Amazon CloudFront
API Reference (API Version 2018-06-18)


Updates the configuration for a web distribution.


When you update a distribution, there are more required fields than when you create a distribution. When you update your distribution by using this API action, follow the steps here to get the current configuration and then make your updates, to make sure that you include all of the required fields. To view a summary, see Required Fields for Create Distribution and Update Distribution in the Amazon CloudFront Developer Guide.

The update process includes getting the current distribution configuration, updating the XML document that is returned to make your changes, and then submitting an UpdateDistribution request to make the updates.

For information about updating a distribution using the CloudFront console instead, see Creating a Distribution in the Amazon CloudFront Developer Guide.

To update a web distribution using the CloudFront API

  1. Submit a GetDistributionConfig request to get the current configuration and an Etag header for the distribution.


    If you update the distribution again, you must get a new Etag header.

  2. Update the XML document that was returned in the response to your GetDistributionConfig request to include your changes.


    When you edit the XML file, be aware of the following:

    • You must strip out the ETag parameter that is returned.

    • Additional fields are required when you update a distribution. There may be fields included in the XML file for features that you haven't configured for your distribution. This is expected and required to successfully update the distribution.

    • You can't change the value of CallerReference. If you try to change this value, CloudFront returns an IllegalUpdate error.

    • The new configuration replaces the existing configuration; the values that you specify in an UpdateDistribution request are not merged into your existing configuration. When you add, delete, or replace values in an element that allows multiple values (for example, CNAME), you must specify all of the values that you want to appear in the updated distribution. In addition, you must update the corresponding Quantity element.

  3. Submit an UpdateDistribution request to update the configuration for your distribution:

    • In the request body, include the XML document that you updated in Step 2. The request body must include an XML document with a DistributionConfig element.

    • Set the value of the HTTP If-Match header to the value of the ETag header that CloudFront returned when you submitted the GetDistributionConfig request in Step 1.

  4. Review the response to the UpdateDistribution request to confirm that the configuration was successfully updated.

  5. Optional: Submit a GetDistribution request to confirm that your changes have propagated. When propagation is complete, the value of Status is Deployed.

Request Syntax

PUT /2018-06-18/distribution/Id/config HTTP/1.1 <?xml version="1.0" encoding="UTF-8"?> <DistributionConfig xmlns=""> <Aliases> <Items> <CNAME>string</CNAME> </Items> <Quantity>integer</Quantity> </Aliases> <CacheBehaviors> <Items> <CacheBehavior> <AllowedMethods> <CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </AllowedMethods> <Compress>boolean</Compress> <DefaultTTL>long</DefaultTTL> <FieldLevelEncryptionId>string</FieldLevelEncryptionId> <ForwardedValues> <Cookies> <Forward>string</Forward> <WhitelistedNames> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </WhitelistedNames> </Cookies> <Headers> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </Headers> <QueryString>boolean</QueryString> <QueryStringCacheKeys> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </QueryStringCacheKeys> </ForwardedValues> <LambdaFunctionAssociations> <Items> <LambdaFunctionAssociation> <EventType>string</EventType> <IncludeBody>boolean</IncludeBody> <LambdaFunctionARN>string</LambdaFunctionARN> </LambdaFunctionAssociation> </Items> <Quantity>integer</Quantity> </LambdaFunctionAssociations> <MaxTTL>long</MaxTTL> <MinTTL>long</MinTTL> <PathPattern>string</PathPattern> <SmoothStreaming>boolean</SmoothStreaming> <TargetOriginId>string</TargetOriginId> <TrustedSigners> <Enabled>boolean</Enabled> <Items> <AwsAccountNumber>string</AwsAccountNumber> </Items> <Quantity>integer</Quantity> </TrustedSigners> <ViewerProtocolPolicy>string</ViewerProtocolPolicy> </CacheBehavior> </Items> <Quantity>integer</Quantity> </CacheBehaviors> <CallerReference>string</CallerReference> <Comment>string</Comment> <CustomErrorResponses> <Items> <CustomErrorResponse> <ErrorCachingMinTTL>long</ErrorCachingMinTTL> <ErrorCode>integer</ErrorCode> <ResponseCode>string</ResponseCode> <ResponsePagePath>string</ResponsePagePath> </CustomErrorResponse> </Items> <Quantity>integer</Quantity> </CustomErrorResponses> <DefaultCacheBehavior> <AllowedMethods> <CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </AllowedMethods> <Compress>boolean</Compress> <DefaultTTL>long</DefaultTTL> <FieldLevelEncryptionId>string</FieldLevelEncryptionId> <ForwardedValues> <Cookies> <Forward>string</Forward> <WhitelistedNames> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </WhitelistedNames> </Cookies> <Headers> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </Headers> <QueryString>boolean</QueryString> <QueryStringCacheKeys> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </QueryStringCacheKeys> </ForwardedValues> <LambdaFunctionAssociations> <Items> <LambdaFunctionAssociation> <EventType>string</EventType> <IncludeBody>boolean</IncludeBody> <LambdaFunctionARN>string</LambdaFunctionARN> </LambdaFunctionAssociation> </Items> <Quantity>integer</Quantity> </LambdaFunctionAssociations> <MaxTTL>long</MaxTTL> <MinTTL>long</MinTTL> <SmoothStreaming>boolean</SmoothStreaming> <TargetOriginId>string</TargetOriginId> <TrustedSigners> <Enabled>boolean</Enabled> <Items> <AwsAccountNumber>string</AwsAccountNumber> </Items> <Quantity>integer</Quantity> </TrustedSigners> <ViewerProtocolPolicy>string</ViewerProtocolPolicy> </DefaultCacheBehavior> <DefaultRootObject>string</DefaultRootObject> <Enabled>boolean</Enabled> <HttpVersion>string</HttpVersion> <IsIPV6Enabled>boolean</IsIPV6Enabled> <Logging> <Bucket>string</Bucket> <Enabled>boolean</Enabled> <IncludeCookies>boolean</IncludeCookies> <Prefix>string</Prefix> </Logging> <Origins> <Items> <Origin> <CustomHeaders> <Items> <OriginCustomHeader> <HeaderName>string</HeaderName> <HeaderValue>string</HeaderValue> </OriginCustomHeader> </Items> <Quantity>integer</Quantity> </CustomHeaders> <CustomOriginConfig> <HTTPPort>integer</HTTPPort> <HTTPSPort>integer</HTTPSPort> <OriginKeepaliveTimeout>integer</OriginKeepaliveTimeout> <OriginProtocolPolicy>string</OriginProtocolPolicy> <OriginReadTimeout>integer</OriginReadTimeout> <OriginSslProtocols> <Items> <SslProtocol>string</SslProtocol> </Items> <Quantity>integer</Quantity> </OriginSslProtocols> </CustomOriginConfig> <DomainName>string</DomainName> <Id>string</Id> <OriginPath>string</OriginPath> <S3OriginConfig> <OriginAccessIdentity>string</OriginAccessIdentity> </S3OriginConfig> </Origin> </Items> <Quantity>integer</Quantity> </Origins> <PriceClass>string</PriceClass> <Restrictions> <GeoRestriction> <Items> <Location>string</Location> </Items> <Quantity>integer</Quantity> <RestrictionType>string</RestrictionType> </GeoRestriction> </Restrictions> <ViewerCertificate> <ACMCertificateArn>string</ACMCertificateArn> <Certificate>string</Certificate> <CertificateSource>string</CertificateSource> <CloudFrontDefaultCertificate>boolean</CloudFrontDefaultCertificate> <IAMCertificateId>string</IAMCertificateId> <MinimumProtocolVersion>string</MinimumProtocolVersion> <SSLSupportMethod>string</SSLSupportMethod> </ViewerCertificate> <WebACLId>string</WebACLId> </DistributionConfig>

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in XML format.


Root level tag for the DistributionConfig parameters.

Required: Yes


A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.

Type: Aliases object

Required: No


A complex type that contains zero or more CacheBehavior elements.

Type: CacheBehaviors object

Required: No


A unique value (for example, a date-time stamp) that ensures that the request can't be replayed.

If the value of CallerReference is new (regardless of the content of the DistributionConfig object), CloudFront creates a new distribution.

If CallerReference is a value that you already sent in a previous request to create a distribution, CloudFront returns a DistributionAlreadyExists error.

Type: String

Required: Yes


Any comments you want to include about the distribution.

If you don't want to specify a comment, include an empty Comment element.

To delete an existing comment, update the distribution configuration and include an empty Comment element.

To add or change a comment, update the distribution configuration and specify the new comment.

Type: String

Required: Yes


A complex type that controls the following:

  • Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer.

  • How long CloudFront caches HTTP status codes in the 4xx and 5xx range.

For more information about custom error pages, see Customizing Error Responses in the Amazon CloudFront Developer Guide.

Type: CustomErrorResponses object

Required: No


A complex type that describes the default cache behavior if you don't specify a CacheBehavior element or if files don't match any of the values of PathPattern in CacheBehavior elements. You must create exactly one default cache behavior.

Type: DefaultCacheBehavior object

Required: Yes


The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution ( instead of an object in your distribution ( Specifying a default root object avoids exposing the contents of your distribution.

Specify only the object name, for example, index.html. Don't add a / before the object name.

If you don't want to specify a default root object when you create a distribution, include an empty DefaultRootObject element.

To delete the default root object from an existing distribution, update the distribution configuration and include an empty DefaultRootObject element.

To replace the default root object, update the distribution configuration and specify the new object.

For more information about the default root object, see Creating a Default Root Object in the Amazon CloudFront Developer Guide.

Type: String

Required: No


From this field, you can enable or disable the selected distribution.

Type: Boolean

Required: Yes


(Optional) Specify the maximum HTTP version that you want viewers to use to communicate with CloudFront. The default value for new web distributions is http2. Viewers that don't support HTTP/2 automatically use an earlier HTTP version.

For viewers and CloudFront to use HTTP/2, viewers must support TLS 1.2 or later, and must support Server Name Identification (SNI).

In general, configuring CloudFront to communicate with viewers using HTTP/2 reduces latency. You can improve performance by optimizing for HTTP/2. For more information, do an Internet search for "http/2 optimization."

Type: String

Valid Values: http1.1 | http2

Required: No


If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.

In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.

If you're using an Amazon Route 53 alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:

  • You enable IPv6 for the distribution

  • You're using alternate domain names in the URLs for your objects

For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Amazon Route 53 Developer Guide.

If you created a CNAME resource record set, either with Amazon Route 53 or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.

Type: Boolean

Required: No


A complex type that controls whether access logs are written for the distribution.

For more information about logging, see Access Logs in the Amazon CloudFront Developer Guide.

Type: LoggingConfig object

Required: No


A complex type that contains information about origins for this distribution.

Type: Origins object

Required: Yes


The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations.

If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance.

For more information about price classes, see Choosing the Price Class for a CloudFront Distribution in the Amazon CloudFront Developer Guide. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see Amazon CloudFront Pricing. For price class information, scroll down to see the table at the bottom of the page.

Type: String

Valid Values: PriceClass_100 | PriceClass_200 | PriceClass_All

Required: No


A complex type that identifies ways in which you want to restrict distribution of your content.

Type: Restrictions object

Required: No


A complex type that specifies the following:

  • Whether you want viewers to use HTTP or HTTPS to request your objects.

  • If you want viewers to use HTTPS, whether you're using an alternate domain name such as or the CloudFront domain name for your distribution, such as

  • If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

You must specify only one of the following values:

Don't specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP instead of HTTPS to request your objects: Specify the following value:


In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

  • If you're using an alternate domain name, such as Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:

    • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

    • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.

    If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

    If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs ( If you use the domain name that is associated with your CloudFront distribution (such as and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

    • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.

    • sni-only: CloudFront drops the connection with the browser without returning the object.

  • If you're using the CloudFront domain name for your distribution, such as : Specify the following value:


If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:

  • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>

  • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>

You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:

  • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>

  • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Type: ViewerCertificate object

Required: No


A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution.

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about AWS WAF, see the AWS WAF Developer Guide.

Type: String

Required: No

Response Syntax

HTTP/1.1 200 <?xml version="1.0" encoding="UTF-8"?> <Distribution> <ActiveTrustedSigners> <Enabled>boolean</Enabled> <Items> <Signer> <AwsAccountNumber>string</AwsAccountNumber> <KeyPairIds> <Items> <KeyPairId>string</KeyPairId> </Items> <Quantity>integer</Quantity> </KeyPairIds> </Signer> </Items> <Quantity>integer</Quantity> </ActiveTrustedSigners> <ARN>string</ARN> <DistributionConfig> <Aliases> <Items> <CNAME>string</CNAME> </Items> <Quantity>integer</Quantity> </Aliases> <CacheBehaviors> <Items> <CacheBehavior> <AllowedMethods> <CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </AllowedMethods> <Compress>boolean</Compress> <DefaultTTL>long</DefaultTTL> <FieldLevelEncryptionId>string</FieldLevelEncryptionId> <ForwardedValues> <Cookies> <Forward>string</Forward> <WhitelistedNames> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </WhitelistedNames> </Cookies> <Headers> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </Headers> <QueryString>boolean</QueryString> <QueryStringCacheKeys> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </QueryStringCacheKeys> </ForwardedValues> <LambdaFunctionAssociations> <Items> <LambdaFunctionAssociation> <EventType>string</EventType> <IncludeBody>boolean</IncludeBody> <LambdaFunctionARN>string</LambdaFunctionARN> </LambdaFunctionAssociation> </Items> <Quantity>integer</Quantity> </LambdaFunctionAssociations> <MaxTTL>long</MaxTTL> <MinTTL>long</MinTTL> <PathPattern>string</PathPattern> <SmoothStreaming>boolean</SmoothStreaming> <TargetOriginId>string</TargetOriginId> <TrustedSigners> <Enabled>boolean</Enabled> <Items> <AwsAccountNumber>string</AwsAccountNumber> </Items> <Quantity>integer</Quantity> </TrustedSigners> <ViewerProtocolPolicy>string</ViewerProtocolPolicy> </CacheBehavior> </Items> <Quantity>integer</Quantity> </CacheBehaviors> <CallerReference>string</CallerReference> <Comment>string</Comment> <CustomErrorResponses> <Items> <CustomErrorResponse> <ErrorCachingMinTTL>long</ErrorCachingMinTTL> <ErrorCode>integer</ErrorCode> <ResponseCode>string</ResponseCode> <ResponsePagePath>string</ResponsePagePath> </CustomErrorResponse> </Items> <Quantity>integer</Quantity> </CustomErrorResponses> <DefaultCacheBehavior> <AllowedMethods> <CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </AllowedMethods> <Compress>boolean</Compress> <DefaultTTL>long</DefaultTTL> <FieldLevelEncryptionId>string</FieldLevelEncryptionId> <ForwardedValues> <Cookies> <Forward>string</Forward> <WhitelistedNames> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </WhitelistedNames> </Cookies> <Headers> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </Headers> <QueryString>boolean</QueryString> <QueryStringCacheKeys> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </QueryStringCacheKeys> </ForwardedValues> <LambdaFunctionAssociations> <Items> <LambdaFunctionAssociation> <EventType>string</EventType> <IncludeBody>boolean</IncludeBody> <LambdaFunctionARN>string</LambdaFunctionARN> </LambdaFunctionAssociation> </Items> <Quantity>integer</Quantity> </LambdaFunctionAssociations> <MaxTTL>long</MaxTTL> <MinTTL>long</MinTTL> <SmoothStreaming>boolean</SmoothStreaming> <TargetOriginId>string</TargetOriginId> <TrustedSigners> <Enabled>boolean</Enabled> <Items> <AwsAccountNumber>string</AwsAccountNumber> </Items> <Quantity>integer</Quantity> </TrustedSigners> <ViewerProtocolPolicy>string</ViewerProtocolPolicy> </DefaultCacheBehavior> <DefaultRootObject>string</DefaultRootObject> <Enabled>boolean</Enabled> <HttpVersion>string</HttpVersion> <IsIPV6Enabled>boolean</IsIPV6Enabled> <Logging> <Bucket>string</Bucket> <Enabled>boolean</Enabled> <IncludeCookies>boolean</IncludeCookies> <Prefix>string</Prefix> </Logging> <Origins> <Items> <Origin> <CustomHeaders> <Items> <OriginCustomHeader> <HeaderName>string</HeaderName> <HeaderValue>string</HeaderValue> </OriginCustomHeader> </Items> <Quantity>integer</Quantity> </CustomHeaders> <CustomOriginConfig> <HTTPPort>integer</HTTPPort> <HTTPSPort>integer</HTTPSPort> <OriginKeepaliveTimeout>integer</OriginKeepaliveTimeout> <OriginProtocolPolicy>string</OriginProtocolPolicy> <OriginReadTimeout>integer</OriginReadTimeout> <OriginSslProtocols> <Items> <SslProtocol>string</SslProtocol> </Items> <Quantity>integer</Quantity> </OriginSslProtocols> </CustomOriginConfig> <DomainName>string</DomainName> <Id>string</Id> <OriginPath>string</OriginPath> <S3OriginConfig> <OriginAccessIdentity>string</OriginAccessIdentity> </S3OriginConfig> </Origin> </Items> <Quantity>integer</Quantity> </Origins> <PriceClass>string</PriceClass> <Restrictions> <GeoRestriction> <Items> <Location>string</Location> </Items> <Quantity>integer</Quantity> <RestrictionType>string</RestrictionType> </GeoRestriction> </Restrictions> <ViewerCertificate> <ACMCertificateArn>string</ACMCertificateArn> <Certificate>string</Certificate> <CertificateSource>string</CertificateSource> <CloudFrontDefaultCertificate>boolean</CloudFrontDefaultCertificate> <IAMCertificateId>string</IAMCertificateId> <MinimumProtocolVersion>string</MinimumProtocolVersion> <SSLSupportMethod>string</SSLSupportMethod> </ViewerCertificate> <WebACLId>string</WebACLId> </DistributionConfig> <DomainName>string</DomainName> <Id>string</Id> <InProgressInvalidationBatches>integer</InProgressInvalidationBatches> <LastModifiedTime>timestamp</LastModifiedTime> <Status>string</Status> </Distribution>

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in XML format by the service.


Root level tag for the Distribution parameters.

Required: Yes


CloudFront automatically adds this element to the response only if you've set up the distribution to serve private content with signed URLs. The element lists the key pair IDs that CloudFront is aware of for each trusted signer. The Signer child element lists the AWS account number of the trusted signer (or an empty Self element if the signer is you). The Signer element also includes the IDs of any active key pairs associated with the trusted signer's AWS account. If no KeyPairId element appears for a Signer, that signer can't create working signed URLs.

Type: ActiveTrustedSigners object


The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

Type: String


The current configuration information for the distribution. Send a GET request to the /CloudFront API version/distribution ID/config resource.

Type: DistributionConfig object


The domain name corresponding to the distribution, for example,

Type: String


The identifier for the distribution. For example: EDFDVBD632BHDS5.

Type: String


The number of invalidation batches currently in progress.

Type: Integer


The date and time the distribution was last modified.

Type: Timestamp


This response element indicates the current status of the distribution. When the status is Deployed, the distribution's information is fully propagated to all CloudFront edge locations.

Type: String


For information about the errors that are common to all actions, see Common Errors.


Access denied.

HTTP Status Code: 403


HTTP Status Code: 409


The specified configuration for field-level encryption can't be associated with the specified cache behavior.

HTTP Status Code: 400


Origin and CallerReference cannot be updated.

HTTP Status Code: 400


The value of Quantity and the size of Items don't match.

HTTP Status Code: 400


The argument is invalid.

HTTP Status Code: 400


The default root object file name is too big or contains an invalid character.

HTTP Status Code: 400


HTTP Status Code: 400


Your request contains forward cookies option which doesn't match with the expectation for the whitelisted list of cookie names. Either list of cookie names has been specified when not allowed or list of cookie names is missing when expected.

HTTP Status Code: 400


HTTP Status Code: 400


HTTP Status Code: 400


The If-Match version is missing or not valid for the distribution.

HTTP Status Code: 400


The specified Lambda function association is invalid.

HTTP Status Code: 400


HTTP Status Code: 400


HTTP Status Code: 400


The origin access identity is not valid or doesn't exist.

HTTP Status Code: 400


HTTP Status Code: 400


HTTP Status Code: 400


HTTP Status Code: 400


The relative path is too big, is not URL-encoded, or does not begin with a slash (/).

HTTP Status Code: 400


This operation requires the HTTPS protocol. Ensure that you specify the HTTPS protocol in your request, or omit the RequiredProtocols element from your distribution configuration.

HTTP Status Code: 400


HTTP Status Code: 400


HTTP Status Code: 400


HTTP Status Code: 400


HTTP Status Code: 400


This operation requires a body. Ensure that the body is present and the Content-Type header is set.

HTTP Status Code: 400


The specified distribution does not exist.

HTTP Status Code: 404


The specified configuration for field-level encryption doesn't exist.

HTTP Status Code: 404


No origin exists with the specified Origin Id.

HTTP Status Code: 404


The precondition given in one or more of the request-header fields evaluated to false.

HTTP Status Code: 412


You cannot create more cache behaviors for the distribution.

HTTP Status Code: 400


You cannot create anymore custom SSL/TLS certificates.

HTTP Status Code: 400


Your request contains more cookie names in the whitelist than are allowed per cache behavior.

HTTP Status Code: 400


Your request contains more CNAMEs than are allowed per distribution.

HTTP Status Code: 400


The maximum number of distributions have been associated with the specified configuration for field-level encryption.

HTTP Status Code: 400


Processing your request would cause the maximum number of distributions with Lambda function associations per owner to be exceeded.

HTTP Status Code: 400


HTTP Status Code: 400


Your request contains more Lambda function associations than are allowed per distribution.

HTTP Status Code: 400


HTTP Status Code: 400


You cannot create more origins for the distribution.

HTTP Status Code: 400


HTTP Status Code: 400


Your request contains more trusted signers than are allowed per distribution.

HTTP Status Code: 400


One or more of your trusted signers don't exist.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: