Interface CfnDistribution.IDefaultCacheBehaviorProperty
A complex type that describes the default cache behavior if you don't specify a CacheBehavior element or if request URLs don't match any of the values of PathPattern in CacheBehavior elements.
Namespace: Amazon.CDK.AWS.CloudFront
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface CfnDistribution.IDefaultCacheBehaviorPropertySyntax (vb)
Public Interface CfnDistribution.IDefaultCacheBehaviorPropertyRemarks
You must create exactly one default cache behavior.
If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the <code>Cache-Control: no-cache</code> , <code>no-store</code> , or <code>private</code> directives are present in the origin headers.
ExampleMetadata: infused
Examples
// Create the simple Origin
var myBucket = new Bucket(this, "myBucket");
var s3Origin = S3BucketOrigin.WithOriginAccessControl(myBucket, new S3BucketOriginWithOACProps {
OriginAccessLevels = new [] { AccessLevel.READ, AccessLevel.LIST }
});
// Create the Distribution construct
var myMultiTenantDistribution = new Distribution(this, "cf-hosted-distribution", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = s3Origin
},
DefaultRootObject = "index.html"
});
// Access the underlying L1 CfnDistribution to configure SaaS Manager properties which are not yet available in the L2 Distribution construct
var cfnDistribution = (CfnDistribution)myMultiTenantDistribution.Node.DefaultChild;
var defaultCacheBehavior = new DefaultCacheBehaviorProperty {
TargetOriginId = myBucket.BucketArn,
ViewerProtocolPolicy = "allow-all",
Compress = false,
AllowedMethods = new [] { "GET", "HEAD" },
CachePolicyId = CachePolicy.CACHING_OPTIMIZED.CachePolicyId
};
// Create the updated distributionConfig
var distributionConfig = new DistributionConfigProperty {
DefaultCacheBehavior = defaultCacheBehavior,
Enabled = true,
// the properties below are optional
ConnectionMode = "tenant-only",
Origins = new [] { new OriginProperty {
Id = myBucket.BucketArn,
DomainName = myBucket.BucketDomainName,
S3OriginConfig = new S3OriginConfigProperty { },
OriginPath = "/{{tenantName}}"
} },
TenantConfig = new TenantConfigProperty {
ParameterDefinitions = new [] { new ParameterDefinitionProperty {
Definition = new DefinitionProperty {
StringSchema = new StringSchemaProperty {
Required = false,
// the properties below are optional
Comment = "tenantName",
DefaultValue = "root"
}
},
Name = "tenantName"
} }
}
};
// Override the distribution configuration to enable multi-tenancy.
cfnDistribution.DistributionConfig = distributionConfig;
// Create a connection group so we have access to the RoutingEndpoint associated with the tenant we are about to create
var connectionGroup = new CfnConnectionGroup(this, "self-hosted-connection-group", new CfnConnectionGroupProps {
Enabled = true,
Ipv6Enabled = true,
Name = "self-hosted-connection-group"
});
// Export the RoutingEndpoint, skip this step if you'd prefer to fetch it from the CloudFront console or via Cloudfront.ListConnectionGroups API
// Export the RoutingEndpoint, skip this step if you'd prefer to fetch it from the CloudFront console or via Cloudfront.ListConnectionGroups API
new CfnOutput(this, "RoutingEndpoint", new CfnOutputProps {
Value = connectionGroup.AttrRoutingEndpoint,
Description = "CloudFront Routing Endpoint to be added to my hosted zone CNAME records"
});
// Create a distribution tenant with a self-hosted domain.
var selfHostedTenant = new CfnDistributionTenant(this, "self-hosted-tenant", new CfnDistributionTenantProps {
DistributionId = myMultiTenantDistribution.DistributionId,
ConnectionGroupId = connectionGroup.AttrId,
Name = "self-hosted-tenant",
Domains = new [] { "self-hosted-tenant.my.domain.com" },
Enabled = true,
ManagedCertificateRequest = new ManagedCertificateRequestProperty {
PrimaryDomainName = "self-hosted-tenant.my.domain.com",
ValidationTokenHost = "self-hosted"
}
});Synopsis
Properties
| AllowedMethods | A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. |
| CachePolicyId | The unique identifier of the cache policy that is attached to the default cache behavior. |
| CachedMethods | A complex type that controls whether CloudFront caches the response to requests using the specified HTTP methods. |
| Compress | Whether you want CloudFront to automatically compress certain files for this cache behavior. |
| DefaultTtl | This field only supports standard distributions. |
| FieldLevelEncryptionId | The value of |
| ForwardedValues | This field is deprecated. |
| FunctionAssociations | A list of CloudFront functions that are associated with this cache behavior. |
| GrpcConfig | The gRPC configuration for your cache behavior. |
| LambdaFunctionAssociations | A complex type that contains zero or more Lambda@Edge function associations for a cache behavior. |
| MaxTtl | This field only supports standard distributions. |
| MinTtl | This field only supports standard distributions. |
| OriginRequestPolicyId | The unique identifier of the origin request policy that is attached to the default cache behavior. |
| RealtimeLogConfigArn | The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior. |
| ResponseHeadersPolicyId | The identifier for a response headers policy. |
| SmoothStreaming | This field only supports standard distributions. |
| TargetOriginId | The value of |
| TrustedKeyGroups | A list of key groups that CloudFront can use to validate signed URLs or signed cookies. |
| TrustedSigners | We recommend using |
| ViewerProtocolPolicy | The protocol that viewers can use to access the files in the origin specified by |
Properties
AllowedMethods
A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin.
string[]? AllowedMethods { get; }Property Value
string[]
Remarks
There are three choices:
If you pick the third choice, you may need to restrict access to your Amazon S3 bucket or to your custom origin so users can't perform operations that you don't want them to. For example, you might not want users to have permissions to delete objects from your origin.
CachePolicyId
The unique identifier of the cache policy that is attached to the default cache behavior.
string? CachePolicyId { get; }Property Value
Remarks
For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide .
A DefaultCacheBehavior must include either a CachePolicyId or ForwardedValues . We recommend that you use a CachePolicyId .
Default: - ""
CachedMethods
A complex type that controls whether CloudFront caches the response to requests using the specified HTTP methods.
string[]? CachedMethods { get; }Property Value
string[]
Remarks
There are two choices:
If you pick the second choice for your Amazon S3 Origin, you may need to forward Access-Control-Request-Method, Access-Control-Request-Headers, and Origin headers for the responses to be cached correctly.
Compress
Whether you want CloudFront to automatically compress certain files for this cache behavior.
object? Compress { get; }Property Value
Remarks
If so, specify true ; if not, specify false . For more information, see Serving Compressed Files in the Amazon CloudFront Developer Guide .
Default: - false
Type union: either bool or IResolvable
DefaultTtl
This field only supports standard distributions.
double? DefaultTtl { get; }Property Value
Remarks
You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide .
This field is deprecated. We recommend that you use the DefaultTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide .
The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age , Cache-Control s-maxage , and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide .
Default: - 86400
FieldLevelEncryptionId
The value of ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for the default cache behavior.
string? FieldLevelEncryptionId { get; }Property Value
Remarks
ForwardedValues
This field is deprecated.
object? ForwardedValues { get; }Property Value
Remarks
We recommend that you use a cache policy or an origin request policy instead of this field. For more information, see Working with policies in the Amazon CloudFront Developer Guide .
If you want to include values in the cache key, use a cache policy. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide .
If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies or Using the managed origin request policies in the Amazon CloudFront Developer Guide .
A DefaultCacheBehavior must include either a CachePolicyId or ForwardedValues . We recommend that you use a CachePolicyId .
A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.
Type union: either IResolvable or CfnDistribution.IForwardedValuesProperty
FunctionAssociations
A list of CloudFront functions that are associated with this cache behavior.
object? FunctionAssociations { get; }Property Value
Remarks
Your functions must be published to the LIVE stage to associate them with a cache behavior.
Type union: either IResolvable or (either IResolvable or CfnDistribution.IFunctionAssociationProperty)[]
GrpcConfig
The gRPC configuration for your cache behavior.
object? GrpcConfig { get; }Property Value
Remarks
LambdaFunctionAssociations
A complex type that contains zero or more Lambda@Edge function associations for a cache behavior.
object? LambdaFunctionAssociations { get; }Property Value
Remarks
Type union: either IResolvable or (either IResolvable or CfnDistribution.ILambdaFunctionAssociationProperty)[]
MaxTtl
This field only supports standard distributions.
double? MaxTtl { get; }Property Value
Remarks
You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide .
This field is deprecated. We recommend that you use the MaxTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide .
The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age , Cache-Control s-maxage , and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide .
Default: - 31536000
MinTtl
This field only supports standard distributions.
double? MinTtl { get; }Property Value
Remarks
You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide .
This field is deprecated. We recommend that you use the MinTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide .
The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide .
You must specify 0 for MinTTL if you configure CloudFront to forward all headers to your origin (under Headers , if you specify 1 for Quantity and * for Name ).
Default: - 0
OriginRequestPolicyId
The unique identifier of the origin request policy that is attached to the default cache behavior.
string? OriginRequestPolicyId { get; }Property Value
Remarks
For more information, see Creating origin request policies or Using the managed origin request policies in the Amazon CloudFront Developer Guide .
Default: - ""
RealtimeLogConfigArn
The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior.
string? RealtimeLogConfigArn { get; }Property Value
Remarks
For more information, see Real-time logs in the Amazon CloudFront Developer Guide .
Default: - ""
ResponseHeadersPolicyId
The identifier for a response headers policy.
string? ResponseHeadersPolicyId { get; }Property Value
Remarks
SmoothStreaming
This field only supports standard distributions.
object? SmoothStreaming { get; }Property Value
Remarks
You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide .
Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true ; if not, specify false . If you specify true for SmoothStreaming , you can still distribute other content using this cache behavior if the content matches the value of PathPattern .
Default: - false
Type union: either bool or IResolvable
TargetOriginId
The value of ID for the origin that you want CloudFront to route requests to when they use the default cache behavior.
string TargetOriginId { get; }Property Value
Remarks
TrustedKeyGroups
A list of key groups that CloudFront can use to validate signed URLs or signed cookies.
string[]? TrustedKeyGroups { get; }Property Value
string[]
Remarks
When a cache behavior contains trusted key groups, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with a private key whose corresponding public key is in the key group. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide .
TrustedSigners
We recommend using
TrustedKeyGroupsinstead ofTrustedSigners.
string[]? TrustedSigners { get; }Property Value
string[]
Remarks
This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas">Unsupported features for SaaS Manager for Amazon CloudFront</a> in the <em>Amazon CloudFront Developer Guide</em> .
A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.
When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer's AWS account . The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide .
ViewerProtocolPolicy
The protocol that viewers can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern .
string ViewerProtocolPolicy { get; }Property Value
Remarks
You can specify the following options:
For more information about requiring the HTTPS protocol, see Requiring HTTPS Between Viewers and CloudFront in the Amazon CloudFront Developer Guide .
The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Expiration.html">Managing Cache Expiration</a> in the <em>Amazon CloudFront Developer Guide</em> .