Menu
Amazon CloudFront
API Reference (API Version 2016-09-07)

Distribution Complex Type

Description

The Distribution complex type describes the information about a web distribution. For more information about web distributions, go to Working with Web Distributions in the Amazon CloudFront Developer Guide.

This complex type is used as a response element in POST Distribution, and in GET Distribution, and POST Distribution With Tags.

Syntax

<Distribution xmlns="http://cloudfront.amazonaws.com/doc/2016-09-07/">
   <Id>distribution ID</Id>
   <ARN>arn:aws:cloudfront::AWS account ID:distribution/distribution ID</ARN>
   <Status>Deployed | InProgress</Status>
   <LastModifiedTime>date and time that the distribution
      was last modified, in ISO 8601 format</LastModifiedTime>
   <InProgressInvalidationBatches>number of invalidation batches being 
      processed for this distribution</InProgressInvalidationBatches>
   <DomainName>CloudFront domain name assigned to the 
      distribution</DomainName>
   <ActiveTrustedSigners>
      <Enabled>true | false</Enabled>
      <Quantity>number of unique trusted signers from 
         all cache behaviors</Quantity>
      <Items>
         <Signer>
            <AwsAccountNumber>self | AWS account number</AwsAccountNumber>
            <KeyPairIds>
               <Quantity>number of active key pairs for 
                  AwsAccountNumber</Quantity>
               <Items>
                  <KeyPairId>active key pair associated with 
                     AwsAccountNumber</KeyPairId>
               </Items>
            </KeyPairIds>
         </Signer>
      </Items>
   </ActiveTrustedSigners>
   <DistributionConfig>
      <CallerReference>unique description for this
         distribution config</CallerReference>
      <Aliases>
         <Quantity>number of CNAME aliases</Quantity>
         <!-- Optional. Omit when Quantity = 0. -->
         <Items>
            <CNAME>CNAME alias</CNAME>
         </Items>
      </Aliases>
      <DefaultRootObject>URL for default root object</DefaultRootObject>
      <Origins>
         <Quantity>number of origins</Quantity>
         <Items>
            <Origin>
               <Id>unique identifier for this origin</Id>
               <DomainName>domain name of origin</DomainName>
               <OriginPath>optional directory path</OriginPath>
               <CustomHeaders>
                  <Quantity>number of custom headers</Quantity>
                  <!-- Optional. Omit when Quantity = 0. -->
                  <Items>
                     <OriginCustomHeader>
                        <HeaderName>name of the header</HeaderName>
                        <HeaderValue>value for HeaderName</HeaderValue>
                     </OriginCustomHeader>
                  </Items>
               </CustomHeaders>
               <!-- CloudFront returns the S3OriginConfig element 
                  only if you use an Amazon S3 origin. --> 
               <S3OriginConfig>
                  <OriginAccessIdentity>origin-access-identity/cloudfront/ID-of-origin-access-identity</OriginAccessIdentity>
               </S3OriginConfig>
               <!-- CloudFront returns the CustomOriginConfig element 
                  only if you use a custom origin. -->
               <CustomOriginConfig>
                  <HTTPPort>HTTP port that the custom origin 
                     listens on</HTTPPort>
                  <HTTPSPort>HTTPS port that the custom origin 
                     listens on</HTTPSPort>
                  <OriginProtocolPolicy>http-only | https-only |
                     match-viewer</OriginProtocolPolicy>
                  <OriginSslProtocols>
                     <Quantity>number of SSL protocols</Quantity>
                     <Items>
                        <SslProtocol>SSLv3 | TLSv1 | TLSv1.1 | TLSv1.2</SslProtocol>
                     </Items>
                  </OriginSslProtocols>
               </CustomOriginConfig>
            </Origin>
         </Items>
      </Origins>
      <DefaultCacheBehavior>
         <TargetOriginId>ID of the origin that the default cache behavior 
            applies to</TargetOriginId>
         <ForwardedValues>
            <QueryString>true | false</QueryString>
            <QueryStringCacheKeys>
               <Quantity>number of query string parameters to base caching on</Quantity>
               <!-- Optional. Omit when Quantity = 0. -->
               <Items>
                  <Name>parameter name</Name>
               </Items>
            </QueryStringCacheKeys>
            <Cookies>
               <Forward>all | whitelist | none</Forward>
               <!-- Required when Forward = whitelist, omit otherwise. -->
               <WhitelistedNames>
                  <Quantity>number of cookie names to 
                     forward to origin</Quantity>
                  <Items>
                     <Name>name of a cookie to forward to the origin</Name>
                  </Items>
               </WhitelistedNames>
            </Cookies>
            <Headers>
               <Quantity>number of headers to forward to origin</Quantity>
               <!-- Optional. Omit when Quantity = 0. -->
               <Items>
                  <Name>header</Name>
               </Items>
            </Headers>
         </ForwardedValues>
         <TrustedSigners
            <Enabled>true | false</Enabled>
            <Quantity>number of trusted signers</Quantity>
            <!-- Optional. Omit when Quantity = 0. -->
            <Items>
               <AwsAccountNumber>self | AWS account that can create 
                  signed URLs</AwsAccountNumber>
            </Items>
         </TrustedSigners>
         <ViewerProtocolPolicy>allow-all | 
            redirect-to-https | https-only</ViewerProtocolPolicy>
         <MinTTL>minimum TTL in seconds for objects 
            specified by PathPattern</MinTTL>
         <DefaultTTL>default TTL in seconds for objects 
            specified by PathPattern</DefaultTTL>
         <MaxTTL>maximum TTL in seconds for objects 
            specified by PathPattern</MaxTTL>
         <AllowedMethods>
            <Quantity>2 | 3 | 7</Quantity>
            <Items>
               <!-- If you want to use CloudFront only to serve your content 
                  from edge locations, specify only GET and HEAD. -->
               <Method>GET</Method>
               <Method>HEAD</Method>
               <!-- If you want to use CloudFront to serve your content 
                  from edge locations and you want to cache the 
                  response from OPTIONS requests, specify 
                  GET, HEAD, and OPTIONS. -->
               <Method>GET</Method>
               <Method>HEAD</Method>
               <Method>OPTIONS</Method>
               <!-- If you want to use any methods in addition to 
                  GET and HEAD, you must specify all methods. -->
               <Method>DELETE</Method>
               <Method>GET</Method>
               <Method>HEAD</Method>
               <Method>OPTIONS</Method>
               <Method>PATCH</Method>
               <Method>POST</Method>
               <Method>PUT</Method>
            </Items>
            <CachedMethods>
               <Quantity>2 | 3 </Quantity>
               <Items>
                  <!-- If you only want to cache responses to GET 
                     and HEAD requests, specify only GET and HEAD. -->
                  <Method>GET</Method>
                  <Method>HEAD</Method>
                  <!-- If you want cache responses to GET, HEAD, and 
                     OPTIONS requests, specify those methods. -->
                  <Method>GET</Method>
                  <Method>HEAD</Method>
                  <Method>OPTIONS</Method>
               </Items>
            </CachedMethods>
         </AllowedMethods>
         <SmoothStreaming>true | false</SmoothStreaming>
         <Compress>true | false</Compress>
      </DefaultCacheBehavior>
      <CacheBehaviors>
         <Quantity>number of cache behaviors</Quantity>
         <!-- Optional. Omit when Quantity = 0. -->
         <Items>
            <CacheBehavior>
               <PathPattern>pattern that specifies files that this 
                  cache behavior applies to</PathPattern>
               <TargetOriginId>ID of the origin that this cache behavior 
                  applies to</TargetOriginId>
               <ForwardedValues>
                  <QueryString>true | false</QueryString>
                  <QueryStringCacheKeys>
                     <Quantity>number of query string parameters to base caching on</Quantity>
                     <!-- Optional. Omit when Quantity = 0. -->
                     <Items>
                        <Name>parameter name</Name>
                     </Items>
                  </QueryStringCacheKeys>
                  <Cookies>
                     <Forward>all | whitelist | none</Forward>
                     <!-- Required when Forward = whitelist, 
                        omit otherwise. -->
                     <WhitelistedNames>
                        <Quantity>number of cookie names to 
                           forward to origin</Quantity>
                        <Items>
                           <Name>name of a cookie to forward to 
                              the origin</Name>
                        </Items>
                     </WhitelistedNames>
                  </Cookies>
                  <Headers>
                     <Quantity>number of headers to forward to origin</Quantity>
                     <!-- Optional. Omit when Quantity = 0. -->
                     <Items>
                        <Name>header</Name>
                     </Items>
                  </Headers>
               </ForwardedValues>
               <TrustedSigners>
                  <Enabled>true | false</Enabled>
                  <Quantity>number of trusted signers</Quantity>
                  <!-- Optional. Omit when Quantity = 0. -->
                  <Items>
                     <AwsAccountNumber>self | AWS account that can create 
                        signed URLs</AwsAccountNumber>
                  </Items>
               </TrustedSigners>
               <ViewerProtocolPolicy>allow-all | 
                  redirect-to-https | https-only</ViewerProtocolPolicy>
               <MinTTL>minimum TTL in seconds for objects 
                  specified by PathPattern</MinTTL>
               <DefaultTTL>default TTL in seconds for objects 
                  specified by PathPattern</DefaultTTL>
               <MaxTTL>maximum TTL in seconds for objects 
                  specified by PathPattern</MaxTTL>
               <AllowedMethods>
                  <Quantity>2 | 3 | 7</Quantity>
                  <Items>
                     <!-- If you want to use CloudFront only to serve your 
                        content from edge locations, specify only 
                        GET and HEAD. -->
                     <Method>GET</Method>
                     <Method>HEAD</Method>
                     <!-- If you want to use CloudFront to serve your content 
                        from edge locations and you want to cache the 
                        response from OPTIONS requests, specify 
                        GET, HEAD, and OPTIONS. -->
                     <Method>GET</Method>
                     <Method>HEAD</Method>
                     <Method>OPTIONS</Method>
                     <!-- If you want to use any methods in addition to 
                        GET and HEAD, you must specify all methods. -->
                     <Method>DELETE</Method>
                     <Method>GET</Method>
                     <Method>HEAD</Method>
                     <Method>OPTIONS</Method>
                     <Method>PATCH</Method>
                     <Method>POST</Method>
                     <Method>PUT</Method>
                  </Items>
                  <CachedMethods>
                     <Quantity>2 | 3 </Quantity>
                     <Items>
                        <!-- If you only want to cache responses to GET 
                           and HEAD requests, specify only GET and HEAD. -->
                        <Method>GET</Method>
                        <Method>HEAD</Method>
                        <!-- If you want cache responses to GET, HEAD, and  
                           OPTIONS requests, specify those methods. -->
                        <Method>GET</Method>
                        <Method>HEAD</Method>
                        <Method>OPTIONS</Method>
                     </Items>
                  </CachedMethods>
               </AllowedMethods>
               <SmoothStreaming>true | false</SmoothStreaming>
               <Compress>true | false</Compress>
            </CacheBehavior>
         </Items>
      </CacheBehaviors>
      <CustomErrorResponses>
         <Quantity>number of custom error responses</Quantity>
         <Items>
            <CustomErrorResponse>
               <ErrorCode>HTTP status code for which you want to 
                  customize the response</ErrorCode>
               <ResponsePagePath>path to custom error page</ResponsePagePath>
               <ResponseCode>HTTP status code that you want CloudFront 
                  to return along with the custom error page</ResponseCode>
               <ErrorCachingMinTTL>minimum TTL for this 
                  ErrorCode</ErrorCachingMinTTL>
            </CustomErrorResponse>
         </Items>
      </CustomErrorResponses>
      <Restrictions>
         <GeoRestriction>
            <RestrictionType>blacklist | whitelist | none</RestrictionType>
            <Quantity>number of countries 
               in the blacklist or whitelist</Quantity>
            <!-- Optional. Omit when Quantity = 0. -->
            <Items>
               <Location>two-letter country code in upper case</Location>
            </Items>
         </GeoRestriction>
      </Restrictions>
      <WebACLId>ID of an AWS WAF web ACL</WebACLId>
      <Comment>comment about the distribution</Comment>
      <HttpVersion>http1.1 | http2</HttpVersion>
      <Logging>
         <Enabled>true | false</Enabled>
         <IncludeCookies>true | false</IncludeCookies>
         <Bucket>Amazon S3 bucket to save logs in</Bucket>
         <Prefix>prefix for log filenames</Prefix>
      </Logging>
      <ViewerCertificate>
         <ACMCertificateArn>ARN for ACM SSL/TLS certificate</ACMCertificateArn> | 
            <IAMCertificateId>IAM certificate ID</IAMCertificateId> | 
            <CloudFrontDefaultCertificate>true</CloudFrontDefaultCertificate>
         <SSLSupportMethod>vip | sni-only</SSLSupportMethod>
         <MinimumProtocolVersion>SSLv3 | TLSv1</MinimumProtocolVersion>
      </ViewerCertificate>
      <PriceClass>maximum price class for the distribution</PriceClass>
      <Enabled>true | false</Enabled>
   </DistributionConfig>
</Distribution>

Elements

The following table describes the child elements in the Distribution datatype. They're presented in the order they appear in the distribution, and not in alphabetical order.

NameDescriptionRequired

Id

The identifier for the distribution. For example: EDFDVBD6EXAMPLE.

Type: String

Default: None

Yes

ARN

The Amazon Resource Name (ARN) for the distribution, in the following format:

arn:aws:cloudfront::AWS account ID:distribution/distribution ID

Type: String

Default: None

Yes

Status

This response element indicates the current status of the distribution. When the status is Deployed, the distribution's information is fully propagated throughout the Amazon CloudFront system.

Type: String

Valid Values: Deployed | InProgress

Default: None

Yes

InProgress InvalidationBatches

The number of invalidation batches currently in progress for this distribution. For more information about invalidation, go to Object Invalidation in the Amazon CloudFront Developer Guide.

Type: String

Valid Values: 0 | 1 | 2 | 3

Default: None

Yes

LastModifiedTime

The date and time the distribution was last modified.

Type: String with date in the format YYYY-MM-DDThh:mm:ssZ, as specified in the ISO 8601 standard, for example, 2012-05-19T19:37:58Z.

Default: None

Yes

DomainName

The domain name corresponding to the distribution, for example, d111111abcdef8.cloudfront.net.

Type: String

Default: None

Yes

ActiveTrustedSigners

A complex type that lists the AWS accounts, if any, that you included in the TrustedSigners complex type for the default cache behavior or for any of the other cache behaviors for this distribution. These are accounts that you want to allow to create signed URLs for private content.

The Signer complex type lists the AWS account number of the trusted signer or self if the signer is the AWS account that created the distribution. The Signer element also includes the IDs of any active CloudFront key pairs that are associated with the trusted signer's AWS account. If no KeyPairId element appears for a Signer, that signer can't create signed URLs.

For more information, go to Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

Type: Complex type

Default: None

Parent: Distribution

Children: Enabled, Quantity, Items

 

Enabled (ActiveTrustedSigners)

Enabled is true if any of the AWS accounts that are listed in the TrustedSigners complex type (for the default cache behavior or for any other cache behaviors) have active CloudFront key pairs. If not, Enabled is false.

For more information, see ActiveTrustedSigners.

Type: Boolean

Default: None

Valid Values: true | false

Parent: ActiveTrustedSigners

 

Quantity (ActiveTrustedSigners)

The number of unique trusted signers included in all cache behaviors. For example, if three cache behaviors all list the same three AWS accounts, the value of Quantity for ActiveTrustedSigners will be 3.

For more information, see ActiveTrustedSigners.

Type: Integer

Default: None

Parent: ActiveTrustedSigners

 

Items (ActiveTrustedSigners)

A complex type that contains one Signer complex type for each unique trusted signer that is specified in the TrustedSigners complex type, including trusted signers in the default cache behavior and in all of the other cache behaviors.

For more information, see ActiveTrustedSigners.

Type: Complex

Default: None

Children: Signer

Parent: ActiveTrustedSigners

 

Signer

A complex type that lists the AWS accounts that were included in the TrustedSigners complex type, as well as their active CloudFront key pair IDs, if any.

For more information, see ActiveTrustedSigners.

Type: Complex

Default: None

Children: AWSAccountNumber, KeyPairIds

Parent: Items

 

AwsAccountNumber

An AWS account that is included in the TrustedSigners complex type in the default cache behavior or in any other cache behavior. Valid values include:

  • self, which is the AWS account that was used to create the distribution.

  • An AWS account number.

For more information, see ActiveTrustedSigners.

Type: String

Default: None

Parent: Signer

 

KeyPairIds

A complex type that lists the active CloudFront key pairs, if any, that are associated with AwsAccountNumber.

For more information, see ActiveTrustedSigners.

Type: Complex

Default: None

Parent: Signer

 

Quantity (KeyPairIds)

The number of active CloudFront key pairs for AwsAccountNumber.

For more information, see ActiveTrustedSigners.

Type: Integer

Default: None

Parent: KeyPairIds

 

Items (KeyPairIds)

A complex type that lists the active CloudFront key pairs, if any, that are associated with AwsAccountNumber.

For more information, see ActiveTrustedSigners.

Type: Complex

Default: None

Child: KeyPairId

Parent: KeyPairIds

 

KeyPairId

An active CloudFront key pair Id that is associated with AwsAccountNumber.

For more information, see ActiveTrustedSigners.

Type: String

Default: None

Parent: Items (KeyPairIds)

 

DistributionConfig or DistributionConfigWithTags

The current configuration information for the distribution.

Type: DistributionConfig Complex Type or DistributionConfigWithTags Complex Type.

Default: None

Yes

Note

Even though a distribution might be deployed, you must enable the distribution for use before end users can retrieve content. To enable a distribution, change the value of the Enabled element for DistributionConfig Complex Type or DistributionConfigWithTags Complex Type to true.

Example

The following example shows a distribution with an Amazon S3 origin and a custom origin, as well as one cache behavior.

<Distribution xmlns="http://cloudfront.amazonaws.com/doc/2016-09-07/">
   <Id>EDFDVBD6EXAMPLE</Id>
   <ARN>arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE</ARN>
   <Status>Deployed</Status>
   <LastModifiedTime>2012-05-19T19:37:58Z</LastModifiedTime>
   <InProgressInvalidationBatches>1</InProgressInvalidationBatches>
   <DomainName>d111111abcdef8.cloudfront.net</DomainName>
   <ActiveTrustedSigners>
      <Quantity>3</Quantity>
      <Items>
         <Signer>
            <AwsAccountNumber>self</AwsAccountNumber>
            <KeyPairIds>
               <Quantity>1</Quantity>
               <Items>
                  <KeyPairId>APKA9ONS7QCOWEXAMPLE</KeyPairId>
               </Items>
            </KeyPairIds>
         </Signer>
         <Signer>
            <AwsAccountNumber>111122223333</AwsAccountNumber>
            <KeyPairIds>
               <Quantity>2</Quantity>
               <KeyPairId>APKAI72T5DYBXEXAMPLE</KeyPairId>
               <KeyPairId>APKAU72D8DYNXEXAMPLE</KeyPairId>
            </KeyPairIds>
         </Signer>
         <Signer>
            <AwsAccountNumber>444455556666</AwsAccountNumber>
            <KeyPairIds>
               <Quantity>0</Quantity>
            </KeyPairIds>
         </Signer>
      </Items>
   </ActiveTrustedSigners>
   <DistributionConfig>
      <CallerReference>example.com2012-04-11-5:09pm</CallerReference>
      <Aliases>
         <Quantity>1</Quantity>
         <Items>
            <CNAME>www.example.com</CNAME>
         </Items>
      </Aliases>
      <DefaultRootObject>index.html</DefaultRootObject>
      <Origins>
         <Quantity>2</Quantity>
         <Items>
            <Origin>
               <Id>example-Amazon S3-origin</Id>
               <DomainName>myawsbucket.s3.amazonaws.com</DomainName>
               <OriginPath>/production</OriginPath>
               <CustomHeaders>
                  <Quantity>0</Quantity>
               </CustomHeaders>
               <S3OriginConfig>
                  <OriginAccessIdentity>origin-access-identity/cloudfront/E74FTE3AEXAMPLE</OriginAccessIdentity>
               </S3OriginConfig>
            </Origin>
            <Origin>
               <Id>example-custom-origin</Id>
               <DomainName>example.com</DomainName>
               <CustomOriginConfig>
                  <HTTPPort>80</HTTPPort>
                  <HTTPSPort>443</HTTPSPort>
                  <OriginProtocolPolicy>match-viewer</OriginProtocolPolicy>
                  <OriginSslProtocols>
                     <Quantity>3</Quantity>
                     <Items>
                        <SslProtocol>TLSv1</SslProtocol>
                        <SslProtocol>TLSv1.1</SslProtocol>
                        <SslProtocol>TLSv1.2</SslProtocol>
                     </Items>
                  </OriginSslProtocols>
               </CustomOriginConfig>
            </Origin>
         </Items>
      </Origins>
      <DefaultCacheBehavior>
         <TargetOriginId>example-Amazon S3-origin</TargetOriginId>
         <ForwardedValues>
            <QueryString>true</QueryString>
            <QueryStringCacheKeys>
               <Quantity>1</Quantity>
               <Items>
                  <Name>color</Name>
               </Items>
            </QueryStringCacheKeys>
            <Cookies>
               <Forward>whitelist</Forward>
               <WhitelistedNames>
                  <Quantity>1</Quantity>
                  <Items>
                     <Name>example-cookie</Name>
                  </Items>
               </WhitelistedNames>
            </Cookies>
            <Headers>
               <Quantity>1</Quantity>
               <Items>
                  <Name>Origin</Name>
               </Items>
            </Headers>
         </ForwardedValues>
         <TrustedSigners>
            <Enabled>true</Enabled>
            <Quantity>3</Quantity>
            <Items>
               <AwsAccountNumber>self</AwsAccountNumber>
               <AwsAccountNumber>111122223333</AwsAccountNumber>
               <AwsAccountNumber>444455556666</AwsAccountNumber>
            </Items>
         </TrustedSigners>
         <ViewerProtocolPolicy>redirect-to-https</ViewerProtocolPolicy>
         <MinTTL>0</MinTTL>
         <MaxTTL>300</MaxTTL>
         <AllowedMethods>
            <Quantity>2</Quantity>
            <Items>
               <Method>GET</Method>
               <Method>HEAD</Method>
            </Items>
            <CachedMethods>
               <Quantity>2</Quantity>
               <Items>
                  <Method>GET</Method>
                  <Method>HEAD</Method>
               </Items>
            </CachedMethods>
         </AllowedMethods>
         <SmoothStreaming>false</SmoothStreaming>
         <Compress>true</Compress>
      </DefaultCacheBehavior>
      <CacheBehaviors>
         <Quantity>1</Quantity>
         <Items>
            <CacheBehavior>
               <PathPattern>*.jpg</PathPattern>
               <TargetOriginId>example-custom-origin</TargetOriginId>
               <ForwardedValues>
                  <QueryString>false</QueryString>
                  <QueryStringCacheKeys>
                     <Quantity>0</Quantity>
                  </QueryStringCacheKeys>
                  <Cookies>
                     <Forward>all</Forward>
                  </Cookies>
                  <Headers>
                     <Quantity>1</Quantity>
                     <Items>
                        <Name>Origin</Name>
                     </Items>
                  </Headers>
               </ForwardedValues>
               <TrustedSigners>
                  <Enabled>true</Enabled>
                  <Quantity>2</Quantity>
                  <Items>
                     <AwsAccountNumber>self</AwsAccountNumber>
                     <AwsAccountNumber>111122223333</AwsAccountNumber>
                  </Items>
               </TrustedSigners>
               <ViewerProtocolPolicy>allow-all</ViewerProtocolPolicy>
               <MinTTL>86400</MinTTL>
               <AllowedMethods>
                  <Quantity>2</Quantity>
                  <Items>
                     <Method>GET</Method>
                     <Method>HEAD</Method>
                  </Items>
                  <CachedMethods>
                     <Quantity>2</Quantity>
                     <Items>
                        <Method>GET</Method>
                        <Method>HEAD</Method>
                     </Items>
                  </CachedMethods>
               </AllowedMethods>
               <SmoothStreaming>false</SmoothStreaming>
               <Compress>true</Compress>
            </CacheBehavior>
         </Items>
      </CacheBehaviors>
      <CustomErrorResponses>
         <Quantity>1</Quantity>
         <Items>
            <CustomErrorResponse>
               <ErrorCode>404</ErrorCode>
               <ResponsePagePath>/error-pages/404.html</ResponsePagePath>
               <ResponseCode>200</ResponseCode>
               <ErrorCachingMinTTL>30</ErrorCachingMinTTL>
            </CustomErrorResponse>
         </Items>
      </CustomErrorResponses>
      <Restrictions>
         <GeoRestriction>
            <RestrictionType>whitelist</RestrictionType>
            <Quantity>2</Quantity>
            <Items>
               <Location>AQ</Location>
               <Location>CV</Location>
            </Items>
         </GeoRestriction>
      </Restrictions>
      <WebACLId>3ad0b954-9f99-4298-ac36-4c11eexample</WebACLId>
      <Comment>example comment</Comment>
      <HttpVersion>http2</HttpVersion>
      <Logging>
         <Enabled>true</Enabled>
         <IncludeCookies>true</IncludeCookies>
         <Bucket>myawslogbucket.s3.amazonaws.com</Bucket>
         <Prefix>example.com.</Prefix>
      </Logging>
      <ViewerCertificate>
         <CloudFrontDefaultCertificate>true</CloudFrontDefaultCertificate>
         <SSLSupportMethod>vip</SSLSupportMethod>
         <MinimumProtocolVersion>TLSv1</MinimumProtocolVersion>
      </ViewerCertificate>
      <PriceClass>PriceClass_All</PriceClass>
      <Enabled>true</Enabled>
   </DistributionConfig>
</Distribution>