Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

CloudFront DistributionConfiguration ViewerCertificate

ViewerCertificate is a property of the CloudFront DistributionConfig property that specifies which certificate to use when viewers use HTTPS to request objects.

Syntax

JSON

Copy
{ "AcmCertificateArn" : String, "CloudFrontDefaultCertificate" : Boolean, "IamCertificateId" : String, "MinimumProtocolVersion" : String, "SslSupportMethod" : String }

Properties

AcmCertificateArn

If you're using an alternate domain name, the Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate. Use the ACM service to provision and manage your certificates. For more information, see the AWS Certificate Manager User Guide.

Note

Currently, you can specify only certificates that are in the US East (N. Virginia) region.

Required: Conditional. You must specify one of the following properties: AcmCertificateArn, CloudFrontDefaultCertificate, or IamCertificateId.

Type: String

CloudFrontDefaultCertificate

Indicates whether to use the default certificate for your CloudFront domain name when viewers use HTTPS to request your content.

Required: Conditional. You must specify one of the following properties: AcmCertificateArn, CloudFrontDefaultCertificate, or IamCertificateId.

Type: Boolean

IamCertificateId

If you're using an alternate domain name, the ID of a server certificate that was purchased from a certificate authority. This ID is the ServerCertificateId value, which AWS Identity and Access Management (IAM) returns when the certificate is added to the IAM certificate store, such as ASCACKCEVSQ6CEXAMPLE1.

Required: Conditional. You must specify one of the following properties: AcmCertificateArn, CloudFrontDefaultCertificate, or IamCertificateId.

Type: String

MinimumProtocolVersion

The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify. For valid values, see the MinimumProtocolVersion content for the ViewerCertificate data type in the Amazon CloudFront API Reference.

AWS CloudFormation specifies SSLv3 by default. However, if you specify the IamCertificateId or AcmCertificateArn property and specify SNI only for the SslSupportMethod property, AWS CloudFormation specifies TLSv1 for the minimum protocol version.

Required: No

Type: String

SslSupportMethod

Specifies how CloudFront serves HTTPS requests. For valid values, see the SslSupportMethod content for the ViewerCertificate data type in the Amazon CloudFront API Reference.

Required: Conditional. Required if you specified the IamCertificateId or AcmCertificateArn property.

Type: String

On this page: