Distribution

Creates an Amazon CloudFront web distribution.

For information about CloudFront distributions, see the Amazon CloudFront Developer Guide. For specific information about creating CloudFront web distributions, see the POST Distribution page in the Amazon CloudFront API Reference.

Create a Distribution Resource

new Distribution(name: string, args: DistributionArgs, opts?: CustomResourceOptions);

def Distribution(resource_name, opts=None, aliases=None, comment=None, custom_error_responses=None, default_cache_behavior=None, default_root_object=None, enabled=None, http_version=None, is_ipv6_enabled=None, logging_config=None, ordered_cache_behaviors=None, origin_groups=None, origins=None, price_class=None, restrictions=None, retain_on_delete=None, tags=None, viewer_certificate=None, wait_for_deployment=None, web_acl_id=None, __props__=None);

func NewDistribution(ctx *Context, name string, args DistributionArgs, opts ...ResourceOption) (*Distribution, error)

public Distribution(string name, DistributionArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args DistributionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args DistributionArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args DistributionArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Distribution Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Distribution resource accepts the following input properties:

DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs: The default cache behavior for this distribution (maximum one).
Enabled bool: Whether the distribution is enabled to accept end user requests for content.
Origins List<DistributionOriginArgs>: One or more origins for this distribution (multiples allowed).
Restrictions DistributionRestrictionsArgs: The restriction configuration for this distribution (maximum one).
ViewerCertificate DistributionViewerCertificateArgs: The SSL configuration for this distribution (maximum one).
Aliases List<string>: Extra CNAMEs (alternate domain names), if any, for this distribution.
Comment string: Any comments you want to include about the distribution.
CustomErrorResponses List<DistributionCustomErrorResponseArgs>: One or more custom error response elements (multiples allowed).
DefaultRootObject string: The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
HttpVersion string: The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
IsIpv6Enabled bool: Whether the IPv6 is enabled for the distribution.
LoggingConfig DistributionLoggingConfigArgs: The logging configuration that controls how logs are written to your distribution (maximum one).
OrderedCacheBehaviors List<DistributionOrderedCacheBehaviorArgs>: An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
OriginGroups List<DistributionOriginGroupArgs>: One or more origin_group for this distribution (multiples allowed).
PriceClass string: The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
RetainOnDelete bool: Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
Tags Dictionary<string, string>: A map of tags to assign to the resource.
WaitForDeployment bool: If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
WebAclId string: If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL.

DefaultCacheBehavior DistributionDefaultCacheBehavior: The default cache behavior for this distribution (maximum one).
Enabled bool: Whether the distribution is enabled to accept end user requests for content.
Origins []DistributionOrigin: One or more origins for this distribution (multiples allowed).
Restrictions DistributionRestrictions: The restriction configuration for this distribution (maximum one).
ViewerCertificate DistributionViewerCertificate: The SSL configuration for this distribution (maximum one).
Aliases []string: Extra CNAMEs (alternate domain names), if any, for this distribution.
Comment string: Any comments you want to include about the distribution.
CustomErrorResponses []DistributionCustomErrorResponse: One or more custom error response elements (multiples allowed).
DefaultRootObject string: The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
HttpVersion string: The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
IsIpv6Enabled bool: Whether the IPv6 is enabled for the distribution.
LoggingConfig DistributionLoggingConfig: The logging configuration that controls how logs are written to your distribution (maximum one).
OrderedCacheBehaviors []DistributionOrderedCacheBehavior: An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
OriginGroups []DistributionOriginGroup: One or more origin_group for this distribution (multiples allowed).
PriceClass string: The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
RetainOnDelete bool: Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
Tags map[string]string: A map of tags to assign to the resource.
WaitForDeployment bool: If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
WebAclId string: If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL.

defaultCacheBehavior DistributionDefaultCacheBehavior: The default cache behavior for this distribution (maximum one).
enabled boolean: Whether the distribution is enabled to accept end user requests for content.
origins DistributionOrigin[]: One or more origins for this distribution (multiples allowed).
restrictions DistributionRestrictions: The restriction configuration for this distribution (maximum one).
viewerCertificate DistributionViewerCertificate: The SSL configuration for this distribution (maximum one).
aliases string[]: Extra CNAMEs (alternate domain names), if any, for this distribution.
comment string: Any comments you want to include about the distribution.
customErrorResponses DistributionCustomErrorResponse[]: One or more custom error response elements (multiples allowed).
defaultRootObject string: The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
httpVersion string: The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
isIpv6Enabled boolean: Whether the IPv6 is enabled for the distribution.
loggingConfig DistributionLoggingConfig: The logging configuration that controls how logs are written to your distribution (maximum one).
orderedCacheBehaviors DistributionOrderedCacheBehavior[]: An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
originGroups DistributionOriginGroup[]: One or more origin_group for this distribution (multiples allowed).
priceClass string: The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
retainOnDelete boolean: Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
tags {[key: string]: string}: A map of tags to assign to the resource.
waitForDeployment boolean: If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
webAclId string: If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL.

default_cache_behavior Dict[DistributionDefaultCacheBehavior]: The default cache behavior for this distribution (maximum one).
enabled bool: Whether the distribution is enabled to accept end user requests for content.
origins List[DistributionOrigin]: One or more origins for this distribution (multiples allowed).
restrictions Dict[DistributionRestrictions]: The restriction configuration for this distribution (maximum one).
viewer_certificate Dict[DistributionViewerCertificate]: The SSL configuration for this distribution (maximum one).
aliases List[str]: Extra CNAMEs (alternate domain names), if any, for this distribution.
comment str: Any comments you want to include about the distribution.
custom_error_responses List[DistributionCustomErrorResponse]: One or more custom error response elements (multiples allowed).
default_root_object str: The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
http_version str: The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
is_ipv6_enabled bool: Whether the IPv6 is enabled for the distribution.
logging_config Dict[DistributionLoggingConfig]: The logging configuration that controls how logs are written to your distribution (maximum one).
ordered_cache_behaviors List[DistributionOrderedCacheBehavior]: An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
origin_groups List[DistributionOriginGroup]: One or more origin_group for this distribution (multiples allowed).
price_class str: The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
retain_on_delete bool: Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
tags Dict[str, str]: A map of tags to assign to the resource.
wait_for_deployment bool: If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
web_acl_id str: If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL.

Outputs

All input properties are implicitly available as output properties. Additionally, the Distribution resource produces the following output properties:

ActiveTrustedSigners Dictionary<string, string>: The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
Arn string: The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
CallerReference string: Internal value used by CloudFront to allow future updates to the distribution configuration.
DomainName string: The DNS domain name of either the S3 bucket, or web site of your custom origin.
Etag string: The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
HostedZoneId string: The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
Id string: The provider-assigned unique ID for this managed resource.
InProgressValidationBatches int: The number of invalidation batches currently in progress.
LastModifiedTime string: The date and time the distribution was last modified.
Status string: The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.

ActiveTrustedSigners map[string]string: The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
Arn string: The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
CallerReference string: Internal value used by CloudFront to allow future updates to the distribution configuration.
DomainName string: The DNS domain name of either the S3 bucket, or web site of your custom origin.
Etag string: The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
HostedZoneId string: The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
Id string: The provider-assigned unique ID for this managed resource.
InProgressValidationBatches int: The number of invalidation batches currently in progress.
LastModifiedTime string: The date and time the distribution was last modified.
Status string: The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.

activeTrustedSigners {[key: string]: string}: The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
arn string: The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
callerReference string: Internal value used by CloudFront to allow future updates to the distribution configuration.
domainName string: The DNS domain name of either the S3 bucket, or web site of your custom origin.
etag string: The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
hostedZoneId string: The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
id string: The provider-assigned unique ID for this managed resource.
inProgressValidationBatches number: The number of invalidation batches currently in progress.
lastModifiedTime string: The date and time the distribution was last modified.
status string: The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.

active_trusted_signers Dict[str, str]: The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
arn str: The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
caller_reference str: Internal value used by CloudFront to allow future updates to the distribution configuration.
domain_name str: The DNS domain name of either the S3 bucket, or web site of your custom origin.
etag str: The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
hosted_zone_id str: The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
id str: The provider-assigned unique ID for this managed resource.
in_progress_validation_batches float: The number of invalidation batches currently in progress.
last_modified_time str: The date and time the distribution was last modified.
status str: The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.

Look up an Existing Distribution Resource

Get an existing Distribution resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DistributionState, opts?: CustomResourceOptions): Distribution

static get(resource_name, id, opts=None, active_trusted_signers=None, aliases=None, arn=None, caller_reference=None, comment=None, custom_error_responses=None, default_cache_behavior=None, default_root_object=None, domain_name=None, enabled=None, etag=None, hosted_zone_id=None, http_version=None, in_progress_validation_batches=None, is_ipv6_enabled=None, last_modified_time=None, logging_config=None, ordered_cache_behaviors=None, origin_groups=None, origins=None, price_class=None, restrictions=None, retain_on_delete=None, status=None, tags=None, viewer_certificate=None, wait_for_deployment=None, web_acl_id=None, __props__=None);

func GetDistribution(ctx *Context, name string, id IDInput, state *DistributionState, opts ...ResourceOption) (*Distribution, error)

public static Distribution Get(string name, Input<string> id, DistributionState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ActiveTrustedSigners Dictionary<string, string>: The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
Aliases List<string>: Extra CNAMEs (alternate domain names), if any, for this distribution.
Arn string: The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
CallerReference string: Internal value used by CloudFront to allow future updates to the distribution configuration.
Comment string: Any comments you want to include about the distribution.
CustomErrorResponses List<DistributionCustomErrorResponseArgs>: One or more custom error response elements (multiples allowed).
DefaultCacheBehavior DistributionDefaultCacheBehaviorArgs: The default cache behavior for this distribution (maximum one).
DefaultRootObject string: The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
DomainName string: The DNS domain name of either the S3 bucket, or web site of your custom origin.
Enabled bool: Whether the distribution is enabled to accept end user requests for content.
Etag string: The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
HostedZoneId string: The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
HttpVersion string: The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
InProgressValidationBatches int: The number of invalidation batches currently in progress.
IsIpv6Enabled bool: Whether the IPv6 is enabled for the distribution.
LastModifiedTime string: The date and time the distribution was last modified.
LoggingConfig DistributionLoggingConfigArgs: The logging configuration that controls how logs are written to your distribution (maximum one).
OrderedCacheBehaviors List<DistributionOrderedCacheBehaviorArgs>: An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
OriginGroups List<DistributionOriginGroupArgs>: One or more origin_group for this distribution (multiples allowed).
Origins List<DistributionOriginArgs>: One or more origins for this distribution (multiples allowed).
PriceClass string: The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
Restrictions DistributionRestrictionsArgs: The restriction configuration for this distribution (maximum one).
RetainOnDelete bool: Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
Status string: The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
Tags Dictionary<string, string>: A map of tags to assign to the resource.
ViewerCertificate DistributionViewerCertificateArgs: The SSL configuration for this distribution (maximum one).
WaitForDeployment bool: If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
WebAclId string: If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL.

ActiveTrustedSigners map[string]string: The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
Aliases []string: Extra CNAMEs (alternate domain names), if any, for this distribution.
Arn string: The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
CallerReference string: Internal value used by CloudFront to allow future updates to the distribution configuration.
Comment string: Any comments you want to include about the distribution.
CustomErrorResponses []DistributionCustomErrorResponse: One or more custom error response elements (multiples allowed).
DefaultCacheBehavior DistributionDefaultCacheBehavior: The default cache behavior for this distribution (maximum one).
DefaultRootObject string: The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
DomainName string: The DNS domain name of either the S3 bucket, or web site of your custom origin.
Enabled bool: Whether the distribution is enabled to accept end user requests for content.
Etag string: The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
HostedZoneId string: The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
HttpVersion string: The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
InProgressValidationBatches int: The number of invalidation batches currently in progress.
IsIpv6Enabled bool: Whether the IPv6 is enabled for the distribution.
LastModifiedTime string: The date and time the distribution was last modified.
LoggingConfig DistributionLoggingConfig: The logging configuration that controls how logs are written to your distribution (maximum one).
OrderedCacheBehaviors []DistributionOrderedCacheBehavior: An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
OriginGroups []DistributionOriginGroup: One or more origin_group for this distribution (multiples allowed).
Origins []DistributionOrigin: One or more origins for this distribution (multiples allowed).
PriceClass string: The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
Restrictions DistributionRestrictions: The restriction configuration for this distribution (maximum one).
RetainOnDelete bool: Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
Status string: The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
Tags map[string]string: A map of tags to assign to the resource.
ViewerCertificate DistributionViewerCertificate: The SSL configuration for this distribution (maximum one).
WaitForDeployment bool: If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
WebAclId string: If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL.

activeTrustedSigners {[key: string]: string}: The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
aliases string[]: Extra CNAMEs (alternate domain names), if any, for this distribution.
arn string: The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
callerReference string: Internal value used by CloudFront to allow future updates to the distribution configuration.
comment string: Any comments you want to include about the distribution.
customErrorResponses DistributionCustomErrorResponse[]: One or more custom error response elements (multiples allowed).
defaultCacheBehavior DistributionDefaultCacheBehavior: The default cache behavior for this distribution (maximum one).
defaultRootObject string: The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
domainName string: The DNS domain name of either the S3 bucket, or web site of your custom origin.
enabled boolean: Whether the distribution is enabled to accept end user requests for content.
etag string: The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
hostedZoneId string: The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
httpVersion string: The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
inProgressValidationBatches number: The number of invalidation batches currently in progress.
isIpv6Enabled boolean: Whether the IPv6 is enabled for the distribution.
lastModifiedTime string: The date and time the distribution was last modified.
loggingConfig DistributionLoggingConfig: The logging configuration that controls how logs are written to your distribution (maximum one).
orderedCacheBehaviors DistributionOrderedCacheBehavior[]: An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
originGroups DistributionOriginGroup[]: One or more origin_group for this distribution (multiples allowed).
origins DistributionOrigin[]: One or more origins for this distribution (multiples allowed).
priceClass string: The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
restrictions DistributionRestrictions: The restriction configuration for this distribution (maximum one).
retainOnDelete boolean: Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
status string: The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
tags {[key: string]: string}: A map of tags to assign to the resource.
viewerCertificate DistributionViewerCertificate: The SSL configuration for this distribution (maximum one).
waitForDeployment boolean: If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
webAclId string: If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL.

active_trusted_signers Dict[str, str]: The key pair IDs that CloudFront is aware of for each trusted signer, if the distribution is set up to serve private content with signed URLs.
aliases List[str]: Extra CNAMEs (alternate domain names), if any, for this distribution.
arn str: The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.
caller_reference str: Internal value used by CloudFront to allow future updates to the distribution configuration.
comment str: Any comments you want to include about the distribution.
custom_error_responses List[DistributionCustomErrorResponse]: One or more custom error response elements (multiples allowed).
default_cache_behavior Dict[DistributionDefaultCacheBehavior]: The default cache behavior for this distribution (maximum one).
default_root_object str: The object that you want CloudFront to return (for example, index.html) when an end user requests the root URL.
domain_name str: The DNS domain name of either the S3 bucket, or web site of your custom origin.
enabled bool: Whether the distribution is enabled to accept end user requests for content.
etag str: The current version of the distribution’s information. For example: E2QWRUHAPOMQZL.
hosted_zone_id str: The CloudFront Route 53 zone ID that can be used to route an Alias Resource Record Set to. This attribute is simply an alias for the zone ID Z2FDTNDATAQYW2.
http_version str: The maximum HTTP version to support on the distribution. Allowed values are http1.1 and http2. The default is http2.
in_progress_validation_batches float: The number of invalidation batches currently in progress.
is_ipv6_enabled bool: Whether the IPv6 is enabled for the distribution.
last_modified_time str: The date and time the distribution was last modified.
logging_config Dict[DistributionLoggingConfig]: The logging configuration that controls how logs are written to your distribution (maximum one).
ordered_cache_behaviors List[DistributionOrderedCacheBehavior]: An ordered list of cache behaviors resource for this distribution. List from top to bottom in order of precedence. The topmost cache behavior will have precedence 0.
origin_groups List[DistributionOriginGroup]: One or more origin_group for this distribution (multiples allowed).
origins List[DistributionOrigin]: One or more origins for this distribution (multiples allowed).
price_class str: The price class for this distribution. One of PriceClass_All, PriceClass_200, PriceClass_100
restrictions Dict[DistributionRestrictions]: The restriction configuration for this distribution (maximum one).
retain_on_delete bool: Disables the distribution instead of deleting it when destroying the resource. If this is set, the distribution needs to be deleted manually afterwards. Default: false.
status str: The current status of the distribution. Deployed if the distribution’s information is fully propagated throughout the Amazon CloudFront system.
tags Dict[str, str]: A map of tags to assign to the resource.
viewer_certificate Dict[DistributionViewerCertificate]: The SSL configuration for this distribution (maximum one).
wait_for_deployment bool: If enabled, the resource will wait for the distribution status to change from InProgress to Deployed. Setting this tofalse will skip the process. Default: true.
web_acl_id str: If you’re using AWS WAF to filter CloudFront requests, the Id of the AWS WAF web ACL that is associated with the distribution. The WAF Web ACL must exist in the WAF Global (CloudFront) region and the credentials configuring this argument must have waf:GetWebACL permissions assigned. If using WAFv2, provide the ARN of the web ACL.

Supporting Types

DistributionCustomErrorResponse

ErrorCode int: The 4xx or 5xx HTTP status code that you want to customize.
ErrorCachingMinTtl int: The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
ResponseCode int: The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
ResponsePagePath string: The path of the custom error page (for example, /custom_404.html).

ErrorCode int: The 4xx or 5xx HTTP status code that you want to customize.
ErrorCachingMinTtl int: The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
ResponseCode int: The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
ResponsePagePath string: The path of the custom error page (for example, /custom_404.html).

errorCode number: The 4xx or 5xx HTTP status code that you want to customize.
errorCachingMinTtl number: The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
responseCode number: The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
responsePagePath string: The path of the custom error page (for example, /custom_404.html).

errorCode float: The 4xx or 5xx HTTP status code that you want to customize.
errorCachingMinTtl float: The minimum amount of time you want HTTP error codes to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated.
responseCode float: The HTTP status code that you want CloudFront to return with the custom error page to the viewer.
responsePagePath str: The path of the custom error page (for example, /custom_404.html).

DistributionDefaultCacheBehavior

AllowedMethods List<string>: Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
CachedMethods List<string>: Controls whether CloudFront caches the response to requests using the specified HTTP methods.
ForwardedValues DistributionDefaultCacheBehaviorForwardedValuesArgs: The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
TargetOriginId string: The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
ViewerProtocolPolicy string: Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
Compress bool: Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
DefaultTtl int: The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.
FieldLevelEncryptionId string: Field level encryption configuration ID
LambdaFunctionAssociations List<DistributionDefaultCacheBehaviorLambdaFunctionAssociationArgs>: A config block that triggers a lambda function with specific actions. Defined below, maximum 4.
MaxTtl int: The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.
MinTtl int: The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
SmoothStreaming bool: Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
TrustedSigners List<string>: The AWS accounts, if any, that you want to allow to create signed URLs for private content.

AllowedMethods []string: Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
CachedMethods []string: Controls whether CloudFront caches the response to requests using the specified HTTP methods.
ForwardedValues DistributionDefaultCacheBehaviorForwardedValues: The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
TargetOriginId string: The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
ViewerProtocolPolicy string: Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
Compress bool: Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
DefaultTtl int: The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.
FieldLevelEncryptionId string: Field level encryption configuration ID
LambdaFunctionAssociations []DistributionDefaultCacheBehaviorLambdaFunctionAssociation: A config block that triggers a lambda function with specific actions. Defined below, maximum 4.
MaxTtl int: The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.
MinTtl int: The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
SmoothStreaming bool: Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
TrustedSigners []string: The AWS accounts, if any, that you want to allow to create signed URLs for private content.

allowedMethods string[]: Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
cachedMethods string[]: Controls whether CloudFront caches the response to requests using the specified HTTP methods.
forwardedValues DistributionDefaultCacheBehaviorForwardedValues: The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
targetOriginId string: The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
viewerProtocolPolicy string: Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
compress boolean: Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
defaultTtl number: The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.
fieldLevelEncryptionId string: Field level encryption configuration ID
lambdaFunctionAssociations DistributionDefaultCacheBehaviorLambdaFunctionAssociation[]: A config block that triggers a lambda function with specific actions. Defined below, maximum 4.
maxTtl number: The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.
minTtl number: The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
smoothStreaming boolean: Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
trustedSigners string[]: The AWS accounts, if any, that you want to allow to create signed URLs for private content.

allowedMethods List[str]: Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
cachedMethods List[str]: Controls whether CloudFront caches the response to requests using the specified HTTP methods.
forwardedValues Dict[DistributionDefaultCacheBehaviorForwardedValues]: The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
targetOriginId str: The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
viewerProtocolPolicy str: Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
compress bool: Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
defaultTtl float: The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.
fieldLevelEncryptionId str: Field level encryption configuration ID
lambdaFunctionAssociations List[DistributionDefaultCacheBehaviorLambdaFunctionAssociation]: A config block that triggers a lambda function with specific actions. Defined below, maximum 4.
maxTtl float: The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.
minTtl float: The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
smoothStreaming bool: Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
trustedSigners List[str]: The AWS accounts, if any, that you want to allow to create signed URLs for private content.

DistributionDefaultCacheBehaviorForwardedValues

Cookies DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs: The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
QueryString bool: Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
Headers List<string>: Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
QueryStringCacheKeys List<string>: When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

Cookies DistributionDefaultCacheBehaviorForwardedValuesCookies: The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
QueryString bool: Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
Headers []string: Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
QueryStringCacheKeys []string: When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies DistributionDefaultCacheBehaviorForwardedValuesCookies: The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
queryString boolean: Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
headers string[]: Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
queryStringCacheKeys string[]: When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies Dict[DistributionDefaultCacheBehaviorForwardedValuesCookies]: The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
queryString bool: Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
headers List[str]: Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
queryStringCacheKeys List[str]: When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

DistributionDefaultCacheBehaviorForwardedValuesCookies

Forward string: Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
WhitelistedNames List<string>: If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

Forward string: Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
WhitelistedNames []string: If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward string: Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
whitelistedNames string[]: If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward str: Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
whitelistedNames List[str]: If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

DistributionDefaultCacheBehaviorLambdaFunctionAssociation

EventType string: The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response
LambdaArn string: ARN of the Lambda function.
IncludeBody bool: When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

EventType string: The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response
LambdaArn string: ARN of the Lambda function.
IncludeBody bool: When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType string: The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response
lambdaArn string: ARN of the Lambda function.
includeBody boolean: When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType str: The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response
lambdaArn str: ARN of the Lambda function.
includeBody bool: When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

DistributionLoggingConfig

Bucket string: The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.
IncludeCookies bool: Specifies whether you want CloudFront to include cookies in access logs (default: false).
Prefix string: An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.

Bucket string: The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.
IncludeCookies bool: Specifies whether you want CloudFront to include cookies in access logs (default: false).
Prefix string: An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.

bucket string: The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.
includeCookies boolean: Specifies whether you want CloudFront to include cookies in access logs (default: false).
prefix string: An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.

bucket str: The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.
includeCookies bool: Specifies whether you want CloudFront to include cookies in access logs (default: false).
prefix str: An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/.

DistributionOrderedCacheBehavior

AllowedMethods List<string>: Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
CachedMethods List<string>: Controls whether CloudFront caches the response to requests using the specified HTTP methods.
ForwardedValues DistributionOrderedCacheBehaviorForwardedValuesArgs: The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
PathPattern string: The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.
TargetOriginId string: The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
ViewerProtocolPolicy string: Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
Compress bool: Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
DefaultTtl int: The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.
FieldLevelEncryptionId string: Field level encryption configuration ID
LambdaFunctionAssociations List<DistributionOrderedCacheBehaviorLambdaFunctionAssociationArgs>: A config block that triggers a lambda function with specific actions. Defined below, maximum 4.
MaxTtl int: The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.
MinTtl int: The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
SmoothStreaming bool: Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
TrustedSigners List<string>: The AWS accounts, if any, that you want to allow to create signed URLs for private content.

AllowedMethods []string: Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
CachedMethods []string: Controls whether CloudFront caches the response to requests using the specified HTTP methods.
ForwardedValues DistributionOrderedCacheBehaviorForwardedValues: The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
PathPattern string: The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.
TargetOriginId string: The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
ViewerProtocolPolicy string: Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
Compress bool: Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
DefaultTtl int: The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.
FieldLevelEncryptionId string: Field level encryption configuration ID
LambdaFunctionAssociations []DistributionOrderedCacheBehaviorLambdaFunctionAssociation: A config block that triggers a lambda function with specific actions. Defined below, maximum 4.
MaxTtl int: The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.
MinTtl int: The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
SmoothStreaming bool: Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
TrustedSigners []string: The AWS accounts, if any, that you want to allow to create signed URLs for private content.

allowedMethods string[]: Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
cachedMethods string[]: Controls whether CloudFront caches the response to requests using the specified HTTP methods.
forwardedValues DistributionOrderedCacheBehaviorForwardedValues: The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
pathPattern string: The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.
targetOriginId string: The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
viewerProtocolPolicy string: Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
compress boolean: Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
defaultTtl number: The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.
fieldLevelEncryptionId string: Field level encryption configuration ID
lambdaFunctionAssociations DistributionOrderedCacheBehaviorLambdaFunctionAssociation[]: A config block that triggers a lambda function with specific actions. Defined below, maximum 4.
maxTtl number: The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.
minTtl number: The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
smoothStreaming boolean: Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
trustedSigners string[]: The AWS accounts, if any, that you want to allow to create signed URLs for private content.

allowedMethods List[str]: Controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
cachedMethods List[str]: Controls whether CloudFront caches the response to requests using the specified HTTP methods.
forwardedValues Dict[DistributionOrderedCacheBehaviorForwardedValues]: The forwarded values configuration that specifies how CloudFront handles query strings, cookies and headers (maximum one).
pathPattern str: The pattern (for example, images/*.jpg) that specifies which requests you want this cache behavior to apply to.
targetOriginId str: The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
viewerProtocolPolicy str: Use this element to specify the protocol that users can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. One of allow-all, https-only, or redirect-to-https.
compress bool: Whether you want CloudFront to automatically compress content for web requests that include Accept-Encoding: gzip in the request header (default: false).
defaultTtl float: The default amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request in the absence of an Cache-Control max-age or Expires header. Defaults to 1 day.
fieldLevelEncryptionId str: Field level encryption configuration ID
lambdaFunctionAssociations List[DistributionOrderedCacheBehaviorLambdaFunctionAssociation]: A config block that triggers a lambda function with specific actions. Defined below, maximum 4.
maxTtl float: The maximum amount of time (in seconds) that an object is in a CloudFront cache before CloudFront forwards another request to your origin to determine whether the object has been updated. Only effective in the presence of Cache-Control max-age, Cache-Control s-maxage, and Expires headers. Defaults to 365 days.
minTtl float: The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront queries your origin to see whether the object has been updated. Defaults to 0 seconds.
smoothStreaming bool: Indicates whether you want to distribute media files in Microsoft Smooth Streaming format using the origin that is associated with this cache behavior.
trustedSigners List[str]: The AWS accounts, if any, that you want to allow to create signed URLs for private content.

DistributionOrderedCacheBehaviorForwardedValues

Cookies DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs: The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
QueryString bool: Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
Headers List<string>: Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
QueryStringCacheKeys List<string>: When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

Cookies DistributionOrderedCacheBehaviorForwardedValuesCookies: The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
QueryString bool: Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
Headers []string: Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
QueryStringCacheKeys []string: When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies DistributionOrderedCacheBehaviorForwardedValuesCookies: The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
queryString boolean: Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
headers string[]: Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
queryStringCacheKeys string[]: When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

cookies Dict[DistributionOrderedCacheBehaviorForwardedValuesCookies]: The forwarded values cookies that specifies how CloudFront handles cookies (maximum one).
queryString bool: Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior.
headers List[str]: Specifies the Headers, if any, that you want CloudFront to vary upon for this cache behavior. Specify * to include all headers.
queryStringCacheKeys List[str]: When specified, along with a value of true for query_string, all query strings are forwarded, however only the query string keys listed in this argument are cached. When omitted with a value of true for query_string, all query string keys are cached.

DistributionOrderedCacheBehaviorForwardedValuesCookies

Forward string: Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
WhitelistedNames List<string>: If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

Forward string: Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
WhitelistedNames []string: If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward string: Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
whitelistedNames string[]: If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

forward str: Specifies whether you want CloudFront to forward cookies to the origin that is associated with this cache behavior. You can specify all, none or whitelist. If whitelist, you must include the subsequent whitelisted_names
whitelistedNames List[str]: If you have specified whitelist to forward, the whitelisted cookies that you want CloudFront to forward to your origin.

DistributionOrderedCacheBehaviorLambdaFunctionAssociation

EventType string: The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response
LambdaArn string: ARN of the Lambda function.
IncludeBody bool: When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

EventType string: The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response
LambdaArn string: ARN of the Lambda function.
IncludeBody bool: When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType string: The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response
lambdaArn string: ARN of the Lambda function.
includeBody boolean: When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

eventType str: The specific event to trigger this function. Valid values: viewer-request, origin-request, viewer-response, origin-response
lambdaArn str: ARN of the Lambda function.
includeBody bool: When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: true, false.

DistributionOrigin

DomainName string: The DNS domain name of either the S3 bucket, or web site of your custom origin.
OriginId string: The unique identifier of the member origin
CustomHeaders List<DistributionOriginCustomHeaderArgs>: One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).
CustomOriginConfig DistributionOriginCustomOriginConfigArgs: The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.
OriginPath string: An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
S3OriginConfig DistributionOriginS3OriginConfigArgs: The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

DomainName string: The DNS domain name of either the S3 bucket, or web site of your custom origin.
OriginId string: The unique identifier of the member origin
CustomHeaders []DistributionOriginCustomHeader: One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).
CustomOriginConfig DistributionOriginCustomOriginConfig: The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.
OriginPath string: An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
S3OriginConfig DistributionOriginS3OriginConfig: The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

domainName string: The DNS domain name of either the S3 bucket, or web site of your custom origin.
originId string: The unique identifier of the member origin
customHeaders DistributionOriginCustomHeader[]: One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).
customOriginConfig DistributionOriginCustomOriginConfig: The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.
originPath string: An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
s3OriginConfig DistributionOriginS3OriginConfig: The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

domain_name str: The DNS domain name of either the S3 bucket, or web site of your custom origin.
originId str: The unique identifier of the member origin
customHeaders List[DistributionOriginCustomHeader]: One or more sub-resources with name and value parameters that specify header data that will be sent to the origin (multiples allowed).
customOriginConfig Dict[DistributionOriginCustomOriginConfig]: The CloudFront custom origin configuration information. If an S3 origin is required, use s3_origin_config instead.
originPath str: An optional element that causes CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin.
s3OriginConfig Dict[DistributionOriginS3OriginConfig]: The CloudFront S3 origin configuration information. If a custom origin is required, use custom_origin_config instead.

DistributionOriginCustomHeader

Name string
Value string

Name string
Value string

name string
value string

name str
value str

DistributionOriginCustomOriginConfig

HttpPort int: The HTTP port the custom origin listens on.
HttpsPort int: The HTTPS port the custom origin listens on.
OriginProtocolPolicy string: The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.
OriginSslProtocols List<string>: The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.
OriginKeepaliveTimeout int: The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
OriginReadTimeout int: The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

HttpPort int: The HTTP port the custom origin listens on.
HttpsPort int: The HTTPS port the custom origin listens on.
OriginProtocolPolicy string: The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.
OriginSslProtocols []string: The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.
OriginKeepaliveTimeout int: The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
OriginReadTimeout int: The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

httpPort number: The HTTP port the custom origin listens on.
httpsPort number: The HTTPS port the custom origin listens on.
originProtocolPolicy string: The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.
originSslProtocols string[]: The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.
originKeepaliveTimeout number: The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
originReadTimeout number: The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

httpPort float: The HTTP port the custom origin listens on.
httpsPort float: The HTTPS port the custom origin listens on.
originProtocolPolicy str: The origin protocol policy to apply to your origin. One of http-only, https-only, or match-viewer.
originSslProtocols List[str]: The SSL/TLS protocols that you want CloudFront to use when communicating with your origin over HTTPS. A list of one or more of SSLv3, TLSv1, TLSv1.1, and TLSv1.2.
originKeepaliveTimeout float: The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.
originReadTimeout float: The Custom Read timeout, in seconds. By default, AWS enforces a limit of 60. But you can request an increase.

DistributionOriginGroup

FailoverCriteria DistributionOriginGroupFailoverCriteriaArgs: The failover criteria for when to failover to the secondary origin
Members List<DistributionOriginGroupMemberArgs>: Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.
OriginId string: The unique identifier of the member origin

FailoverCriteria DistributionOriginGroupFailoverCriteria: The failover criteria for when to failover to the secondary origin
Members []DistributionOriginGroupMember: Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.
OriginId string: The unique identifier of the member origin

failoverCriteria DistributionOriginGroupFailoverCriteria: The failover criteria for when to failover to the secondary origin
members DistributionOriginGroupMember[]: Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.
originId string: The unique identifier of the member origin

failoverCriteria Dict[DistributionOriginGroupFailoverCriteria]: The failover criteria for when to failover to the secondary origin
members List[DistributionOriginGroupMember]: Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.
originId str: The unique identifier of the member origin

DistributionOriginGroupFailoverCriteria

StatusCodes List<int>: A list of HTTP status codes for the origin group

StatusCodes []int: A list of HTTP status codes for the origin group

statusCodes number[]: A list of HTTP status codes for the origin group

statusCodes List[Integer]: A list of HTTP status codes for the origin group

DistributionOriginGroupMember

OriginId string: The unique identifier of the member origin

OriginId string: The unique identifier of the member origin

originId string: The unique identifier of the member origin

originId str: The unique identifier of the member origin

DistributionOriginS3OriginConfig

OriginAccessIdentity string: The [CloudFront origin access identity][5] to associate with the origin.

OriginAccessIdentity string: The [CloudFront origin access identity][5] to associate with the origin.

originAccessIdentity string: The [CloudFront origin access identity][5] to associate with the origin.

originAccessIdentity str: The [CloudFront origin access identity][5] to associate with the origin.

DistributionRestrictions

GeoRestriction DistributionRestrictionsGeoRestrictionArgs

GeoRestriction DistributionRestrictionsGeoRestriction

geoRestriction DistributionRestrictionsGeoRestriction

geoRestriction Dict[DistributionRestrictionsGeoRestriction]

DistributionRestrictionsGeoRestriction

RestrictionType string: The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.
Locations List<string>: The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).

RestrictionType string: The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.
Locations []string: The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).

restrictionType string: The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.
locations string[]: The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).

restrictionType str: The method that you want to use to restrict distribution of your content by country: none, whitelist, or blacklist.
locations List[str]: The [ISO 3166-1-alpha-2 codes][4] for which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).

DistributionViewerCertificate

AcmCertificateArn string: The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.
CloudfrontDefaultCertificate bool: true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.
IamCertificateId string: The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.
MinimumProtocolVersion string: The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.
SslSupportMethod string

AcmCertificateArn string: The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.
CloudfrontDefaultCertificate bool: true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.
IamCertificateId string: The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.
MinimumProtocolVersion string: The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.
SslSupportMethod string

acmCertificateArn string: The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.
cloudfrontDefaultCertificate boolean: true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.
iamCertificateId string: The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.
minimumProtocolVersion string: The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.
sslSupportMethod string

acmCertificateArn str: The ARN of the AWS Certificate Manager certificate that you wish to use with this distribution. Specify this, cloudfront_default_certificate, or iam_certificate_id. The ACM certificate must be in US-EAST-1.
cloudfrontDefaultCertificate bool: true if you want viewers to use HTTPS to request your objects and you’re using the CloudFront domain name for your distribution. Specify this, acm_certificate_arn, or iam_certificate_id.
iamCertificateId str: The IAM certificate identifier of the custom viewer certificate for this distribution if you are using a custom domain. Specify this, acm_certificate_arn, or cloudfront_default_certificate.
minimumProtocolVersion str: The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. Can only be set if cloudfront_default_certificate = false. One of SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016 or TLSv1.2_2018. Default: TLSv1. NOTE: If you are using a custom certificate (specified with acm_certificate_arn or iam_certificate_id), and have specified sni-only in ssl_support_method, TLSv1 or later must be specified. If you have specified vip in ssl_support_method, only SSLv3 or TLSv1 can be specified. If you have specified cloudfront_default_certificate, TLSv1 must be specified.
sslSupportMethod str

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud