@aws-cdk/aws-cloudfront
- Version 1.204.0
- Published
- 4.59 MB
- 11 dependencies
- Apache-2.0 license
Install
npm i @aws-cdk/aws-cloudfront
yarn add @aws-cdk/aws-cloudfront
pnpm add @aws-cdk/aws-cloudfront
Overview
The CDK Construct Library for AWS::CloudFront
Index
Classes
Interfaces
Enums
Namespaces
CfnDistribution
- CacheBehaviorProperty
- CookiesProperty
- CustomErrorResponseProperty
- CustomOriginConfigProperty
- DefaultCacheBehaviorProperty
- DistributionConfigProperty
- ForwardedValuesProperty
- FunctionAssociationProperty
- GeoRestrictionProperty
- LambdaFunctionAssociationProperty
- LegacyCustomOriginProperty
- LegacyS3OriginProperty
- LoggingProperty
- OriginCustomHeaderProperty
- OriginGroupFailoverCriteriaProperty
- OriginGroupMemberProperty
- OriginGroupMembersProperty
- OriginGroupProperty
- OriginGroupsProperty
- OriginProperty
- OriginShieldProperty
- RestrictionsProperty
- S3OriginConfigProperty
- StatusCodesProperty
- ViewerCertificateProperty
CfnResponseHeadersPolicy
- AccessControlAllowHeadersProperty
- AccessControlAllowMethodsProperty
- AccessControlAllowOriginsProperty
- AccessControlExposeHeadersProperty
- ContentSecurityPolicyProperty
- ContentTypeOptionsProperty
- CorsConfigProperty
- CustomHeaderProperty
- CustomHeadersConfigProperty
- FrameOptionsProperty
- ReferrerPolicyProperty
- RemoveHeaderProperty
- RemoveHeadersConfigProperty
- ResponseHeadersPolicyConfigProperty
- SecurityHeadersConfigProperty
- ServerTimingHeadersConfigProperty
- StrictTransportSecurityProperty
- XSSProtectionProperty
Classes
class AllowedMethods
class AllowedMethods {}
The HTTP methods that the Behavior will accept requests on.
property ALLOW_ALL
static readonly ALLOW_ALL: AllowedMethods;
All supported HTTP methods
property ALLOW_GET_HEAD
static readonly ALLOW_GET_HEAD: AllowedMethods;
HEAD and GET
property ALLOW_GET_HEAD_OPTIONS
static readonly ALLOW_GET_HEAD_OPTIONS: AllowedMethods;
HEAD, GET, and OPTIONS
property methods
readonly methods: string[];
HTTP methods supported
class CacheCookieBehavior
class CacheCookieBehavior {}
Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin.
property behavior
readonly behavior: string;
The behavior of cookies: allow all, none, an allow list, or a deny list.
property cookies
readonly cookies?: string[];
The cookies to allow or deny, if the behavior is an allow or deny list.
method all
static all: () => CacheCookieBehavior;
All cookies in viewer requests are included in the cache key and are automatically included in requests that CloudFront sends to the origin.
method allowList
static allowList: (...cookies: string[]) => CacheCookieBehavior;
Only the provided
cookies
are included in the cache key and automatically included in requests that CloudFront sends to the origin.
method denyList
static denyList: (...cookies: string[]) => CacheCookieBehavior;
All cookies except the provided
cookies
are included in the cache key and automatically included in requests that CloudFront sends to the origin.
method none
static none: () => CacheCookieBehavior;
Cookies in viewer requests are not included in the cache key and are not automatically included in requests that CloudFront sends to the origin.
class CachedMethods
class CachedMethods {}
The HTTP methods that the Behavior will cache requests on.
property CACHE_GET_HEAD
static readonly CACHE_GET_HEAD: CachedMethods;
HEAD and GET
property CACHE_GET_HEAD_OPTIONS
static readonly CACHE_GET_HEAD_OPTIONS: CachedMethods;
HEAD, GET, and OPTIONS
property methods
readonly methods: string[];
HTTP methods supported
class CacheHeaderBehavior
class CacheHeaderBehavior {}
Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin.
property behavior
readonly behavior: string;
If no headers will be passed, or an allow list of headers.
property headers
readonly headers?: string[];
The headers for the allow/deny list, if applicable.
method allowList
static allowList: (...headers: string[]) => CacheHeaderBehavior;
Listed headers are included in the cache key and are automatically included in requests that CloudFront sends to the origin.
method none
static none: () => CacheHeaderBehavior;
HTTP headers are not included in the cache key and are not automatically included in requests that CloudFront sends to the origin.
class CachePolicy
class CachePolicy extends Resource implements ICachePolicy {}
A Cache Policy configuration.
AWS::CloudFront::CachePolicy https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-managed-cache-policies.html
constructor
constructor(scope: Construct, id: string, props?: CachePolicyProps);
property AMPLIFY
static readonly AMPLIFY: ICachePolicy;
This policy is designed for use with an origin that is an AWS Amplify web app.
property cachePolicyId
readonly cachePolicyId: string;
property CACHING_DISABLED
static readonly CACHING_DISABLED: ICachePolicy;
Disables caching. This policy is useful for dynamic content and for requests that are not cacheable.
property CACHING_OPTIMIZED
static readonly CACHING_OPTIMIZED: ICachePolicy;
Optimize cache efficiency by minimizing the values that CloudFront includes in the cache key. Query strings and cookies are not included in the cache key, and only the normalized 'Accept-Encoding' header is included.
property CACHING_OPTIMIZED_FOR_UNCOMPRESSED_OBJECTS
static readonly CACHING_OPTIMIZED_FOR_UNCOMPRESSED_OBJECTS: ICachePolicy;
Optimize cache efficiency by minimizing the values that CloudFront includes in the cache key. Query strings and cookies are not included in the cache key, and only the normalized 'Accept-Encoding' header is included. Disables cache compression.
property ELEMENTAL_MEDIA_PACKAGE
static readonly ELEMENTAL_MEDIA_PACKAGE: ICachePolicy;
Designed for use with an origin that is an AWS Elemental MediaPackage endpoint.
method fromCachePolicyId
static fromCachePolicyId: ( scope: Construct, id: string, cachePolicyId: string) => ICachePolicy;
Imports a Cache Policy from its id.
class CacheQueryStringBehavior
class CacheQueryStringBehavior {}
Determines whether any URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin.
property behavior
readonly behavior: string;
The behavior of query strings -- allow all, none, only an allow list, or a deny list.
property queryStrings
readonly queryStrings?: string[];
The query strings to allow or deny, if the behavior is an allow or deny list.
method all
static all: () => CacheQueryStringBehavior;
All query strings in viewer requests are included in the cache key and are automatically included in requests that CloudFront sends to the origin.
method allowList
static allowList: (...queryStrings: string[]) => CacheQueryStringBehavior;
Only the provided
queryStrings
are included in the cache key and automatically included in requests that CloudFront sends to the origin.
method denyList
static denyList: (...queryStrings: string[]) => CacheQueryStringBehavior;
All query strings except the provided
queryStrings
are included in the cache key and automatically included in requests that CloudFront sends to the origin.
method none
static none: () => CacheQueryStringBehavior;
Query strings in viewer requests are not included in the cache key and are not automatically included in requests that CloudFront sends to the origin.
class CfnCachePolicy
class CfnCachePolicy extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::CachePolicy
A cache policy.
When it's attached to a cache behavior, the cache policy determines the following:
- The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. - The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.
The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but *not* include them in the cache key, use
OriginRequestPolicy
.AWS::CloudFront::CachePolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cachepolicy.html
constructor
constructor(scope: cdk.Construct, id: string, props: CfnCachePolicyProps);
Create a new
AWS::CloudFront::CachePolicy
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrId
readonly attrId: string;
The unique identifier for the cache policy. For example:
2766f7b2-75c5-41c6-8f06-bf4303a2f2f5
. Id
property attrLastModifiedTime
readonly attrLastModifiedTime: string;
The date and time when the cache policy was last modified. LastModifiedTime
property cachePolicyConfig
cachePolicyConfig: any;
The cache policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cachepolicy.html#cfn-cloudfront-cachepolicy-cachepolicyconfig
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnCloudFrontOriginAccessIdentity
class CfnCloudFrontOriginAccessIdentity extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::CloudFrontOriginAccessIdentity
The request to create a new origin access identity (OAI). An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content. For more information, see [Restricting Access to Amazon S3 Content by Using an Origin Access Identity](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html) in the *Amazon CloudFront Developer Guide* .
AWS::CloudFront::CloudFrontOriginAccessIdentity external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html
constructor
constructor( scope: cdk.Construct, id: string, props: CfnCloudFrontOriginAccessIdentityProps);
Create a new
AWS::CloudFront::CloudFrontOriginAccessIdentity
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrId
readonly attrId: string;
The ID for the origin access identity, for example,
E74FTE3AJFJ256A
. Id
property attrS3CanonicalUserId
readonly attrS3CanonicalUserId: string;
The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3. For example:
b970b42360b81c8ddbd79d2f5df0069ba9033c8a79655752abe380cd6d63ba8bcf23384d568fcf89fc49700b5e11a0fd
. S3CanonicalUserId
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property cloudFrontOriginAccessIdentityConfig
cloudFrontOriginAccessIdentityConfig: any;
The current configuration information for the identity.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html#cfn-cloudfront-cloudfrontoriginaccessidentity-cloudfrontoriginaccessidentityconfig
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnContinuousDeploymentPolicy
class CfnContinuousDeploymentPolicy extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::ContinuousDeploymentPolicy
Creates a continuous deployment policy that routes a subset of production traffic from a primary distribution to a staging distribution.
After you create and update a staging distribution, you can use a continuous deployment policy to incrementally move traffic to the staging distribution. This enables you to test changes to a distribution's configuration before moving all of your production traffic to the new configuration.
For more information, see [Using CloudFront continuous deployment to safely test CDN configuration changes](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/continuous-deployment.html) in the *Amazon CloudFront Developer Guide* .
AWS::CloudFront::ContinuousDeploymentPolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-continuousdeploymentpolicy.html
constructor
constructor( scope: cdk.Construct, id: string, props: CfnContinuousDeploymentPolicyProps);
Create a new
AWS::CloudFront::ContinuousDeploymentPolicy
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrId
readonly attrId: string;
The identifier of the cotinuous deployment policy. Id
property attrLastModifiedTime
readonly attrLastModifiedTime: string;
The date and time when the continuous deployment policy was last modified. LastModifiedTime
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property continuousDeploymentPolicyConfig
continuousDeploymentPolicyConfig: any;
Contains the configuration for a continuous deployment policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-continuousdeploymentpolicy.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnDistribution
class CfnDistribution extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::Distribution
A distribution tells CloudFront where you want content to be delivered from, and the details about how to track and manage content delivery.
AWS::CloudFront::Distribution external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html
constructor
constructor(scope: cdk.Construct, id: string, props: CfnDistributionProps);
Create a new
AWS::CloudFront::Distribution
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrDomainName
readonly attrDomainName: string;
The domain name of the resource, such as
d111111abcdef8.cloudfront.net
. DomainName
property attrId
readonly attrId: string;
The identifier for the distribution, for example
EDFDVBD632BHDS5
. Id
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property distributionConfig
distributionConfig: any;
The distribution's configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html#cfn-cloudfront-distribution-distributionconfig
property tags
readonly tags: cdk.TagManager;
A complex type that contains zero or more
Tag
elements.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html#cfn-cloudfront-distribution-tags
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnFunction
class CfnFunction extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::Function
Creates a CloudFront function.
To create a function, you provide the function code and some configuration information about the function. The response contains an Amazon Resource Name (ARN) that uniquely identifies the function, and the function’s stage.
By default, when you create a function, it’s in the
DEVELOPMENT
stage. In this stage, you can [test the function](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/test-function.html) in the CloudFront console (or withTestFunction
in the CloudFront API).When you’re ready to use your function with a CloudFront distribution, publish the function to the
LIVE
stage. You can do this in the CloudFront console, withPublishFunction
in the CloudFront API, or by updating theAWS::CloudFront::Function
resource with theAutoPublish
property set totrue
. When the function is published to theLIVE
stage, you can attach it to a distribution’s cache behavior, using the function’s ARN.To automatically publish the function to the
LIVE
stage when it’s created, set theAutoPublish
property totrue
.AWS::CloudFront::Function external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html
constructor
constructor(scope: cdk.Construct, id: string, props: CfnFunctionProps);
Create a new
AWS::CloudFront::Function
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrFunctionArn
readonly attrFunctionArn: string;
The ARN of the function. For example:
arn:aws:cloudfront::123456789012:function/ExampleFunction
.To get the function ARN, use the following syntax:
!GetAtt *Function_Logical_ID* .FunctionMetadata.FunctionARN
FunctionARN
property attrFunctionMetadataFunctionArn
readonly attrFunctionMetadataFunctionArn: string;
The Amazon Resource Name (ARN) of the function. The ARN uniquely identifies the function. FunctionMetadata.FunctionARN
property attrStage
readonly attrStage: string;
Stage
property autoPublish
autoPublish: any;
A flag that determines whether to automatically publish the function to the
LIVE
stage when it’s created. To automatically publish to theLIVE
stage, set this property totrue
.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-autopublish
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property functionCode
functionCode: string;
The function code. For more information about writing a CloudFront function, see [Writing function code for CloudFront Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/writing-function-code.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functioncode
property functionConfig
functionConfig: any;
Contains configuration information about a CloudFront function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functionconfig
property functionMetadata
functionMetadata: any;
Contains metadata about a CloudFront function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functionmetadata
property name
name: string;
A name to identify the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-name
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnKeyGroup
class CfnKeyGroup extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::KeyGroup
A key group.
A key group contains a list of public keys that you can use with [CloudFront signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) .
AWS::CloudFront::KeyGroup external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html
constructor
constructor(scope: cdk.Construct, id: string, props: CfnKeyGroupProps);
Create a new
AWS::CloudFront::KeyGroup
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrId
readonly attrId: string;
The identifier for the key group. Id
property attrLastModifiedTime
readonly attrLastModifiedTime: string;
The date and time when the key group was last modified. LastModifiedTime
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property keyGroupConfig
keyGroupConfig: any;
The key group configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html#cfn-cloudfront-keygroup-keygroupconfig
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnMonitoringSubscription
class CfnMonitoringSubscription extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::MonitoringSubscription
A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.
AWS::CloudFront::MonitoringSubscription external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html
constructor
constructor( scope: cdk.Construct, id: string, props: CfnMonitoringSubscriptionProps);
Create a new
AWS::CloudFront::MonitoringSubscription
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property distributionId
distributionId: string;
The ID of the distribution that you are enabling metrics for.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html#cfn-cloudfront-monitoringsubscription-distributionid
property monitoringSubscription
monitoringSubscription: any;
A subscription configuration for additional CloudWatch metrics.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html#cfn-cloudfront-monitoringsubscription-monitoringsubscription
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnOriginAccessControl
class CfnOriginAccessControl extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::OriginAccessControl
Creates a new origin access control in CloudFront. After you create an origin access control, you can add it to an origin in a CloudFront distribution so that CloudFront sends authenticated (signed) requests to the origin.
This makes it possible to block public access to the origin, allowing viewers (users) to access the origin's content only through CloudFront.
For more information about using a CloudFront origin access control, see [Restricting access to an AWS origin](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-origin.html) in the *Amazon CloudFront Developer Guide* .
AWS::CloudFront::OriginAccessControl external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html
constructor
constructor( scope: cdk.Construct, id: string, props: CfnOriginAccessControlProps);
Create a new
AWS::CloudFront::OriginAccessControl
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrId
readonly attrId: string;
The unique identifier of the origin access control. Id
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property originAccessControlConfig
originAccessControlConfig: any;
The origin access control.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnOriginRequestPolicy
class CfnOriginRequestPolicy extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::OriginRequestPolicy
An origin request policy.
When it's attached to a cache behavior, the origin request policy determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following:
- The request body and the URL path (without the domain name) from the viewer request. - The headers that CloudFront automatically includes in every origin request, including
Host
,User-Agent
, andX-Amz-Cf-Id
. - All HTTP headers, cookies, and URL query strings that are specified in the cache policy or the origin request policy. These can include items from the viewer request and, in the case of headers, additional ones that are added by CloudFront.CloudFront sends a request when it can't find an object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use
CachePolicy
.AWS::CloudFront::OriginRequestPolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originrequestpolicy.html
constructor
constructor( scope: cdk.Construct, id: string, props: CfnOriginRequestPolicyProps);
Create a new
AWS::CloudFront::OriginRequestPolicy
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrId
readonly attrId: string;
The unique identifier for the origin request policy. For example:
befd7079-9bbc-4ebf-8ade-498a3694176c
. Id
property attrLastModifiedTime
readonly attrLastModifiedTime: string;
The date and time when the origin request policy was last modified. LastModifiedTime
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property originRequestPolicyConfig
originRequestPolicyConfig: any;
The origin request policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originrequestpolicy.html#cfn-cloudfront-originrequestpolicy-originrequestpolicyconfig
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnPublicKey
class CfnPublicKey extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::PublicKey
A public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) , or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) .
AWS::CloudFront::PublicKey external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html
constructor
constructor(scope: cdk.Construct, id: string, props: CfnPublicKeyProps);
Create a new
AWS::CloudFront::PublicKey
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrCreatedTime
readonly attrCreatedTime: string;
The date and time when the public key was uploaded. CreatedTime
property attrId
readonly attrId: string;
The identifier of the public key. Id
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property publicKeyConfig
publicKeyConfig: any;
Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) , or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html#cfn-cloudfront-publickey-publickeyconfig
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnRealtimeLogConfig
class CfnRealtimeLogConfig extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::RealtimeLogConfig
A real-time log configuration.
AWS::CloudFront::RealtimeLogConfig external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html
constructor
constructor(scope: cdk.Construct, id: string, props: CfnRealtimeLogConfigProps);
Create a new
AWS::CloudFront::RealtimeLogConfig
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrArn
readonly attrArn: string;
The Amazon Resource Name (ARN) of the real-time log configuration. For example:
arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfig
. Arn
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property endPoints
endPoints: any;
Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-endpoints
property fields
fields: string[];
A list of fields that are included in each real-time log record. In an API response, the fields are provided in the same order in which they are sent to the Amazon Kinesis data stream.
For more information about fields, see [Real-time log configuration fields](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-fields
property name
name: string;
The unique name of this real-time log configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-name
property samplingRate
samplingRate: number;
The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. The sampling rate is an integer between 1 and 100, inclusive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-samplingrate
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnResponseHeadersPolicy
class CfnResponseHeadersPolicy extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::ResponseHeadersPolicy
A response headers policy.
A response headers policy contains information about a set of HTTP response headers.
After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it's attached to a cache behavior, the response headers policy affects the HTTP headers that CloudFront includes in HTTP responses to requests that match the cache behavior. CloudFront adds or removes response headers according to the configuration of the response headers policy.
For more information, see [Adding or removing HTTP headers in CloudFront responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/modifying-response-headers.html) in the *Amazon CloudFront Developer Guide* .
AWS::CloudFront::ResponseHeadersPolicy external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html
constructor
constructor( scope: cdk.Construct, id: string, props: CfnResponseHeadersPolicyProps);
Create a new
AWS::CloudFront::ResponseHeadersPolicy
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrId
readonly attrId: string;
The unique identifier for the response headers policy. For example:
57f99797-3b20-4e1b-a728-27972a74082a
. Id
property attrLastModifiedTime
readonly attrLastModifiedTime: string;
The date and time when the response headers policy was last modified. LastModifiedTime
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property responseHeadersPolicyConfig
responseHeadersPolicyConfig: any;
A response headers policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CfnStreamingDistribution
class CfnStreamingDistribution extends cdk.CfnResource implements cdk.IInspectable {}
A CloudFormation
AWS::CloudFront::StreamingDistribution
This resource is deprecated. Amazon CloudFront is deprecating real-time messaging protocol (RTMP) distributions on December 31, 2020. For more information, [read the announcement](https://docs.aws.amazon.com/ann.jspa?annID=7356) on the Amazon CloudFront discussion forum.
AWS::CloudFront::StreamingDistribution external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html
constructor
constructor( scope: cdk.Construct, id: string, props: CfnStreamingDistributionProps);
Create a new
AWS::CloudFront::StreamingDistribution
.Parameter scope
scope in which this resource is defined
Parameter id
scoped id of the resource
Parameter props
resource properties
property attrDomainName
readonly attrDomainName: string;
The domain name of the resource, such as
d111111abcdef8.cloudfront.net
. DomainName
property CFN_RESOURCE_TYPE_NAME
static readonly CFN_RESOURCE_TYPE_NAME: string;
The CloudFormation resource type name for this resource class.
property cfnProperties
readonly cfnProperties: { [key: string]: any };
property streamingDistributionConfig
streamingDistributionConfig: any;
The current configuration information for the RTMP distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig
property tags
readonly tags: cdk.TagManager;
A complex type that contains zero or more
Tag
elements.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html#cfn-cloudfront-streamingdistribution-tags
method inspect
inspect: (inspector: cdk.TreeInspector) => void;
Examines the CloudFormation resource and discloses attributes.
Parameter inspector
tree inspector to collect and process attributes
method renderProperties
protected renderProperties: (props: { [key: string]: any }) => { [key: string]: any;};
class CloudFrontWebDistribution
class CloudFrontWebDistribution extends cdk.Resource implements IDistribution {}
Amazon CloudFront is a global content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to your viewers with low latency and high transfer speeds. CloudFront fronts user provided content and caches it at edge locations across the world.
Here's how you can use this construct:
const sourceBucket = new s3.Bucket(this, 'Bucket');const distribution = new cloudfront.CloudFrontWebDistribution(this, 'MyDistribution', {originConfigs: [{s3OriginSource: {s3BucketSource: sourceBucket,},behaviors : [ {isDefaultBehavior: true}],},],});This will create a CloudFront distribution that uses your S3Bucket as it's origin.
You can customize the distribution using additional properties from the CloudFrontWebDistributionProps interface.
AWS::CloudFront::Distribution
constructor
constructor(scope: Construct, id: string, props: CloudFrontWebDistributionProps);
property distributionDomainName
readonly distributionDomainName: string;
The domain name created by CloudFront for this distribution. If you are using aliases for your distribution, this is the domainName your DNS records should point to. (In Route53, you could create an ALIAS record to this value, for example.)
property distributionId
readonly distributionId: string;
The distribution ID for this distribution.
property domainName
readonly domainName: string;
The domain name created by CloudFront for this distribution. If you are using aliases for your distribution, this is the domainName your DNS records should point to. (In Route53, you could create an ALIAS record to this value, for example.)
Deprecated
- Use
distributionDomainName
instead.
property loggingBucket
readonly loggingBucket?: s3.IBucket;
The logging bucket for this CloudFront distribution. If logging is not enabled for this distribution - this property will be undefined.
method fromDistributionAttributes
static fromDistributionAttributes: ( scope: Construct, id: string, attrs: CloudFrontWebDistributionAttributes) => IDistribution;
Creates a construct that represents an external (imported) distribution.
class Distribution
class Distribution extends Resource implements IDistribution {}
A CloudFront distribution with associated origin(s) and caching behavior(s).
constructor
constructor(scope: Construct, id: string, props: DistributionProps);
property distributionDomainName
readonly distributionDomainName: string;
property distributionId
readonly distributionId: string;
property domainName
readonly domainName: string;
method addBehavior
addBehavior: ( pathPattern: string, origin: IOrigin, behaviorOptions?: AddBehaviorOptions) => void;
Adds a new behavior to this distribution for the given pathPattern.
Parameter pathPattern
the path pattern (e.g., 'images/*') that specifies which requests to apply the behavior to.
Parameter origin
the origin to use for this behavior
Parameter behaviorOptions
the options for the behavior at this path.
method fromDistributionAttributes
static fromDistributionAttributes: ( scope: Construct, id: string, attrs: DistributionAttributes) => IDistribution;
Creates a Distribution construct that represents an external (imported) distribution.
class Function
class Function extends Resource implements IFunction {}
A CloudFront Function
AWS::CloudFront::Function
constructor
constructor(scope: Construct, id: string, props: FunctionProps);
property functionArn
readonly functionArn: string;
the ARN of the CloudFront function
property functionName
readonly functionName: string;
the name of the CloudFront function
property functionStage
readonly functionStage: string;
the deployment stage of the CloudFront function
method fromFunctionAttributes
static fromFunctionAttributes: ( scope: Construct, id: string, attrs: FunctionAttributes) => IFunction;
Imports a function by its name and ARN
class FunctionCode
abstract class FunctionCode {}
Represents the function's source code
method fromFile
static fromFile: (options: FileCodeOptions) => FunctionCode;
Code from external file for function
Parameter options
the options for the external file
Returns
code object with contents from file.
method fromInline
static fromInline: (code: string) => FunctionCode;
Inline code for function
Parameter code
The actual function code
Returns
code object with inline code.
method render
abstract render: () => string;
renders the function code
class GeoRestriction
class GeoRestriction {}
Controls the countries in which content is distributed.
property locations
readonly locations: string[];
property restrictionType
readonly restrictionType: 'whitelist' | 'blacklist';
method allowlist
static allowlist: (...locations: string[]) => GeoRestriction;
Allow specific countries which you want CloudFront to distribute your content.
Parameter locations
Two-letter, uppercase country code for a country that you want to allow. Include one element for each country. See ISO 3166-1-alpha-2 code on the *International Organization for Standardization* website
method blacklist
static blacklist: (...locations: string[]) => GeoRestriction;
DEPRECATED
Deprecated
use
denylist
method denylist
static denylist: (...locations: string[]) => GeoRestriction;
Deny specific countries which you don't want CloudFront to distribute your content.
Parameter locations
Two-letter, uppercase country code for a country that you want to deny. Include one element for each country. See ISO 3166-1-alpha-2 code on the *International Organization for Standardization* website
method whitelist
static whitelist: (...locations: string[]) => GeoRestriction;
DEPRECATED
Deprecated
use
allowlist
class KeyGroup
class KeyGroup extends Resource implements IKeyGroup {}
A Key Group configuration
AWS::CloudFront::KeyGroup
constructor
constructor(scope: Construct, id: string, props: KeyGroupProps);
property keyGroupId
readonly keyGroupId: string;
method fromKeyGroupId
static fromKeyGroupId: ( scope: Construct, id: string, keyGroupId: string) => IKeyGroup;
Imports a Key Group from its id.
class OriginAccessIdentity
class OriginAccessIdentity extends OriginAccessIdentityBase implements IOriginAccessIdentity {}
An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content.
AWS::CloudFront::CloudFrontOriginAccessIdentity
constructor
constructor(scope: Construct, id: string, props?: OriginAccessIdentityProps);
property cloudFrontOriginAccessIdentityS3CanonicalUserId
readonly cloudFrontOriginAccessIdentityS3CanonicalUserId: string;
The Amazon S3 canonical user ID for the origin access identity, used when giving the origin access identity read permission to an object in Amazon S3.
property grantPrincipal
readonly grantPrincipal: iam.IPrincipal;
Derived principal value for bucket access
property originAccessIdentityName
readonly originAccessIdentityName: string;
The Origin Access Identity Name (physical id)
method fromOriginAccessIdentityName
static fromOriginAccessIdentityName: ( scope: Construct, id: string, originAccessIdentityName: string) => IOriginAccessIdentity;
Creates a OriginAccessIdentity by providing the OriginAccessIdentityName
class OriginBase
abstract class OriginBase implements IOrigin {}
Represents a distribution origin, that describes the Amazon S3 bucket, HTTP server (for example, a web server), Amazon MediaStore, or other server from which CloudFront gets your files.
constructor
protected constructor(domainName: string, props?: OriginProps);
method bind
bind: (_scope: Construct, options: OriginBindOptions) => OriginBindConfig;
Binds the origin to the associated Distribution. Can be used to grant permissions, create dependent resources, etc.
method renderCustomOriginConfig
protected renderCustomOriginConfig: () => | CfnDistribution.CustomOriginConfigProperty | undefined;
method renderS3OriginConfig
protected renderS3OriginConfig: () => | CfnDistribution.S3OriginConfigProperty | undefined;
class OriginRequestCookieBehavior
class OriginRequestCookieBehavior {}
Determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin.
property behavior
readonly behavior: string;
The behavior of cookies: allow all, none or an allow list.
property cookies
readonly cookies?: string[];
The cookies to allow, if the behavior is an allow list.
method all
static all: () => OriginRequestCookieBehavior;
All cookies in viewer requests are included in requests that CloudFront sends to the origin.
method allowList
static allowList: (...cookies: string[]) => OriginRequestCookieBehavior;
Only the provided
cookies
are included in requests that CloudFront sends to the origin.
method none
static none: () => OriginRequestCookieBehavior;
Cookies in viewer requests are not included in requests that CloudFront sends to the origin. Any cookies that are listed in a CachePolicy are still included in origin requests.
class OriginRequestHeaderBehavior
class OriginRequestHeaderBehavior {}
Determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin.
property behavior
readonly behavior: string;
The behavior of headers: allow all, none or an allow list.
property headers
readonly headers?: string[];
The headers for the allow list or the included CloudFront headers, if applicable.
method all
static all: (...cloudfrontHeaders: string[]) => OriginRequestHeaderBehavior;
All HTTP headers in viewer requests are included in requests that CloudFront sends to the origin. Additionally, any additional CloudFront headers provided are included; the additional headers are added by CloudFront.
See Also
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-cloudfront-headers.html
method allowList
static allowList: (...headers: string[]) => OriginRequestHeaderBehavior;
Listed headers are included in requests that CloudFront sends to the origin.
method none
static none: () => OriginRequestHeaderBehavior;
HTTP headers are not included in requests that CloudFront sends to the origin. Any headers that are listed in a CachePolicy are still included in origin requests.
class OriginRequestPolicy
class OriginRequestPolicy extends Resource implements IOriginRequestPolicy {}
A Origin Request Policy configuration.
AWS::CloudFront::OriginRequestPolicy
constructor
constructor(scope: Construct, id: string, props?: OriginRequestPolicyProps);
property ALL_VIEWER
static readonly ALL_VIEWER: IOriginRequestPolicy;
This policy includes all values (query strings, headers, and cookies) in the viewer request.
property CORS_CUSTOM_ORIGIN
static readonly CORS_CUSTOM_ORIGIN: IOriginRequestPolicy;
This policy includes the header that enables cross-origin resource sharing (CORS) requests when the origin is a custom origin.
property CORS_S3_ORIGIN
static readonly CORS_S3_ORIGIN: IOriginRequestPolicy;
This policy includes the headers that enable cross-origin resource sharing (CORS) requests when the origin is an Amazon S3 bucket.
property ELEMENTAL_MEDIA_TAILOR
static readonly ELEMENTAL_MEDIA_TAILOR: IOriginRequestPolicy;
This policy is designed for use with an origin that is an AWS Elemental MediaTailor endpoint.
property originRequestPolicyId
readonly originRequestPolicyId: string;
property USER_AGENT_REFERER_HEADERS
static readonly USER_AGENT_REFERER_HEADERS: IOriginRequestPolicy;
This policy includes only the User-Agent and Referer headers. It doesn’t include any query strings or cookies.
method fromOriginRequestPolicyId
static fromOriginRequestPolicyId: ( scope: Construct, id: string, originRequestPolicyId: string) => IOriginRequestPolicy;
Imports a Origin Request Policy from its id.
class OriginRequestQueryStringBehavior
class OriginRequestQueryStringBehavior {}
Determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin.
property behavior
readonly behavior: string;
The behavior of query strings -- allow all, none, or only an allow list.
property queryStrings
readonly queryStrings?: string[];
The query strings to allow, if the behavior is an allow list.
method all
static all: () => OriginRequestQueryStringBehavior;
All query strings in viewer requests are included in requests that CloudFront sends to the origin.
method allowList
static allowList: ( ...queryStrings: string[]) => OriginRequestQueryStringBehavior;
Only the provided
queryStrings
are included in requests that CloudFront sends to the origin.
method none
static none: () => OriginRequestQueryStringBehavior;
Query strings in viewer requests are not included in requests that CloudFront sends to the origin. Any query strings that are listed in a CachePolicy are still included in origin requests.
class PublicKey
class PublicKey extends Resource implements IPublicKey {}
A Public Key Configuration
AWS::CloudFront::PublicKey
constructor
constructor(scope: Construct, id: string, props: PublicKeyProps);
property publicKeyId
readonly publicKeyId: string;
method fromPublicKeyId
static fromPublicKeyId: ( scope: Construct, id: string, publicKeyId: string) => IPublicKey;
Imports a Public Key from its id.
class ResponseHeadersPolicy
class ResponseHeadersPolicy extends Resource implements IResponseHeadersPolicy {}
A Response Headers Policy configuration
AWS::CloudFront::ResponseHeadersPolicy
constructor
constructor(scope: Construct, id: string, props?: ResponseHeadersPolicyProps);
property CORS_ALLOW_ALL_ORIGINS
static readonly CORS_ALLOW_ALL_ORIGINS: IResponseHeadersPolicy;
Use this managed policy to allow simple CORS requests from any origin.
property CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS
static readonly CORS_ALLOW_ALL_ORIGINS_AND_SECURITY_HEADERS: IResponseHeadersPolicy;
Use this managed policy to allow simple CORS requests from any origin and add a set of security headers to all responses that CloudFront sends to viewers.
property CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT
static readonly CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT: IResponseHeadersPolicy;
Use this managed policy to allow CORS requests from any origin, including preflight requests.
property CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS
static readonly CORS_ALLOW_ALL_ORIGINS_WITH_PREFLIGHT_AND_SECURITY_HEADERS: IResponseHeadersPolicy;
Use this managed policy to allow CORS requests from any origin, including preflight requests, and add a set of security headers to all responses that CloudFront sends to viewers.
property responseHeadersPolicyId
readonly responseHeadersPolicyId: string;
property SECURITY_HEADERS
static readonly SECURITY_HEADERS: IResponseHeadersPolicy;
Use this managed policy to add a set of security headers to all responses that CloudFront sends to viewers.
method fromResponseHeadersPolicyId
static fromResponseHeadersPolicyId: ( scope: Construct, id: string, responseHeadersPolicyId: string) => IResponseHeadersPolicy;
Import an existing Response Headers Policy from its ID.
class ViewerCertificate
class ViewerCertificate {}
Viewer certificate configuration class
property aliases
readonly aliases: string[];
property props
readonly props: CfnDistribution.ViewerCertificateProperty;
method fromAcmCertificate
static fromAcmCertificate: ( certificate: certificatemanager.ICertificate, options?: ViewerCertificateOptions) => ViewerCertificate;
Generate an AWS Certificate Manager (ACM) viewer certificate configuration
Parameter certificate
AWS Certificate Manager (ACM) certificate. Your certificate must be located in the us-east-1 (US East (N. Virginia)) region to be accessed by CloudFront
Parameter options
certificate configuration options
method fromCloudFrontDefaultCertificate
static fromCloudFrontDefaultCertificate: ( ...aliases: string[]) => ViewerCertificate;
Generate a viewer certifcate configuration using the CloudFront default certificate (e.g. d111111abcdef8.cloudfront.net) and a SecurityPolicyProtocol.TLS_V1 security policy.
Parameter aliases
Alternative CNAME aliases You also must create a CNAME record with your DNS service to route queries
method fromIamCertificate
static fromIamCertificate: ( iamCertificateId: string, options?: ViewerCertificateOptions) => ViewerCertificate;
Generate an IAM viewer certificate configuration
Parameter iamCertificateId
Identifier of the IAM certificate
Parameter options
certificate configuration options
Interfaces
interface AddBehaviorOptions
interface AddBehaviorOptions {}
Options for adding a new behavior to a Distribution.
property allowedMethods
readonly allowedMethods?: AllowedMethods;
HTTP methods to allow for this behavior.
AllowedMethods.ALLOW_GET_HEAD
property cachedMethods
readonly cachedMethods?: CachedMethods;
HTTP methods to cache for this behavior.
CachedMethods.CACHE_GET_HEAD
property cachePolicy
readonly cachePolicy?: ICachePolicy;
The cache policy for this behavior. The cache policy determines what values are included in the cache key, and the time-to-live (TTL) values for the cache.
See Also
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html. CachePolicy.CACHING_OPTIMIZED
property compress
readonly compress?: boolean;
Whether you want CloudFront to automatically compress certain files for this cache behavior. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/ServingCompressedFiles.html#compressed-content-cloudfront-file-types for file types CloudFront will compress.
true
property edgeLambdas
readonly edgeLambdas?: EdgeLambda[];
The Lambda@Edge functions to invoke before serving the contents.
- no Lambda functions will be invoked
See Also
https://aws.amazon.com/lambda/edge
property functionAssociations
readonly functionAssociations?: FunctionAssociation[];
The CloudFront functions to invoke before serving the contents.
- no functions will be invoked
property originRequestPolicy
readonly originRequestPolicy?: IOriginRequestPolicy;
The origin request policy for this behavior. The origin request policy determines which values (e.g., headers, cookies) are included in requests that CloudFront sends to the origin.
- none
property responseHeadersPolicy
readonly responseHeadersPolicy?: IResponseHeadersPolicy;
The response headers policy for this behavior. The response headers policy determines which headers are included in responses
- none
property smoothStreaming
readonly smoothStreaming?: boolean;
Set this to true to indicate you want to distribute media files in the Microsoft Smooth Streaming format using this behavior.
false
property trustedKeyGroups
readonly trustedKeyGroups?: IKeyGroup[];
A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies.
- no KeyGroups are associated with cache behavior
See Also
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
property viewerProtocolPolicy
readonly viewerProtocolPolicy?: ViewerProtocolPolicy;
The protocol that viewers can use to access the files controlled by this behavior.
ViewerProtocolPolicy.ALLOW_ALL
interface AliasConfiguration
interface AliasConfiguration {}
Configuration for custom domain names
CloudFront can use a custom domain that you provide instead of a "cloudfront.net" domain. To use this feature you must provide the list of additional domains, and the ACM Certificate that CloudFront should use for these additional domains.
Deprecated
see CloudFrontWebDistributionProps#viewerCertificate with ViewerCertificate#acmCertificate
property acmCertRef
readonly acmCertRef: string;
ARN of an AWS Certificate Manager (ACM) certificate.
property names
readonly names: string[];
Domain names on the certificate
Both main domain name and Subject Alternative Names.
property securityPolicy
readonly securityPolicy?: SecurityPolicyProtocol;
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify.
- SSLv3 if sslMethod VIP, TLSv1 if sslMethod SNI
property sslMethod
readonly sslMethod?: SSLMethod;
How CloudFront should serve HTTPS requests.
See the notes on SSLMethod if you wish to use other SSL termination types.
SSLMethod.SNI
See Also
https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html
interface Behavior
interface Behavior {}
A CloudFront behavior wrapper.
property allowedMethods
readonly allowedMethods?: CloudFrontAllowedMethods;
The method this CloudFront distribution responds do.
GET_HEAD
property cachedMethods
readonly cachedMethods?: CloudFrontAllowedCachedMethods;
Which methods are cached by CloudFront by default.
GET_HEAD
property compress
readonly compress?: boolean;
If CloudFront should automatically compress some content types.
true
property defaultTtl
readonly defaultTtl?: cdk.Duration;
The default amount of time CloudFront will cache an object.
This value applies only when your custom origin does not add HTTP headers, such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. 86400 (1 day)
property forwardedValues
readonly forwardedValues?: CfnDistribution.ForwardedValuesProperty;
The values CloudFront will forward to the origin when making a request.
none (no cookies - no headers)
property functionAssociations
readonly functionAssociations?: FunctionAssociation[];
The CloudFront functions to invoke before serving the contents.
- no functions will be invoked
property isDefaultBehavior
readonly isDefaultBehavior?: boolean;
If this behavior is the default behavior for the distribution.
You must specify exactly one default distribution per CloudFront distribution. The default behavior is allowed to omit the "path" property.
property lambdaFunctionAssociations
readonly lambdaFunctionAssociations?: LambdaFunctionAssociation[];
Declares associated lambda@edge functions for this distribution behaviour.
No lambda function associated
property maxTtl
readonly maxTtl?: cdk.Duration;
The max amount of time you want objects to stay in the cache before CloudFront queries your origin.
Duration.seconds(31536000) (one year)
property minTtl
readonly minTtl?: cdk.Duration;
The minimum amount of time that you want objects to stay in the cache before CloudFront queries your origin.
property pathPattern
readonly pathPattern?: string;
The path this behavior responds to. Required for all non-default behaviors. (The default behavior implicitly has "*" as the path pattern. )
property trustedKeyGroups
readonly trustedKeyGroups?: IKeyGroup[];
A list of Key Groups that CloudFront can use to validate signed URLs or signed cookies.
- no KeyGroups are associated with cache behavior
See Also
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
property trustedSigners
readonly trustedSigners?: string[];
Trusted signers is how CloudFront allows you to serve private content. The signers are the account IDs that are allowed to sign cookies/presigned URLs for this distribution.
If you pass a non empty value, all requests for this behavior must be signed (no public access will be allowed)
Deprecated
- We recommend using trustedKeyGroups instead of trustedSigners.
property viewerProtocolPolicy
readonly viewerProtocolPolicy?: ViewerProtocolPolicy;
The viewer policy for this behavior.
- the distribution wide viewer protocol policy will be used
interface BehaviorOptions
interface BehaviorOptions extends AddBehaviorOptions {}
Options for creating a new behavior.
property origin
readonly origin: IOrigin;
The origin that you want CloudFront to route requests to when they match this behavior.
interface CachePolicyProps
interface CachePolicyProps {}
Properties for creating a Cache Policy
property cachePolicyName
readonly cachePolicyName?: string;
A unique name to identify the cache policy. The name must only include '-', '_', or alphanumeric characters. - generated from the
id
property comment
readonly comment?: string;
A comment to describe the cache policy. - no comment
property cookieBehavior
readonly cookieBehavior?: CacheCookieBehavior;
Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. CacheCookieBehavior.none()
property defaultTtl
readonly defaultTtl?: Duration;
The default amount of time for objects to stay in the CloudFront cache. Only used when the origin does not send Cache-Control or Expires headers with the object. - The greater of 1 day and ``minTtl``
property enableAcceptEncodingBrotli
readonly enableAcceptEncodingBrotli?: boolean;
Whether to normalize and include the
Accept-Encoding
header in the cache key when theAccept-Encoding
header is 'br'. false
property enableAcceptEncodingGzip
readonly enableAcceptEncodingGzip?: boolean;
Whether to normalize and include the
Accept-Encoding
header in the cache key when theAccept-Encoding
header is 'gzip'. false
property headerBehavior
readonly headerBehavior?: CacheHeaderBehavior;
Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. CacheHeaderBehavior.none()
property maxTtl
readonly maxTtl?: Duration;
The maximum amount of time for objects to stay in the CloudFront cache. CloudFront uses this value only when the origin sends Cache-Control or Expires headers with the object. - The greater of 1 year and ``defaultTtl``
property minTtl
readonly minTtl?: Duration;
The minimum amount of time for objects to stay in the CloudFront cache. Duration.seconds(0)
property queryStringBehavior
readonly queryStringBehavior?: CacheQueryStringBehavior;
Determines whether any query strings are included in the cache key and automatically included in requests that CloudFront sends to the origin. CacheQueryStringBehavior.none()
interface CfnCachePolicyProps
interface CfnCachePolicyProps {}
Properties for defining a
CfnCachePolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cachepolicy.html
property cachePolicyConfig
readonly cachePolicyConfig: | CfnCachePolicy.CachePolicyConfigProperty | cdk.IResolvable;
The cache policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cachepolicy.html#cfn-cloudfront-cachepolicy-cachepolicyconfig
interface CfnCloudFrontOriginAccessIdentityProps
interface CfnCloudFrontOriginAccessIdentityProps {}
Properties for defining a
CfnCloudFrontOriginAccessIdentity
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html
property cloudFrontOriginAccessIdentityConfig
readonly cloudFrontOriginAccessIdentityConfig: | CfnCloudFrontOriginAccessIdentity.CloudFrontOriginAccessIdentityConfigProperty | cdk.IResolvable;
The current configuration information for the identity.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-cloudfrontoriginaccessidentity.html#cfn-cloudfront-cloudfrontoriginaccessidentity-cloudfrontoriginaccessidentityconfig
interface CfnContinuousDeploymentPolicyProps
interface CfnContinuousDeploymentPolicyProps {}
Properties for defining a
CfnContinuousDeploymentPolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-continuousdeploymentpolicy.html
property continuousDeploymentPolicyConfig
readonly continuousDeploymentPolicyConfig: | CfnContinuousDeploymentPolicy.ContinuousDeploymentPolicyConfigProperty | cdk.IResolvable;
Contains the configuration for a continuous deployment policy.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-continuousdeploymentpolicy.html#cfn-cloudfront-continuousdeploymentpolicy-continuousdeploymentpolicyconfig
interface CfnDistributionProps
interface CfnDistributionProps {}
Properties for defining a
CfnDistribution
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html
property distributionConfig
readonly distributionConfig: | CfnDistribution.DistributionConfigProperty | cdk.IResolvable;
The distribution's configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html#cfn-cloudfront-distribution-distributionconfig
property tags
readonly tags?: cdk.CfnTag[];
A complex type that contains zero or more
Tag
elements.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html#cfn-cloudfront-distribution-tags
interface CfnFunctionProps
interface CfnFunctionProps {}
Properties for defining a
CfnFunction
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html
property autoPublish
readonly autoPublish?: boolean | cdk.IResolvable;
A flag that determines whether to automatically publish the function to the
LIVE
stage when it’s created. To automatically publish to theLIVE
stage, set this property totrue
.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-autopublish
property functionCode
readonly functionCode: string;
The function code. For more information about writing a CloudFront function, see [Writing function code for CloudFront Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/writing-function-code.html) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functioncode
property functionConfig
readonly functionConfig: CfnFunction.FunctionConfigProperty | cdk.IResolvable;
Contains configuration information about a CloudFront function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functionconfig
property functionMetadata
readonly functionMetadata?: | CfnFunction.FunctionMetadataProperty | cdk.IResolvable;
Contains metadata about a CloudFront function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-functionmetadata
property name
readonly name: string;
A name to identify the function.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-function.html#cfn-cloudfront-function-name
interface CfnKeyGroupProps
interface CfnKeyGroupProps {}
Properties for defining a
CfnKeyGroup
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html
property keyGroupConfig
readonly keyGroupConfig: CfnKeyGroup.KeyGroupConfigProperty | cdk.IResolvable;
The key group configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-keygroup.html#cfn-cloudfront-keygroup-keygroupconfig
interface CfnMonitoringSubscriptionProps
interface CfnMonitoringSubscriptionProps {}
Properties for defining a
CfnMonitoringSubscription
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html
property distributionId
readonly distributionId: string;
The ID of the distribution that you are enabling metrics for.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html#cfn-cloudfront-monitoringsubscription-distributionid
property monitoringSubscription
readonly monitoringSubscription: | CfnMonitoringSubscription.MonitoringSubscriptionProperty | cdk.IResolvable;
A subscription configuration for additional CloudWatch metrics.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-monitoringsubscription.html#cfn-cloudfront-monitoringsubscription-monitoringsubscription
interface CfnOriginAccessControlProps
interface CfnOriginAccessControlProps {}
Properties for defining a
CfnOriginAccessControl
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html
property originAccessControlConfig
readonly originAccessControlConfig: | CfnOriginAccessControl.OriginAccessControlConfigProperty | cdk.IResolvable;
The origin access control.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originaccesscontrol.html#cfn-cloudfront-originaccesscontrol-originaccesscontrolconfig
interface CfnOriginRequestPolicyProps
interface CfnOriginRequestPolicyProps {}
Properties for defining a
CfnOriginRequestPolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originrequestpolicy.html
property originRequestPolicyConfig
readonly originRequestPolicyConfig: | CfnOriginRequestPolicy.OriginRequestPolicyConfigProperty | cdk.IResolvable;
The origin request policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-originrequestpolicy.html#cfn-cloudfront-originrequestpolicy-originrequestpolicyconfig
interface CfnPublicKeyProps
interface CfnPublicKeyProps {}
Properties for defining a
CfnPublicKey
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html
property publicKeyConfig
readonly publicKeyConfig: CfnPublicKey.PublicKeyConfigProperty | cdk.IResolvable;
Configuration information about a public key that you can use with [signed URLs and signed cookies](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) , or with [field-level encryption](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html) .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html#cfn-cloudfront-publickey-publickeyconfig
interface CfnRealtimeLogConfigProps
interface CfnRealtimeLogConfigProps {}
Properties for defining a
CfnRealtimeLogConfig
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html
property endPoints
readonly endPoints: | Array<CfnRealtimeLogConfig.EndPointProperty | cdk.IResolvable> | cdk.IResolvable;
Contains information about the Amazon Kinesis data stream where you are sending real-time log data for this real-time log configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-endpoints
property fields
readonly fields: string[];
A list of fields that are included in each real-time log record. In an API response, the fields are provided in the same order in which they are sent to the Amazon Kinesis data stream.
For more information about fields, see [Real-time log configuration fields](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) in the *Amazon CloudFront Developer Guide* .
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-fields
property name
readonly name: string;
The unique name of this real-time log configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-name
property samplingRate
readonly samplingRate: number;
The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. The sampling rate is an integer between 1 and 100, inclusive.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-realtimelogconfig.html#cfn-cloudfront-realtimelogconfig-samplingrate
interface CfnResponseHeadersPolicyProps
interface CfnResponseHeadersPolicyProps {}
Properties for defining a
CfnResponseHeadersPolicy
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html
property responseHeadersPolicyConfig
readonly responseHeadersPolicyConfig: | CfnResponseHeadersPolicy.ResponseHeadersPolicyConfigProperty | cdk.IResolvable;
A response headers policy configuration.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-responseheaderspolicy.html#cfn-cloudfront-responseheaderspolicy-responseheaderspolicyconfig
interface CfnStreamingDistributionProps
interface CfnStreamingDistributionProps {}
Properties for defining a
CfnStreamingDistribution
external
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html
property streamingDistributionConfig
readonly streamingDistributionConfig: | CfnStreamingDistribution.StreamingDistributionConfigProperty | cdk.IResolvable;
The current configuration information for the RTMP distribution.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html#cfn-cloudfront-streamingdistribution-streamingdistributionconfig
property tags
readonly tags: cdk.CfnTag[];
A complex type that contains zero or more
Tag
elements.http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-streamingdistribution.html#cfn-cloudfront-streamingdistribution-tags
interface CloudFrontWebDistributionAttributes
interface CloudFrontWebDistributionAttributes {}
Attributes used to import a Distribution.
property distributionId
readonly distributionId: string;
The distribution ID for this distribution.
property domainName
readonly domainName: string;
The generated domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
interface CloudFrontWebDistributionProps
interface CloudFrontWebDistributionProps {}
property aliasConfiguration
readonly aliasConfiguration?: AliasConfiguration;
AliasConfiguration is used to configured CloudFront to respond to requests on custom domain names.
- None.
Deprecated
see CloudFrontWebDistributionProps#viewerCertificate with ViewerCertificate#acmCertificate
property comment
readonly comment?: string;
A comment for this distribution in the CloudFront console.
- No comment is added to distribution.
property defaultRootObject
readonly defaultRootObject?: string;
The default object to serve.
- "index.html" is served.
property enabled
readonly enabled?: boolean;
Enable or disable the distribution.
true
property enableIpV6
readonly enableIpV6?: boolean;
If your distribution should have IPv6 enabled.
true
property errorConfigurations
readonly errorConfigurations?: CfnDistribution.CustomErrorResponseProperty[];
How CloudFront should handle requests that are not successful (eg PageNotFound)
By default, CloudFront does not replace HTTP status codes in the 4xx and 5xx range with custom error messages. CloudFront does not cache HTTP status codes.
- No custom error configuration.
property geoRestriction
readonly geoRestriction?: GeoRestriction;
Controls the countries in which your content is distributed.
No geo restriction
property httpVersion
readonly httpVersion?: HttpVersion;
The max supported HTTP Versions.
HttpVersion.HTTP2
property loggingConfig
readonly loggingConfig?: LoggingConfiguration;
Optional - if we should enable logging. You can pass an empty object ({}) to have us auto create a bucket for logging. Omission of this property indicates no logging is to be enabled.
- no logging is enabled by default.
property originConfigs
readonly originConfigs: SourceConfiguration[];
The origin configurations for this distribution. Behaviors are a part of the origin.
property priceClass
readonly priceClass?: PriceClass;
The price class for the distribution (this impacts how many locations CloudFront uses for your distribution, and billing)
PriceClass.PRICE_CLASS_100 the cheapest option for CloudFront is picked by default.
property viewerCertificate
readonly viewerCertificate?: ViewerCertificate;
Specifies whether you want viewers to use HTTP or HTTPS to request your objects, whether you're using an alternate domain name with HTTPS, and if so, if you're using AWS Certificate Manager (ACM) or a third-party certificate authority.
ViewerCertificate.fromCloudFrontDefaultCertificate()
See Also
https://aws.amazon.com/premiumsupport/knowledge-center/custom-ssl-certificate-cloudfront/
property viewerProtocolPolicy
readonly viewerProtocolPolicy?: ViewerProtocolPolicy;
The default viewer policy for incoming clients.
RedirectToHTTPs
property webACLId
readonly webACLId?: string;
Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution.
To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example
arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a
.To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example
473e64fd-f30b-4765-81a0-62ad96dd167a
.See Also
https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CreateDistribution.html#API_CreateDistribution_RequestParameters.
- No AWS Web Application Firewall web access control list (web ACL).
interface CustomOriginConfig
interface CustomOriginConfig {}
A custom origin configuration
property allowedOriginSSLVersions
readonly allowedOriginSSLVersions?: OriginSslPolicy[];
The SSL versions to use when interacting with the origin.
OriginSslPolicy.TLS_V1_2
property domainName
readonly domainName: string;
The domain name of the custom origin. Should not include the path - that should be in the parent SourceConfiguration
property httpPort
readonly httpPort?: number;
The origin HTTP port
80
property httpsPort
readonly httpsPort?: number;
The origin HTTPS port
443
property originHeaders
readonly originHeaders?: { [key: string]: string;};
Any additional headers to pass to the origin
- No additional headers are passed.
property originKeepaliveTimeout
readonly originKeepaliveTimeout?: cdk.Duration;
The keep alive timeout when making calls in seconds.
Duration.seconds(5)
property originPath
readonly originPath?: string;
The relative path to the origin root to use for sources.
/
property originProtocolPolicy
readonly originProtocolPolicy?: OriginProtocolPolicy;
The protocol (http or https) policy to use when interacting with the origin.
OriginProtocolPolicy.HttpsOnly
property originReadTimeout
readonly originReadTimeout?: cdk.Duration;
The read timeout when calling the origin in seconds
Duration.seconds(30)
property originShieldRegion
readonly originShieldRegion?: string;
When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
- origin shield not enabled
interface DistributionAttributes
interface DistributionAttributes {}
Attributes used to import a Distribution.
property distributionId
readonly distributionId: string;
The distribution ID for this distribution.
property domainName
readonly domainName: string;
The generated domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
interface DistributionProps
interface DistributionProps {}
Properties for a Distribution
property additionalBehaviors
readonly additionalBehaviors?: Record<string, BehaviorOptions>;
Additional behaviors for the distribution, mapped by the pathPattern that specifies which requests to apply the behavior to.
- no additional behaviors are added.
property certificate
readonly certificate?: acm.ICertificate;
A certificate to associate with the distribution. The certificate must be located in N. Virginia (us-east-1).
- the CloudFront wildcard certificate (*.cloudfront.net) will be used.
property comment
readonly comment?: string;
Any comments you want to include about the distribution.
- no comment
property defaultBehavior
readonly defaultBehavior: BehaviorOptions;
The default behavior for the distribution.
property defaultRootObject
readonly defaultRootObject?: string;
The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin's root (e.g., example.com/).
- no default root object
property domainNames
readonly domainNames?: string[];
Alternative domain names for this distribution.
If you want to use your own domain name, such as www.example.com, instead of the cloudfront.net domain name, you can add an alternate domain name to your distribution. If you attach a certificate to the distribution, you must add (at least one of) the domain names of the certificate to this list.
- The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
property enabled
readonly enabled?: boolean;
Enable or disable the distribution.
true
property enableIpv6
readonly enableIpv6?: boolean;
Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address.
If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.
true
property enableLogging
readonly enableLogging?: boolean;
Enable access logging for the distribution.
- false, unless
logBucket
is specified.
property errorResponses
readonly errorResponses?: ErrorResponse[];
How CloudFront should handle requests that are not successful (e.g., PageNotFound).
- No custom error responses.
property geoRestriction
readonly geoRestriction?: GeoRestriction;
Controls the countries in which your content is distributed.
- No geographic restrictions
property httpVersion
readonly httpVersion?: HttpVersion;
Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront.
For viewers and CloudFront to use HTTP/2, viewers must support TLS 1.2 or later, and must support server name identification (SNI).
HttpVersion.HTTP2
property logBucket
readonly logBucket?: s3.IBucket;
The Amazon S3 bucket to store the access logs in.
- A bucket is created if
enableLogging
is true
property logFilePrefix
readonly logFilePrefix?: string;
An optional string that you want CloudFront to prefix to the access log filenames for this distribution.
- no prefix
property logIncludesCookies
readonly logIncludesCookies?: boolean;
Specifies whether you want CloudFront to include cookies in access logs
false
property minimumProtocolVersion
readonly minimumProtocolVersion?: SecurityPolicyProtocol;
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify.
- SecurityPolicyProtocol.TLS_V1_2_2021 if the '@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021' feature flag is set; otherwise, SecurityPolicyProtocol.TLS_V1_2_2019.
property priceClass
readonly priceClass?: PriceClass;
The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class.
PriceClass.PRICE_CLASS_ALL
property sslSupportMethod
readonly sslSupportMethod?: SSLMethod;
The SSL method CloudFront will use for your distribution.
Server Name Indication (SNI) - is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate.
CloudFront can use SNI to host multiple distributions on the same IP - which a large majority of clients will support.
If your clients cannot support SNI however - CloudFront can use dedicated IPs for your distribution - but there is a prorated monthly charge for using this feature. By default, we use SNI - but you can optionally enable dedicated IPs (VIP).
See the CloudFront SSL for more details about pricing : https://aws.amazon.com/cloudfront/custom-ssl-domains/
SSLMethod.SNI
property webAclId
readonly webAclId?: string;
Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution.
To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example
arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a
. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example473e64fd-f30b-4765-81a0-62ad96dd167a
.See Also
https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html
https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CreateDistribution.html#API_CreateDistribution_RequestParameters.
- No AWS Web Application Firewall web access control list (web ACL).
interface EdgeLambda
interface EdgeLambda {}
Represents a Lambda function version and event type when using Lambda@Edge. The type of the AddBehaviorOptions.edgeLambdas property.
property eventType
readonly eventType: LambdaEdgeEventType;
The type of event in response to which should the function be invoked.
property functionVersion
readonly functionVersion: lambda.IVersion;
The version of the Lambda function that will be invoked.
**Note**: it's not possible to use the '$LATEST' function version for Lambda@Edge!
property includeBody
readonly includeBody?: boolean;
Allows a Lambda function to have read access to the body content. Only valid for "request" event types (
ORIGIN_REQUEST
orVIEWER_REQUEST
). See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.htmlfalse
interface ErrorResponse
interface ErrorResponse {}
Options for configuring custom error responses.
property httpStatus
readonly httpStatus: number;
The HTTP status code for which you want to specify a custom error page and/or a caching duration.
property responseHttpStatus
readonly responseHttpStatus?: number;
The HTTP status code that you want CloudFront to return to the viewer along with the custom error page.
If you specify a value for
responseHttpStatus
, you must also specify a value forresponsePagePath
.- the error code will be returned as the response code.
property responsePagePath
readonly responsePagePath?: string;
The path to the custom error page that you want CloudFront to return to a viewer when your origin returns the
httpStatus
, for example, /4xx-errors/403-forbidden.html- the default CloudFront response is shown.
property ttl
readonly ttl?: Duration;
The minimum amount of time, in seconds, that you want CloudFront to cache the HTTP status code specified in ErrorCode.
- the default caching TTL behavior applies
interface FileCodeOptions
interface FileCodeOptions {}
Options when reading the function's code from an external file
property filePath
readonly filePath: string;
The path of the file to read the code from
interface FunctionAssociation
interface FunctionAssociation {}
Represents a CloudFront function and event type when using CF Functions. The type of the AddBehaviorOptions.functionAssociations property.
interface FunctionAttributes
interface FunctionAttributes {}
Attributes of an existing CloudFront Function to import it
property functionArn
readonly functionArn: string;
The ARN of the function.
property functionName
readonly functionName: string;
The name of the function.
interface FunctionProps
interface FunctionProps {}
Properties for creating a CloudFront Function
property code
readonly code: FunctionCode;
The source code of the function.
property comment
readonly comment?: string;
A comment to describe the function. - same as
functionName
property functionName
readonly functionName?: string;
A name to identify the function. - generated from the
id
interface ICachePolicy
interface ICachePolicy {}
Represents a Cache Policy
property cachePolicyId
readonly cachePolicyId: string;
The ID of the cache policy
interface IDistribution
interface IDistribution extends IResource {}
Interface for CloudFront distributions
property distributionDomainName
readonly distributionDomainName: string;
The domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
property distributionId
readonly distributionId: string;
The distribution ID for this distribution.
property domainName
readonly domainName: string;
The domain name of the Distribution, such as d111111abcdef8.cloudfront.net.
Deprecated
- Use
distributionDomainName
instead.
interface IFunction
interface IFunction extends IResource {}
Represents a CloudFront Function
property functionArn
readonly functionArn: string;
The ARN of the function.
property functionName
readonly functionName: string;
The name of the function.
interface IKeyGroup
interface IKeyGroup extends IResource {}
Represents a Key Group
property keyGroupId
readonly keyGroupId: string;
The ID of the key group.
interface IOrigin
interface IOrigin {}
Represents the concept of a CloudFront Origin. You provide one or more origins when creating a Distribution.
method bind
bind: (scope: Construct, options: OriginBindOptions) => OriginBindConfig;
The method called when a given Origin is added (for the first time) to a Distribution.
interface IOriginAccessIdentity
interface IOriginAccessIdentity extends cdk.IResource, iam.IGrantable {}
Interface for CloudFront OriginAccessIdentity
property originAccessIdentityName
readonly originAccessIdentityName: string;
The Origin Access Identity Name
interface IOriginRequestPolicy
interface IOriginRequestPolicy {}
Represents a Origin Request Policy
property originRequestPolicyId
readonly originRequestPolicyId: string;
The ID of the origin request policy
interface IPublicKey
interface IPublicKey extends IResource {}
Represents a Public Key
property publicKeyId
readonly publicKeyId: string;
The ID of the key group.
interface IResponseHeadersPolicy
interface IResponseHeadersPolicy {}
Represents a response headers policy.
property responseHeadersPolicyId
readonly responseHeadersPolicyId: string;
The ID of the response headers policy
interface KeyGroupProps
interface KeyGroupProps {}
Properties for creating a Public Key
property comment
readonly comment?: string;
A comment to describe the key group. - no comment
property items
readonly items: IPublicKey[];
A list of public keys to add to the key group.
property keyGroupName
readonly keyGroupName?: string;
A name to identify the key group. - generated from the
id
interface LambdaFunctionAssociation
interface LambdaFunctionAssociation {}
property eventType
readonly eventType: LambdaEdgeEventType;
The lambda event type defines at which event the lambda is called during the request lifecycle
property includeBody
readonly includeBody?: boolean;
Allows a Lambda function to have read access to the body content. Only valid for "request" event types (
ORIGIN_REQUEST
orVIEWER_REQUEST
). See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.htmlfalse
property lambdaFunction
readonly lambdaFunction: lambda.IVersion;
A version of the lambda to associate
interface LoggingConfiguration
interface LoggingConfiguration {}
Logging configuration for incoming requests
property bucket
readonly bucket?: s3.IBucket;
Bucket to log requests to
- A logging bucket is automatically created.
property includeCookies
readonly includeCookies?: boolean;
Whether to include the cookies in the logs
false
property prefix
readonly prefix?: string;
Where in the bucket to store logs
- No prefix.
interface OriginAccessIdentityProps
interface OriginAccessIdentityProps {}
Properties of CloudFront OriginAccessIdentity
property comment
readonly comment?: string;
Any comments you want to include about the origin access identity.
"Allows CloudFront to reach the bucket"
interface OriginBindConfig
interface OriginBindConfig {}
The struct returned from IOrigin.bind.
property failoverConfig
readonly failoverConfig?: OriginFailoverConfig;
The failover configuration for this Origin.
- nothing is returned
property originProperty
readonly originProperty?: CfnDistribution.OriginProperty;
The CloudFormation OriginProperty configuration for this Origin.
- nothing is returned
interface OriginBindOptions
interface OriginBindOptions {}
Options passed to Origin.bind().
property originId
readonly originId: string;
The identifier of this Origin, as assigned by the Distribution this Origin has been used added to.
interface OriginFailoverConfig
interface OriginFailoverConfig {}
The failover configuration used for Origin Groups, returned in OriginBindConfig.failoverConfig.
property failoverOrigin
readonly failoverOrigin: IOrigin;
The origin to use as the fallback origin.
property statusCodes
readonly statusCodes?: number[];
The HTTP status codes of the response that trigger querying the failover Origin.
- 500, 502, 503 and 504
interface OriginOptions
interface OriginOptions {}
Options to define an Origin.
property connectionAttempts
readonly connectionAttempts?: number;
The number of times that CloudFront attempts to connect to the origin; valid values are 1, 2, or 3 attempts.
3
property connectionTimeout
readonly connectionTimeout?: Duration;
The number of seconds that CloudFront waits when trying to establish a connection to the origin. Valid values are 1-10 seconds, inclusive.
Duration.seconds(10)
property customHeaders
readonly customHeaders?: Record<string, string>;
A list of HTTP header names and values that CloudFront adds to requests it sends to the origin.
{}
property originShieldRegion
readonly originShieldRegion?: string;
When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
See Also
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html
- origin shield not enabled
interface OriginProps
interface OriginProps extends OriginOptions {}
Properties to define an Origin.
property originPath
readonly originPath?: string;
An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin. Must begin, but not end, with '/' (e.g., '/production/images').
'/'
interface OriginRequestPolicyProps
interface OriginRequestPolicyProps {}
Properties for creating a Origin Request Policy
property comment
readonly comment?: string;
A comment to describe the origin request policy. - no comment
property cookieBehavior
readonly cookieBehavior?: OriginRequestCookieBehavior;
The cookies from viewer requests to include in origin requests. OriginRequestCookieBehavior.none()
property headerBehavior
readonly headerBehavior?: OriginRequestHeaderBehavior;
The HTTP headers to include in origin requests. These can include headers from viewer requests and additional headers added by CloudFront. OriginRequestHeaderBehavior.none()
property originRequestPolicyName
readonly originRequestPolicyName?: string;
A unique name to identify the origin request policy. The name must only include '-', '_', or alphanumeric characters. - generated from the
id
property queryStringBehavior
readonly queryStringBehavior?: OriginRequestQueryStringBehavior;
The URL query strings from viewer requests to include in origin requests. OriginRequestQueryStringBehavior.none()
interface PublicKeyProps
interface PublicKeyProps {}
Properties for creating a Public Key
property comment
readonly comment?: string;
A comment to describe the public key. - no comment
property encodedKey
readonly encodedKey: string;
The public key that you can use with signed URLs and signed cookies, or with field-level encryption. The
encodedKey
parameter must include-----BEGIN PUBLIC KEY-----
and-----END PUBLIC KEY-----
lines.See Also
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html
property publicKeyName
readonly publicKeyName?: string;
A name to identify the public key. - generated from the
id
interface ResponseCustomHeader
interface ResponseCustomHeader {}
An HTTP response header name and its value. CloudFront includes this header in HTTP responses that it sends for requests that match a cache behavior that’s associated with this response headers policy.
property header
readonly header: string;
The HTTP response header name.
property override
readonly override: boolean;
A Boolean that determines whether CloudFront overrides a response header with the same name received from the origin with the header specified here.
property value
readonly value: string;
The value for the HTTP response header.
interface ResponseCustomHeadersBehavior
interface ResponseCustomHeadersBehavior {}
Configuration for a set of HTTP response headers that are sent for requests that match a cache behavior that’s associated with this response headers policy.
property customHeaders
readonly customHeaders: ResponseCustomHeader[];
The list of HTTP response headers and their values.
interface ResponseHeadersContentSecurityPolicy
interface ResponseHeadersContentSecurityPolicy {}
The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
property contentSecurityPolicy
readonly contentSecurityPolicy: string;
The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
property override
readonly override: boolean;
A Boolean that determines whether CloudFront overrides the Content-Security-Policy HTTP response header received from the origin with the one specified in this response headers policy.
interface ResponseHeadersContentTypeOptions
interface ResponseHeadersContentTypeOptions {}
Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
property override
readonly override: boolean;
A Boolean that determines whether CloudFront overrides the X-Content-Type-Options HTTP response header received from the origin with the one specified in this response headers policy.
interface ResponseHeadersCorsBehavior
interface ResponseHeadersCorsBehavior {}
Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy.
property accessControlAllowCredentials
readonly accessControlAllowCredentials: boolean;
A Boolean that CloudFront uses as the value for the Access-Control-Allow-Credentials HTTP response header.
property accessControlAllowHeaders
readonly accessControlAllowHeaders: string[];
A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header. You can specify
['*']
to allow all headers.
property accessControlAllowMethods
readonly accessControlAllowMethods: string[];
A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header.
property accessControlAllowOrigins
readonly accessControlAllowOrigins: string[];
A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header. You can specify
['*']
to allow all origins.
property accessControlExposeHeaders
readonly accessControlExposeHeaders?: string[];
A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header. You can specify
['*']
to expose all headers.- no headers exposed
property accessControlMaxAge
readonly accessControlMaxAge?: Duration;
A number that CloudFront uses as the value for the Access-Control-Max-Age HTTP response header.
- no max age
property originOverride
readonly originOverride: boolean;
A Boolean that determines whether CloudFront overrides HTTP response headers received from the origin with the ones specified in this response headers policy.
interface ResponseHeadersFrameOptions
interface ResponseHeadersFrameOptions {}
Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value.
property frameOption
readonly frameOption: HeadersFrameOption;
The value of the X-Frame-Options HTTP response header.
property override
readonly override: boolean;
A Boolean that determines whether CloudFront overrides the X-Frame-Options HTTP response header received from the origin with the one specified in this response headers policy.
interface ResponseHeadersPolicyProps
interface ResponseHeadersPolicyProps {}
Properties for creating a Response Headers Policy
property comment
readonly comment?: string;
A comment to describe the response headers policy.
- no comment
property corsBehavior
readonly corsBehavior?: ResponseHeadersCorsBehavior;
A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS).
- no cors behavior
property customHeadersBehavior
readonly customHeadersBehavior?: ResponseCustomHeadersBehavior;
A configuration for a set of custom HTTP response headers.
- no custom headers behavior
property responseHeadersPolicyName
readonly responseHeadersPolicyName?: string;
A unique name to identify the response headers policy.
- generated from the
id
property securityHeadersBehavior
readonly securityHeadersBehavior?: ResponseSecurityHeadersBehavior;
A configuration for a set of security-related HTTP response headers.
- no security headers behavior
interface ResponseHeadersReferrerPolicy
interface ResponseHeadersReferrerPolicy {}
Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value.
property override
readonly override: boolean;
A Boolean that determines whether CloudFront overrides the Referrer-Policy HTTP response header received from the origin with the one specified in this response headers policy.
property referrerPolicy
readonly referrerPolicy: HeadersReferrerPolicy;
The value of the Referrer-Policy HTTP response header.
interface ResponseHeadersStrictTransportSecurity
interface ResponseHeadersStrictTransportSecurity {}
Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.
property accessControlMaxAge
readonly accessControlMaxAge: Duration;
A number that CloudFront uses as the value for the max-age directive in the Strict-Transport-Security HTTP response header.
property includeSubdomains
readonly includeSubdomains?: boolean;
A Boolean that determines whether CloudFront includes the includeSubDomains directive in the Strict-Transport-Security HTTP response header.
false
property override
readonly override: boolean;
A Boolean that determines whether CloudFront overrides the Strict-Transport-Security HTTP response header received from the origin with the one specified in this response headers policy.
property preload
readonly preload?: boolean;
A Boolean that determines whether CloudFront includes the preload directive in the Strict-Transport-Security HTTP response header.
false
interface ResponseHeadersXSSProtection
interface ResponseHeadersXSSProtection {}
Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.
property modeBlock
readonly modeBlock?: boolean;
A Boolean that determines whether CloudFront includes the mode=block directive in the X-XSS-Protection header.
false
property override
readonly override: boolean;
A Boolean that determines whether CloudFront overrides the X-XSS-Protection HTTP response header received from the origin with the one specified in this response headers policy.
property protection
readonly protection: boolean;
A Boolean that determines the value of the X-XSS-Protection HTTP response header. When this setting is true, the value of the X-XSS-Protection header is 1. When this setting is false, the value of the X-XSS-Protection header is 0.
property reportUri
readonly reportUri?: string;
A reporting URI, which CloudFront uses as the value of the report directive in the X-XSS-Protection header. You cannot specify a ReportUri when ModeBlock is true.
- no report uri
interface ResponseSecurityHeadersBehavior
interface ResponseSecurityHeadersBehavior {}
Configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.
property contentSecurityPolicy
readonly contentSecurityPolicy?: ResponseHeadersContentSecurityPolicy;
The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header.
- no content security policy
property contentTypeOptions
readonly contentTypeOptions?: ResponseHeadersContentTypeOptions;
Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff.
- no content type options
property frameOptions
readonly frameOptions?: ResponseHeadersFrameOptions;
Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value.
- no frame options
property referrerPolicy
readonly referrerPolicy?: ResponseHeadersReferrerPolicy;
Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value.
- no referrer policy
property strictTransportSecurity
readonly strictTransportSecurity?: ResponseHeadersStrictTransportSecurity;
Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value.
- no strict transport security
property xssProtection
readonly xssProtection?: ResponseHeadersXSSProtection;
Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value.
- no xss protection
interface S3OriginConfig
interface S3OriginConfig {}
S3 origin configuration for CloudFront
property originAccessIdentity
readonly originAccessIdentity?: IOriginAccessIdentity;
The optional Origin Access Identity of the origin identity cloudfront will use when calling your s3 bucket.
No Origin Access Identity which requires the S3 bucket to be public accessible
property originHeaders
readonly originHeaders?: { [key: string]: string;};
Any additional headers to pass to the origin
- No additional headers are passed.
property originPath
readonly originPath?: string;
The relative path to the origin root to use for sources.
/
property originShieldRegion
readonly originShieldRegion?: string;
When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance
- origin shield not enabled