DistributionProps
- class aws_cdk.aws_cloudfront.DistributionProps(*, default_behavior, additional_behaviors=None, certificate=None, comment=None, default_root_object=None, domain_names=None, enabled=None, enable_ipv6=None, enable_logging=None, error_responses=None, geo_restriction=None, http_version=None, log_bucket=None, log_file_prefix=None, log_includes_cookies=None, minimum_protocol_version=None, price_class=None, publish_additional_metrics=None, ssl_support_method=None, web_acl_id=None)
Bases:
object
Properties for a Distribution.
- Parameters:
default_behavior (
Union
[BehaviorOptions
,Dict
[str
,Any
]]) – The default behavior for the distribution.additional_behaviors (
Optional
[Mapping
[str
,Union
[BehaviorOptions
,Dict
[str
,Any
]]]]) – Additional behaviors for the distribution, mapped by the pathPattern that specifies which requests to apply the behavior to. Default: - no additional behaviors are added.certificate (
Optional
[ICertificate
]) – A certificate to associate with the distribution. The certificate must be located in N. Virginia (us-east-1). Default: - the CloudFront wildcard certificate (*.cloudfront.net) will be used.comment (
Optional
[str
]) – Any comments you want to include about the distribution. Default: - no commentdefault_root_object (
Optional
[str
]) – The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin’s root (e.g., example.com/). Default: - no default root objectdomain_names (
Optional
[Sequence
[str
]]) – Alternative domain names for this distribution. If you want to use your own domain name, such as www.example.com, instead of the cloudfront.net domain name, you can add an alternate domain name to your distribution. If you attach a certificate to the distribution, you should add (at least one of) the domain names of the certificate to this list. When you want to move a domain name between distributions, you can associate a certificate without specifying any domain names. For more information, see the Moving an alternate domain name to a different distribution section in the README. Default: - The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)enabled (
Optional
[bool
]) – Enable or disable the distribution. Default: trueenable_ipv6 (
Optional
[bool
]) – Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution. Default: trueenable_logging (
Optional
[bool
]) – Enable access logging for the distribution. Default: - false, unlesslogBucket
is specified.error_responses (
Optional
[Sequence
[Union
[ErrorResponse
,Dict
[str
,Any
]]]]) – How CloudFront should handle requests that are not successful (e.g., PageNotFound). Default: - No custom error responses.geo_restriction (
Optional
[GeoRestriction
]) – Controls the countries in which your content is distributed. Default: - No geographic restrictionshttp_version (
Optional
[HttpVersion
]) – Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. For viewers and CloudFront to use HTTP/2, viewers must support TLS 1.2 or later, and must support server name identification (SNI). Default: HttpVersion.HTTP2log_bucket (
Optional
[IBucket
]) – The Amazon S3 bucket to store the access logs in. Make sure to setobjectOwnership
tos3.ObjectOwnership.OBJECT_WRITER
in your custom bucket. Default: - A bucket is created ifenableLogging
is truelog_file_prefix (
Optional
[str
]) – An optional string that you want CloudFront to prefix to the access log filenames for this distribution. Default: - no prefixlog_includes_cookies (
Optional
[bool
]) – Specifies whether you want CloudFront to include cookies in access logs. Default: falseminimum_protocol_version (
Optional
[SecurityPolicyProtocol
]) – The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify. Default: - SecurityPolicyProtocol.TLS_V1_2_2021 if the ‘@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021’ feature flag is set; otherwise, SecurityPolicyProtocol.TLS_V1_2_2019.price_class (
Optional
[PriceClass
]) – The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Default: PriceClass.PRICE_CLASS_ALLpublish_additional_metrics (
Optional
[bool
]) – Whether to enable additional CloudWatch metrics. Default: falsessl_support_method (
Optional
[SSLMethod
]) – The SSL method CloudFront will use for your distribution. Server Name Indication (SNI) - is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. CloudFront can use SNI to host multiple distributions on the same IP - which a large majority of clients will support. If your clients cannot support SNI however - CloudFront can use dedicated IPs for your distribution - but there is a prorated monthly charge for using this feature. By default, we use SNI - but you can optionally enable dedicated IPs (VIP). See the CloudFront SSL for more details about pricing : https://aws.amazon.com/cloudfront/custom-ssl-domains/ Default: SSLMethod.SNIweb_acl_id (
Optional
[str
]) – Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution. To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for examplearn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a
. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example473e64fd-f30b-4765-81a0-62ad96dd167a
. Default: - No AWS Web Application Firewall web access control list (web ACL).
- ExampleMetadata:
infused
Example:
# Adding an existing Lambda@Edge function created in a different stack # to a CloudFront distribution. # s3_bucket: s3.Bucket function_version = lambda_.Version.from_version_arn(self, "Version", "arn:aws:lambda:us-east-1:123456789012:function:functionName:1") cloudfront.Distribution(self, "distro", default_behavior=cloudfront.BehaviorOptions( origin=origins.S3Origin(s3_bucket), edge_lambdas=[cloudfront.EdgeLambda( function_version=function_version, event_type=cloudfront.LambdaEdgeEventType.VIEWER_REQUEST ) ] ) )
Attributes
- additional_behaviors
Additional behaviors for the distribution, mapped by the pathPattern that specifies which requests to apply the behavior to.
- Default:
no additional behaviors are added.
- certificate
A certificate to associate with the distribution.
The certificate must be located in N. Virginia (us-east-1).
- Default:
the CloudFront wildcard certificate (*.cloudfront.net) will be used.
- comment
Any comments you want to include about the distribution.
- Default:
no comment
- default_behavior
The default behavior for the distribution.
- default_root_object
The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. If no default object is set, the request goes to the origin’s root (e.g., example.com/).
- Default:
no default root object
- domain_names
Alternative domain names for this distribution.
If you want to use your own domain name, such as www.example.com, instead of the cloudfront.net domain name, you can add an alternate domain name to your distribution. If you attach a certificate to the distribution, you should add (at least one of) the domain names of the certificate to this list.
When you want to move a domain name between distributions, you can associate a certificate without specifying any domain names. For more information, see the Moving an alternate domain name to a different distribution section in the README.
- Default:
The distribution will only support the default generated name (e.g., d111111abcdef8.cloudfront.net)
- enable_ipv6
Whether CloudFront will respond to IPv6 DNS requests with an IPv6 address.
If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.
- Default:
true
- enable_logging
Enable access logging for the distribution.
- Default:
false, unless
logBucket
is specified.
- enabled
Enable or disable the distribution.
- Default:
true
- error_responses
How CloudFront should handle requests that are not successful (e.g., PageNotFound).
- Default:
No custom error responses.
- geo_restriction
Controls the countries in which your content is distributed.
- Default:
No geographic restrictions
- http_version
Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront.
For viewers and CloudFront to use HTTP/2, viewers must support TLS 1.2 or later, and must support server name identification (SNI).
- Default:
HttpVersion.HTTP2
- log_bucket
The Amazon S3 bucket to store the access logs in.
Make sure to set
objectOwnership
tos3.ObjectOwnership.OBJECT_WRITER
in your custom bucket.- Default:
A bucket is created if
enableLogging
is true
- log_file_prefix
An optional string that you want CloudFront to prefix to the access log filenames for this distribution.
- Default:
no prefix
- log_includes_cookies
Specifies whether you want CloudFront to include cookies in access logs.
- Default:
false
- minimum_protocol_version
The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections.
CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify.
- Default:
SecurityPolicyProtocol.TLS_V1_2_2021 if the ‘@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021’ feature flag is set; otherwise, SecurityPolicyProtocol.TLS_V1_2_2019.
- price_class
The price class that corresponds with the maximum price that you want to pay for CloudFront service.
If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class.
- Default:
PriceClass.PRICE_CLASS_ALL
- publish_additional_metrics
Whether to enable additional CloudWatch metrics.
- ssl_support_method
The SSL method CloudFront will use for your distribution.
Server Name Indication (SNI) - is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate.
CloudFront can use SNI to host multiple distributions on the same IP - which a large majority of clients will support.
If your clients cannot support SNI however - CloudFront can use dedicated IPs for your distribution - but there is a prorated monthly charge for using this feature. By default, we use SNI - but you can optionally enable dedicated IPs (VIP).
See the CloudFront SSL for more details about pricing : https://aws.amazon.com/cloudfront/custom-ssl-domains/
- Default:
SSLMethod.SNI
- web_acl_id
Unique identifier that specifies the AWS WAF web ACL to associate with this CloudFront distribution.
To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example
arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a
. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example473e64fd-f30b-4765-81a0-62ad96dd167a
.- Default:
No AWS Web Application Firewall web access control list (web ACL).
- See: