Namespace Amazon.CDK.AWS.CloudFront
Amazon CloudFront Construct Library
Amazon CloudFront is a web service that speeds up distribution of your static and dynamic web content, such as .html, .css, .js, and image files, to your users. CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you're serving with CloudFront, the user is routed to the edge location that provides the lowest latency, so that content is delivered with the best possible performance.
Distribution API
The Distribution
API replaces the CloudFrontWebDistribution
API which is now deprecated. The Distribution
API is optimized for the
most common use cases of CloudFront distributions (e.g., single origin and behavior, few customizations) while still providing the ability for more
advanced use cases. The API focuses on simplicity for the common use cases, and convenience methods for creating the behaviors and origins necessary
for more complex use cases.
Creating a distribution
CloudFront distributions deliver your content from one or more origins; an origin is the location where you store the original version of your
content. Origins can be created from S3 buckets or a custom origin (HTTP server). Constructs to define origins are in the aws-cdk-lib/aws-cloudfront-origins
module.
Each distribution has a default behavior which applies to all requests to that distribution, and routes requests to a primary origin. Additional behaviors may be specified for an origin with a given URL path pattern. Behaviors allow routing with multiple origins, controlling which HTTP methods to support, whether to require users to use HTTPS, and what query strings or cookies to forward to your origin, among other settings.
From an S3 Bucket
An S3 bucket can be added as an origin. An S3 bucket origin can either be configured as a standard bucket or as a website endpoint (see AWS docs for Using an S3 Bucket).
// Creates a distribution from an S3 bucket with origin access control
var myBucket = new Bucket(this, "myBucket");
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = S3BucketOrigin.WithOriginAccessControl(myBucket)
}
});
See the README of the aws-cdk-lib/aws-cloudfront-origins
module for more information on setting up S3 origins and origin access control (OAC).
ELBv2 Load Balancer
An Elastic Load Balancing (ELB) v2 load balancer may be used as an origin. In order for a load balancer to serve as an origin, it must be publicly
accessible (internetFacing
is true). Both Application and Network load balancers are supported.
// Creates a distribution from an ELBv2 load balancer
Vpc vpc;
// Create an application load balancer in a VPC. 'internetFacing' must be 'true'
// for CloudFront to access the load balancer and use it as an origin.
var lb = new ApplicationLoadBalancer(this, "LB", new ApplicationLoadBalancerProps {
Vpc = vpc,
InternetFacing = true
});
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = new LoadBalancerV2Origin(lb) }
});
From an HTTP endpoint
Origins can also be created from any other HTTP endpoint, given the domain name, and optionally, other origin properties.
// Creates a distribution from an HTTP endpoint
// Creates a distribution from an HTTP endpoint
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = new HttpOrigin("www.example.com") }
});
Domain Names and Certificates
When you create a distribution, CloudFront assigns a domain name for the distribution, for example: d111111abcdef8.cloudfront.net
; this value can
be retrieved from distribution.distributionDomainName
. CloudFront distributions use a default certificate (*.cloudfront.net
) to support HTTPS by
default. If you want to use your own domain name, such as www.example.com
, you must associate a certificate with your distribution that contains
your domain name, and provide one (or more) domain names from the certificate for the distribution.
The certificate must be present in the AWS Certificate Manager (ACM) service in the US East (N. Virginia) region; the certificate
may either be created by ACM, or created elsewhere and imported into ACM. When a certificate is used, the distribution will support HTTPS connections
from SNI only and a minimum protocol version of TLSv1.2_2021 if the @aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021
feature flag is set, and TLSv1.2_2019 otherwise.
// To use your own domain name in a Distribution, you must associate a certificate
using Amazon.CDK.AWS.CertificateManager;
using Amazon.CDK.AWS.Route53;
HostedZone hostedZone;
Bucket myBucket;
var myCertificate = new Certificate(this, "mySiteCert", new CertificateProps {
DomainName = "www.example.com",
Validation = CertificateValidation.FromDns(hostedZone)
});
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = new S3Origin(myBucket) },
DomainNames = new [] { "www.example.com" },
Certificate = myCertificate
});
However, you can customize the minimum protocol version for the certificate while creating the distribution using minimumProtocolVersion
property.
// Create a Distribution with a custom domain name and a minimum protocol version.
Bucket myBucket;
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = new S3Origin(myBucket) },
DomainNames = new [] { "www.example.com" },
MinimumProtocolVersion = SecurityPolicyProtocol.TLS_V1_2016,
SslSupportMethod = SSLMethod.SNI
});
Moving an alternate domain name to a different distribution
When you try to add an alternate domain name to a distribution but the alternate domain name is already in use on a different distribution, you get a CNAMEAlreadyExists
error (One or more of the CNAMEs you provided are already associated with a different resource).
In that case, you might want to move the existing alternate domain name from one distribution (the source distribution) to another (the target distribution). The following steps are an overview of the process. For more information, see Moving an alternate domain name to a different distribution.
Cross Region Certificates
This feature is currently experimental
You can enable the Stack property crossRegionReferences
in order to access resources in a different stack and region. With this feature flag
enabled it is possible to do something like creating a CloudFront distribution in us-east-2
and
an ACM certificate in us-east-1
.
using Amazon.CDK.AWS.CertificateManager;
using Amazon.CDK.AWS.Route53;
App app;
var stack1 = new Stack(app, "Stack1", new StackProps {
Env = new Environment {
Region = "us-east-1"
},
CrossRegionReferences = true
});
var cert = new Certificate(stack1, "Cert", new CertificateProps {
DomainName = "*.example.com",
Validation = CertificateValidation.FromDns(PublicHostedZone.FromHostedZoneId(stack1, "Zone", "Z0329774B51CGXTDQV3X"))
});
var stack2 = new Stack(app, "Stack2", new StackProps {
Env = new Environment {
Region = "us-east-2"
},
CrossRegionReferences = true
});
new Distribution(stack2, "Distribution", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new HttpOrigin("example.com")
},
DomainNames = new [] { "dev.example.com" },
Certificate = cert
});
Multiple Behaviors & Origins
Each distribution has a default behavior which applies to all requests to that distribution; additional behaviors may be specified for a given URL path pattern. Behaviors allow routing with multiple origins, controlling which HTTP methods to support, whether to require users to use HTTPS, and what query strings or cookies to forward to your origin, among others.
The properties of the default behavior can be adjusted as part of the distribution creation. The following example shows configuring the HTTP methods and viewer protocol policy of the cache.
// Create a Distribution with configured HTTP methods and viewer protocol policy of the cache.
Bucket myBucket;
var myWebDistribution = new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new S3Origin(myBucket),
AllowedMethods = AllowedMethods.ALLOW_ALL,
ViewerProtocolPolicy = ViewerProtocolPolicy.REDIRECT_TO_HTTPS
}
});
Additional behaviors can be specified at creation, or added after the initial creation. Each additional behavior is associated with an origin,
and enable customization for a specific set of resources based on a URL path pattern. For example, we can add a behavior to myWebDistribution
to
override the default viewer protocol policy for all of the images.
// Add a behavior to a Distribution after initial creation.
Bucket myBucket;
Distribution myWebDistribution;
myWebDistribution.AddBehavior("/images/*.jpg", new S3Origin(myBucket), new AddBehaviorOptions {
ViewerProtocolPolicy = ViewerProtocolPolicy.REDIRECT_TO_HTTPS
});
These behaviors can also be specified at distribution creation time.
// Create a Distribution with additional behaviors at creation time.
Bucket myBucket;
var bucketOrigin = new S3Origin(myBucket);
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = bucketOrigin,
AllowedMethods = AllowedMethods.ALLOW_ALL,
ViewerProtocolPolicy = ViewerProtocolPolicy.REDIRECT_TO_HTTPS
},
AdditionalBehaviors = new Dictionary<string, BehaviorOptions> {
{ "/images/*.jpg", new BehaviorOptions {
Origin = bucketOrigin,
ViewerProtocolPolicy = ViewerProtocolPolicy.REDIRECT_TO_HTTPS
} }
}
});
Customizing Cache Keys and TTLs with Cache Policies
You can use a cache policy to improve your cache hit ratio by controlling the values (URL query strings, HTTP headers, and cookies) that are included in the cache key, and/or adjusting how long items remain in the cache via the time-to-live (TTL) settings. CloudFront provides some predefined cache policies, known as managed policies, for common use cases. You can use these managed policies, or you can create your own cache policy that’s specific to your needs. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html for more details.
// Using an existing cache policy for a Distribution
S3Origin bucketOrigin;
new Distribution(this, "myDistManagedPolicy", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = bucketOrigin,
CachePolicy = CachePolicy.CACHING_OPTIMIZED
}
});
// Creating a custom cache policy for a Distribution -- all parameters optional
S3Origin bucketOrigin;
var myCachePolicy = new CachePolicy(this, "myCachePolicy", new CachePolicyProps {
CachePolicyName = "MyPolicy",
Comment = "A default policy",
DefaultTtl = Duration.Days(2),
MinTtl = Duration.Minutes(1),
MaxTtl = Duration.Days(10),
CookieBehavior = CacheCookieBehavior.All(),
HeaderBehavior = CacheHeaderBehavior.AllowList("X-CustomHeader"),
QueryStringBehavior = CacheQueryStringBehavior.DenyList("username"),
EnableAcceptEncodingGzip = true,
EnableAcceptEncodingBrotli = true
});
new Distribution(this, "myDistCustomPolicy", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = bucketOrigin,
CachePolicy = myCachePolicy
}
});
Customizing Origin Requests with Origin Request Policies
When CloudFront makes a request to an origin, the URL path, request body (if present), and a few standard headers are included. Other information from the viewer request, such as URL query strings, HTTP headers, and cookies, is not included in the origin request by default. You can use an origin request policy to control the information that’s included in an origin request. CloudFront provides some predefined origin request policies, known as managed policies, for common use cases. You can use these managed policies, or you can create your own origin request policy that’s specific to your needs. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html for more details.
// Using an existing origin request policy for a Distribution
S3Origin bucketOrigin;
new Distribution(this, "myDistManagedPolicy", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = bucketOrigin,
OriginRequestPolicy = OriginRequestPolicy.CORS_S3_ORIGIN
}
});
// Creating a custom origin request policy for a Distribution -- all parameters optional
S3Origin bucketOrigin;
var myOriginRequestPolicy = new OriginRequestPolicy(this, "OriginRequestPolicy", new OriginRequestPolicyProps {
OriginRequestPolicyName = "MyPolicy",
Comment = "A default policy",
CookieBehavior = OriginRequestCookieBehavior.None(),
HeaderBehavior = OriginRequestHeaderBehavior.All("CloudFront-Is-Android-Viewer"),
QueryStringBehavior = OriginRequestQueryStringBehavior.AllowList("username")
});
new Distribution(this, "myDistCustomPolicy", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = bucketOrigin,
OriginRequestPolicy = myOriginRequestPolicy
}
});
Customizing Response Headers with Response Headers Policies
You can configure CloudFront to add one or more HTTP headers to the responses that it sends to viewers (web browsers or other clients), without making any changes to the origin or writing any code. To specify the headers that CloudFront adds to HTTP responses, you use a response headers policy. CloudFront adds the headers regardless of whether it serves the object from the cache or has to retrieve the object from the origin. If the origin response includes one or more of the headers that’s in a response headers policy, the policy can specify whether CloudFront uses the header it received from the origin or overwrites it with the one in the policy. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/adding-response-headers.html
[!NOTE]
If xssProtection <code>reportUri</code> is specified, then <code>modeBlock</code> cannot be set to <code>true</code>.
// Using an existing managed response headers policy
S3Origin bucketOrigin;
new Distribution(this, "myDistManagedPolicy", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = bucketOrigin,
ResponseHeadersPolicy = ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS
}
});
// Creating a custom response headers policy -- all parameters optional
var myResponseHeadersPolicy = new ResponseHeadersPolicy(this, "ResponseHeadersPolicy", new ResponseHeadersPolicyProps {
ResponseHeadersPolicyName = "MyPolicy",
Comment = "A default policy",
CorsBehavior = new ResponseHeadersCorsBehavior {
AccessControlAllowCredentials = false,
AccessControlAllowHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
AccessControlAllowMethods = new [] { "GET", "POST" },
AccessControlAllowOrigins = new [] { "*" },
AccessControlExposeHeaders = new [] { "X-Custom-Header-1", "X-Custom-Header-2" },
AccessControlMaxAge = Duration.Seconds(600),
OriginOverride = true
},
CustomHeadersBehavior = new ResponseCustomHeadersBehavior {
CustomHeaders = new [] { new ResponseCustomHeader { Header = "X-Amz-Date", Value = "some-value", Override = true }, new ResponseCustomHeader { Header = "X-Amz-Security-Token", Value = "some-value", Override = false } }
},
SecurityHeadersBehavior = new ResponseSecurityHeadersBehavior {
ContentSecurityPolicy = new ResponseHeadersContentSecurityPolicy { ContentSecurityPolicy = "default-src https:;", Override = true },
ContentTypeOptions = new ResponseHeadersContentTypeOptions { Override = true },
FrameOptions = new ResponseHeadersFrameOptions { FrameOption = HeadersFrameOption.DENY, Override = true },
ReferrerPolicy = new ResponseHeadersReferrerPolicy { ReferrerPolicy = HeadersReferrerPolicy.NO_REFERRER, Override = true },
StrictTransportSecurity = new ResponseHeadersStrictTransportSecurity { AccessControlMaxAge = Duration.Seconds(600), IncludeSubdomains = true, Override = true },
XssProtection = new ResponseHeadersXSSProtection { Protection = true, ModeBlock = false, ReportUri = "https://example.com/csp-report", Override = true }
},
RemoveHeaders = new [] { "Server" },
ServerTimingSamplingRate = 50
});
new Distribution(this, "myDistCustomPolicy", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = bucketOrigin,
ResponseHeadersPolicy = myResponseHeadersPolicy
}
});
Validating signed URLs or signed cookies with Trusted Key Groups
CloudFront Distribution supports validating signed URLs or signed cookies using key groups. When a cache behavior contains trusted key groups, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior.
// Validating signed URLs or signed cookies with Trusted Key Groups
// public key in PEM format
string publicKey;
var pubKey = new PublicKey(this, "MyPubKey", new PublicKeyProps {
EncodedKey = publicKey
});
var keyGroup = new KeyGroup(this, "MyKeyGroup", new KeyGroupProps {
Items = new [] { pubKey }
});
new Distribution(this, "Dist", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new HttpOrigin("www.example.com"),
TrustedKeyGroups = new [] { keyGroup }
}
});
Lambda@Edge
Lambda@Edge is an extension of AWS Lambda, a compute service that lets you execute functions that customize the content that CloudFront delivers. You can author Node.js or Python functions in the US East (N. Virginia) region, and then execute them in AWS locations globally that are closer to the viewer, without provisioning or managing servers. Lambda@Edge functions are associated with a specific behavior and event type. Lambda@Edge can be used to rewrite URLs, alter responses based on headers or cookies, or authorize requests based on headers or authorization tokens.
The following shows a Lambda@Edge function added to the default behavior and triggered on every request:
Bucket myBucket;
// A Lambda@Edge function added to default behavior of a Distribution
// and triggered on every request
var myFunc = new Experimental.EdgeFunction(this, "MyFunction", new EdgeFunctionProps {
Runtime = Runtime.NODEJS_LATEST,
Handler = "index.handler",
Code = Code.FromAsset(Join(__dirname, "lambda-handler"))
});
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new S3Origin(myBucket),
EdgeLambdas = new [] { new EdgeLambda {
FunctionVersion = myFunc.CurrentVersion,
EventType = LambdaEdgeEventType.VIEWER_REQUEST
} }
}
});
Note: Lambda@Edge functions must be created in the us-east-1
region, regardless of the region of the CloudFront distribution and stack.
To make it easier to request functions for Lambda@Edge, the EdgeFunction
construct can be used.
The EdgeFunction
construct will automatically request a function in us-east-1
, regardless of the region of the current stack.
EdgeFunction
has the same interface as Function
and can be created and used interchangeably.
Please note that using EdgeFunction
requires that the us-east-1
region has been bootstrapped.
See https://docs.aws.amazon.com/cdk/latest/guide/bootstrapping.html for more about bootstrapping regions.
If the stack is in us-east-1
, a "normal" lambda.Function
can be used instead of an EdgeFunction
.
// Using a lambda Function instead of an EdgeFunction for stacks in `us-east-`.
var myFunc = new Function(this, "MyFunction", new FunctionProps {
Runtime = Runtime.NODEJS_LATEST,
Handler = "index.handler",
Code = Code.FromAsset(Join(__dirname, "lambda-handler"))
});
If the stack is not in us-east-1
, and you need references from different applications on the same account,
you can also set a specific stack ID for each Lambda@Edge.
// Setting stackIds for EdgeFunctions that can be referenced from different applications
// on the same account.
var myFunc1 = new Experimental.EdgeFunction(this, "MyFunction1", new EdgeFunctionProps {
Runtime = Runtime.NODEJS_LATEST,
Handler = "index.handler",
Code = Code.FromAsset(Join(__dirname, "lambda-handler1")),
StackId = "edge-lambda-stack-id-1"
});
var myFunc2 = new Experimental.EdgeFunction(this, "MyFunction2", new EdgeFunctionProps {
Runtime = Runtime.NODEJS_LATEST,
Handler = "index.handler",
Code = Code.FromAsset(Join(__dirname, "lambda-handler2")),
StackId = "edge-lambda-stack-id-2"
});
Lambda@Edge functions can also be associated with additional behaviors, either at or after Distribution creation time.
// Associating a Lambda@Edge function with additional behaviors.
EdgeFunction myFunc;
// assigning at Distribution creation
Bucket myBucket;
var myOrigin = new S3Origin(myBucket);
var myDistribution = new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = myOrigin },
AdditionalBehaviors = new Dictionary<string, BehaviorOptions> {
{ "images/*", new BehaviorOptions {
Origin = myOrigin,
EdgeLambdas = new [] { new EdgeLambda {
FunctionVersion = myFunc.CurrentVersion,
EventType = LambdaEdgeEventType.ORIGIN_REQUEST,
IncludeBody = true
} }
} }
}
});
// assigning after creation
myDistribution.AddBehavior("images/*", myOrigin, new AddBehaviorOptions {
EdgeLambdas = new [] { new EdgeLambda {
FunctionVersion = myFunc.CurrentVersion,
EventType = LambdaEdgeEventType.VIEWER_RESPONSE
} }
});
Adding an existing Lambda@Edge function created in a different stack to a CloudFront distribution.
// Adding an existing Lambda@Edge function created in a different stack
// to a CloudFront distribution.
Bucket s3Bucket;
var functionVersion = Version.FromVersionArn(this, "Version", "arn:aws:lambda:us-east-1:123456789012:function:functionName:1");
new Distribution(this, "distro", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new S3Origin(s3Bucket),
EdgeLambdas = new [] { new EdgeLambda {
FunctionVersion = functionVersion,
EventType = LambdaEdgeEventType.VIEWER_REQUEST
} }
}
});
CloudFront Function
You can also deploy CloudFront functions and add them to a CloudFront distribution.
Bucket s3Bucket;
// Add a cloudfront Function to a Distribution
var cfFunction = new Function(this, "Function", new FunctionProps {
Code = FunctionCode.FromInline("function handler(event) { return event.request }"),
Runtime = FunctionRuntime.JS_2_0
});
new Distribution(this, "distro", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new S3Origin(s3Bucket),
FunctionAssociations = new [] { new FunctionAssociation {
Function = cfFunction,
EventType = FunctionEventType.VIEWER_REQUEST
} }
}
});
It will auto-generate the name of the function and deploy it to the live
stage.
Additionally, you can load the function's code from a file using the FunctionCode.fromFile()
method.
If you set autoPublish
to false, the function will not be automatically published to the LIVE stage when it’s created.
new Function(this, "Function", new FunctionProps {
Code = FunctionCode.FromInline("function handler(event) { return event.request }"),
Runtime = FunctionRuntime.JS_2_0,
AutoPublish = false
});
Key Value Store
A CloudFront Key Value Store can be created and optionally have data imported from a JSON file by default.
To create an empty Key Value Store:
var store = new KeyValueStore(this, "KeyValueStore");
To also include an initial set of values, the source
property can be specified, either from a
local file or an inline string. For the structure of this file, see Creating a file of key value pairs.
var storeAsset = new KeyValueStore(this, "KeyValueStoreAsset", new KeyValueStoreProps {
KeyValueStoreName = "KeyValueStoreAsset",
Source = ImportSource.FromAsset("path-to-data.json")
});
var storeInline = new KeyValueStore(this, "KeyValueStoreInline", new KeyValueStoreProps {
KeyValueStoreName = "KeyValueStoreInline",
Source = ImportSource.FromInline(JSON.Stringify(new Dictionary<string, IDictionary<string, string>[]> {
{ "data", new [] { new Struct {
Key = "key1",
Value = "value1"
}, new Struct {
Key = "key2",
Value = "value2"
} } }
}))
});
The Key Value Store can then be associated to a function using the cloudfront-js-2.0
runtime
or newer:
var store = new KeyValueStore(this, "KeyValueStore");
new Function(this, "Function", new FunctionProps {
Code = FunctionCode.FromInline("function handler(event) { return event.request }"),
// Note that JS_2_0 must be used for Key Value Store support
Runtime = FunctionRuntime.JS_2_0,
KeyValueStore = store
});
Logging
You can configure CloudFront to create log files that contain detailed information about every user request that CloudFront receives. The logs can go to either an existing bucket, or a bucket will be created for you.
// Configure logging for Distributions
// Simplest form - creates a new bucket and logs to it.
// Configure logging for Distributions
// Simplest form - creates a new bucket and logs to it.
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = new HttpOrigin("www.example.com") },
EnableLogging = true
});
// You can optionally log to a specific bucket, configure whether cookies are logged, and give the log files a prefix.
// You can optionally log to a specific bucket, configure whether cookies are logged, and give the log files a prefix.
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = new HttpOrigin("www.example.com") },
EnableLogging = true, // Optional, this is implied if logBucket is specified
LogBucket = new Bucket(this, "LogBucket", new BucketProps {
ObjectOwnership = ObjectOwnership.OBJECT_WRITER
}),
LogFilePrefix = "distribution-access-logs/",
LogIncludesCookies = true
});
CloudFront Distribution Metrics
You can view operational metrics about your CloudFront distributions.
Default CloudFront Distribution Metrics
The following metrics are available by default for all CloudFront distributions:
var dist = new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = new HttpOrigin("www.example.com") }
});
// Retrieving default distribution metrics
var requestsMetric = dist.MetricRequests();
var bytesUploadedMetric = dist.MetricBytesUploaded();
var bytesDownloadedMetric = dist.MetricBytesDownloaded();
var totalErrorRateMetric = dist.MetricTotalErrorRate();
var http4xxErrorRateMetric = dist.Metric4xxErrorRate();
var http5xxErrorRateMetric = dist.Metric5xxErrorRate();
Additional CloudFront Distribution Metrics
You can enable additional CloudFront distribution metrics, which include the following metrics:
var dist = new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = new HttpOrigin("www.example.com") },
PublishAdditionalMetrics = true
});
// Retrieving additional distribution metrics
var latencyMetric = dist.MetricOriginLatency();
var cacheHitRateMetric = dist.MetricCacheHitRate();
var http401ErrorRateMetric = dist.Metric401ErrorRate();
var http403ErrorRateMetric = dist.Metric403ErrorRate();
var http404ErrorRateMetric = dist.Metric404ErrorRate();
var http502ErrorRateMetric = dist.Metric502ErrorRate();
var http503ErrorRateMetric = dist.Metric503ErrorRate();
var http504ErrorRateMetric = dist.Metric504ErrorRate();
HTTP Versions
You can configure CloudFront to use a particular version of the HTTP protocol. By default,
newly created distributions use HTTP/2 but can be configured to use both HTTP/2 and HTTP/3 or
just HTTP/3. For all supported HTTP versions, see the HttpVerson
enum.
// Configure a distribution to use HTTP/2 and HTTP/3
// Configure a distribution to use HTTP/2 and HTTP/3
new Distribution(this, "myDist", new DistributionProps {
DefaultBehavior = new BehaviorOptions { Origin = new HttpOrigin("www.example.com") },
HttpVersion = HttpVersion.HTTP2_AND_3
});
Importing Distributions
Existing distributions can be imported as well; note that like most imported constructs, an imported distribution cannot be modified. However, it can be used as a reference for other higher-level constructs.
// Using a reference to an imported Distribution
var distribution = Distribution.FromDistributionAttributes(this, "ImportedDist", new DistributionAttributes {
DomainName = "d111111abcdef8.cloudfront.net",
DistributionId = "012345ABCDEF"
});
Permissions
Use the grant()
method to allow actions on the distribution.
grantCreateInvalidation()
is a shorthand to allow CreateInvalidation
.
Distribution distribution;
Function lambdaFn;
distribution.Grant(lambdaFn, "cloudfront:ListInvalidations", "cloudfront:GetInvalidation");
distribution.GrantCreateInvalidation(lambdaFn);
Realtime Log Config
CloudFront supports realtime log delivery from your distribution to a Kinesis stream.
See Real-time logs in the CloudFront User Guide.
Example:
// Adding realtime logs config to a Cloudfront Distribution on default behavior.
using Amazon.CDK.AWS.Kinesis;
Stream stream;
var realTimeConfig = new RealtimeLogConfig(this, "realtimeLog", new RealtimeLogConfigProps {
EndPoints = new [] { Endpoint.FromKinesisStream(stream) },
Fields = new [] { "timestamp", "c-ip", "time-to-first-byte", "sc-status" },
RealtimeLogConfigName = "my-delivery-stream",
SamplingRate = 100
});
new Distribution(this, "myCdn", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new HttpOrigin("www.example.com"),
RealtimeLogConfig = realTimeConfig
}
});
Migrating from the original CloudFrontWebDistribution to the newer Distribution construct
It's possible to migrate a distribution from the original to the modern API. The changes necessary are the following:
The Distribution
Replace new CloudFrontWebDistribution
with new Distribution
. Some
configuration properties have been changed:
Old API | New API |
---|---|
originConfigs |
defaultBehavior ; use additionalBehaviors if necessary |
viewerCertificate |
certificate ; use domainNames for aliases |
errorConfigurations |
errorResponses |
loggingConfig |
enableLogging ; configure with logBucket logFilePrefix and logIncludesCookies |
viewerProtocolPolicy |
removed; set on each behavior instead. default changed from REDIRECT_TO_HTTPS to ALLOW_ALL |
After switching constructs, you need to maintain the same logical ID for the underlying CfnDistribution if you wish to avoid the deletion and recreation of your distribution. To do this, use escape hatches to override the logical ID created by the new Distribution construct with the logical ID created by the old construct.
Example:
Bucket sourceBucket;
var myDistribution = new Distribution(this, "MyCfWebDistribution", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new S3Origin(sourceBucket)
}
});
var cfnDistribution = (CfnDistribution)myDistribution.Node.DefaultChild;
cfnDistribution.OverrideLogicalId("MyDistributionCFDistribution3H55TI9Q");
Behaviors
The modern API makes use of the CloudFront Origins module to easily configure your origin. Replace your origin configuration with the relevant CloudFront Origins class. For example, here's a behavior with an S3 origin:
Bucket sourceBucket;
OriginAccessIdentity oai;
new CloudFrontWebDistribution(this, "MyCfWebDistribution", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig {
S3BucketSource = sourceBucket,
OriginAccessIdentity = oai
},
Behaviors = new [] { new Behavior { IsDefaultBehavior = true } }
} }
});
Becomes:
Bucket sourceBucket;
var distribution = new Distribution(this, "MyCfWebDistribution", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new S3Origin(sourceBucket)
}
});
In the original API all behaviors are defined in the originConfigs
property. The new API is optimized for a single origin and behavior, so the default behavior and additional behaviors will be defined separately.
Bucket sourceBucket;
OriginAccessIdentity oai;
new CloudFrontWebDistribution(this, "MyCfWebDistribution", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig {
S3BucketSource = sourceBucket,
OriginAccessIdentity = oai
},
Behaviors = new [] { new Behavior { IsDefaultBehavior = true } }
}, new SourceConfiguration {
CustomOriginSource = new CustomOriginConfig {
DomainName = "MYALIAS"
},
Behaviors = new [] { new Behavior { PathPattern = "/somewhere" } }
} }
});
Becomes:
Bucket sourceBucket;
var distribution = new Distribution(this, "MyCfWebDistribution", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new S3Origin(sourceBucket)
},
AdditionalBehaviors = new Dictionary<string, BehaviorOptions> {
{ "/somewhere", new BehaviorOptions {
Origin = new HttpOrigin("MYALIAS")
} }
}
});
Certificates
If you are using an ACM certificate, you can pass the certificate directly to the certificate
prop.
Any aliases used before in the ViewerCertificate
class should be passed in to the domainNames
prop in the modern API.
using Amazon.CDK.AWS.CertificateManager;
Certificate certificate;
Bucket sourceBucket;
var viewerCertificate = ViewerCertificate.FromAcmCertificate(certificate, new ViewerCertificateOptions {
Aliases = new [] { "MYALIAS" }
});
new CloudFrontWebDistribution(this, "MyCfWebDistribution", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig {
S3BucketSource = sourceBucket
},
Behaviors = new [] { new Behavior { IsDefaultBehavior = true } }
} },
ViewerCertificate = viewerCertificate
});
Becomes:
using Amazon.CDK.AWS.CertificateManager;
Certificate certificate;
Bucket sourceBucket;
var distribution = new Distribution(this, "MyCfWebDistribution", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new S3Origin(sourceBucket)
},
DomainNames = new [] { "MYALIAS" },
Certificate = certificate
});
IAM certificates aren't directly supported by the new API, but can be easily configured through escape hatches
Bucket sourceBucket;
var viewerCertificate = ViewerCertificate.FromIamCertificate("MYIAMROLEIDENTIFIER", new ViewerCertificateOptions {
Aliases = new [] { "MYALIAS" }
});
new CloudFrontWebDistribution(this, "MyCfWebDistribution", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig {
S3BucketSource = sourceBucket
},
Behaviors = new [] { new Behavior { IsDefaultBehavior = true } }
} },
ViewerCertificate = viewerCertificate
});
Becomes:
Bucket sourceBucket;
var distribution = new Distribution(this, "MyCfWebDistribution", new DistributionProps {
DefaultBehavior = new BehaviorOptions {
Origin = new S3Origin(sourceBucket)
},
DomainNames = new [] { "MYALIAS" }
});
var cfnDistribution = (CfnDistribution)distribution.Node.DefaultChild;
cfnDistribution.AddPropertyOverride("ViewerCertificate.IamCertificateId", "MYIAMROLEIDENTIFIER");
cfnDistribution.AddPropertyOverride("ViewerCertificate.SslSupportMethod", "sni-only");
Other changes
A number of default settings have changed on the new API when creating a new distribution, behavior, and origin.
After making the major changes needed for the migration, run cdk diff
to see what settings have changed.
If no changes are desired during migration, you will at the least be able to use escape hatches to override what the CDK synthesizes, if you can't change the properties directly.
CloudFrontWebDistribution API
The <code>CloudFrontWebDistribution</code> construct is the original construct written for working with CloudFront distributions and has been marked as deprecated.
Users are encouraged to use the newer <code>Distribution</code> instead, as it has a simpler interface and receives new features faster.
Example usage:
// Using a CloudFrontWebDistribution construct.
Bucket sourceBucket;
var distribution = new CloudFrontWebDistribution(this, "MyDistribution", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig {
S3BucketSource = sourceBucket
},
Behaviors = new [] { new Behavior { IsDefaultBehavior = true } }
} }
});
Viewer certificate
By default, CloudFront Web Distributions will answer HTTPS requests with CloudFront's default certificate,
only containing the distribution domainName
(e.g. d111111abcdef8.cloudfront.net).
You can customize the viewer certificate property to provide a custom certificate and/or list of domain name aliases to fit your needs.
See Using Alternate Domain Names and HTTPS in the CloudFront User Guide.
Default certificate
You can customize the default certificate aliases. This is intended to be used in combination with CNAME records in your DNS zone.
Example:
var s3BucketSource = new Bucket(this, "Bucket");
var distribution = new CloudFrontWebDistribution(this, "AnAmazingWebsiteProbably", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig { S3BucketSource = s3BucketSource },
Behaviors = new [] { new Behavior { IsDefaultBehavior = true } }
} },
ViewerCertificate = ViewerCertificate.FromCloudFrontDefaultCertificate("www.example.com")
});
ACM certificate
You can change the default certificate by one stored AWS Certificate Manager, or ACM. Those certificate can either be generated by AWS, or purchased by another CA imported into ACM.
For more information, see the aws-certificatemanager module documentation or Importing Certificates into AWS Certificate Manager in the AWS Certificate Manager User Guide.
Example:
var s3BucketSource = new Bucket(this, "Bucket");
var certificate = new Certificate(this, "Certificate", new CertificateProps {
DomainName = "example.com",
SubjectAlternativeNames = new [] { "*.example.com" }
});
var distribution = new CloudFrontWebDistribution(this, "AnAmazingWebsiteProbably", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig { S3BucketSource = s3BucketSource },
Behaviors = new [] { new Behavior { IsDefaultBehavior = true } }
} },
ViewerCertificate = ViewerCertificate.FromAcmCertificate(certificate, new ViewerCertificateOptions {
Aliases = new [] { "example.com", "www.example.com" },
SecurityPolicy = SecurityPolicyProtocol.TLS_V1, // default
SslMethod = SSLMethod.SNI
})
});
IAM certificate
You can also import a certificate into the IAM certificate store.
See Importing an SSL/TLS Certificate in the CloudFront User Guide.
Example:
var s3BucketSource = new Bucket(this, "Bucket");
var distribution = new CloudFrontWebDistribution(this, "AnAmazingWebsiteProbably", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig { S3BucketSource = s3BucketSource },
Behaviors = new [] { new Behavior { IsDefaultBehavior = true } }
} },
ViewerCertificate = ViewerCertificate.FromIamCertificate("certificateId", new ViewerCertificateOptions {
Aliases = new [] { "example.com" },
SecurityPolicy = SecurityPolicyProtocol.SSL_V3, // default
SslMethod = SSLMethod.SNI
})
});
Trusted Key Groups
CloudFront Web Distributions supports validating signed URLs or signed cookies using key groups. When a cache behavior contains trusted key groups, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior.
Example:
// Using trusted key groups for Cloudfront Web Distributions.
Bucket sourceBucket;
string publicKey;
var pubKey = new PublicKey(this, "MyPubKey", new PublicKeyProps {
EncodedKey = publicKey
});
var keyGroup = new KeyGroup(this, "MyKeyGroup", new KeyGroupProps {
Items = new [] { pubKey }
});
new CloudFrontWebDistribution(this, "AnAmazingWebsiteProbably", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig {
S3BucketSource = sourceBucket
},
Behaviors = new [] { new Behavior {
IsDefaultBehavior = true,
TrustedKeyGroups = new [] { keyGroup }
} }
} }
});
Restrictions
CloudFront supports adding restrictions to your distribution.
See Restricting the Geographic Distribution of Your Content in the CloudFront User Guide.
Example:
// Adding restrictions to a Cloudfront Web Distribution.
Bucket sourceBucket;
new CloudFrontWebDistribution(this, "MyDistribution", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig {
S3BucketSource = sourceBucket
},
Behaviors = new [] { new Behavior { IsDefaultBehavior = true } }
} },
GeoRestriction = GeoRestriction.Allowlist("US", "GB")
});
Connection behaviors between CloudFront and your origin
CloudFront provides you even more control over the connection behaviors between CloudFront and your origin. You can now configure the number of connection attempts CloudFront will make to your origin and the origin connection timeout for each attempt.
See Origin Connection Attempts
Example usage:
// Configuring connection behaviors between Cloudfront and your origin
var distribution = new CloudFrontWebDistribution(this, "MyDistribution", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
ConnectionAttempts = 3,
ConnectionTimeout = Duration.Seconds(10),
Behaviors = new [] { new Behavior {
IsDefaultBehavior = true
} }
} }
});
Origin Fallback
In case the origin source is not available and answers with one of the specified status codes the failover origin source will be used.
// Configuring origin fallback options for the CloudFrontWebDistribution
// Configuring origin fallback options for the CloudFrontWebDistribution
new CloudFrontWebDistribution(this, "ADistribution", new CloudFrontWebDistributionProps {
OriginConfigs = new [] { new SourceConfiguration {
S3OriginSource = new S3OriginConfig {
S3BucketSource = Bucket.FromBucketName(this, "aBucket", "amzn-s3-demo-bucket"),
OriginPath = "/",
OriginHeaders = new Dictionary<string, string> {
{ "myHeader", "42" }
},
OriginShieldRegion = "us-west-2"
},
FailoverS3OriginSource = new S3OriginConfig {
S3BucketSource = Bucket.FromBucketName(this, "aBucketFallback", "amzn-s3-demo-bucket1"),
OriginPath = "/somewhere",
OriginHeaders = new Dictionary<string, string> {
{ "myHeader2", "21" }
},
OriginShieldRegion = "us-east-1"
},
FailoverCriteriaStatusCodes = new [] { FailoverStatusCode.INTERNAL_SERVER_ERROR },
Behaviors = new [] { new Behavior {
IsDefaultBehavior = true
} }
} }
});
KeyGroup & PublicKey API
You can create a key group to use with CloudFront signed URLs and signed cookies You can add public keys to use with CloudFront features such as signed URLs, signed cookies, and field-level encryption.
The following example command uses OpenSSL to generate an RSA key pair with a length of 2048 bits and save to the file named private_key.pem
.
openssl genrsa -out private_key.pem 2048
The resulting file contains both the public and the private key. The following example command extracts the public key from the file named private_key.pem
and stores it in public_key.pem
.
openssl rsa -pubout -in private_key.pem -out public_key.pem
Note: Don't forget to copy/paste the contents of public_key.pem
file including -----BEGIN PUBLIC KEY-----
and -----END PUBLIC KEY-----
lines into encodedKey
parameter when creating a PublicKey
.
Example:
// Create a key group to use with CloudFront signed URLs and signed cookies.
// Create a key group to use with CloudFront signed URLs and signed cookies.
new KeyGroup(this, "MyKeyGroup", new KeyGroupProps {
Items = new [] {
new PublicKey(this, "MyPublicKey", new PublicKeyProps {
EncodedKey = "..."
}) }
});
See:
Classes
AccessLevel | The level of permissions granted to the CloudFront Distribution when configuring OAC. |
AddBehaviorOptions | Options for adding a new behavior to a Distribution. |
AllowedMethods | The HTTP methods that the Behavior will accept requests on. |
AssetImportSource | An import source from a local file. |
Behavior | A CloudFront behavior wrapper. |
BehaviorOptions | Options for creating a new behavior. |
CacheCookieBehavior | Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. |
CachedMethods | The HTTP methods that the Behavior will cache requests on. |
CacheHeaderBehavior | Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. |
CachePolicy | A Cache Policy configuration. |
CachePolicyProps | Properties for creating a Cache Policy. |
CacheQueryStringBehavior | Determines whether any URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. |
CfnCachePolicy | A cache policy. |
CfnCachePolicy.CachePolicyConfigProperty | A cache policy configuration. |
CfnCachePolicy.CookiesConfigProperty | An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and in requests that CloudFront sends to the origin. |
CfnCachePolicy.HeadersConfigProperty | An object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and in requests that CloudFront sends to the origin. |
CfnCachePolicy.ParametersInCacheKeyAndForwardedToOriginProperty | This object determines the values that CloudFront includes in the cache key. |
CfnCachePolicy.QueryStringsConfigProperty | An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and in requests that CloudFront sends to the origin. |
CfnCachePolicyProps | Properties for defining a |
CfnCloudFrontOriginAccessIdentity | The request to create a new origin access identity (OAI). |
CfnCloudFrontOriginAccessIdentity.CloudFrontOriginAccessIdentityConfigProperty | Origin access identity configuration. |
CfnCloudFrontOriginAccessIdentityProps | Properties for defining a |
CfnContinuousDeploymentPolicy | Creates a continuous deployment policy that routes a subset of production traffic from a primary distribution to a staging distribution. |
CfnContinuousDeploymentPolicy.ContinuousDeploymentPolicyConfigProperty | Contains the configuration for a continuous deployment policy. |
CfnContinuousDeploymentPolicy.SessionStickinessConfigProperty | Session stickiness provides the ability to define multiple requests from a single viewer as a single session. |
CfnContinuousDeploymentPolicy.SingleHeaderConfigProperty | Determines which HTTP requests are sent to the staging distribution. |
CfnContinuousDeploymentPolicy.SingleHeaderPolicyConfigProperty | Defines a single header policy for a CloudFront distribution. |
CfnContinuousDeploymentPolicy.SingleWeightConfigProperty | This configuration determines the percentage of HTTP requests that are sent to the staging distribution. |
CfnContinuousDeploymentPolicy.SingleWeightPolicyConfigProperty | Configure a policy that CloudFront uses to route requests to different origins or use different cache settings, based on the weight assigned to each option. |
CfnContinuousDeploymentPolicy.TrafficConfigProperty | The traffic configuration of your continuous deployment. |
CfnContinuousDeploymentPolicyProps | Properties for defining a |
CfnDistribution | A distribution tells CloudFront where you want content to be delivered from, and the details about how to track and manage content delivery. |
CfnDistribution.CacheBehaviorProperty | A complex type that describes how CloudFront processes requests. |
CfnDistribution.CookiesProperty | This field is deprecated. |
CfnDistribution.CustomErrorResponseProperty | A complex type that controls:. |
CfnDistribution.CustomOriginConfigProperty | A custom origin. |
CfnDistribution.DefaultCacheBehaviorProperty | A complex type that describes the default cache behavior if you don't specify a |
CfnDistribution.DistributionConfigProperty | A distribution configuration. |
CfnDistribution.ForwardedValuesProperty | This field is deprecated. |
CfnDistribution.FunctionAssociationProperty | A CloudFront function that is associated with a cache behavior in a CloudFront distribution. |
CfnDistribution.GeoRestrictionProperty | A complex type that controls the countries in which your content is distributed. |
CfnDistribution.LambdaFunctionAssociationProperty | A complex type that contains a Lambda@Edge function association. |
CfnDistribution.LegacyCustomOriginProperty | A custom origin. |
CfnDistribution.LegacyS3OriginProperty | The origin as an Amazon S3 bucket. |
CfnDistribution.LoggingProperty | A complex type that controls whether access logs are written for the distribution. |
CfnDistribution.OriginCustomHeaderProperty | A complex type that contains |
CfnDistribution.OriginGroupFailoverCriteriaProperty | A complex data type that includes information about the failover criteria for an origin group, including the status codes for which CloudFront will failover from the primary origin to the second origin. |
CfnDistribution.OriginGroupMemberProperty | An origin in an origin group. |
CfnDistribution.OriginGroupMembersProperty | A complex data type for the origins included in an origin group. |
CfnDistribution.OriginGroupProperty | An origin group includes two origins (a primary origin and a second origin to failover to) and a failover criteria that you specify. |
CfnDistribution.OriginGroupsProperty | A complex data type for the origin groups specified for a distribution. |
CfnDistribution.OriginProperty | An origin. |
CfnDistribution.OriginShieldProperty | CloudFront Origin Shield. |
CfnDistribution.RestrictionsProperty | A complex type that identifies ways in which you want to restrict distribution of your content. |
CfnDistribution.S3OriginConfigProperty | A complex type that contains information about the Amazon S3 origin. |
CfnDistribution.StatusCodesProperty | A complex data type for the status codes that you specify that, when returned by a primary origin, trigger CloudFront to failover to a second origin. |
CfnDistribution.ViewerCertificateProperty | A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. |
CfnDistributionProps | Properties for defining a |
CfnFunction | Creates a CloudFront function. |
CfnFunction.FunctionConfigProperty | Contains configuration information about a CloudFront function. |
CfnFunction.FunctionMetadataProperty | Contains metadata about a CloudFront function. |
CfnFunction.KeyValueStoreAssociationProperty | The key value store association. |
CfnFunctionProps | Properties for defining a |
CfnKeyGroup | A key group. |
CfnKeyGroup.KeyGroupConfigProperty | A key group configuration. |
CfnKeyGroupProps | Properties for defining a |
CfnKeyValueStore | The key value store. |
CfnKeyValueStore.ImportSourceProperty | The import source for the key value store. |
CfnKeyValueStoreProps | Properties for defining a |
CfnMonitoringSubscription | A monitoring subscription. |
CfnMonitoringSubscription.MonitoringSubscriptionProperty | A monitoring subscription. |
CfnMonitoringSubscription.RealtimeMetricsSubscriptionConfigProperty | A subscription configuration for additional CloudWatch metrics. |
CfnMonitoringSubscriptionProps | Properties for defining a |
CfnOriginAccessControl | Creates a new origin access control in CloudFront. |
CfnOriginAccessControl.OriginAccessControlConfigProperty | Creates a new origin access control in CloudFront. |
CfnOriginAccessControlProps | Properties for defining a |
CfnOriginRequestPolicy | An origin request policy. |
CfnOriginRequestPolicy.CookiesConfigProperty | An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin. |
CfnOriginRequestPolicy.HeadersConfigProperty | An object that determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin. |
CfnOriginRequestPolicy.OriginRequestPolicyConfigProperty | An origin request policy configuration. |
CfnOriginRequestPolicy.QueryStringsConfigProperty | An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin. |
CfnOriginRequestPolicyProps | Properties for defining a |
CfnPublicKey | A public key that you can use with signed URLs and signed cookies , or with field-level encryption . |
CfnPublicKey.PublicKeyConfigProperty | Configuration information about a public key that you can use with signed URLs and signed cookies , or with field-level encryption . |
CfnPublicKeyProps | Properties for defining a |
CfnRealtimeLogConfig | A real-time log configuration. |
CfnRealtimeLogConfig.EndPointProperty | Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration. |
CfnRealtimeLogConfig.KinesisStreamConfigProperty | Contains information about the Amazon Kinesis data stream where you are sending real-time log data. |
CfnRealtimeLogConfigProps | Properties for defining a |
CfnResponseHeadersPolicy | A response headers policy. |
CfnResponseHeadersPolicy.AccessControlAllowHeadersProperty | A list of HTTP header names that CloudFront includes as values for the |
CfnResponseHeadersPolicy.AccessControlAllowMethodsProperty | A list of HTTP methods that CloudFront includes as values for the |
CfnResponseHeadersPolicy.AccessControlAllowOriginsProperty | A list of origins (domain names) that CloudFront can use as the value for the |
CfnResponseHeadersPolicy.AccessControlExposeHeadersProperty | A list of HTTP headers that CloudFront includes as values for the |
CfnResponseHeadersPolicy.ContentSecurityPolicyProperty | The policy directives and their values that CloudFront includes as values for the |
CfnResponseHeadersPolicy.ContentTypeOptionsProperty | Determines whether CloudFront includes the |
CfnResponseHeadersPolicy.CorsConfigProperty | A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). |
CfnResponseHeadersPolicy.CustomHeaderProperty | An HTTP response header name and its value. |
CfnResponseHeadersPolicy.CustomHeadersConfigProperty | A list of HTTP response header names and their values. |
CfnResponseHeadersPolicy.FrameOptionsProperty | Determines whether CloudFront includes the |
CfnResponseHeadersPolicy.ReferrerPolicyProperty | Determines whether CloudFront includes the |
CfnResponseHeadersPolicy.RemoveHeaderProperty | The name of an HTTP header that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to. |
CfnResponseHeadersPolicy.RemoveHeadersConfigProperty | A list of HTTP header names that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to. |
CfnResponseHeadersPolicy.ResponseHeadersPolicyConfigProperty | A response headers policy configuration. |
CfnResponseHeadersPolicy.SecurityHeadersConfigProperty | A configuration for a set of security-related HTTP response headers. |
CfnResponseHeadersPolicy.ServerTimingHeadersConfigProperty | A configuration for enabling the |
CfnResponseHeadersPolicy.StrictTransportSecurityProperty | Determines whether CloudFront includes the |
CfnResponseHeadersPolicy.XSSProtectionProperty | Determines whether CloudFront includes the |
CfnResponseHeadersPolicyProps | Properties for defining a |
CfnStreamingDistribution | This resource is deprecated. |
CfnStreamingDistribution.LoggingProperty | A complex type that controls whether access logs are written for the streaming distribution. |
CfnStreamingDistribution.S3OriginProperty | A complex type that contains information about the Amazon S3 bucket from which you want CloudFront to get your media files for distribution. |
CfnStreamingDistribution.StreamingDistributionConfigProperty | The RTMP distribution's configuration information. |
CfnStreamingDistribution.TrustedSignersProperty | A list of AWS accounts whose public keys CloudFront can use to verify the signatures of signed URLs and signed cookies. |
CfnStreamingDistributionProps | Properties for defining a |
CloudFrontAllowedCachedMethods | Enums for the methods CloudFront can cache. |
CloudFrontAllowedMethods | An enum for the supported methods to a CloudFront distribution. |
CloudFrontWebDistribution | (deprecated) Amazon CloudFront is a global content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to your viewers with low latency and high transfer speeds. |
CloudFrontWebDistributionAttributes | Attributes used to import a Distribution. |
CloudFrontWebDistributionProps | |
CustomOriginConfig | A custom origin configuration. |
Distribution | A CloudFront distribution with associated origin(s) and caching behavior(s). |
DistributionAttributes | Attributes used to import a Distribution. |
DistributionProps | Properties for a Distribution. |
EdgeLambda | Represents a Lambda function version and event type when using Lambda@Edge. |
Endpoint | Represents the endpoints available for targetting within a realtime log config resource. |
ErrorResponse | Options for configuring custom error responses. |
FailoverStatusCode | HTTP status code to failover to second origin. |
FileCodeOptions | Options when reading the function's code from an external file. |
Function | A CloudFront Function. |
FunctionAssociation | Represents a CloudFront function and event type when using CF Functions. |
FunctionAttributes | Attributes of an existing CloudFront Function to import it. |
FunctionCode | Represents the function's source code. |
FunctionEventType | The type of events that a CloudFront function can be invoked in response to. |
FunctionProps | Properties for creating a CloudFront Function. |
FunctionRuntime | The function's runtime environment version. |
GeoRestriction | Controls the countries in which content is distributed. |
HeadersFrameOption | Enum representing possible values of the X-Frame-Options HTTP response header. |
HeadersReferrerPolicy | Enum representing possible values of the Referrer-Policy HTTP response header. |
HttpVersion | Maximum HTTP version to support. |
ImportSource | The data to be imported to the key value store. |
InlineImportSource | An import source from an inline string. |
KeyGroup | A Key Group configuration. |
KeyGroupProps | Properties for creating a Public Key. |
KeyValueStore | A CloudFront Key Value Store. |
KeyValueStoreProps | The properties to create a Key Value Store. |
LambdaEdgeEventType | The type of events that a Lambda@Edge function can be invoked in response to. |
LambdaFunctionAssociation | |
LoggingConfiguration | Logging configuration for incoming requests. |
OriginAccessControlBaseProps | Common properties for creating a Origin Access Control resource. |
OriginAccessControlOriginType | Origin types supported by Origin Access Control. |
OriginAccessIdentity | An origin access identity is a special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your Amazon S3 content. |
OriginAccessIdentityProps | Properties of CloudFront OriginAccessIdentity. |
OriginBase | Represents a distribution origin, that describes the Amazon S3 bucket, HTTP server (for example, a web server), Amazon MediaStore, or other server from which CloudFront gets your files. |
OriginBindConfig | The struct returned from |
OriginBindOptions | Options passed to Origin.bind(). |
OriginFailoverConfig | The failover configuration used for Origin Groups, returned in |
OriginOptions | Options to define an Origin. |
OriginProps | Properties to define an Origin. |
OriginProtocolPolicy | Defines what protocols CloudFront will use to connect to an origin. |
OriginRequestCookieBehavior | Determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin. |
OriginRequestHeaderBehavior | Determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin. |
OriginRequestPolicy | A Origin Request Policy configuration. |
OriginRequestPolicyProps | Properties for creating a Origin Request Policy. |
OriginRequestQueryStringBehavior | Determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin. |
OriginSslPolicy | |
PriceClass | The price class determines how many edge locations CloudFront will use for your distribution. |
PublicKey | A Public Key Configuration. |
PublicKeyProps | Properties for creating a Public Key. |
RealtimeLogConfig | A Realtime Log Config configuration. |
RealtimeLogConfigProps | Properties for defining a RealtimeLogConfig resource. |
ResponseCustomHeader | An HTTP response header name and its value. |
ResponseCustomHeadersBehavior | Configuration for a set of HTTP response headers that are sent for requests that match a cache behavior that’s associated with this response headers policy. |
ResponseHeadersContentSecurityPolicy | The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header. |
ResponseHeadersContentTypeOptions | Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. |
ResponseHeadersCorsBehavior | Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). |
ResponseHeadersFrameOptions | Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. |
ResponseHeadersPolicy | A Response Headers Policy configuration. |
ResponseHeadersPolicyProps | Properties for creating a Response Headers Policy. |
ResponseHeadersReferrerPolicy | Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value. |
ResponseHeadersStrictTransportSecurity | Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. |
ResponseHeadersXSSProtection | Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. |
ResponseSecurityHeadersBehavior | Configuration for a set of security-related HTTP response headers. |
S3ImportSource | An import source from an S3 object. |
S3OriginAccessControl | An Origin Access Control for Amazon S3 origins. |
S3OriginAccessControlProps | Properties for creating a S3 Origin Access Control resource. |
S3OriginConfig | S3 origin configuration for CloudFront. |
SecurityPolicyProtocol | The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. |
Signing | Options for how CloudFront signs requests. |
SigningBehavior | Options for which requests CloudFront signs. |
SigningProtocol | The signing protocol of the Origin Access Control. |
SourceConfiguration | A source configuration is a wrapper for CloudFront origins and behaviors. |
SSLMethod | The SSL method CloudFront will use for your distribution. |
ViewerCertificate | Viewer certificate configuration class. |
ViewerCertificateOptions | |
ViewerProtocolPolicy | How HTTPs should be handled with your distribution. |
Interfaces
CfnCachePolicy.ICachePolicyConfigProperty | A cache policy configuration. |
CfnCachePolicy.ICookiesConfigProperty | An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and in requests that CloudFront sends to the origin. |
CfnCachePolicy.IHeadersConfigProperty | An object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and in requests that CloudFront sends to the origin. |
CfnCachePolicy.IParametersInCacheKeyAndForwardedToOriginProperty | This object determines the values that CloudFront includes in the cache key. |
CfnCachePolicy.IQueryStringsConfigProperty | An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and in requests that CloudFront sends to the origin. |
CfnCloudFrontOriginAccessIdentity.ICloudFrontOriginAccessIdentityConfigProperty | Origin access identity configuration. |
CfnContinuousDeploymentPolicy.IContinuousDeploymentPolicyConfigProperty | Contains the configuration for a continuous deployment policy. |
CfnContinuousDeploymentPolicy.ISessionStickinessConfigProperty | Session stickiness provides the ability to define multiple requests from a single viewer as a single session. |
CfnContinuousDeploymentPolicy.ISingleHeaderConfigProperty | Determines which HTTP requests are sent to the staging distribution. |
CfnContinuousDeploymentPolicy.ISingleHeaderPolicyConfigProperty | Defines a single header policy for a CloudFront distribution. |
CfnContinuousDeploymentPolicy.ISingleWeightConfigProperty | This configuration determines the percentage of HTTP requests that are sent to the staging distribution. |
CfnContinuousDeploymentPolicy.ISingleWeightPolicyConfigProperty | Configure a policy that CloudFront uses to route requests to different origins or use different cache settings, based on the weight assigned to each option. |
CfnContinuousDeploymentPolicy.ITrafficConfigProperty | The traffic configuration of your continuous deployment. |
CfnDistribution.ICacheBehaviorProperty | A complex type that describes how CloudFront processes requests. |
CfnDistribution.ICookiesProperty | This field is deprecated. |
CfnDistribution.ICustomErrorResponseProperty | A complex type that controls:. |
CfnDistribution.ICustomOriginConfigProperty | A custom origin. |
CfnDistribution.IDefaultCacheBehaviorProperty | A complex type that describes the default cache behavior if you don't specify a |
CfnDistribution.IDistributionConfigProperty | A distribution configuration. |
CfnDistribution.IForwardedValuesProperty | This field is deprecated. |
CfnDistribution.IFunctionAssociationProperty | A CloudFront function that is associated with a cache behavior in a CloudFront distribution. |
CfnDistribution.IGeoRestrictionProperty | A complex type that controls the countries in which your content is distributed. |
CfnDistribution.ILambdaFunctionAssociationProperty | A complex type that contains a Lambda@Edge function association. |
CfnDistribution.ILegacyCustomOriginProperty | A custom origin. |
CfnDistribution.ILegacyS3OriginProperty | The origin as an Amazon S3 bucket. |
CfnDistribution.ILoggingProperty | A complex type that controls whether access logs are written for the distribution. |
CfnDistribution.IOriginCustomHeaderProperty | A complex type that contains |
CfnDistribution.IOriginGroupFailoverCriteriaProperty | A complex data type that includes information about the failover criteria for an origin group, including the status codes for which CloudFront will failover from the primary origin to the second origin. |
CfnDistribution.IOriginGroupMemberProperty | An origin in an origin group. |
CfnDistribution.IOriginGroupMembersProperty | A complex data type for the origins included in an origin group. |
CfnDistribution.IOriginGroupProperty | An origin group includes two origins (a primary origin and a second origin to failover to) and a failover criteria that you specify. |
CfnDistribution.IOriginGroupsProperty | A complex data type for the origin groups specified for a distribution. |
CfnDistribution.IOriginProperty | An origin. |
CfnDistribution.IOriginShieldProperty | CloudFront Origin Shield. |
CfnDistribution.IRestrictionsProperty | A complex type that identifies ways in which you want to restrict distribution of your content. |
CfnDistribution.IS3OriginConfigProperty | A complex type that contains information about the Amazon S3 origin. |
CfnDistribution.IStatusCodesProperty | A complex data type for the status codes that you specify that, when returned by a primary origin, trigger CloudFront to failover to a second origin. |
CfnDistribution.IViewerCertificateProperty | A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. |
CfnFunction.IFunctionConfigProperty | Contains configuration information about a CloudFront function. |
CfnFunction.IFunctionMetadataProperty | Contains metadata about a CloudFront function. |
CfnFunction.IKeyValueStoreAssociationProperty | The key value store association. |
CfnKeyGroup.IKeyGroupConfigProperty | A key group configuration. |
CfnKeyValueStore.IImportSourceProperty | The import source for the key value store. |
CfnMonitoringSubscription.IMonitoringSubscriptionProperty | A monitoring subscription. |
CfnMonitoringSubscription.IRealtimeMetricsSubscriptionConfigProperty | A subscription configuration for additional CloudWatch metrics. |
CfnOriginAccessControl.IOriginAccessControlConfigProperty | Creates a new origin access control in CloudFront. |
CfnOriginRequestPolicy.ICookiesConfigProperty | An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin. |
CfnOriginRequestPolicy.IHeadersConfigProperty | An object that determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin. |
CfnOriginRequestPolicy.IOriginRequestPolicyConfigProperty | An origin request policy configuration. |
CfnOriginRequestPolicy.IQueryStringsConfigProperty | An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin. |
CfnPublicKey.IPublicKeyConfigProperty | Configuration information about a public key that you can use with signed URLs and signed cookies , or with field-level encryption . |
CfnRealtimeLogConfig.IEndPointProperty | Contains information about the Amazon Kinesis data stream where you are sending real-time log data in a real-time log configuration. |
CfnRealtimeLogConfig.IKinesisStreamConfigProperty | Contains information about the Amazon Kinesis data stream where you are sending real-time log data. |
CfnResponseHeadersPolicy.IAccessControlAllowHeadersProperty | A list of HTTP header names that CloudFront includes as values for the |
CfnResponseHeadersPolicy.IAccessControlAllowMethodsProperty | A list of HTTP methods that CloudFront includes as values for the |
CfnResponseHeadersPolicy.IAccessControlAllowOriginsProperty | A list of origins (domain names) that CloudFront can use as the value for the |
CfnResponseHeadersPolicy.IAccessControlExposeHeadersProperty | A list of HTTP headers that CloudFront includes as values for the |
CfnResponseHeadersPolicy.IContentSecurityPolicyProperty | The policy directives and their values that CloudFront includes as values for the |
CfnResponseHeadersPolicy.IContentTypeOptionsProperty | Determines whether CloudFront includes the |
CfnResponseHeadersPolicy.ICorsConfigProperty | A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). |
CfnResponseHeadersPolicy.ICustomHeaderProperty | An HTTP response header name and its value. |
CfnResponseHeadersPolicy.ICustomHeadersConfigProperty | A list of HTTP response header names and their values. |
CfnResponseHeadersPolicy.IFrameOptionsProperty | Determines whether CloudFront includes the |
CfnResponseHeadersPolicy.IReferrerPolicyProperty | Determines whether CloudFront includes the |
CfnResponseHeadersPolicy.IRemoveHeaderProperty | The name of an HTTP header that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to. |
CfnResponseHeadersPolicy.IRemoveHeadersConfigProperty | A list of HTTP header names that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to. |
CfnResponseHeadersPolicy.IResponseHeadersPolicyConfigProperty | A response headers policy configuration. |
CfnResponseHeadersPolicy.ISecurityHeadersConfigProperty | A configuration for a set of security-related HTTP response headers. |
CfnResponseHeadersPolicy.IServerTimingHeadersConfigProperty | A configuration for enabling the |
CfnResponseHeadersPolicy.IStrictTransportSecurityProperty | Determines whether CloudFront includes the |
CfnResponseHeadersPolicy.IXSSProtectionProperty | Determines whether CloudFront includes the |
CfnStreamingDistribution.ILoggingProperty | A complex type that controls whether access logs are written for the streaming distribution. |
CfnStreamingDistribution.IS3OriginProperty | A complex type that contains information about the Amazon S3 bucket from which you want CloudFront to get your media files for distribution. |
CfnStreamingDistribution.IStreamingDistributionConfigProperty | The RTMP distribution's configuration information. |
CfnStreamingDistribution.ITrustedSignersProperty | A list of AWS accounts whose public keys CloudFront can use to verify the signatures of signed URLs and signed cookies. |
IAddBehaviorOptions | Options for adding a new behavior to a Distribution. |
IBehavior | A CloudFront behavior wrapper. |
IBehaviorOptions | Options for creating a new behavior. |
ICachePolicy | Represents a Cache Policy. |
ICachePolicyProps | Properties for creating a Cache Policy. |
ICfnCachePolicyProps | Properties for defining a |
ICfnCloudFrontOriginAccessIdentityProps | Properties for defining a |
ICfnContinuousDeploymentPolicyProps | Properties for defining a |
ICfnDistributionProps | Properties for defining a |
ICfnFunctionProps | Properties for defining a |
ICfnKeyGroupProps | Properties for defining a |
ICfnKeyValueStoreProps | Properties for defining a |
ICfnMonitoringSubscriptionProps | Properties for defining a |
ICfnOriginAccessControlProps | Properties for defining a |
ICfnOriginRequestPolicyProps | Properties for defining a |
ICfnPublicKeyProps | Properties for defining a |
ICfnRealtimeLogConfigProps | Properties for defining a |
ICfnResponseHeadersPolicyProps | Properties for defining a |
ICfnStreamingDistributionProps | Properties for defining a |
ICloudFrontWebDistributionAttributes | Attributes used to import a Distribution. |
ICloudFrontWebDistributionProps | |
ICustomOriginConfig | A custom origin configuration. |
IDistribution | Interface for CloudFront distributions. |
IDistributionAttributes | Attributes used to import a Distribution. |
IDistributionProps | Properties for a Distribution. |
IEdgeLambda | Represents a Lambda function version and event type when using Lambda@Edge. |
IErrorResponse | Options for configuring custom error responses. |
IFileCodeOptions | Options when reading the function's code from an external file. |
IFunction | Represents a CloudFront Function. |
IFunctionAssociation | Represents a CloudFront function and event type when using CF Functions. |
IFunctionAttributes | Attributes of an existing CloudFront Function to import it. |
IFunctionProps | Properties for creating a CloudFront Function. |
IKeyGroup | Represents a Key Group. |
IKeyGroupProps | Properties for creating a Public Key. |
IKeyValueStore | A CloudFront Key Value Store. |
IKeyValueStoreProps | The properties to create a Key Value Store. |
ILambdaFunctionAssociation | |
ILoggingConfiguration | Logging configuration for incoming requests. |
IOrigin | Represents the concept of a CloudFront Origin. |
IOriginAccessControl | Represents a CloudFront Origin Access Control. |
IOriginAccessControlBaseProps | Common properties for creating a Origin Access Control resource. |
IOriginAccessIdentity | Interface for CloudFront OriginAccessIdentity. |
IOriginAccessIdentityProps | Properties of CloudFront OriginAccessIdentity. |
IOriginBindConfig | The struct returned from |
IOriginBindOptions | Options passed to Origin.bind(). |
IOriginFailoverConfig | The failover configuration used for Origin Groups, returned in |
IOriginOptions | Options to define an Origin. |
IOriginProps | Properties to define an Origin. |
IOriginRequestPolicy | Represents a Origin Request Policy. |
IOriginRequestPolicyProps | Properties for creating a Origin Request Policy. |
IPublicKey | Represents a Public Key. |
IPublicKeyProps | Properties for creating a Public Key. |
IRealtimeLogConfig | Represents Realtime Log Configuration. |
IRealtimeLogConfigProps | Properties for defining a RealtimeLogConfig resource. |
IResponseCustomHeader | An HTTP response header name and its value. |
IResponseCustomHeadersBehavior | Configuration for a set of HTTP response headers that are sent for requests that match a cache behavior that’s associated with this response headers policy. |
IResponseHeadersContentSecurityPolicy | The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header. |
IResponseHeadersContentTypeOptions | Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. |
IResponseHeadersCorsBehavior | Configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). |
IResponseHeadersFrameOptions | Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header’s value. |
IResponseHeadersPolicy | Represents a response headers policy. |
IResponseHeadersPolicyProps | Properties for creating a Response Headers Policy. |
IResponseHeadersReferrerPolicy | Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header’s value. |
IResponseHeadersStrictTransportSecurity | Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header’s value. |
IResponseHeadersXSSProtection | Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header’s value. |
IResponseSecurityHeadersBehavior | Configuration for a set of security-related HTTP response headers. |
IS3OriginAccessControlProps | Properties for creating a S3 Origin Access Control resource. |
IS3OriginConfig | S3 origin configuration for CloudFront. |
ISourceConfiguration | A source configuration is a wrapper for CloudFront origins and behaviors. |
IViewerCertificateOptions |