ViewerCertificate

class aws_cdk.aws_cloudfront.ViewerCertificate(*args: Any, **kwargs)

Bases: object

Viewer certificate configuration class.

ExampleMetadata:

lit=aws-cloudfront/test/example.iam-cert-alias.lit.ts infused

Example:

s3_bucket_source = s3.Bucket(self, "Bucket")

distribution = cloudfront.CloudFrontWebDistribution(self, "AnAmazingWebsiteProbably",
    origin_configs=[cloudfront.aws_cloudfront.SourceConfiguration(
        s3_origin_source=cloudfront.aws_cloudfront.S3OriginConfig(s3_bucket_source=s3_bucket_source),
        behaviors=[cloudfront.aws_cloudfront.Behavior(is_default_behavior=True)]
    )],
    viewer_certificate=cloudfront.ViewerCertificate.from_iam_certificate("certificateId",
        aliases=["example.com"],
        security_policy=cloudfront.SecurityPolicyProtocol.SSL_V3,  # default
        ssl_method=cloudfront.SSLMethod.SNI
    )
)

Attributes

aliases
props

Static Methods

classmethod from_acm_certificate(certificate, *, aliases=None, security_policy=None, ssl_method=None)

Generate an AWS Certificate Manager (ACM) viewer certificate configuration.

Parameters:

  • certificate (ICertificate) – AWS Certificate Manager (ACM) certificate. Your certificate must be located in the us-east-1 (US East (N. Virginia)) region to be accessed by CloudFront

  • aliases (Optional[Sequence[str]]) – Domain names on the certificate (both main domain name and Subject Alternative names).

  • security_policy (Optional[SecurityPolicyProtocol]) – The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify. Default: - SSLv3 if sslMethod VIP, TLSv1 if sslMethod SNI

  • ssl_method (Optional[SSLMethod]) – How CloudFront should serve HTTPS requests. See the notes on SSLMethod if you wish to use other SSL termination types. Default: SSLMethod.SNI

Return type:

ViewerCertificate

classmethod from_cloud_front_default_certificate(*aliases)

Generate a viewer certificate configuration using the CloudFront default certificate (e.g. d111111abcdef8.cloudfront.net) and a SecurityPolicyProtocol.TLS_V1 security policy.

Parameters:

aliases (str) – Alternative CNAME aliases You also must create a CNAME record with your DNS service to route queries.

Return type:

ViewerCertificate

classmethod from_iam_certificate(iam_certificate_id, *, aliases=None, security_policy=None, ssl_method=None)

Generate an IAM viewer certificate configuration.

Parameters:

  • iam_certificate_id (str) – Identifier of the IAM certificate.

  • aliases (Optional[Sequence[str]]) – Domain names on the certificate (both main domain name and Subject Alternative names).

  • security_policy (Optional[SecurityPolicyProtocol]) – The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify. Default: - SSLv3 if sslMethod VIP, TLSv1 if sslMethod SNI

  • ssl_method (Optional[SSLMethod]) – How CloudFront should serve HTTPS requests. See the notes on SSLMethod if you wish to use other SSL termination types. Default: SSLMethod.SNI

Return type:

ViewerCertificate