Namespace Pulumi.Aws.CloudFront
Classes
Distribution
Creates an Amazon CloudFront web distribution.
For information about CloudFront distributions, see the Amazon CloudFront Developer Guide. For specific information about creating CloudFront web distributions, see the POST Distribution page in the Amazon CloudFront API Reference.
NOTE: CloudFront distributions take about 15 minutes to a deployed state after creation or modification. During this time, deletes to resources will be blocked. If you need to delete a distribution that is enabled and you do not want to wait, you need to use the
retain_on_deleteflag.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Aws.S3.Bucket("bucket", new Aws.S3.BucketArgs
{
Acl = "private",
Tags =
{
{ "Name", "My bucket" },
},
});
var s3OriginId = "myS3Origin";
var s3Distribution = new Aws.CloudFront.Distribution("s3Distribution", new Aws.CloudFront.DistributionArgs
{
Aliases =
{
"mysite.example.com",
"yoursite.example.com",
},
Comment = "Some comment",
DefaultCacheBehavior = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorArgs
{
AllowedMethods =
{
"DELETE",
"GET",
"HEAD",
"OPTIONS",
"PATCH",
"POST",
"PUT",
},
CachedMethods =
{
"GET",
"HEAD",
},
DefaultTtl = 3600,
ForwardedValues = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorForwardedValuesArgs
{
Cookies = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs
{
Forward = "none",
},
QueryString = false,
},
MaxTtl = 86400,
MinTtl = 0,
TargetOriginId = s3OriginId,
ViewerProtocolPolicy = "allow-all",
},
DefaultRootObject = "index.html",
Enabled = true,
IsIpv6Enabled = true,
LoggingConfig = new Aws.CloudFront.Inputs.DistributionLoggingConfigArgs
{
Bucket = "mylogs.s3.amazonaws.com",
IncludeCookies = false,
Prefix = "myprefix",
},
OrderedCacheBehaviors =
{
new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorArgs
{
AllowedMethods =
{
"GET",
"HEAD",
"OPTIONS",
},
CachedMethods =
{
"GET",
"HEAD",
"OPTIONS",
},
Compress = true,
DefaultTtl = 86400,
ForwardedValues = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesArgs
{
Cookies = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs
{
Forward = "none",
},
Headers =
{
"Origin",
},
QueryString = false,
},
MaxTtl = 31536000,
MinTtl = 0,
PathPattern = "/content/immutable/*",
TargetOriginId = s3OriginId,
ViewerProtocolPolicy = "redirect-to-https",
},
new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorArgs
{
AllowedMethods =
{
"GET",
"HEAD",
"OPTIONS",
},
CachedMethods =
{
"GET",
"HEAD",
},
Compress = true,
DefaultTtl = 3600,
ForwardedValues = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesArgs
{
Cookies = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs
{
Forward = "none",
},
QueryString = false,
},
MaxTtl = 86400,
MinTtl = 0,
PathPattern = "/content/*",
TargetOriginId = s3OriginId,
ViewerProtocolPolicy = "redirect-to-https",
},
},
Origins =
{
new Aws.CloudFront.Inputs.DistributionOriginArgs
{
DomainName = bucket.BucketRegionalDomainName,
OriginId = s3OriginId,
S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs
{
OriginAccessIdentity = "origin-access-identity/cloudfront/ABCDEFG1234567",
},
},
},
PriceClass = "PriceClass_200",
Restrictions = new Aws.CloudFront.Inputs.DistributionRestrictionsArgs
{
GeoRestriction = new Aws.CloudFront.Inputs.DistributionRestrictionsGeoRestrictionArgs
{
Locations =
{
"US",
"CA",
"GB",
"DE",
},
RestrictionType = "whitelist",
},
},
Tags =
{
{ "Environment", "production" },
},
ViewerCertificate = new Aws.CloudFront.Inputs.DistributionViewerCertificateArgs
{
CloudfrontDefaultCertificate = true,
},
});
}
}
DistributionArgs
DistributionState
GetDistribution
GetDistributionArgs
GetDistributionResult
OriginAccessIdentity
Creates an Amazon CloudFront origin access identity.
For information about CloudFront distributions, see the Amazon CloudFront Developer Guide. For more information on generating origin access identities, see Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var originAccessIdentity = new Aws.CloudFront.OriginAccessIdentity("originAccessIdentity", new Aws.CloudFront.OriginAccessIdentityArgs
{
Comment = "Some comment",
});
}
}
Using With CloudFront
Normally, when referencing an origin access identity in CloudFront, you need to
prefix the ID with the origin-access-identity/cloudfront/ special path.
The cloudfront_access_identity_path allows this to be circumvented.
The below snippet demonstrates use with the s3_origin_config structure for the
aws.cloudfront.Distribution resource:
using Pulumi;
class MyStack : Stack
{
public MyStack()
{
}
}
Updating your bucket policy
Note that the AWS API may translate the s3_canonical_user_id CanonicalUser
principal into an AWS IAM ARN principal when supplied in an
aws.s3.Bucket bucket policy, causing spurious diffs. If
you see this behaviour, use the iam_arn instead:
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var s3Policy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"s3:GetObject",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
aws_cloudfront_origin_access_identity.Origin_access_identity.Iam_arn,
},
Type = "AWS",
},
},
Resources =
{
$"{aws_s3_bucket.Example.Arn}/*",
},
},
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"s3:ListBucket",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
aws_cloudfront_origin_access_identity.Origin_access_identity.Iam_arn,
},
Type = "AWS",
},
},
Resources =
{
aws_s3_bucket.Example.Arn,
},
},
},
}));
var example = new Aws.S3.BucketPolicy("example", new Aws.S3.BucketPolicyArgs
{
Bucket = aws_s3_bucket.Example.Id,
Policy = s3Policy.Apply(s3Policy => s3Policy.Json),
});
}
}
OriginAccessIdentityArgs
OriginAccessIdentityState
PublicKey
Example Usage
using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.CloudFront.PublicKey("example", new Aws.CloudFront.PublicKeyArgs
{
Comment = "test public key",
EncodedKey = File.ReadAllText("public_key.pem"),
});
}
}