AWS Tools for Windows PowerShell
Command Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Synopsis

Invokes the CreateDistribution operation against Amazon CloudFront.

Syntax

New-CFDistribution
-ViewerCertificate_ACMCertificateArn <String>
-Logging_Bucket <String>
-DistributionConfig_CallerReference <String>
-ViewerCertificate_Certificate <String>
-ViewerCertificate_CertificateSource <CertificateSource>
-ViewerCertificate_CloudFrontDefaultCertificate <Boolean>
-DistributionConfig_Comment <String>
-DefaultCacheBehavior_Compress <Boolean>
-DistributionConfig_DefaultRootObject <String>
-DefaultCacheBehavior_DefaultTTL <Int64>
-TrustedSigners_Enabled <Boolean>
-DistributionConfig_Enabled <Boolean>
-Logging_Enabled <Boolean>
-Cookies_Forward <ItemSelection>
-DistributionConfig_HttpVersion <HttpVersion>
-ViewerCertificate_IAMCertificateId <String>
-Logging_IncludeCookie <Boolean>
-DistributionConfig_IsIPV6Enabled <Boolean>
-Aliases_Item <String[]>
-CacheBehaviors_Item <CacheBehavior[]>
-CustomErrorResponses_Item <CustomErrorResponse[]>
-CachedMethods_Item <String[]>
-AllowedMethods_Item <String[]>
-WhitelistedNames_Item <String[]>
-Headers_Item <String[]>
-QueryStringCacheKeys_Item <String[]>
-LambdaFunctionAssociations_Item <LambdaFunctionAssociation[]>
-TrustedSigners_Item <String[]>
-Origins_Item <Origin[]>
-GeoRestriction_Item <String[]>
-DefaultCacheBehavior_MaxTTL <Int64>
-ViewerCertificate_MinimumProtocolVersion <MinimumProtocolVersion>
-DefaultCacheBehavior_MinTTL <Int64>
-Logging_Prefix <String>
-DistributionConfig_PriceClass <PriceClass>
-Aliases_Quantity <Int32>
-CacheBehaviors_Quantity <Int32>
-CustomErrorResponses_Quantity <Int32>
-CachedMethods_Quantity <Int32>
-AllowedMethods_Quantity <Int32>
-WhitelistedNames_Quantity <Int32>
-Headers_Quantity <Int32>
-QueryStringCacheKeys_Quantity <Int32>
-LambdaFunctionAssociations_Quantity <Int32>
-TrustedSigners_Quantity <Int32>
-Origins_Quantity <Int32>
-GeoRestriction_Quantity <Int32>
-ForwardedValues_QueryString <Boolean>
-GeoRestriction_RestrictionType <GeoRestrictionType>
-DefaultCacheBehavior_SmoothStreaming <Boolean>
-ViewerCertificate_SSLSupportMethod <SSLSupportMethod>
-DefaultCacheBehavior_TargetOriginId <String>
-DefaultCacheBehavior_ViewerProtocolPolicy <ViewerProtocolPolicy>
-DistributionConfig_WebACLId <String>
-Force <SwitchParameter>

Description

Creates a new web distribution. Send a POST request to the /CloudFront API version/distribution/distribution ID resource.

Parameters

-Aliases_Item <String[]>
A complex type that contains the CNAME aliases, if any, that you want to associate with this distribution.
Required?False
Position?Named
Accept pipeline input?False
-Aliases_Quantity <Int32>
The number of CNAME aliases, if any, that you want to associate with this distribution.
Required?False
Position?Named
Accept pipeline input?False
-AllowedMethods_Item <String[]>
A complex type that contains the HTTP methods that you want CloudFront to process and forward to your origin.
Required?False
Position?Named
Accept pipeline input?False
-AllowedMethods_Quantity <Int32>
The number of HTTP methods that you want CloudFront to forward to your origin. Valid values are 2 (for GET and HEAD requests), 3 (for GET, HEAD, and OPTIONS requests) and 7 (for GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE requests).
Required?False
Position?Named
Accept pipeline input?False
-CacheBehaviors_Item <CacheBehavior[]>
Optional: A complex type that contains cache behaviors for this distribution. If Quantity is 0, you can omit Items.
Required?False
Position?Named
Accept pipeline input?False
-CacheBehaviors_Quantity <Int32>
The number of cache behaviors for this distribution.
Required?False
Position?Named
Accept pipeline input?False
-CachedMethods_Item <String[]>
A complex type that contains the HTTP methods that you want CloudFront to cache responses to.
Required?False
Position?Named
Accept pipeline input?False
-CachedMethods_Quantity <Int32>
The number of HTTP methods for which you want CloudFront to cache responses. Valid values are 2 (for caching responses to GET and HEAD requests) and 3 (for caching responses to GET, HEAD, and OPTIONS requests).
Required?False
Position?Named
Accept pipeline input?False
-Cookies_Forward <ItemSelection>
Specifies which cookies to forward to the origin for this cache behavior: all, none, or the list of cookies specified in the WhitelistedNames complex type.Amazon S3 doesn't process cookies. When the cache behavior is forwarding requests to an Amazon S3 origin, specify none for the Forward element.
Required?False
Position?Named
Accept pipeline input?False
-CustomErrorResponses_Item <CustomErrorResponse[]>
A complex type that contains a CustomErrorResponse element for each HTTP status code for which you want to specify a custom error page and/or a caching duration.
Required?False
Position?Named
Accept pipeline input?False
-CustomErrorResponses_Quantity <Int32>
The number of HTTP status codes for which you want to specify a custom error page and/or a caching duration. If Quantity is 0, you can omit Items.
Required?False
Position?Named
Accept pipeline input?False
-DefaultCacheBehavior_Compress <Boolean>
Whether you want CloudFront to automatically compress certain files for this cache behavior. If so, specify true; if not, specify false. For more information, see Serving Compressed Files in the Amazon CloudFront Developer Guide.
Required?False
Position?Named
Accept pipeline input?False
-DefaultCacheBehavior_DefaultTTL <Int64>
The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Specifying How Long Objects and Errors Stay in a CloudFront Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.
Required?False
Position?Named
Accept pipeline input?False
-DefaultCacheBehavior_MaxTTL <Int64>
Documentation for this parameter is not currently available; please refer to the service API documentation.
Required?False
Position?Named
Accept pipeline input?False
-DefaultCacheBehavior_MinTTL <Int64>
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Specifying How Long Objects and Errors Stay in a CloudFront Edge Cache (Expiration) in the Amazon Amazon CloudFront Developer Guide.You must specify 0 for MinTTL if you configure CloudFront to forward all headers to your origin (under Headers, if you specify 1 for Quantity and * for Name).
Required?False
Position?Named
Accept pipeline input?False
-DefaultCacheBehavior_SmoothStreaming <Boolean>
Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true; if not, specify false. If you specify true for SmoothStreaming, you can still distribute other content using this cache behavior if the content matches the value of PathPattern.
Required?False
Position?Named
Accept pipeline input?False
-DefaultCacheBehavior_TargetOriginId <String>
The value of ID for the origin that you want CloudFront to route requests to when a request matches the path pattern either for a cache behavior or for the default cache behavior.
Required?False
Position?Named
Accept pipeline input?False
-DefaultCacheBehavior_ViewerProtocolPolicy <ViewerProtocolPolicy>
The protocol that viewers can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. You can specify the following options:
  • allow-all: Viewers can use HTTP or HTTPS.
  • redirect-to-https: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
  • https-only: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).
For more information about requiring the HTTPS protocol, see Using an HTTPS Connection to Access Your Objects in the Amazon CloudFront Developer Guide.The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see Specifying How Long Objects and Errors Stay in a CloudFront Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.
Required?False
Position?Named
Accept pipeline input?False
-DistributionConfig_CallerReference <String>
A unique value (for example, a date-time stamp) that ensures that the request can't be replayed.If the value of CallerReference is new (regardless of the content of the DistributionConfig object), CloudFront creates a new distribution.If CallerReference is a value you already sent in a previous request to create a distribution, and if the content of the DistributionConfig is identical to the original request (ignoring white space), CloudFront returns the same the response that it returned to the original request.If CallerReference is a value you already sent in a previous request to create a distribution but the content of the DistributionConfig is different from the original request, CloudFront returns a DistributionAlreadyExists error.
Required?False
Position?Named
Accept pipeline input?False
-DistributionConfig_Comment <String>
Any comments you want to include about the distribution.If you don't want to specify a comment, include an empty Comment element.To delete an existing comment, update the distribution configuration and include an empty Comment element.To add or change a comment, update the distribution configuration and specify the new comment.
Required?False
Position?Named
Accept pipeline input?False
-DistributionConfig_DefaultRootObject <String>
The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution (http://www.example.com) instead of an object in your distribution (http://www.example.com/product-description.html). Specifying a default root object avoids exposing the contents of your distribution.Specify only the object name, for example, index.html. Do not add a / before the object name.If you don't want to specify a default root object when you create a distribution, include an empty DefaultRootObject element.To delete the default root object from an existing distribution, update the distribution configuration and include an empty DefaultRootObject element.To replace the default root object, update the distribution configuration and specify the new object.For more information about the default root object, see Creating a Default Root Object in the Amazon CloudFront Developer Guide.
Required?False
Position?Named
Accept pipeline input?False
-DistributionConfig_Enabled <Boolean>
From this field, you can enable or disable the selected distribution.If you specify false for Enabled but you specify values for Bucket and Prefix, the values are automatically deleted.
Required?False
Position?Named
Accept pipeline input?False
-DistributionConfig_HttpVersion <HttpVersion>
(Optional) Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. The default value for new web distributions is http2. Viewers that don't support HTTP/2 automatically use an earlier HTTP version.For viewers and CloudFront to use HTTP/2, viewers must support TLS 1.2 or later, and must support Server Name Identification (SNI).In general, configuring CloudFront to communicate with viewers using HTTP/2 reduces latency. You can improve performance by optimizing for HTTP/2. For more information, do an Internet search for "http/2 optimization."
Required?False
Position?Named
Accept pipeline input?False
-DistributionConfig_IsIPV6Enabled <Boolean>
If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution. In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, do not enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.If you're using an Amazon Route 53 alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:
  • You enable IPv6 for the distribution
  • You're using alternate domain names in the URLs for your objects
For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Amazon Route 53 Developer Guide.If you created a CNAME resource record set, either with Amazon Route 53 or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.
Required?False
Position?Named
Accept pipeline input?False
-DistributionConfig_PriceClass <PriceClass>
The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations.If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance.For more information about price classes, see Choosing the Price Class for a CloudFront Distribution in the Amazon CloudFront Developer Guide. For information about CloudFront pricing, including how price classes map to CloudFront regions, see Amazon CloudFront Pricing.
Required?False
Position?Named
Accept pipeline input?False
-DistributionConfig_WebACLId <String>
A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution.AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about AWS WAF, see the AWS WAF Developer Guide.
Required?False
Position?Named
Accept pipeline input?False
-Force <SwitchParameter>
This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.
Required?False
Position?Named
Accept pipeline input?False
-ForwardedValues_QueryString <Boolean>
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior and cache based on the query string parameters. CloudFront behavior depends on the value of QueryString and on the values that you specify for QueryStringCacheKeys, if any:If you specify true for QueryString and you don't specify any values for QueryStringCacheKeys, CloudFront forwards all query string parameters to the origin and caches based on all query string parameters. Depending on how many query string parameters and values you have, this can adversely affect performance because CloudFront must forward more requests to the origin.If you specify true for QueryString and you specify one or more values for QueryStringCacheKeys, CloudFront forwards all query string parameters to the origin, but it only caches based on the query string parameters that you specify.If you specify false for QueryString, CloudFront doesn't forward any query string parameters to the origin, and doesn't cache based on query string parameters.For more information, see Configuring CloudFront to Cache Based on Query String Parameters in the Amazon CloudFront Developer Guide.
Required?False
Position?Named
Accept pipeline input?False
-GeoRestriction_Item <String[]>
A complex type that contains a Location element for each country in which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).The Location element is a two-letter, uppercase country code for a country that you want to include in your blacklist or whitelist. Include one Location element for each country.CloudFront and MaxMind both use ISO 3166 country codes. For the current list of countries and the corresponding codes, see ISO 3166-1-alpha-2 code on the International Organization for Standardization website. You can also refer to the country list in the CloudFront console, which includes both country names and codes.
Required?False
Position?Named
Accept pipeline input?False
-GeoRestriction_Quantity <Int32>
When geo restriction is enabled, this is the number of countries in your whitelist or blacklist. Otherwise, when it is not enabled, Quantity is 0, and you can omit Items.
Required?False
Position?Named
Accept pipeline input?False
-GeoRestriction_RestrictionType <GeoRestrictionType>
The method that you want to use to restrict distribution of your content by country:
  • none: No geo restriction is enabled, meaning access to content is not restricted by client geo location.
  • blacklist: The Location elements specify the countries in which you do not want CloudFront to distribute your content.
  • whitelist: The Location elements specify the countries in which you want CloudFront to distribute your content.
Required?False
Position?Named
Accept pipeline input?False
-Headers_Item <String[]>
A complex type that contains one Name element for each header that you want CloudFront to forward to the origin and to vary on for this cache behavior. If Quantity is 0, omit Items.
Required?False
Position?Named
Accept pipeline input?False
-Headers_Quantity <Int32>
The number of different headers that you want CloudFront to forward to the origin for this cache behavior. You can configure each cache behavior in a web distribution to do one of the following:
  • Forward all headers to your origin: Specify 1 for Quantity and * for Name.If you configure CloudFront to forward all headers to your origin, CloudFront doesn't cache the objects associated with this cache behavior. Instead, it sends every request to the origin.
  • Forward a whitelist of headers you specify: Specify the number of headers that you want to forward, and specify the header names in Name elements. CloudFront caches your objects based on the values in all of the specified headers. CloudFront also forwards the headers that it forwards by default, but it caches your objects based only on the headers that you specify.
  • Forward only the default headers: Specify 0 for Quantity and omit Items. In this configuration, CloudFront doesn't cache based on the values in the request headers.
Required?False
Position?Named
Accept pipeline input?False
-LambdaFunctionAssociations_Item <LambdaFunctionAssociation[]>
Optional: A complex type that contains LambdaFunctionAssociation items for this cache behavior. If Quantity is 0, you can omit Items.
Required?False
Position?Named
Accept pipeline input?False
-LambdaFunctionAssociations_Quantity <Int32>
The number of Lambda function associations for this cache behavior.
Required?False
Position?Named
Accept pipeline input?False
-Logging_Bucket <String>
The Amazon S3 bucket to store the access logs in, for example, myawslogbucket.s3.amazonaws.com.
Required?False
Position?Named
Accept pipeline input?False
-Logging_Enabled <Boolean>
Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you do not want to enable logging when you create a distribution or if you want to disable logging for an existing distribution, specify false for Enabled, and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket, prefix, and IncludeCookies, the values are automatically deleted.
Required?False
Position?Named
Accept pipeline input?False
-Logging_IncludeCookie <Boolean>
Specifies whether you want CloudFront to include cookies in access logs, specify true for IncludeCookies. If you choose to include cookies in logs, CloudFront logs all cookies regardless of how you configure the cache behaviors for this distribution. If you do not want to include cookies when you create a distribution or if you want to disable include cookies for an existing distribution, specify false for IncludeCookies.
Required?False
Position?Named
Accept pipeline input?False
-Logging_Prefix <String>
An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/. If you want to enable logging, but you do not want to specify a prefix, you still must include an empty Prefix element in the Logging element.
Required?False
Position?Named
Accept pipeline input?False
-Origins_Item <Origin[]>
A complex type that contains origins for this distribution.
Required?False
Position?Named
Accept pipeline input?False
-Origins_Quantity <Int32>
The number of origins for this distribution.
Required?False
Position?Named
Accept pipeline input?False
-QueryStringCacheKeys_Item <String[]>
(Optional) A list that contains the query string parameters that you want CloudFront to use as a basis for caching for this cache behavior. If Quantity is 0, you can omit Items.
Required?False
Position?Named
Accept pipeline input?False
-QueryStringCacheKeys_Quantity <Int32>
The number of whitelisted query string parameters for this cache behavior.
Required?False
Position?Named
Accept pipeline input?False
-TrustedSigners_Enabled <Boolean>
Specifies whether you want to require viewers to use signed URLs to access the files specified by PathPattern and TargetOriginId.
Required?False
Position?Named
Accept pipeline input?False
-TrustedSigners_Item <String[]>
Optional: A complex type that contains trusted signers for this cache behavior. If Quantity is 0, you can omit Items.
Required?False
Position?Named
Accept pipeline input?False
-TrustedSigners_Quantity <Int32>
The number of trusted signers for this cache behavior.
Required?False
Position?Named
Accept pipeline input?False
-ViewerCertificate_ACMCertificateArn <String>
Documentation for this parameter is not currently available; please refer to the service API documentation.
Required?False
Position?Named
Accept pipeline input?False
-ViewerCertificate_Certificate <String>
Include one of these values to specify the following:
  • Whether you want viewers to use HTTP or HTTPS to request your objects.
  • If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
  • If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.
You must specify one (and only one) of the three values. Do not specify false for CloudFrontDefaultCertificate.If you want viewers to use HTTP to request your objects: Specify the following value:<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:
  • If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:
    • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.
    • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.
    If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution (https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:
    • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.
    • sni-only: CloudFront drops the connection with the browser without returning the object.
  • If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net: Specify the following value: <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate> If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:
    • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
    • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
    You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:
    • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
    • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
    For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
Required?False
Position?Named
Accept pipeline input?False
-ViewerCertificate_CertificateSource <CertificateSource>
This field is deprecated. You can use one of the following: [ACMCertificateArn, IAMCertificateId, or CloudFrontDefaultCertificate].
Required?False
Position?Named
Accept pipeline input?False
-ViewerCertificate_CloudFrontDefaultCertificate <Boolean>
Documentation for this parameter is not currently available; please refer to the service API documentation.
Required?False
Position?Named
Accept pipeline input?False
-ViewerCertificate_IAMCertificateId <String>
Documentation for this parameter is not currently available; please refer to the service API documentation.
Required?False
Position?Named
Accept pipeline input?False
-ViewerCertificate_MinimumProtocolVersion <MinimumProtocolVersion>
Specify the minimum version of the SSL/TLS protocol that you want CloudFront to use for HTTPS connections between viewers and CloudFront: SSLv3 or TLSv1. CloudFront serves your objects only to viewers that support SSL/TLS version that you specify and later versions. The TLSv1 protocol is more secure, so we recommend that you specify SSLv3 only if your users are using browsers or devices that don't support TLSv1. Note the following:
  • If you specify <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>, the minimum SSL protocol version is TLSv1 and can't be changed.
  • If you're using a custom certificate (if you specify a value for ACMCertificateArn or for IAMCertificateId) and if you're using SNI (if you specify sni-only for SSLSupportMethod), you must specify TLSv1 for MinimumProtocolVersion.
Required?False
Position?Named
Accept pipeline input?False
-ViewerCertificate_SSLSupportMethod <SSLSupportMethod>
If you specify a value for ACMCertificateArn or for IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:
  • vip: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, you will incur additional monthly charges.
  • sni-only: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but some browsers still in use don't support SNI. If some of your users' browsers don't support SNI, we recommend that you do one of the following:
    • Use the vip option (dedicated IP addresses) instead of sni-only.
    • Use the CloudFront SSL/TLS certificate instead of a custom certificate. This requires that you use the CloudFront domain name of your distribution in the URLs for your objects, for example, https://d111111abcdef8.cloudfront.net/logo.png.
    • If you can control which browser your users use, upgrade the browser to one that supports SNI.
    • Use HTTP instead of HTTPS.
Do not specify a value for SSLSupportMethod if you specified <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>.For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.
Required?False
Position?Named
Accept pipeline input?False
-WhitelistedNames_Item <String[]>
A complex type that contains one Name element for each cookie that you want CloudFront to forward to the origin for this cache behavior.
Required?False
Position?Named
Accept pipeline input?False
-WhitelistedNames_Quantity <Int32>
The number of different cookies that you want CloudFront to forward to the origin for this cache behavior.
Required?False
Position?Named
Accept pipeline input?False

Common Credential and Region Parameters

-AccessKey <String>
The AWS access key for the user account. This can be a temporary access key if the corresponding session token is supplied to the -SessionToken parameter.
Required? False
Position? Named
Accept pipeline input? False
-Credential <AWSCredentials>
An AWSCredentials object instance containing access and secret key information, and optionally a token for session-based credentials.
Required? False
Position? Named
Accept pipeline input? False
-ProfileLocation <String>

Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)

If this optional parameter is omitted this cmdlet will search the encrypted credential file used by the AWS SDK for .NET and AWS Toolkit for Visual Studio first. If the profile is not found then the cmdlet will search in the ini-format credential file at the default location: (user's home directory)\.aws\credentials. Note that the encrypted credential file is not supported on all platforms. It will be skipped when searching for profiles on Windows Nano Server, Mac, and Linux platforms.

If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.

As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.

Required? False
Position? Named
Accept pipeline input? False
-ProfileName <String>
The user-defined name of an AWS credentials or SAML-based role profile containing credential information. The profile is expected to be found in the secure credential file shared with the AWS SDK for .NET and AWS Toolkit for Visual Studio. You can also specify the name of a profile stored in the .ini-format credential file used with the AWS CLI and other AWS SDKs.
Required? False
Position? Named
Accept pipeline input? False
-NetworkCredential <PSCredential>
Used with SAML-based authentication when ProfileName references a SAML role profile. Contains the network credentials to be supplied during authentication with the configured identity provider's endpoint. This parameter is not required if the user's default network identity can or should be used during authentication.
Required? False
Position? Named
Accept pipeline input? False
-SecretKey <String>
The AWS secret key for the user account. This can be a temporary secret key if the corresponding session token is supplied to the -SessionToken parameter.
Required? False
Position? Named
Accept pipeline input? False
-SessionToken <String>
The session token if the access and secret keys are temporary session-based credentials.
Required? False
Position? Named
Accept pipeline input? False
-Region <String>
The system name of the AWS region in which the operation should be invoked. For example, us-east-1, eu-west-1 etc.
Required? False
Position? Named
Accept pipeline input? False
-EndpointUrl <String>

The endpoint to make the call against.

Note: This parameter is primarily for internal AWS use and is not required/should not be specified for normal usage. The cmdlets normally determine which endpoint to call based on the region specified to the -Region parameter or set as default in the shell (via Set-DefaultAWSRegion). Only specify this parameter if you must direct the call to a specific custom endpoint.

Required? False
Position? Named
Accept pipeline input? False

Inputs

This cmdlet does not accept pipeline input.

Outputs

This cmdlet returns a Amazon.CloudFront.Model.CreateDistributionResponse object containing multiple properties. The object can also be referenced from properties attached to the cmdlet entry in the $AWSHistory stack.

Examples

Example 1

PS C:\>$origin = New-Object Amazon.CloudFront.Model.Origin
PS C:\>$origin.DomainName = "ps-cmdlet-sample.s3.amazonaws.com"
PS C:\>$origin.Id = "UniqueOrigin1"
PS C:\>$origin.S3OriginConfig = New-Object Amazon.CloudFront.Model.S3OriginConfig
PS C:\>$origin.S3OriginConfig.OriginAccessIdentity = ""
PS C:\>New-CFDistribution `
-DistributionConfig_Enabled $true `
-DistributionConfig_Comment "Test distribution" `
-Origins_Item $origin `
-Origins_Quantity 1 `
-Logging_Enabled $true `
-Logging_IncludeCookie $true `
-Logging_Bucket ps-cmdlet-sample-logging.s3.amazonaws.com `
-Logging_Prefix "help/" `
-DistributionConfig_CallerReference Client1 `
-DistributionConfig_DefaultRootObject index.html `
-DefaultCacheBehavior_TargetOriginId $origin.Id `
-ForwardedValues_QueryString $true `
-Cookies_Forward all `
-WhitelistedNames_Quantity 0 `
-TrustedSigners_Enabled $false `
-TrustedSigners_Quantity 0 `
-DefaultCacheBehavior_ViewerProtocolPolicy allow-all `
-DefaultCacheBehavior_MinTTL 1000 `
-DistributionConfig_PriceClass "PriceClass_All" `
-CacheBehaviors_Quantity 0 `
-Aliases_Quantity 0
Creates a basic CloudFront distribution, configured with logging and caching.

Supported Version

AWS Tools for PowerShell: 2.x.y.z