , and Expires to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-maxttl

property minTtl

readonly minTtl?: number;

This field is deprecated. We recommend that you use the MinTTL field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
You must specify 0 for MinTTL if you configure CloudFront to forward all headers to your origin (under Headers , if you specify 1 for Quantity and * for Name ).
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-minttl

property originRequestPolicyId

readonly originRequestPolicyId?: string;

The unique identifier of the origin request policy that is attached to this cache behavior. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) or [Using the managed origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-originrequestpolicyid

property pathPattern

readonly pathPattern: string;

The pattern (for example, images/*.jpg ) that specifies which requests to apply the behavior to. When CloudFront receives a viewer request, the requested path is compared with path patterns in the order in which cache behaviors are listed in the distribution.
> You can optionally include a slash ( / ) at the beginning of the path pattern. For example, /images/*.jpg . CloudFront behavior is the same with or without the leading / .
The path pattern for the default cache behavior is * and cannot be changed. If the request for an object does not match the path pattern for any cache behaviors, CloudFront applies the behavior in the default cache behavior.
For more information, see [Path Pattern](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesPathPattern) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-pathpattern

property realtimeLogConfigArn

readonly realtimeLogConfigArn?: string;

The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior. For more information, see [Real-time logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-realtimelogconfigarn

property responseHeadersPolicyId

readonly responseHeadersPolicyId?: string;

The identifier for a response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-responseheaderspolicyid

property smoothStreaming

readonly smoothStreaming?: boolean | cdk.IResolvable;

Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true ; if not, specify false . If you specify true for SmoothStreaming , you can still distribute other content using this cache behavior if the content matches the value of PathPattern .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-smoothstreaming

property targetOriginId

readonly targetOriginId: string;

The value of ID for the origin that you want CloudFront to route requests to when they match this cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-targetoriginid

property trustedKeyGroups

readonly trustedKeyGroups?: string[];

A list of key groups that CloudFront can use to validate signed URLs or signed cookies.
When a cache behavior contains trusted key groups, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with a private key whose corresponding public key is in the key group. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-trustedkeygroups

property trustedSigners

readonly trustedSigners?: string[];

> We recommend using TrustedKeyGroups instead of TrustedSigners .
A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in the trusted signer's AWS account . The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-trustedsigners

property viewerProtocolPolicy

readonly viewerProtocolPolicy: string;

The protocol that viewers can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern . You can specify the following options:
- allow-all : Viewers can use HTTP or HTTPS. - redirect-to-https : If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL. - https-only : If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
For more information about requiring the HTTPS protocol, see [Requiring HTTPS Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html) in the *Amazon CloudFront Developer Guide* .
> The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see [Managing Cache Expiration](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cachebehavior.html#cfn-cloudfront-distribution-cachebehavior-viewerprotocolpolicy

interface CookiesProperty

interface CookiesProperty {}

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include cookies in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
A complex type that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. For more information about forwarding cookies to the origin, see [How CloudFront Forwards, Caches, and Logs Cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html) in the *Amazon CloudFront Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cookies.html

property forward

readonly forward: string;

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include cookies in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
If you want to send cookies to the origin but not include them in the cache key, use origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
Specifies which cookies to forward to the origin for this cache behavior: all, none, or the list of cookies specified in the WhitelistedNames complex type.
Amazon S3 doesn't process cookies. When the cache behavior is forwarding requests to an Amazon S3 origin, specify none for the Forward element.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cookies.html#cfn-cloudfront-distribution-cookies-forward

property whitelistedNames

readonly whitelistedNames?: string[];

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include cookies in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
Required if you specify whitelist for the value of Forward . A complex type that specifies how many different cookies you want CloudFront to forward to the origin for this cache behavior and, if you want to forward selected cookies, the names of those cookies.
If you specify all or none for the value of Forward , omit WhitelistedNames . If you change the value of Forward from whitelist to all or none and you don't delete the WhitelistedNames element and its child elements, CloudFront deletes them automatically.
For the current limit on the number of cookie names that you can whitelist for each cache behavior, see [CloudFront Limits](https://docs.aws.amazon.com/general/latest/gr/xrefaws_service_limits.html#limits_cloudfront) in the *AWS General Reference* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-cookies.html#cfn-cloudfront-distribution-cookies-whitelistednames

interface CustomErrorResponseProperty

interface CustomErrorResponseProperty {}

A complex type that controls:
- Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. - How long CloudFront caches HTTP status codes in the 4xx and 5xx range.
For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html

property errorCachingMinTtl

readonly errorCachingMinTtl?: number;

The minimum amount of time, in seconds, that you want CloudFront to cache the HTTP status code specified in ErrorCode . When this time period has elapsed, CloudFront queries your origin to see whether the problem that caused the error has been resolved and the requested object is now available.
For more information, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html#cfn-cloudfront-distribution-customerrorresponse-errorcachingminttl

property errorCode

readonly errorCode: number;

The HTTP status code for which you want to specify a custom error page and/or a caching duration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html#cfn-cloudfront-distribution-customerrorresponse-errorcode

property responseCode

readonly responseCode?: number;

The HTTP status code that you want CloudFront to return to the viewer along with the custom error page. There are a variety of reasons that you might want CloudFront to return a status code different from the status code that your origin returned to CloudFront, for example:
- Some Internet devices (some firewalls and corporate proxies, for example) intercept HTTP 4xx and 5xx and prevent the response from being returned to the viewer. If you substitute 200 , the response typically won't be intercepted. - If you don't care about distinguishing among different client errors or server errors, you can specify 400 or 500 as the ResponseCode for all 4xx or 5xx errors. - You might want to return a 200 status code (OK) and static website so your customers don't know that your website is down.
If you specify a value for ResponseCode , you must also specify a value for ResponsePagePath .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html#cfn-cloudfront-distribution-customerrorresponse-responsecode

property responsePagePath

readonly responsePagePath?: string;

The path to the custom error page that you want CloudFront to return to a viewer when your origin returns the HTTP status code specified by ErrorCode , for example, /4xx-errors/403-forbidden.html . If you want to store your objects and your custom error pages in different locations, your distribution must include a cache behavior for which the following is true:
- The value of PathPattern matches the path to your custom error messages. For example, suppose you saved custom error pages for 4xx errors in an Amazon S3 bucket in a directory named /4xx-errors . Your distribution must include a cache behavior for which the path pattern routes requests for your custom error pages to that location, for example, /4xx-errors/* . - The value of TargetOriginId specifies the value of the ID element for the origin that contains your custom error pages.
If you specify a value for ResponsePagePath , you must also specify a value for ResponseCode .
We recommend that you store custom error pages in an Amazon S3 bucket. If you store custom error pages on an HTTP server and the server starts to return 5xx errors, CloudFront can't get the files that you want to return to viewers because the origin server is unavailable.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html#cfn-cloudfront-distribution-customerrorresponse-responsepagepath

interface CustomOriginConfigProperty

interface CustomOriginConfigProperty {}

A custom origin. A custom origin is any origin that is *not* an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is [configured with static website hosting](https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html) *is* a custom origin.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html

property httpPort

readonly httpPort?: number;

The HTTP port that CloudFront uses to connect to the origin. Specify the HTTP port that the origin listens on.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html#cfn-cloudfront-distribution-customoriginconfig-httpport

property httpsPort

readonly httpsPort?: number;

The HTTPS port that CloudFront uses to connect to the origin. Specify the HTTPS port that the origin listens on.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html#cfn-cloudfront-distribution-customoriginconfig-httpsport

property originKeepaliveTimeout

readonly originKeepaliveTimeout?: number;

Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 5 seconds.
For more information, see [Origin Keep-alive Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html#cfn-cloudfront-distribution-customoriginconfig-originkeepalivetimeout

property originProtocolPolicy

readonly originProtocolPolicy: string;

Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin. Valid values are:
- http-only – CloudFront always uses HTTP to connect to the origin. - match-viewer – CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront. - https-only – CloudFront always uses HTTPS to connect to the origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html#cfn-cloudfront-distribution-customoriginconfig-originprotocolpolicy

property originReadTimeout

readonly originReadTimeout?: number;

Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout* . The minimum timeout is 1 second, the maximum is 60 seconds, and the default (if you don't specify otherwise) is 30 seconds.
For more information, see [Origin Response Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html#cfn-cloudfront-distribution-customoriginconfig-originreadtimeout

property originSslProtocols

readonly originSslProtocols?: string[];

Specifies the minimum SSL/TLS protocol that CloudFront uses when connecting to your origin over HTTPS. Valid values include SSLv3 , TLSv1 , TLSv1.1 , and TLSv1.2 .
For more information, see [Minimum Origin SSL Protocol](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginSSLProtocols) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customoriginconfig.html#cfn-cloudfront-distribution-customoriginconfig-originsslprotocols

interface DefaultCacheBehaviorProperty

interface DefaultCacheBehaviorProperty {}

A complex type that describes the default cache behavior if you don't specify a CacheBehavior element or if request URLs don't match any of the values of PathPattern in CacheBehavior elements. You must create exactly one default cache behavior.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html

property allowedMethods

readonly allowedMethods?: string[];

A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. There are three choices:
- CloudFront forwards only GET and HEAD requests. - CloudFront forwards only GET , HEAD , and OPTIONS requests. - CloudFront forwards GET, HEAD, OPTIONS, PUT, PATCH, POST , and DELETE requests.
If you pick the third choice, you may need to restrict access to your Amazon S3 bucket or to your custom origin so users can't perform operations that you don't want them to. For example, you might not want users to have permissions to delete objects from your origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-allowedmethods

property cachedMethods

readonly cachedMethods?: string[];

A complex type that controls whether CloudFront caches the response to requests using the specified HTTP methods. There are two choices:
- CloudFront caches responses to GET and HEAD requests. - CloudFront caches responses to GET , HEAD , and OPTIONS requests.
If you pick the second choice for your Amazon S3 Origin, you may need to forward Access-Control-Request-Method, Access-Control-Request-Headers, and Origin headers for the responses to be cached correctly.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-cachedmethods

property cachePolicyId

readonly cachePolicyId?: string;

The unique identifier of the cache policy that is attached to the default cache behavior. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
A DefaultCacheBehavior must include either a CachePolicyId or ForwardedValues . We recommend that you use a CachePolicyId .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-cachepolicyid

property compress

readonly compress?: boolean | cdk.IResolvable;

Whether you want CloudFront to automatically compress certain files for this cache behavior. If so, specify true ; if not, specify false . For more information, see [Serving Compressed Files](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-compress

property defaultTtl

readonly defaultTtl?: number;

This field is deprecated. We recommend that you use the DefaultTTL field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age , Cache-Control s-maxage , and Expires to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-defaultttl

property fieldLevelEncryptionId

readonly fieldLevelEncryptionId?: string;

The value of ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for the default cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-fieldlevelencryptionid

property forwardedValues

readonly forwardedValues?:
    | CfnDistribution.ForwardedValuesProperty
    | cdk.IResolvable;

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. For more information, see [Working with policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/working-with-policies.html) in the *Amazon CloudFront Developer Guide* .
If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) or [Using the managed origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html) in the *Amazon CloudFront Developer Guide* .
A DefaultCacheBehavior must include either a CachePolicyId or ForwardedValues . We recommend that you use a CachePolicyId .
A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-forwardedvalues

property functionAssociations

readonly functionAssociations?:
    | Array<CfnDistribution.FunctionAssociationProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of CloudFront functions that are associated with this cache behavior. CloudFront functions must be published to the LIVE stage to associate them with a cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-functionassociations

property lambdaFunctionAssociations

readonly lambdaFunctionAssociations?:
    | Array<CfnDistribution.LambdaFunctionAssociationProperty | cdk.IResolvable>
    | cdk.IResolvable;

A complex type that contains zero or more Lambda@Edge function associations for a cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-lambdafunctionassociations

property maxTtl

readonly maxTtl?: number;

This field is deprecated. We recommend that you use the MaxTTL field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age , Cache-Control s-maxage , and Expires to objects. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-maxttl

property minTtl

readonly minTtl?: number;

This field is deprecated. We recommend that you use the MinTTL field in a cache policy instead of this field. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) or [Using the managed cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html) in the *Amazon CloudFront Developer Guide* .
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see [Managing How Long Content Stays in an Edge Cache (Expiration)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
You must specify 0 for MinTTL if you configure CloudFront to forward all headers to your origin (under Headers , if you specify 1 for Quantity and * for Name ).
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-minttl

property originRequestPolicyId

readonly originRequestPolicyId?: string;

The unique identifier of the origin request policy that is attached to the default cache behavior. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) or [Using the managed origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-origin-request-policies.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-originrequestpolicyid

property realtimeLogConfigArn

readonly realtimeLogConfigArn?: string;

The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior. For more information, see [Real-time logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-realtimelogconfigarn

property responseHeadersPolicyId

readonly responseHeadersPolicyId?: string;

The identifier for a response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-responseheaderspolicyid

property smoothStreaming

readonly smoothStreaming?: boolean | cdk.IResolvable;

Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true ; if not, specify false . If you specify true for SmoothStreaming , you can still distribute other content using this cache behavior if the content matches the value of PathPattern .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-smoothstreaming

property targetOriginId

readonly targetOriginId: string;

The value of ID for the origin that you want CloudFront to route requests to when they use the default cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-targetoriginid

property trustedKeyGroups

readonly trustedKeyGroups?: string[];

A list of key groups that CloudFront can use to validate signed URLs or signed cookies.
When a cache behavior contains trusted key groups, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with a private key whose corresponding public key is in the key group. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-trustedkeygroups

property trustedSigners

readonly trustedSigners?: string[];

> We recommend using TrustedKeyGroups instead of TrustedSigners .
A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer's AWS account . The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-trustedsigners

property viewerProtocolPolicy

readonly viewerProtocolPolicy: string;

The protocol that viewers can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern . You can specify the following options:
- allow-all : Viewers can use HTTP or HTTPS. - redirect-to-https : If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL. - https-only : If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
For more information about requiring the HTTPS protocol, see [Requiring HTTPS Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-viewers-to-cloudfront.html) in the *Amazon CloudFront Developer Guide* .
> The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see [Managing Cache Expiration](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-defaultcachebehavior.html#cfn-cloudfront-distribution-defaultcachebehavior-viewerprotocolpolicy

interface DistributionConfigProperty

interface DistributionConfigProperty {}

A distribution configuration.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html

property aliases

readonly aliases?: string[];

A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-aliases

property cacheBehaviors

readonly cacheBehaviors?:
    | Array<CfnDistribution.CacheBehaviorProperty | cdk.IResolvable>
    | cdk.IResolvable;

A complex type that contains zero or more CacheBehavior elements.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-cachebehaviors

property cnamEs

readonly cnamEs?: string[];

CfnDistribution.DistributionConfigProperty.CNAMEs
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-cnames

property comment

readonly comment?: string;

A comment to describe the distribution. The comment cannot be longer than 128 characters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-comment

property continuousDeploymentPolicyId

readonly continuousDeploymentPolicyId?: string;

The identifier of a continuous deployment policy. For more information, see CreateContinuousDeploymentPolicy .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-continuousdeploymentpolicyid

property customErrorResponses

readonly customErrorResponses?:
    | Array<CfnDistribution.CustomErrorResponseProperty | cdk.IResolvable>
    | cdk.IResolvable;

A complex type that controls the following:
- Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. - How long CloudFront caches HTTP status codes in the 4xx and 5xx range.
For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-customerrorresponses

property customOrigin

readonly customOrigin?:
    | CfnDistribution.LegacyCustomOriginProperty
    | cdk.IResolvable;

CfnDistribution.DistributionConfigProperty.CustomOrigin
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-customorigin

property defaultCacheBehavior

readonly defaultCacheBehavior:
    | CfnDistribution.DefaultCacheBehaviorProperty
    | cdk.IResolvable;

A complex type that describes the default cache behavior if you don't specify a CacheBehavior element or if files don't match any of the values of PathPattern in CacheBehavior elements. You must create exactly one default cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-defaultcachebehavior

property defaultRootObject

readonly defaultRootObject?: string;

The object that you want CloudFront to request from your origin (for example, index.html ) when a viewer requests the root URL for your distribution ( https://www.example.com ) instead of an object in your distribution ( https://www.example.com/product-description.html ). Specifying a default root object avoids exposing the contents of your distribution.
Specify only the object name, for example, index.html . Don't add a / before the object name.
If you don't want to specify a default root object when you create a distribution, include an empty DefaultRootObject element.
To delete the default root object from an existing distribution, update the distribution configuration and include an empty DefaultRootObject element.
To replace the default root object, update the distribution configuration and specify the new object.
For more information about the default root object, see [Creating a Default Root Object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-defaultrootobject

property enabled

readonly enabled: boolean | cdk.IResolvable;

From this field, you can enable or disable the selected distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-enabled

property httpVersion

readonly httpVersion?: string;

(Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate with CloudFront . The default value for new distributions is http1.1 .
For viewers and CloudFront to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI).
For viewers and CloudFront to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CloudFront supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see [Connection Migration](https://docs.aws.amazon.com/https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration) at RFC 9000. For more information about supported TLSv1.3 ciphers, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-httpversion

property ipv6Enabled

readonly ipv6Enabled?: boolean | cdk.IResolvable;

If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true . If you specify false , CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.
In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see [Creating a Signed URL Using a Custom Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) in the *Amazon CloudFront Developer Guide* .
If you're using an Amazon Route 53 AWS Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:
- You enable IPv6 for the distribution - You're using alternate domain names in the URLs for your objects
For more information, see [Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) in the *Amazon Route 53 AWS Integration Developer Guide* .
If you created a CNAME resource record set, either with Amazon Route 53 AWS Integration or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-ipv6enabled

property logging

readonly logging?: CfnDistribution.LoggingProperty | cdk.IResolvable;

A complex type that controls whether access logs are written for the distribution.
For more information about logging, see [Access Logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-logging

property originGroups

readonly originGroups?: CfnDistribution.OriginGroupsProperty | cdk.IResolvable;

A complex type that contains information about origin groups for this distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-origingroups

property origins

readonly origins?:
    | Array<CfnDistribution.OriginProperty | cdk.IResolvable>
    | cdk.IResolvable;

A complex type that contains information about origins for this distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-origins

property priceClass

readonly priceClass?: string;

The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All , CloudFront responds to requests for your objects from all CloudFront edge locations.
If you specify a price class other than PriceClass_All , CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance.
For more information about price classes, see [Choosing the Price Class for a CloudFront Distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PriceClass.html) in the *Amazon CloudFront Developer Guide* . For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see [Amazon CloudFront Pricing](https://docs.aws.amazon.com/cloudfront/pricing/) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-priceclass

property restrictions

readonly restrictions?: CfnDistribution.RestrictionsProperty | cdk.IResolvable;

A complex type that identifies ways in which you want to restrict distribution of your content.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-restrictions

property s3Origin

readonly s3Origin?: CfnDistribution.LegacyS3OriginProperty | cdk.IResolvable;

CfnDistribution.DistributionConfigProperty.S3Origin
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-s3origin

property staging

readonly staging?: boolean | cdk.IResolvable;

A Boolean that indicates whether this is a staging distribution. When this value is true , this is a staging distribution. When this value is false , this is not a staging distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-staging

property viewerCertificate

readonly viewerCertificate?:
    | CfnDistribution.ViewerCertificateProperty
    | cdk.IResolvable;

A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-viewercertificate

property webAclId

readonly webAclId?: string;

A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF , use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a . To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a .
AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about AWS WAF , see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-webaclid

interface ForwardedValuesProperty

interface ForwardedValuesProperty {}

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include values in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-forwardedvalues.html

property cookies

readonly cookies?: CfnDistribution.CookiesProperty | cdk.IResolvable;

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include cookies in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
A complex type that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. For more information about forwarding cookies to the origin, see [How CloudFront Forwards, Caches, and Logs Cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Cookies.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-forwardedvalues.html#cfn-cloudfront-distribution-forwardedvalues-cookies

property headers

readonly headers?: string[];

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include headers in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
If you want to send headers to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
A complex type that specifies the Headers , if any, that you want CloudFront to forward to the origin for this cache behavior (whitelisted headers). For the headers that you specify, CloudFront also caches separate versions of a specified object that is based on the header values in viewer requests.
For more information, see [Caching Content Based on Request Headers](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/header-caching.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-forwardedvalues.html#cfn-cloudfront-distribution-forwardedvalues-headers

property queryString

readonly queryString: boolean | cdk.IResolvable;

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include query strings in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
If you want to send query strings to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior and cache based on the query string parameters. CloudFront behavior depends on the value of QueryString and on the values that you specify for QueryStringCacheKeys , if any:
If you specify true for QueryString and you don't specify any values for QueryStringCacheKeys , CloudFront forwards all query string parameters to the origin and caches based on all query string parameters. Depending on how many query string parameters and values you have, this can adversely affect performance because CloudFront must forward more requests to the origin.
If you specify true for QueryString and you specify one or more values for QueryStringCacheKeys , CloudFront forwards all query string parameters to the origin, but it only caches based on the query string parameters that you specify.
If you specify false for QueryString , CloudFront doesn't forward any query string parameters to the origin, and doesn't cache based on query string parameters.
For more information, see [Configuring CloudFront to Cache Based on Query String Parameters](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/QueryStringParameters.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-forwardedvalues.html#cfn-cloudfront-distribution-forwardedvalues-querystring

property queryStringCacheKeys

readonly queryStringCacheKeys?: string[];

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.
If you want to include query strings in the cache key, use a cache policy. For more information, see [Creating cache policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html#cache-key-create-cache-policy) in the *Amazon CloudFront Developer Guide* .
If you want to send query strings to the origin but not include them in the cache key, use an origin request policy. For more information, see [Creating origin request policies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html#origin-request-create-origin-request-policy) in the *Amazon CloudFront Developer Guide* .
A complex type that contains information about the query string parameters that you want CloudFront to use for caching for this cache behavior.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-forwardedvalues.html#cfn-cloudfront-distribution-forwardedvalues-querystringcachekeys

interface FunctionAssociationProperty

interface FunctionAssociationProperty {}

A CloudFront function that is associated with a cache behavior in a CloudFront distribution.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-functionassociation.html

property eventType

readonly eventType?: string;

The event type of the function, either viewer-request or viewer-response . You cannot use origin-facing event types ( origin-request and origin-response ) with a CloudFront function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-functionassociation.html#cfn-cloudfront-distribution-functionassociation-eventtype

property functionArn

readonly functionArn?: string;

The Amazon Resource Name (ARN) of the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-functionassociation.html#cfn-cloudfront-distribution-functionassociation-functionarn

interface GeoRestrictionProperty

interface GeoRestrictionProperty {}

A complex type that controls the countries in which your content is distributed. CloudFront determines the location of your users using MaxMind GeoIP databases. To disable geo restriction, remove the [Restrictions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-restrictions) property from your stack template.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-georestriction.html

property locations

readonly locations?: string[];

A complex type that contains a Location element for each country in which you want CloudFront either to distribute your content ( whitelist ) or not distribute your content ( blacklist ).
The Location element is a two-letter, uppercase country code for a country that you want to include in your blacklist or whitelist . Include one Location element for each country.
CloudFront and MaxMind both use ISO 3166 country codes. For the current list of countries and the corresponding codes, see ISO 3166-1-alpha-2 code on the *International Organization for Standardization* website. You can also refer to the country list on the CloudFront console, which includes both country names and codes.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-georestriction.html#cfn-cloudfront-distribution-georestriction-locations

property restrictionType

readonly restrictionType: string;

The method that you want to use to restrict distribution of your content by country:
- none : No geo restriction is enabled, meaning access to content is not restricted by client geo location. - blacklist : The Location elements specify the countries in which you don't want CloudFront to distribute your content. - whitelist : The Location elements specify the countries in which you want CloudFront to distribute your content.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-georestriction.html#cfn-cloudfront-distribution-georestriction-restrictiontype

interface LambdaFunctionAssociationProperty

interface LambdaFunctionAssociationProperty {}

A complex type that contains a Lambda@Edge function association.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-lambdafunctionassociation.html

property eventType

readonly eventType?: string;

Specifies the event type that triggers a Lambda@Edge function invocation. You can specify the following values:
- viewer-request : The function executes when CloudFront receives a request from a viewer and before it checks to see whether the requested object is in the edge cache. - origin-request : The function executes only when CloudFront sends a request to your origin. When the requested object is in the edge cache, the function doesn't execute. - origin-response : The function executes after CloudFront receives a response from the origin and before it caches the object in the response. When the requested object is in the edge cache, the function doesn't execute. - viewer-response : The function executes before CloudFront returns the requested object to the viewer. The function executes regardless of whether the object was already in the edge cache.
If the origin returns an HTTP status code other than HTTP 200 (OK), the function doesn't execute.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-lambdafunctionassociation.html#cfn-cloudfront-distribution-lambdafunctionassociation-eventtype

property includeBody

readonly includeBody?: boolean | cdk.IResolvable;

A flag that allows a Lambda@Edge function to have read access to the body content. For more information, see [Accessing the Request Body by Choosing the Include Body Option](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html) in the Amazon CloudFront Developer Guide.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-lambdafunctionassociation.html#cfn-cloudfront-distribution-lambdafunctionassociation-includebody

property lambdaFunctionArn

readonly lambdaFunctionArn?: string;

The ARN of the Lambda@Edge function. You must specify the ARN of a function version; you can't specify an alias or $LATEST.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-lambdafunctionassociation.html#cfn-cloudfront-distribution-lambdafunctionassociation-lambdafunctionarn

interface LegacyCustomOriginProperty

interface LegacyCustomOriginProperty {}

external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacycustomorigin.html

property dnsName

readonly dnsName: string;

CfnDistribution.LegacyCustomOriginProperty.DNSName
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacycustomorigin.html#cfn-cloudfront-distribution-legacycustomorigin-dnsname

property httpPort

readonly httpPort?: number;

CfnDistribution.LegacyCustomOriginProperty.HTTPPort
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacycustomorigin.html#cfn-cloudfront-distribution-legacycustomorigin-httpport

property httpsPort

readonly httpsPort?: number;

CfnDistribution.LegacyCustomOriginProperty.HTTPSPort
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacycustomorigin.html#cfn-cloudfront-distribution-legacycustomorigin-httpsport

property originProtocolPolicy

readonly originProtocolPolicy: string;

CfnDistribution.LegacyCustomOriginProperty.OriginProtocolPolicy
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacycustomorigin.html#cfn-cloudfront-distribution-legacycustomorigin-originprotocolpolicy

property originSslProtocols

readonly originSslProtocols: string[];

CfnDistribution.LegacyCustomOriginProperty.OriginSSLProtocols
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacycustomorigin.html#cfn-cloudfront-distribution-legacycustomorigin-originsslprotocols

interface LegacyS3OriginProperty

interface LegacyS3OriginProperty {}

external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacys3origin.html

property dnsName

readonly dnsName: string;

CfnDistribution.LegacyS3OriginProperty.DNSName
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacys3origin.html#cfn-cloudfront-distribution-legacys3origin-dnsname

property originAccessIdentity

readonly originAccessIdentity?: string;

CfnDistribution.LegacyS3OriginProperty.OriginAccessIdentity
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-legacys3origin.html#cfn-cloudfront-distribution-legacys3origin-originaccessidentity

interface LoggingProperty

interface LoggingProperty {}

A complex type that controls whether access logs are written for the distribution.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-logging.html

property bucket

readonly bucket: string;

The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-logging.html#cfn-cloudfront-distribution-logging-bucket

property includeCookies

readonly includeCookies?: boolean | cdk.IResolvable;

Specifies whether you want CloudFront to include cookies in access logs, specify true for IncludeCookies . If you choose to include cookies in logs, CloudFront logs all cookies regardless of how you configure the cache behaviors for this distribution. If you don't want to include cookies when you create a distribution or if you want to disable include cookies for an existing distribution, specify false for IncludeCookies .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-logging.html#cfn-cloudfront-distribution-logging-includecookies

property prefix

readonly prefix?: string;

An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/ . If you want to enable logging, but you don't want to specify a prefix, you still must include an empty Prefix element in the Logging element.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-logging.html#cfn-cloudfront-distribution-logging-prefix

interface OriginCustomHeaderProperty

interface OriginCustomHeaderProperty {}

A complex type that contains HeaderName and HeaderValue elements, if any, for this distribution.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origincustomheader.html

property headerName

readonly headerName: string;

The name of a header that you want CloudFront to send to your origin. For more information, see [Adding Custom Headers to Origin Requests](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origincustomheader.html#cfn-cloudfront-distribution-origincustomheader-headername

property headerValue

readonly headerValue: string;

The value for the header that you specified in the HeaderName field.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origincustomheader.html#cfn-cloudfront-distribution-origincustomheader-headervalue

interface OriginGroupFailoverCriteriaProperty

interface OriginGroupFailoverCriteriaProperty {}

A complex data type that includes information about the failover criteria for an origin group, including the status codes for which CloudFront will failover from the primary origin to the second origin.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroupfailovercriteria.html

property statusCodes

readonly statusCodes: CfnDistribution.StatusCodesProperty | cdk.IResolvable;

The status codes that, when returned from the primary origin, will trigger CloudFront to failover to the second origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroupfailovercriteria.html#cfn-cloudfront-distribution-origingroupfailovercriteria-statuscodes

interface OriginGroupMemberProperty

interface OriginGroupMemberProperty {}

An origin in an origin group.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroupmember.html

property originId

readonly originId: string;

The ID for an origin in an origin group.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroupmember.html#cfn-cloudfront-distribution-origingroupmember-originid

interface OriginGroupMembersProperty

interface OriginGroupMembersProperty {}

A complex data type for the origins included in an origin group.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroupmembers.html

property items

readonly items:
    | Array<CfnDistribution.OriginGroupMemberProperty | cdk.IResolvable>
    | cdk.IResolvable;

Items (origins) in an origin group.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroupmembers.html#cfn-cloudfront-distribution-origingroupmembers-items

property quantity

readonly quantity: number;

The number of origins in an origin group.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroupmembers.html#cfn-cloudfront-distribution-origingroupmembers-quantity

interface OriginGroupProperty

interface OriginGroupProperty {}

An origin group includes two origins (a primary origin and a second origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specifiy the origin group instead of a single origin, and CloudFront will failover from the primary origin to the second origin under the failover conditions that you've chosen.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroup.html

property failoverCriteria

readonly failoverCriteria:
    | CfnDistribution.OriginGroupFailoverCriteriaProperty
    | cdk.IResolvable;

A complex type that contains information about the failover criteria for an origin group.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroup.html#cfn-cloudfront-distribution-origingroup-failovercriteria

property id

readonly id: string;

The origin group's ID.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroup.html#cfn-cloudfront-distribution-origingroup-id

property members

readonly members: CfnDistribution.OriginGroupMembersProperty | cdk.IResolvable;

A complex type that contains information about the origins in an origin group.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroup.html#cfn-cloudfront-distribution-origingroup-members

interface OriginGroupsProperty

interface OriginGroupsProperty {}

A complex data type for the origin groups specified for a distribution.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroups.html

property items

readonly items?:
    | Array<CfnDistribution.OriginGroupProperty | cdk.IResolvable>
    | cdk.IResolvable;

The items (origin groups) in a distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroups.html#cfn-cloudfront-distribution-origingroups-items

property quantity

readonly quantity: number;

The number of origin groups.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origingroups.html#cfn-cloudfront-distribution-origingroups-quantity

interface OriginProperty

interface OriginProperty {}

An origin.
An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin:
- Use S3OriginConfig to specify an Amazon S3 bucket that is not configured with static website hosting. - Use CustomOriginConfig to specify all other kinds of origins, including:
- An Amazon S3 bucket that is configured with static website hosting - An Elastic Load Balancing load balancer - An AWS Elemental MediaPackage endpoint - An AWS Elemental MediaStore container - Any other HTTP server, running on an Amazon EC2 instance or any other kind of host
For the current maximum number of origins that you can specify per distribution, see [General Quotas on Web Distributions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html#limits-web-distributions) in the *Amazon CloudFront Developer Guide* (quotas were formerly referred to as limits).
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html

property connectionAttempts

readonly connectionAttempts?: number;

The number of times that CloudFront attempts to connect to the origin. The minimum number is 1, the maximum is 3, and the default (if you don't specify otherwise) is 3.
For a custom origin (including an Amazon S3 bucket that's configured with static website hosting), this value also specifies the number of times that CloudFront attempts to get a response from the origin, in the case of an [Origin Response Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginResponseTimeout) .
For more information, see [Origin Connection Attempts](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#origin-connection-attempts) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-connectionattempts

property connectionTimeout

readonly connectionTimeout?: number;

The number of seconds that CloudFront waits when trying to establish a connection to the origin. The minimum timeout is 1 second, the maximum is 10 seconds, and the default (if you don't specify otherwise) is 10 seconds.
For more information, see [Origin Connection Timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#origin-connection-timeout) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-connectiontimeout

property customOriginConfig

readonly customOriginConfig?:
    | CfnDistribution.CustomOriginConfigProperty
    | cdk.IResolvable;

Use this type to specify an origin that is not an Amazon S3 bucket, with one exception. If the Amazon S3 bucket is configured with static website hosting, use this type. If the Amazon S3 bucket is not configured with static website hosting, use the S3OriginConfig type instead.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-customoriginconfig

property domainName

readonly domainName: string;

The domain name for the origin.
For more information, see [Origin Domain Name](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesDomainName) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-domainname

property id

readonly id: string;

A unique identifier for the origin. This value must be unique within the distribution.
Use this value to specify the TargetOriginId in a CacheBehavior or DefaultCacheBehavior .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-id

property originAccessControlId

readonly originAccessControlId?: string;

The unique identifier of an origin access control for this origin.
For more information, see [Restricting access to an Amazon S3 origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-originaccesscontrolid

property originCustomHeaders

readonly originCustomHeaders?:
    | Array<CfnDistribution.OriginCustomHeaderProperty | cdk.IResolvable>
    | cdk.IResolvable;

A list of HTTP header names and values that CloudFront adds to the requests that it sends to the origin.
For more information, see [Adding Custom Headers to Origin Requests](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/add-origin-custom-headers.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-origincustomheaders

property originPath

readonly originPath?: string;

An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin.
For more information, see [Origin Path](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesOriginPath) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-originpath

property originShield

readonly originShield?: CfnDistribution.OriginShieldProperty | cdk.IResolvable;

CloudFront Origin Shield. Using Origin Shield can help reduce the load on your origin.
For more information, see [Using Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-originshield

property s3OriginConfig

readonly s3OriginConfig?:
    | CfnDistribution.S3OriginConfigProperty
    | cdk.IResolvable;

Use this type to specify an origin that is an Amazon S3 bucket that is not configured with static website hosting. To specify any other type of origin, including an Amazon S3 bucket that is configured with static website hosting, use the CustomOriginConfig type instead.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-origin.html#cfn-cloudfront-distribution-origin-s3originconfig

interface OriginShieldProperty

interface OriginShieldProperty {}

CloudFront Origin Shield.
Using Origin Shield can help reduce the load on your origin. For more information, see [Using Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) in the *Amazon CloudFront Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-originshield.html

property enabled

readonly enabled?: boolean | cdk.IResolvable;

A flag that specifies whether Origin Shield is enabled.
When it's enabled, CloudFront routes all requests through Origin Shield, which can help protect your origin. When it's disabled, CloudFront might send requests directly to your origin from multiple edge locations or regional edge caches.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-originshield.html#cfn-cloudfront-distribution-originshield-enabled

property originShieldRegion

readonly originShieldRegion?: string;

The AWS Region for Origin Shield.
Specify the AWS Region that has the lowest latency to your origin. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2 .
When you enable CloudFront Origin Shield, you must specify the AWS Region for Origin Shield. For the list of AWS Regions that you can specify, and for help choosing the best Region for your origin, see [Choosing the AWS Region for Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html#choose-origin-shield-region) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-originshield.html#cfn-cloudfront-distribution-originshield-originshieldregion

interface RestrictionsProperty

interface RestrictionsProperty {}

A complex type that identifies ways in which you want to restrict distribution of your content.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-restrictions.html

property geoRestriction

readonly geoRestriction:
    | CfnDistribution.GeoRestrictionProperty
    | cdk.IResolvable;

A complex type that controls the countries in which your content is distributed. CloudFront determines the location of your users using MaxMind GeoIP databases. To disable geo restriction, remove the [Restrictions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html#cfn-cloudfront-distribution-distributionconfig-restrictions) property from your stack template.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-restrictions.html#cfn-cloudfront-distribution-restrictions-georestriction

interface S3OriginConfigProperty

interface S3OriginConfigProperty {}

A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin or an S3 bucket that is configured as a website endpoint, use the CustomOriginConfig element instead.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-s3originconfig.html

property originAccessIdentity

readonly originAccessIdentity?: string;

The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can *only* access objects in an Amazon S3 bucket through CloudFront. The format of the value is:
origin-access-identity/cloudfront/ *ID-of-origin-access-identity*
where *ID-of-origin-access-identity* is the value that CloudFront returned in the ID element when you created the origin access identity.
If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty OriginAccessIdentity element.
To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty OriginAccessIdentity element.
To replace the origin access identity, update the distribution configuration and specify the new origin access identity.
For more information about the origin access identity, see [Serving Private Content through CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-s3originconfig.html#cfn-cloudfront-distribution-s3originconfig-originaccessidentity

interface StatusCodesProperty

interface StatusCodesProperty {}

A complex data type for the status codes that you specify that, when returned by a primary origin, trigger CloudFront to failover to a second origin.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-statuscodes.html

property items

readonly items: number[] | cdk.IResolvable;

The items (status codes) for an origin group.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-statuscodes.html#cfn-cloudfront-distribution-statuscodes-items

property quantity

readonly quantity: number;

The number of status codes.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-statuscodes.html#cfn-cloudfront-distribution-statuscodes-quantity

interface ViewerCertificateProperty

interface ViewerCertificateProperty {}

A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers.
If the distribution doesn't use Aliases (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net —set CloudFrontDefaultCertificate to true and leave all other fields empty.
If the distribution uses Aliases (alternate domain names or CNAMEs), use the fields in this type to specify the following settings:
- Which viewers the distribution accepts HTTPS connections from: only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) (recommended), or all viewers including those that don't support SNI.
- To accept HTTPS connections from only viewers that support SNI, set SSLSupportMethod to sni-only . This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is SslSupportMethod . Note the different capitalization.) - To accept HTTPS connections from all viewers, including those that don't support SNI, set SSLSupportMethod to vip . This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is SslSupportMethod . Note the different capitalization.) - The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for MinimumProtocolVersion . For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) in the *Amazon CloudFront Developer Guide* . - The location of the SSL/TLS certificate, [AWS Certificate Manager (ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) or [AWS Identity and Access Management (IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) . You specify the location by setting a value in one of the following fields (not both):
- ACMCertificateArn (In CloudFormation, this field name is AcmCertificateArn . Note the different capitalization.) - IAMCertificateId (In CloudFormation, this field name is IamCertificateId . Note the different capitalization.)
All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ViewerProtocolPolicy in the CacheBehavior or DefaultCacheBehavior . To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use CustomOriginConfig .
For more information, see [Using HTTPS with CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html) and [Using Alternate Domain Names and HTTPS](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html) in the *Amazon CloudFront Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html

property acmCertificateArn

readonly acmCertificateArn?: string;

> In CloudFormation, this field name is AcmCertificateArn . Note the different capitalization.
If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [AWS Certificate Manager (ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( us-east-1 ).
If you specify an ACM certificate ARN, you must also specify values for MinimumProtocolVersion and SSLSupportMethod . (In CloudFormation, the field name is SslSupportMethod . Note the different capitalization.)
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html#cfn-cloudfront-distribution-viewercertificate-acmcertificatearn

property cloudFrontDefaultCertificate

readonly cloudFrontDefaultCertificate?: boolean | cdk.IResolvable;

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net , set this field to true .
If the distribution uses Aliases (alternate domain names or CNAMEs), set this field to false and specify values for the following fields:
- ACMCertificateArn or IAMCertificateId (specify a value for one, not both)
In CloudFormation, these field names are AcmCertificateArn and IamCertificateId . Note the different capitalization. - MinimumProtocolVersion - SSLSupportMethod (In CloudFormation, this field name is SslSupportMethod . Note the different capitalization.)
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html#cfn-cloudfront-distribution-viewercertificate-cloudfrontdefaultcertificate

property iamCertificateId

readonly iamCertificateId?: string;

> In CloudFormation, this field name is IamCertificateId . Note the different capitalization.
If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [AWS Identity and Access Management (IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) , provide the ID of the IAM certificate.
If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion and SSLSupportMethod . (In CloudFormation, the field name is SslSupportMethod . Note the different capitalization.)
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html#cfn-cloudfront-distribution-viewercertificate-iamcertificateid

property minimumProtocolVersion

readonly minimumProtocolVersion?: string;

If the distribution uses Aliases (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:
- The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers. - The ciphers that CloudFront can use to encrypt the content that it returns to viewers.
For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) and [Supported Protocols and Ciphers Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) in the *Amazon CloudFront Developer Guide* .
> On the CloudFront console, this setting is called *Security Policy* .
When you're using SNI only (you set SSLSupportMethod to sni-only ), you must specify TLSv1 or higher. (In CloudFormation, the field name is SslSupportMethod . Note the different capitalization.)
If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net (you set CloudFrontDefaultCertificate to true ), CloudFront automatically sets the security policy to TLSv1 regardless of the value that you set here.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html#cfn-cloudfront-distribution-viewercertificate-minimumprotocolversion

property sslSupportMethod

readonly sslSupportMethod?: string;

> In CloudFormation, this field name is SslSupportMethod . Note the different capitalization.
If the distribution uses Aliases (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.
- sni-only – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) . This is recommended. Most browsers and clients support SNI. - vip – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront. - static-ip - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [AWS Support Center](https://docs.aws.amazon.com/support/home) .
If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net , don't set a value for this field.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-viewercertificate.html#cfn-cloudfront-distribution-viewercertificate-sslsupportmethod

namespace CfnFunction

namespace CfnFunction {}

interface FunctionConfigProperty

interface FunctionConfigProperty {}

Contains configuration information about a CloudFront function.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-function-functionconfig.html

property comment

readonly comment: string;

A comment to describe the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-function-functionconfig.html#cfn-cloudfront-function-functionconfig-comment

property runtime

readonly runtime: string;

The function's runtime environment. The only valid value is cloudfront-js-1.0 .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-function-functionconfig.html#cfn-cloudfront-function-functionconfig-runtime

interface FunctionMetadataProperty

interface FunctionMetadataProperty {}

Contains metadata about a CloudFront function.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-function-functionmetadata.html

property functionArn

readonly functionArn?: string;

The Amazon Resource Name (ARN) of the function. The ARN uniquely identifies the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-function-functionmetadata.html#cfn-cloudfront-function-functionmetadata-functionarn

namespace CfnKeyGroup

namespace CfnKeyGroup {}

interface KeyGroupConfigProperty

interface KeyGroupConfigProperty {}

A key group configuration.
A key group contains a list of public keys that you can use with [CloudFront signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-keygroup-keygroupconfig.html

property comment

readonly comment?: string;

A comment to describe the key group. The comment cannot be longer than 128 characters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-keygroup-keygroupconfig.html#cfn-cloudfront-keygroup-keygroupconfig-comment

property items

readonly items: string[];

A list of the identifiers of the public keys in the key group.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-keygroup-keygroupconfig.html#cfn-cloudfront-keygroup-keygroupconfig-items

property name

readonly name: string;

A name to identify the key group.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-keygroup-keygroupconfig.html#cfn-cloudfront-keygroup-keygroupconfig-name

namespace CfnMonitoringSubscription

namespace CfnMonitoringSubscription {}

interface MonitoringSubscriptionProperty

interface MonitoringSubscriptionProperty {}

A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-monitoringsubscription-monitoringsubscription.html

property realtimeMetricsSubscriptionConfig

readonly realtimeMetricsSubscriptionConfig?:
    | CfnMonitoringSubscription.RealtimeMetricsSubscriptionConfigProperty
    | cdk.IResolvable;

A subscription configuration for additional CloudWatch metrics.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-monitoringsubscription-monitoringsubscription.html#cfn-cloudfront-monitoringsubscription-monitoringsubscription-realtimemetricssubscriptionconfig

interface RealtimeMetricsSubscriptionConfigProperty

interface RealtimeMetricsSubscriptionConfigProperty {}

A subscription configuration for additional CloudWatch metrics.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-monitoringsubscription-realtimemetricssubscriptionconfig.html

property realtimeMetricsSubscriptionStatus

readonly realtimeMetricsSubscriptionStatus: string;

A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-monitoringsubscription-realtimemetricssubscriptionconfig.html#cfn-cloudfront-monitoringsubscription-realtimemetricssubscriptionconfig-realtimemetricssubscriptionstatus

namespace CfnOriginAccessControl

namespace CfnOriginAccessControl {}

interface OriginAccessControlConfigProperty

interface OriginAccessControlConfigProperty {}

Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin.
This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront.
For more information about using a CloudFront origin access control, see [Restricting access to an AWS origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide* .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originaccesscontrol-originaccesscontrolconfig.html

property description

readonly description?: string;

A description of the origin access control.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originaccesscontrol-originaccesscontrolconfig.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig-description

property name

readonly name: string;

A name to identify the origin access control.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originaccesscontrol-originaccesscontrolconfig.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig-name

property originAccessControlOriginType

readonly originAccessControlOriginType: string;

The type of origin that this origin access control is for.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originaccesscontrol-originaccesscontrolconfig.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig-originaccesscontrolorigintype

property signingBehavior

readonly signingBehavior: string;

Specifies which requests CloudFront signs (adds authentication information to). Specify always for the most common use case. For more information, see [origin access control advanced settings](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings) in the *Amazon CloudFront Developer Guide* .
This field can have one of the following values:
- always – CloudFront signs all origin requests, overwriting the Authorization header from the viewer request if one exists. - never – CloudFront doesn't sign any origin requests. This value turns off origin access control for all origins in all distributions that use this origin access control. - no-override – If the viewer request doesn't contain the Authorization header, then CloudFront signs the origin request. If the viewer request contains the Authorization header, then CloudFront doesn't sign the origin request and instead passes along the Authorization header from the viewer request. *WARNING: To pass along the Authorization header from the viewer request, you *must* add the Authorization header to a [cache policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html) for all cache behaviors that use origins associated with this origin access control.*
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originaccesscontrol-originaccesscontrolconfig.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig-signingbehavior

property signingProtocol

readonly signingProtocol: string;

The signing protocol of the origin access control, which determines how CloudFront signs (authenticates) requests. The only valid value is sigv4 .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originaccesscontrol-originaccesscontrolconfig.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig-signingprotocol

namespace CfnOriginRequestPolicy

namespace CfnOriginRequestPolicy {}

interface CookiesConfigProperty

interface CookiesConfigProperty {}

An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-cookiesconfig.html

property cookieBehavior

readonly cookieBehavior: string;

Determines whether cookies in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:
- none – No cookies in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to none , any cookies that are listed in a CachePolicy *are* included in origin requests. - whitelist – Only the cookies in viewer requests that are listed in the CookieNames type are included in requests that CloudFront sends to the origin. - all – All cookies in viewer requests are included in requests that CloudFront sends to the origin. - allExcept – All cookies in viewer requests are included in requests that CloudFront sends to the origin, **except** for those listed in the CookieNames type, which are not included.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-cookiesconfig.html#cfn-cloudfront-originrequestpolicy-cookiesconfig-cookiebehavior

property cookies

readonly cookies?: string[];

Contains a list of cookie names.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-cookiesconfig.html#cfn-cloudfront-originrequestpolicy-cookiesconfig-cookies

interface HeadersConfigProperty

interface HeadersConfigProperty {}

An object that determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-headersconfig.html

property headerBehavior

readonly headerBehavior: string;

Determines whether any HTTP headers are included in requests that CloudFront sends to the origin. Valid values are:
- none – No HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to none , any headers that are listed in a CachePolicy *are* included in origin requests. - whitelist – Only the HTTP headers that are listed in the Headers type are included in requests that CloudFront sends to the origin. - allViewer – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. - allViewerAndWhitelistCloudFront – All HTTP headers in viewer requests and the additional CloudFront headers that are listed in the Headers type are included in requests that CloudFront sends to the origin. The additional headers are added by CloudFront. - allExcept – All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin, **except** for those listed in the Headers type, which are not included.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-headersconfig.html#cfn-cloudfront-originrequestpolicy-headersconfig-headerbehavior

property headers

readonly headers?: string[];

Contains a list of HTTP header names.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-headersconfig.html#cfn-cloudfront-originrequestpolicy-headersconfig-headers

interface OriginRequestPolicyConfigProperty

interface OriginRequestPolicyConfigProperty {}

An origin request policy configuration.
This configuration determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following:
- The request body and the URL path (without the domain name) from the viewer request. - The headers that CloudFront automatically includes in every origin request, including Host , User-Agent , and X-Amz-Cf-Id . - All HTTP headers, cookies, and URL query strings that are specified in the cache policy or the origin request policy. These can include items from the viewer request and, in the case of headers, additional ones that are added by CloudFront.
CloudFront sends a request when it can't find an object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use CachePolicy .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-originrequestpolicyconfig.html

property comment

readonly comment?: string;

A comment to describe the origin request policy. The comment cannot be longer than 128 characters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-originrequestpolicyconfig.html#cfn-cloudfront-originrequestpolicy-originrequestpolicyconfig-comment

property cookiesConfig

readonly cookiesConfig:
    | CfnOriginRequestPolicy.CookiesConfigProperty
    | cdk.IResolvable;

The cookies from viewer requests to include in origin requests.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-originrequestpolicyconfig.html#cfn-cloudfront-originrequestpolicy-originrequestpolicyconfig-cookiesconfig

property headersConfig

readonly headersConfig:
    | CfnOriginRequestPolicy.HeadersConfigProperty
    | cdk.IResolvable;

The HTTP headers to include in origin requests. These can include headers from viewer requests and additional headers added by CloudFront.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-originrequestpolicyconfig.html#cfn-cloudfront-originrequestpolicy-originrequestpolicyconfig-headersconfig

property name

readonly name: string;

A unique name to identify the origin request policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-originrequestpolicyconfig.html#cfn-cloudfront-originrequestpolicy-originrequestpolicyconfig-name

property queryStringsConfig

readonly queryStringsConfig:
    | CfnOriginRequestPolicy.QueryStringsConfigProperty
    | cdk.IResolvable;

The URL query strings from viewer requests to include in origin requests.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-originrequestpolicyconfig.html#cfn-cloudfront-originrequestpolicy-originrequestpolicyconfig-querystringsconfig

interface QueryStringsConfigProperty

interface QueryStringsConfigProperty {}

An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-querystringsconfig.html

property queryStringBehavior

readonly queryStringBehavior: string;

Determines whether any URL query strings in viewer requests are included in requests that CloudFront sends to the origin. Valid values are:
- none – No query strings in viewer requests are included in requests that CloudFront sends to the origin. Even when this field is set to none , any query strings that are listed in a CachePolicy *are* included in origin requests. - whitelist – Only the query strings in viewer requests that are listed in the QueryStringNames type are included in requests that CloudFront sends to the origin. - all – All query strings in viewer requests are included in requests that CloudFront sends to the origin. - allExcept – All query strings in viewer requests are included in requests that CloudFront sends to the origin, **except** for those listed in the QueryStringNames type, which are not included.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-querystringsconfig.html#cfn-cloudfront-originrequestpolicy-querystringsconfig-querystringbehavior

property queryStrings

readonly queryStrings?: string[];

Contains a list of query string names.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-originrequestpolicy-querystringsconfig.html#cfn-cloudfront-originrequestpolicy-querystringsconfig-querystrings

namespace CfnPublicKey

namespace CfnPublicKey {}

interface PublicKeyConfigProperty

interface PublicKeyConfigProperty {}

Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) , or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) .
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-publickey-publickeyconfig.html

property callerReference

readonly callerReference: string;

A string included in the request to help make sure that the request can't be replayed.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-publickey-publickeyconfig.html#cfn-cloudfront-publickey-publickeyconfig-callerreference

property comment

readonly comment?: string;

A comment to describe the public key. The comment cannot be longer than 128 characters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-publickey-publickeyconfig.html#cfn-cloudfront-publickey-publickeyconfig-comment

property encodedKey

readonly encodedKey: string;

The public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) , or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-publickey-publickeyconfig.html#cfn-cloudfront-publickey-publickeyconfig-encodedkey

property name

readonly name: string;

A name to help identify the public key.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-publickey-publickeyconfig.html#cfn-cloudfront-publickey-publickeyconfig-name

namespace CfnRealtimeLogConfig

namespace CfnRealtimeLogConfig {}

interface EndPointProperty

interface EndPointProperty {}

Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-realtimelogconfig-endpoint.html

property kinesisStreamConfig

readonly kinesisStreamConfig:
    | CfnRealtimeLogConfig.KinesisStreamConfigProperty
    | cdk.IResolvable;

Contains information about the Amazon Kinesis data stream where you are sending real-time log data.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-realtimelogconfig-endpoint.html#cfn-cloudfront-realtimelogconfig-endpoint-kinesisstreamconfig

property streamType

readonly streamType: string;

The type of data stream where you are sending real-time log data. The only valid value is Kinesis .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-realtimelogconfig-endpoint.html#cfn-cloudfront-realtimelogconfig-endpoint-streamtype

interface KinesisStreamConfigProperty

interface KinesisStreamConfigProperty {}

Contains information about the Amazon Kinesis data stream where you are sending real-time log data.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-realtimelogconfig-kinesisstreamconfig.html

property roleArn

readonly roleArn: string;

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that CloudFront can use to send real-time log data to your Kinesis data stream.
For more information the IAM role, see [Real-time log configuration IAM role](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-iam-role) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-realtimelogconfig-kinesisstreamconfig.html#cfn-cloudfront-realtimelogconfig-kinesisstreamconfig-rolearn

property streamArn

readonly streamArn: string;

The Amazon Resource Name (ARN) of the Kinesis data stream where you are sending real-time log data.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-realtimelogconfig-kinesisstreamconfig.html#cfn-cloudfront-realtimelogconfig-kinesisstreamconfig-streamarn

namespace CfnResponseHeadersPolicy

namespace CfnResponseHeadersPolicy {}

interface AccessControlAllowHeadersProperty

interface AccessControlAllowHeadersProperty {}

A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
For more information about the Access-Control-Allow-Headers HTTP response header, see [Access-Control-Allow-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-accesscontrolallowheaders.html

property items

readonly items: string[];

The list of HTTP header names. You can specify * to allow all headers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-accesscontrolallowheaders.html#cfn-cloudfront-responseheaderspolicy-accesscontrolallowheaders-items

interface AccessControlAllowMethodsProperty

interface AccessControlAllowMethodsProperty {}

A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
For more information about the Access-Control-Allow-Methods HTTP response header, see [Access-Control-Allow-Methods](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-accesscontrolallowmethods.html

property items

readonly items: string[];

The list of HTTP methods. Valid values are:
- GET - DELETE - HEAD - OPTIONS - PATCH - POST - PUT - ALL
ALL is a special value that includes all of the listed HTTP methods.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-accesscontrolallowmethods.html#cfn-cloudfront-responseheaderspolicy-accesscontrolallowmethods-items

interface AccessControlAllowOriginsProperty

interface AccessControlAllowOriginsProperty {}

A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
For more information about the Access-Control-Allow-Origin HTTP response header, see [Access-Control-Allow-Origin](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-accesscontrolalloworigins.html

property items

readonly items: string[];

The list of origins (domain names). You can specify * to allow all origins.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-accesscontrolalloworigins.html#cfn-cloudfront-responseheaderspolicy-accesscontrolalloworigins-items

interface AccessControlExposeHeadersProperty

interface AccessControlExposeHeadersProperty {}

A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
For more information about the Access-Control-Expose-Headers HTTP response header, see [Access-Control-Expose-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-accesscontrolexposeheaders.html

property items

readonly items: string[];

The list of HTTP headers. You can specify * to expose all headers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-accesscontrolexposeheaders.html#cfn-cloudfront-responseheaderspolicy-accesscontrolexposeheaders-items

interface ContentSecurityPolicyProperty

interface ContentSecurityPolicyProperty {}

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
For more information about the Content-Security-Policy HTTP response header, see [Content-Security-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-contentsecuritypolicy.html

property contentSecurityPolicy

readonly contentSecurityPolicy: string;

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-contentsecuritypolicy.html#cfn-cloudfront-responseheaderspolicy-contentsecuritypolicy-contentsecuritypolicy

property override

readonly override: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront overrides the Content-Security-Policy HTTP response header received from the origin with the one specified in this response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-contentsecuritypolicy.html#cfn-cloudfront-responseheaderspolicy-contentsecuritypolicy-override

interface ContentTypeOptionsProperty

interface ContentTypeOptionsProperty {}

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff .
For more information about the X-Content-Type-Options HTTP response header, see [X-Content-Type-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-contenttypeoptions.html

property override

readonly override: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront overrides the X-Content-Type-Options HTTP response header received from the origin with the one specified in this response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-contenttypeoptions.html#cfn-cloudfront-responseheaderspolicy-contenttypeoptions-override

interface CorsConfigProperty

interface CorsConfigProperty {}

A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.
For more information about CORS, see [Cross-Origin Resource Sharing (CORS)](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-corsconfig.html

property accessControlAllowCredentials

readonly accessControlAllowCredentials: boolean | cdk.IResolvable;

A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
For more information about the Access-Control-Allow-Credentials HTTP response header, see [Access-Control-Allow-Credentials](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-corsconfig.html#cfn-cloudfront-responseheaderspolicy-corsconfig-accesscontrolallowcredentials

property accessControlAllowHeaders

readonly accessControlAllowHeaders:
    | CfnResponseHeadersPolicy.AccessControlAllowHeadersProperty
    | cdk.IResolvable;

A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header.
For more information about the Access-Control-Allow-Headers HTTP response header, see [Access-Control-Allow-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-corsconfig.html#cfn-cloudfront-responseheaderspolicy-corsconfig-accesscontrolallowheaders

property accessControlAllowMethods

readonly accessControlAllowMethods:
    | CfnResponseHeadersPolicy.AccessControlAllowMethodsProperty
    | cdk.IResolvable;

A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
For more information about the Access-Control-Allow-Methods HTTP response header, see [Access-Control-Allow-Methods](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-corsconfig.html#cfn-cloudfront-responseheaderspolicy-corsconfig-accesscontrolallowmethods

property accessControlAllowOrigins

readonly accessControlAllowOrigins:
    | CfnResponseHeadersPolicy.AccessControlAllowOriginsProperty
    | cdk.IResolvable;

A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header.
For more information about the Access-Control-Allow-Origin HTTP response header, see [Access-Control-Allow-Origin](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-corsconfig.html#cfn-cloudfront-responseheaderspolicy-corsconfig-accesscontrolalloworigins

property accessControlExposeHeaders

readonly accessControlExposeHeaders?:
    | CfnResponseHeadersPolicy.AccessControlExposeHeadersProperty
    | cdk.IResolvable;

A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header.
For more information about the Access-Control-Expose-Headers HTTP response header, see [Access-Control-Expose-Headers](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-corsconfig.html#cfn-cloudfront-responseheaderspolicy-corsconfig-accesscontrolexposeheaders

property accessControlMaxAgeSec

readonly accessControlMaxAgeSec?: number;

A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.
For more information about the Access-Control-Max-Age HTTP response header, see [Access-Control-Max-Age](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Max-Age) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-corsconfig.html#cfn-cloudfront-responseheaderspolicy-corsconfig-accesscontrolmaxagesec

property originOverride

readonly originOverride: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-corsconfig.html#cfn-cloudfront-responseheaderspolicy-corsconfig-originoverride

interface CustomHeaderProperty

interface CustomHeaderProperty {}

An HTTP response header name and its value. CloudFront includes this header in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-customheader.html

readonly header: string;

The HTTP response header name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-customheader.html#cfn-cloudfront-responseheaderspolicy-customheader-header

property override

readonly override: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront overrides a response header with the same name received from the origin with the header specified here.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-customheader.html#cfn-cloudfront-responseheaderspolicy-customheader-override

property value

readonly value: string;

The value for the HTTP response header.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-customheader.html#cfn-cloudfront-responseheaderspolicy-customheader-value

interface CustomHeadersConfigProperty

interface CustomHeadersConfigProperty {}

A list of HTTP response header names and their values. CloudFront includes these headers in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-customheadersconfig.html

property items

readonly items:
    | Array<CfnResponseHeadersPolicy.CustomHeaderProperty | cdk.IResolvable>
    | cdk.IResolvable;

The list of HTTP response headers and their values.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-customheadersconfig.html#cfn-cloudfront-responseheaderspolicy-customheadersconfig-items

interface FrameOptionsProperty

interface FrameOptionsProperty {}

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header's value.
For more information about the X-Frame-Options HTTP response header, see [X-Frame-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-frameoptions.html

property frameOption

readonly frameOption: string;

The value of the X-Frame-Options HTTP response header. Valid values are DENY and SAMEORIGIN .
For more information about these values, see [X-Frame-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-frameoptions.html#cfn-cloudfront-responseheaderspolicy-frameoptions-frameoption

property override

readonly override: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront overrides the X-Frame-Options HTTP response header received from the origin with the one specified in this response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-frameoptions.html#cfn-cloudfront-responseheaderspolicy-frameoptions-override

interface ReferrerPolicyProperty

interface ReferrerPolicyProperty {}

Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header's value.
For more information about the Referrer-Policy HTTP response header, see [Referrer-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-referrerpolicy.html

property override

readonly override: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront overrides the Referrer-Policy HTTP response header received from the origin with the one specified in this response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-referrerpolicy.html#cfn-cloudfront-responseheaderspolicy-referrerpolicy-override

property referrerPolicy

readonly referrerPolicy: string;

The value of the Referrer-Policy HTTP response header. Valid values are:
- no-referrer - no-referrer-when-downgrade - origin - origin-when-cross-origin - same-origin - strict-origin - strict-origin-when-cross-origin - unsafe-url
For more information about these values, see [Referrer-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-referrerpolicy.html#cfn-cloudfront-responseheaderspolicy-referrerpolicy-referrerpolicy

interface RemoveHeaderProperty

interface RemoveHeaderProperty {}

The name of an HTTP header that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-removeheader.html

readonly header: string;

The HTTP header name.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-removeheader.html#cfn-cloudfront-responseheaderspolicy-removeheader-header

interface RemoveHeadersConfigProperty

interface RemoveHeadersConfigProperty {}

A list of HTTP header names that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-removeheadersconfig.html

property items

readonly items:
    | Array<CfnResponseHeadersPolicy.RemoveHeaderProperty | cdk.IResolvable>
    | cdk.IResolvable;

The list of HTTP header names.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-removeheadersconfig.html#cfn-cloudfront-responseheaderspolicy-removeheadersconfig-items

interface ResponseHeadersPolicyConfigProperty

interface ResponseHeadersPolicyConfigProperty {}

A response headers policy configuration.
A response headers policy configuration contains metadata about the response headers policy, and configurations for sets of HTTP response headers.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-responseheaderspolicyconfig.html

property comment

readonly comment?: string;

A comment to describe the response headers policy.
The comment cannot be longer than 128 characters.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-responseheaderspolicyconfig.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig-comment

property corsConfig

readonly corsConfig?:
    | CfnResponseHeadersPolicy.CorsConfigProperty
    | cdk.IResolvable;

A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-responseheaderspolicyconfig.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig-corsconfig

property customHeadersConfig

readonly customHeadersConfig?:
    | CfnResponseHeadersPolicy.CustomHeadersConfigProperty
    | cdk.IResolvable;

A configuration for a set of custom HTTP response headers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-responseheaderspolicyconfig.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig-customheadersconfig

property name

readonly name: string;

A name to identify the response headers policy.
The name must be unique for response headers policies in this AWS account .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-responseheaderspolicyconfig.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig-name

property removeHeadersConfig

readonly removeHeadersConfig?:
    | CfnResponseHeadersPolicy.RemoveHeadersConfigProperty
    | cdk.IResolvable;

A configuration for a set of HTTP headers to remove from the HTTP response.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-responseheaderspolicyconfig.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig-removeheadersconfig

property securityHeadersConfig

readonly securityHeadersConfig?:
    | CfnResponseHeadersPolicy.SecurityHeadersConfigProperty
    | cdk.IResolvable;

A configuration for a set of security-related HTTP response headers.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-responseheaderspolicyconfig.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig-securityheadersconfig

property serverTimingHeadersConfig

readonly serverTimingHeadersConfig?:
    | CfnResponseHeadersPolicy.ServerTimingHeadersConfigProperty
    | cdk.IResolvable;

A configuration for enabling the Server-Timing header in HTTP responses sent from CloudFront.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-responseheaderspolicyconfig.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig-servertimingheadersconfig

interface SecurityHeadersConfigProperty

interface SecurityHeadersConfigProperty {}

A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-securityheadersconfig.html

property contentSecurityPolicy

readonly contentSecurityPolicy?:
    | CfnResponseHeadersPolicy.ContentSecurityPolicyProperty
    | cdk.IResolvable;

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
For more information about the Content-Security-Policy HTTP response header, see [Content-Security-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-securityheadersconfig.html#cfn-cloudfront-responseheaderspolicy-securityheadersconfig-contentsecuritypolicy

property contentTypeOptions

readonly contentTypeOptions?:
    | CfnResponseHeadersPolicy.ContentTypeOptionsProperty
    | cdk.IResolvable;

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff .
For more information about the X-Content-Type-Options HTTP response header, see [X-Content-Type-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-securityheadersconfig.html#cfn-cloudfront-responseheaderspolicy-securityheadersconfig-contenttypeoptions

property frameOptions

readonly frameOptions?:
    | CfnResponseHeadersPolicy.FrameOptionsProperty
    | cdk.IResolvable;

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header's value.
For more information about the X-Frame-Options HTTP response header, see [X-Frame-Options](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-securityheadersconfig.html#cfn-cloudfront-responseheaderspolicy-securityheadersconfig-frameoptions

property referrerPolicy

readonly referrerPolicy?:
    | CfnResponseHeadersPolicy.ReferrerPolicyProperty
    | cdk.IResolvable;

Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header's value.
For more information about the Referrer-Policy HTTP response header, see [Referrer-Policy](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-securityheadersconfig.html#cfn-cloudfront-responseheaderspolicy-securityheadersconfig-referrerpolicy

property strictTransportSecurity

readonly strictTransportSecurity?:
    | CfnResponseHeadersPolicy.StrictTransportSecurityProperty
    | cdk.IResolvable;

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.
For more information about the Strict-Transport-Security HTTP response header, see [Strict-Transport-Security](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-securityheadersconfig.html#cfn-cloudfront-responseheaderspolicy-securityheadersconfig-stricttransportsecurity

property xssProtection

readonly xssProtection?:
    | CfnResponseHeadersPolicy.XSSProtectionProperty
    | cdk.IResolvable;

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header's value.
For more information about the X-XSS-Protection HTTP response header, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-securityheadersconfig.html#cfn-cloudfront-responseheaderspolicy-securityheadersconfig-xssprotection

interface ServerTimingHeadersConfigProperty

interface ServerTimingHeadersConfigProperty {}

A configuration for enabling the Server-Timing header in HTTP responses sent from CloudFront.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-servertimingheadersconfig.html

property enabled

readonly enabled: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront adds the Server-Timing header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-servertimingheadersconfig.html#cfn-cloudfront-responseheaderspolicy-servertimingheadersconfig-enabled

property samplingRate

readonly samplingRate?: number;

A number 0–100 (inclusive) that specifies the percentage of responses that you want CloudFront to add the Server-Timing header to. When you set the sampling rate to 100, CloudFront adds the Server-Timing header to the HTTP response for every request that matches the cache behavior that this response headers policy is attached to. When you set it to 50, CloudFront adds the header to 50% of the responses for requests that match the cache behavior. You can set the sampling rate to any number 0–100 with up to four decimal places.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-servertimingheadersconfig.html#cfn-cloudfront-responseheaderspolicy-servertimingheadersconfig-samplingrate

interface StrictTransportSecurityProperty

interface StrictTransportSecurityProperty {}

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value.
For more information about the Strict-Transport-Security HTTP response header, see [Strict-Transport-Security](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-stricttransportsecurity.html

property accessControlMaxAgeSec

readonly accessControlMaxAgeSec: number;

A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-stricttransportsecurity.html#cfn-cloudfront-responseheaderspolicy-stricttransportsecurity-accesscontrolmaxagesec

property includeSubdomains

readonly includeSubdomains?: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-stricttransportsecurity.html#cfn-cloudfront-responseheaderspolicy-stricttransportsecurity-includesubdomains

property override

readonly override: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-stricttransportsecurity.html#cfn-cloudfront-responseheaderspolicy-stricttransportsecurity-override

property preload

readonly preload?: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-stricttransportsecurity.html#cfn-cloudfront-responseheaderspolicy-stricttransportsecurity-preload

interface XSSProtectionProperty

interface XSSProtectionProperty {}

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header's value.
For more information about the X-XSS-Protection HTTP response header, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-xssprotection.html

property modeBlock

readonly modeBlock?: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
For more information about this directive, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-xssprotection.html#cfn-cloudfront-responseheaderspolicy-xssprotection-modeblock

property override

readonly override: boolean | cdk.IResolvable;

A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-xssprotection.html#cfn-cloudfront-responseheaderspolicy-xssprotection-override

property protection

readonly protection: boolean | cdk.IResolvable;

A Boolean that determines the value of the X-XSS-Protection HTTP response header. When this setting is true , the value of the X-XSS-Protection header is 1 . When this setting is false , the value of the X-XSS-Protection header is 0 .
For more information about these settings, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-xssprotection.html#cfn-cloudfront-responseheaderspolicy-xssprotection-protection

property reportUri

readonly reportUri?: string;

A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header.
You cannot specify a ReportUri when ModeBlock is true .
For more information about using a reporting URL, see [X-XSS-Protection](https://docs.aws.amazon.com/https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection) in the MDN Web Docs.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-responseheaderspolicy-xssprotection.html#cfn-cloudfront-responseheaderspolicy-xssprotection-reporturi

namespace CfnStreamingDistribution

namespace CfnStreamingDistribution {}

interface LoggingProperty

interface LoggingProperty {}

A complex type that controls whether access logs are written for the streaming distribution.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-logging.html

property bucket

readonly bucket: string;

The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-logging.html#cfn-cloudfront-streamingdistribution-logging-bucket

property enabled

readonly enabled: boolean | cdk.IResolvable;

Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you don't want to enable logging when you create a streaming distribution or if you want to disable logging for an existing streaming distribution, specify false for Enabled , and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket and Prefix , the values are automatically deleted.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-logging.html#cfn-cloudfront-streamingdistribution-logging-enabled

property prefix

readonly prefix: string;

An optional string that you want CloudFront to prefix to the access log filenames for this streaming distribution, for example, myprefix/ . If you want to enable logging, but you don't want to specify a prefix, you still must include an empty Prefix element in the Logging element.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-logging.html#cfn-cloudfront-streamingdistribution-logging-prefix

interface S3OriginProperty

interface S3OriginProperty {}

A complex type that contains information about the Amazon S3 bucket from which you want CloudFront to get your media files for distribution.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-s3origin.html

property domainName

readonly domainName: string;

The DNS name of the Amazon S3 origin.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-s3origin.html#cfn-cloudfront-streamingdistribution-s3origin-domainname

property originAccessIdentity

readonly originAccessIdentity: string;

The CloudFront origin access identity to associate with the distribution. Use an origin access identity to configure the distribution so that end users can only access objects in an Amazon S3 bucket through CloudFront.
If you want end users to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty OriginAccessIdentity element.
To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty OriginAccessIdentity element.
To replace the origin access identity, update the distribution configuration and specify the new origin access identity.
For more information, see [Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-s3origin.html#cfn-cloudfront-streamingdistribution-s3origin-originaccessidentity

interface StreamingDistributionConfigProperty

interface StreamingDistributionConfigProperty {}

The RTMP distribution's configuration information.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-streamingdistributionconfig.html

property aliases

readonly aliases?: string[];

A complex type that contains information about CNAMEs (alternate domain names), if any, for this streaming distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-streamingdistributionconfig.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig-aliases

property comment

readonly comment: string;

Any comments you want to include about the streaming distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-streamingdistributionconfig.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig-comment

property enabled

readonly enabled: boolean | cdk.IResolvable;

Whether the streaming distribution is enabled to accept user requests for content.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-streamingdistributionconfig.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig-enabled

property logging

readonly logging?: CfnStreamingDistribution.LoggingProperty | cdk.IResolvable;

A complex type that controls whether access logs are written for the streaming distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-streamingdistributionconfig.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig-logging

property priceClass

readonly priceClass?: string;

A complex type that contains information about price class for this streaming distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-streamingdistributionconfig.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig-priceclass

property s3Origin

readonly s3Origin: CfnStreamingDistribution.S3OriginProperty | cdk.IResolvable;

A complex type that contains information about the Amazon S3 bucket from which you want CloudFront to get your media files for distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-streamingdistributionconfig.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig-s3origin

property trustedSigners

readonly trustedSigners:
    | CfnStreamingDistribution.TrustedSignersProperty
    | cdk.IResolvable;

A complex type that specifies any AWS accounts that you want to permit to create signed URLs for private content. If you want the distribution to use signed URLs, include this element; if you want the distribution to use public URLs, remove this element. For more information, see [Serving Private Content through CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-streamingdistributionconfig.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig-trustedsigners

interface TrustedSignersProperty

interface TrustedSignersProperty {}

A list of AWS accounts whose public keys CloudFront can use to verify the signatures of signed URLs and signed cookies.
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-trustedsigners.html

property awsAccountNumbers

readonly awsAccountNumbers?: string[];

An AWS account number that contains active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. If the AWS account that owns the key pairs is the same account that owns the CloudFront distribution, the value of this field is self .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-trustedsigners.html#cfn-cloudfront-streamingdistribution-trustedsigners-awsaccountnumbers

property enabled

readonly enabled: boolean | cdk.IResolvable;

This field is true if any of the AWS accounts in the list are configured as trusted signers. If not, this field is false .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-streamingdistribution-trustedsigners.html#cfn-cloudfront-streamingdistribution-trustedsigners-enabled

namespace experimental

module 'lib/experimental/index.d.ts' {}

class EdgeFunction

class EdgeFunction extends Resource implements lambda.IVersion {}

A Lambda@Edge function.
Convenience resource for requesting a Lambda function in the 'us-east-1' region for use with Lambda@Edge. Implements several restrictions enforced by Lambda@Edge.
Note that this construct requires that the 'us-east-1' region has been bootstrapped. See https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html or 'cdk bootstrap --help' for options.
AWS::Lambda::Function

constructor

constructor(scope: Construct, id: string, props: EdgeFunctionProps);

property architecture

readonly architecture: lambda.Architecture;

property connections

readonly connections: ec2.Connections;

Not supported. Connections are only applicable to VPC-enabled functions.

property currentVersion

readonly currentVersion: lambda.IVersion;

Convenience method to make EdgeFunction conform to the same interface as Function.

property edgeArn

readonly edgeArn: string;

property functionArn

readonly functionArn: string;

property functionName

readonly functionName: string;

property grantPrincipal

readonly grantPrincipal: iam.IPrincipal;

property isBoundToVpc

readonly isBoundToVpc: boolean;

property lambda

readonly lambda: lambda.IFunction;

property latestVersion

readonly latestVersion: lambda.IVersion;

property permissionsNode

readonly permissionsNode: ConstructNode;

property resourceArnsForGrantInvoke

readonly resourceArnsForGrantInvoke: string[];

property role

readonly role?: iam.IRole;

property version

readonly version: string;

method addAlias

addAlias: (aliasName: string, options?: lambda.AliasOptions) => lambda.Alias;

method addEventSource

addEventSource: (source: lambda.IEventSource) => void;

Adds an event source to this function.

method addEventSourceMapping

addEventSourceMapping: (
    id: string,
    options: lambda.EventSourceMappingOptions
) => lambda.EventSourceMapping;

method addFunctionUrl

addFunctionUrl: (options?: lambda.FunctionUrlOptions) => lambda.FunctionUrl;

method addPermission

addPermission: (id: string, permission: lambda.Permission) => void;

method addToRolePolicy

addToRolePolicy: (statement: iam.PolicyStatement) => void;

method configureAsyncInvoke

configureAsyncInvoke: (options: lambda.EventInvokeConfigOptions) => void;

method grantInvoke

grantInvoke: (identity: iam.IGrantable) => iam.Grant;

method grantInvokeUrl

grantInvokeUrl: (identity: iam.IGrantable) => iam.Grant;

method metric

metric: (
    metricName: string,
    props?: cloudwatch.MetricOptions
) => cloudwatch.Metric;

method metricDuration

metricDuration: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

method metricErrors

metricErrors: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

method metricInvocations

metricInvocations: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

method metricThrottles

metricThrottles: (props?: cloudwatch.MetricOptions) => cloudwatch.Metric;

interface EdgeFunctionProps

interface EdgeFunctionProps extends lambda.FunctionProps {}

Properties for creating a Lambda@Edge function

property stackId

readonly stackId?: string;

The stack ID of Lambda@Edge function.
- edge-lambda-stack-${region}

Package Files (15)

Dependencies (11)

Dev Dependencies (8)

Peer Dependencies (11)

Badge

To add a badge like this oneto your package's README, use the codes available below.

You may also use Shields.io to create a custom badge linking to https://www.jsdocs.io/package/@aws-cdk/aws-cloudfront.

Markdown

[![jsDocs.io](https://img.shields.io/badge/jsDocs.io-reference-blue)](https://www.jsdocs.io/package/@aws-cdk/aws-cloudfront)

HTML

<a href="https://www.jsdocs.io/package/@aws-cdk/aws-cloudfront"><img src="https://img.shields.io/badge/jsDocs.io-reference-blue" alt="jsDocs.io"></a>

Updated 9 months ago.
Package analyzed in 9750 ms.
Missing or incorrect documentation? Open an issue for this package.

@aws-cdk/aws-cloudfront

Install

Overview

Index

Classes

Interfaces

Enums

Namespaces

Classes

class AllowedMethods

property ALLOW_ALL

property ALLOW_GET_HEAD

property ALLOW_GET_HEAD_OPTIONS

property methods

class CacheCookieBehavior

property behavior

property cookies

method all

method allowList

method denyList

method none

class CachedMethods

property CACHE_GET_HEAD

property CACHE_GET_HEAD_OPTIONS

property methods

class CacheHeaderBehavior

property behavior

property headers

method allowList

method none

class CachePolicy

property AMPLIFY

property cachePolicyId

property CACHING_DISABLED

property CACHING_OPTIMIZED

property CACHING_OPTIMIZED_FOR_UNCOMPRESSED_OBJECTS

property ELEMENTAL_MEDIA_PACKAGE

method fromCachePolicyId

class CacheQueryStringBehavior

property behavior

property queryStrings

method all

method allowList

method denyList

method none

class CfnCachePolicy

Parameter scope

Parameter id

Parameter props

property attrId

property attrLastModifiedTime

property cachePolicyConfig

property CFN_RESOURCE_TYPE_NAME

property cfnProperties

method inspect

Parameter inspector

method renderProperties

class CfnCloudFrontOriginAccessIdentity

Parameter scope

Parameter id

Parameter props

property attrId

property attrS3CanonicalUserId

property CFN_RESOURCE_TYPE_NAME

property cfnProperties

property cloudFrontOriginAccessIdentityConfig

method inspect

Parameter inspector

method renderProperties

class CfnContinuousDeploymentPolicy

Parameter scope

Parameter id

Parameter props

property attrId

property attrLastModifiedTime

property CFN_RESOURCE_TYPE_NAME

property cfnProperties

property continuousDeploymentPolicyConfig

method inspect

Parameter inspector