CloudFront: New-CFDistribution Cmdlet | AWS Tools for PowerShell

Synopsis

Calls the Amazon CloudFront CreateDistribution API operation.

Syntax

New-CFDistribution
-ViewerCertificate_ACMCertificateArn <String>
-DistributionConfig_AnycastIpListId <String>
-Logging_Bucket <String>
-DefaultCacheBehavior_CachePolicyId <String>
-DistributionConfig_CallerReference <String>
-ViewerCertificate_CloudFrontDefaultCertificate <Boolean>
-DistributionConfig_Comment <String>
-DefaultCacheBehavior_Compress <Boolean>
-DistributionConfig_ContinuousDeploymentPolicyId <String>
-DistributionConfig_DefaultRootObject <String>
-GrpcConfig_Enabled <Boolean>
-TrustedKeyGroups_Enabled <Boolean>
-TrustedSigners_Enabled <Boolean>
-DistributionConfig_Enabled <Boolean>
-Logging_Enabled <Boolean>
-DefaultCacheBehavior_FieldLevelEncryptionId <String>
-Cookies_Forward <ItemSelection>
-DistributionConfig_HttpVersion <HttpVersion>
-ViewerCertificate_IAMCertificateId <String>
-Logging_IncludeCookie <Boolean>
-DistributionConfig_IsIPV6Enabled <Boolean>
-Aliases_Item <String[]>
-CacheBehaviors_Item <CacheBehavior[]>
-CustomErrorResponses_Item <CustomErrorResponse[]>
-CachedMethods_Item <String[]>
-AllowedMethods_Item <String[]>
-WhitelistedNames_Item <String[]>
-Headers_Item <String[]>
-QueryStringCacheKeys_Item <String[]>
-FunctionAssociations_Item <FunctionAssociation[]>
-LambdaFunctionAssociations_Item <LambdaFunctionAssociation[]>
-TrustedKeyGroups_Item <String[]>
-TrustedSigners_Item <String[]>
-OriginGroups_Item <OriginGroup[]>
-Origins_Item <Origin[]>
-GeoRestriction_Item <String[]>
-ViewerCertificate_MinimumProtocolVersion <MinimumProtocolVersion>
-DefaultCacheBehavior_OriginRequestPolicyId <String>
-Logging_Prefix <String>
-DistributionConfig_PriceClass <PriceClass>
-Aliases_Quantity <Int32>
-CacheBehaviors_Quantity <Int32>
-CustomErrorResponses_Quantity <Int32>
-CachedMethods_Quantity <Int32>
-AllowedMethods_Quantity <Int32>
-WhitelistedNames_Quantity <Int32>
-Headers_Quantity <Int32>
-QueryStringCacheKeys_Quantity <Int32>
-FunctionAssociations_Quantity <Int32>
-LambdaFunctionAssociations_Quantity <Int32>
-TrustedKeyGroups_Quantity <Int32>
-TrustedSigners_Quantity <Int32>
-OriginGroups_Quantity <Int32>
-Origins_Quantity <Int32>
-GeoRestriction_Quantity <Int32>
-ForwardedValues_QueryString <Boolean>
-DefaultCacheBehavior_RealtimeLogConfigArn <String>
-DefaultCacheBehavior_ResponseHeadersPolicyId <String>
-GeoRestriction_RestrictionType <GeoRestrictionType>
-DefaultCacheBehavior_SmoothStreaming <Boolean>
-ViewerCertificate_SSLSupportMethod <SSLSupportMethod>
-DistributionConfig_Staging <Boolean>
-DefaultCacheBehavior_TargetOriginId <String>
-DefaultCacheBehavior_ViewerProtocolPolicy <ViewerProtocolPolicy>
-DistributionConfig_WebACLId <String>
-ViewerCertificate_Certificate <String>
-ViewerCertificate_CertificateSource <CertificateSource>
-DefaultCacheBehavior_DefaultTTL <Int64>
-DefaultCacheBehavior_MaxTTL <Int64>
-DefaultCacheBehavior_MinTTL <Int64>
-Select <String>
-Force <SwitchParameter>
-ClientConfig <AmazonCloudFrontConfig>

Description

Creates a CloudFront distribution.

Parameters

-Aliases_Item <String[]>

A complex type that contains the CNAME aliases, if any, that you want to associate with this distribution.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Aliases_Items

-Aliases_Quantity <Int32>

The number of CNAME aliases, if any, that you want to associate with this distribution.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Aliases_Quantity

-AllowedMethods_Item <String[]>

A complex type that contains the HTTP methods that you want CloudFront to process and forward to your origin.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_AllowedMethods_Items

-AllowedMethods_Quantity <Int32>

The number of HTTP methods that you want CloudFront to forward to your origin. Valid values are 2 (for GET and HEAD requests), 3 (for GET, HEAD, and OPTIONS requests) and 7 (for GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE requests).

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_AllowedMethods_Quantity

-CacheBehaviors_Item <CacheBehavior[]>

Optional: A complex type that contains cache behaviors for this distribution. If Quantity is 0, you can omit Items.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_CacheBehaviors_Items

-CacheBehaviors_Quantity <Int32>

The number of cache behaviors for this distribution.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_CacheBehaviors_Quantity

-CachedMethods_Item <String[]>

A complex type that contains the HTTP methods that you want CloudFront to cache responses to. Valid values for CachedMethods include GET, HEAD, and OPTIONS, depending on which caching option you choose. For more information, see the preceding section.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_AllowedMethods_CachedMethods_Items

-CachedMethods_Quantity <Int32>

The number of HTTP methods for which you want CloudFront to cache responses. Valid values are 2 (for caching responses to GET and HEAD requests) and 3 (for caching responses to GET, HEAD, and OPTIONS requests).

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_AllowedMethods_CachedMethods_Quantity

-ClientConfig <AmazonCloudFrontConfig>

Amazon.PowerShell.Cmdlets.CF.AmazonCloudFrontClientCmdlet.ClientConfig

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-Cookies_Forward <ItemSelection>

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.If you want to include cookies in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.If you want to send cookies to the origin but not include them in the cache key, use origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.Specifies which cookies to forward to the origin for this cache behavior: all, none, or the list of cookies specified in the WhitelistedNames complex type.Amazon S3 doesn't process cookies. When the cache behavior is forwarding requests to an Amazon S3 origin, specify none for the Forward element.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ForwardedValues_Cookies_Forward

-CustomErrorResponses_Item <CustomErrorResponse[]>

A complex type that contains a CustomErrorResponse element for each HTTP status code for which you want to specify a custom error page and/or a caching duration.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_CustomErrorResponses_Items

-CustomErrorResponses_Quantity <Int32>

The number of HTTP status codes for which you want to specify a custom error page and/or a caching duration. If Quantity is 0, you can omit Items.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_CustomErrorResponses_Quantity

-DefaultCacheBehavior_CachePolicyId <String>

The unique identifier of the cache policy that is attached to the default cache behavior. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.A DefaultCacheBehavior must include either a CachePolicyId or ForwardedValues. We recommend that you use a CachePolicyId.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_CachePolicyId

-DefaultCacheBehavior_Compress <Boolean>

Whether you want CloudFront to automatically compress certain files for this cache behavior. If so, specify true; if not, specify false. For more information, see Serving Compressed Files in the Amazon CloudFront Developer Guide.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_Compress

-DefaultCacheBehavior_DefaultTTL <Int64>

This field is deprecated. We recommend that you use the DefaultTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.The default amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin does not add HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.This parameter is deprecated.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_DefaultTTL

-DefaultCacheBehavior_FieldLevelEncryptionId <String>

The value of ID for the field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data for the default cache behavior.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_FieldLevelEncryptionId

-DefaultCacheBehavior_MaxTTL <Int64>

This field is deprecated. We recommend that you use the MaxTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.The maximum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. The value that you specify applies only when your origin adds HTTP headers such as Cache-Control max-age, Cache-Control s-maxage, and Expires to objects. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.This parameter is deprecated.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_MaxTTL

-DefaultCacheBehavior_MinTTL <Int64>

This field is deprecated. We recommend that you use the MinTTL field in a cache policy instead of this field. For more information, see Creating cache policies or Using the managed cache policies in the Amazon CloudFront Developer Guide.The minimum amount of time that you want objects to stay in CloudFront caches before CloudFront forwards another request to your origin to determine whether the object has been updated. For more information, see Managing How Long Content Stays in an Edge Cache (Expiration) in the Amazon CloudFront Developer Guide.You must specify 0 for MinTTL if you configure CloudFront to forward all headers to your origin (under Headers, if you specify 1 for Quantity and * for Name).This parameter is deprecated.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_MinTTL

-DefaultCacheBehavior_OriginRequestPolicyId <String>

The unique identifier of the origin request policy that is attached to the default cache behavior. For more information, see Creating origin request policies or Using the managed origin request policies in the Amazon CloudFront Developer Guide.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_OriginRequestPolicyId

-DefaultCacheBehavior_RealtimeLogConfigArn <String>

The Amazon Resource Name (ARN) of the real-time log configuration that is attached to this cache behavior. For more information, see Real-time logs in the Amazon CloudFront Developer Guide.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_RealtimeLogConfigArn

-DefaultCacheBehavior_ResponseHeadersPolicyId <String>

The identifier for a response headers policy.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ResponseHeadersPolicyId

-DefaultCacheBehavior_SmoothStreaming <Boolean>

Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true; if not, specify false. If you specify true for SmoothStreaming, you can still distribute other content using this cache behavior if the content matches the value of PathPattern.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_SmoothStreaming

-DefaultCacheBehavior_TargetOriginId <String>

The value of ID for the origin that you want CloudFront to route requests to when they use the default cache behavior.

Required?	True
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_TargetOriginId

-DefaultCacheBehavior_ViewerProtocolPolicy <ViewerProtocolPolicy>

The protocol that viewers can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. You can specify the following options:

allow-all: Viewers can use HTTP or HTTPS.
redirect-to-https: If a viewer submits an HTTP request, CloudFront returns an HTTP status code of 301 (Moved Permanently) to the viewer along with the HTTPS URL. The viewer then resubmits the request using the new URL.
https-only: If a viewer sends an HTTP request, CloudFront returns an HTTP status code of 403 (Forbidden).

For more information about requiring the HTTPS protocol, see Requiring HTTPS Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects' cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see Managing Cache Expiration in the Amazon CloudFront Developer Guide.

Required?	True
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ViewerProtocolPolicy

-DistributionConfig_AnycastIpListId <String>

ID of the Anycast static IP list that is associated with the distribution.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_CallerReference <String>

A unique value (for example, a date-time stamp) that ensures that the request can't be replayed.If the value of CallerReference is new (regardless of the content of the DistributionConfig object), CloudFront creates a new distribution.If CallerReference is a value that you already sent in a previous request to create a distribution, CloudFront returns a DistributionAlreadyExists error.

Required?	True
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_Comment <String>

A comment to describe the distribution. The comment cannot be longer than 128 characters.

Required?	True
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_ContinuousDeploymentPolicyId <String>

The identifier of a continuous deployment policy. For more information, see CreateContinuousDeploymentPolicy.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_DefaultRootObject <String>

When a viewer requests the root URL for your distribution, the default root object is the object that you want CloudFront to request from your origin. For example, if your root URL is https://www.example.com, you can specify CloudFront to return the index.html file as the default root object. You can specify a default root object so that viewers see a specific file or object, instead of another object in your distribution (for example, https://www.example.com/product-description.html). A default root object avoids exposing the contents of your distribution.You can specify the object name or a path to the object name (for example, index.html or exampleFolderName/index.html). Your string can't begin with a forward slash (/). Only specify the object name or the path to the object.If you don't want to specify a default root object when you create a distribution, include an empty DefaultRootObject element.To delete the default root object from an existing distribution, update the distribution configuration and include an empty DefaultRootObject element.To replace the default root object, update the distribution configuration and specify the new object.For more information about the default root object, see Specify a default root object in the Amazon CloudFront Developer Guide.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_Enabled <Boolean>

From this field, you can enable or disable the selected distribution.

Required?	True
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_HttpVersion <HttpVersion>

(Optional) Specify the HTTP version(s) that you want viewers to use to communicate with CloudFront. The default value for new web distributions is http2. Viewers that don't support HTTP/2 automatically use an earlier HTTP version.For viewers and CloudFront to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI).For viewers and CloudFront to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CloudFront supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see Connection Migration at RFC 9000. For more information about supported TLSv1.3 ciphers, see Supported protocols and ciphers between viewers and CloudFront.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_IsIPV6Enabled <Boolean>

If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.If you're using an Route 53 Amazon Web Services Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:

You enable IPv6 for the distribution
You're using alternate domain names in the URLs for your objects

For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Route 53 Amazon Web Services Integration Developer Guide.If you created a CNAME resource record set, either with Route 53 Amazon Web Services Integration or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_PriceClass <PriceClass>

The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations.If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance.For more information about price classes, see Choosing the Price Class for a CloudFront Distribution in the Amazon CloudFront Developer Guide. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see Amazon CloudFront Pricing.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_Staging <Boolean>

A Boolean that indicates whether this is a staging distribution. When this value is true, this is a staging distribution. When this value is false, this is not a staging distribution.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-DistributionConfig_WebACLId <String>

A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. To specify a web ACL created using WAF Classic, use the ACL ID, for example a1b2c3d4-5678-90ab-cdef-EXAMPLE11111.WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the WAF Developer Guide.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-Force <SwitchParameter>

This parameter overrides confirmation prompts to force the cmdlet to continue its operation. This parameter should always be used with caution.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-ForwardedValues_QueryString <Boolean>

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.If you want to include query strings in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.If you want to send query strings to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior and cache based on the query string parameters. CloudFront behavior depends on the value of QueryString and on the values that you specify for QueryStringCacheKeys, if any:If you specify true for QueryString and you don't specify any values for QueryStringCacheKeys, CloudFront forwards all query string parameters to the origin and caches based on all query string parameters. Depending on how many query string parameters and values you have, this can adversely affect performance because CloudFront must forward more requests to the origin.If you specify true for QueryString and you specify one or more values for QueryStringCacheKeys, CloudFront forwards all query string parameters to the origin, but it only caches based on the query string parameters that you specify.If you specify false for QueryString, CloudFront doesn't forward any query string parameters to the origin, and doesn't cache based on query string parameters.For more information, see Configuring CloudFront to Cache Based on Query String Parameters in the Amazon CloudFront Developer Guide.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ForwardedValues_QueryString

-FunctionAssociations_Item <FunctionAssociation[]>

The CloudFront functions that are associated with a cache behavior in a CloudFront distribution. Your functions must be published to the LIVE stage to associate them with a cache behavior.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_FunctionAssociations_Items

-FunctionAssociations_Quantity <Int32>

The number of CloudFront functions in the list.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_FunctionAssociations_Quantity

-GeoRestriction_Item <String[]>

A complex type that contains a Location element for each country in which you want CloudFront either to distribute your content (whitelist) or not distribute your content (blacklist).The Location element is a two-letter, uppercase country code for a country that you want to include in your blacklist or whitelist. Include one Location element for each country.CloudFront and MaxMind both use ISO 3166 country codes. For the current list of countries and the corresponding codes, see ISO 3166-1-alpha-2 code on the International Organization for Standardization website. You can also refer to the country list on the CloudFront console, which includes both country names and codes.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Restrictions_GeoRestriction_Items

-GeoRestriction_Quantity <Int32>

When geo restriction is enabled, this is the number of countries in your whitelist or blacklist. Otherwise, when it is not enabled, Quantity is 0, and you can omit Items.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Restrictions_GeoRestriction_Quantity

-GeoRestriction_RestrictionType <GeoRestrictionType>

The method that you want to use to restrict distribution of your content by country:

none: No geo restriction is enabled, meaning access to content is not restricted by client geo location.
blacklist: The Location elements specify the countries in which you don't want CloudFront to distribute your content.
whitelist: The Location elements specify the countries in which you want CloudFront to distribute your content.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Restrictions_GeoRestriction_RestrictionType

-GrpcConfig_Enabled <Boolean>

Enables your CloudFront distribution to receive gRPC requests and to proxy them directly to your origins.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_GrpcConfig_Enabled

-Headers_Item <String[]>

A list of HTTP header names.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ForwardedValues_Headers_Items

-Headers_Quantity <Int32>

The number of header names in the Items list.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ForwardedValues_Headers_Quantity

-LambdaFunctionAssociations_Item <LambdaFunctionAssociation[]>

Optional: A complex type that contains LambdaFunctionAssociation items for this cache behavior. If Quantity is 0, you can omit Items.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_LambdaFunctionAssociations_Items

-LambdaFunctionAssociations_Quantity <Int32>

The number of Lambda@Edge function associations for this cache behavior.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_LambdaFunctionAssociations_Quantity

-Logging_Bucket <String>

The Amazon S3 bucket to store the access logs in, for example, amzn-s3-demo-bucket.s3.amazonaws.com.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Logging_Bucket

-Logging_Enabled <Boolean>

Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you don't want to enable logging when you create a distribution or if you want to disable logging for an existing distribution, specify false for Enabled, and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket and prefix, the values are automatically deleted.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Logging_Enabled

-Logging_IncludeCookie <Boolean>

Specifies whether you want CloudFront to include cookies in access logs, specify true for IncludeCookies. If you choose to include cookies in logs, CloudFront logs all cookies regardless of how you configure the cache behaviors for this distribution. If you don't want to include cookies when you create a distribution or if you want to disable include cookies for an existing distribution, specify false for IncludeCookies.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Logging_IncludeCookies

-Logging_Prefix <String>

An optional string that you want CloudFront to prefix to the access log filenames for this distribution, for example, myprefix/. If you want to enable logging, but you don't want to specify a prefix, you still must include an empty Prefix element in the Logging element.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Logging_Prefix

-OriginGroups_Item <OriginGroup[]>

The items (origin groups) in a distribution.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_OriginGroups_Items

-OriginGroups_Quantity <Int32>

The number of origin groups.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_OriginGroups_Quantity

-Origins_Item <Origin[]>

A list of origins.

Required?	True
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Origins_Items

-Origins_Quantity <Int32>

The number of origins for this distribution.

Required?	True
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_Origins_Quantity

-QueryStringCacheKeys_Item <String[]>

A list that contains the query string parameters that you want CloudFront to use as a basis for caching for a cache behavior. If Quantity is 0, you can omit Items.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ForwardedValues_QueryStringCacheKeys_Items

-QueryStringCacheKeys_Quantity <Int32>

The number of whitelisted query string parameters for a cache behavior.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ForwardedValues_QueryStringCacheKeys_Quantity

-Select <String>

Use the -Select parameter to control the cmdlet output. The default value is '*'. Specifying -Select '*' will result in the cmdlet returning the whole service response (Amazon.CloudFront.Model.CreateDistributionResponse). Specifying the name of a property of type Amazon.CloudFront.Model.CreateDistributionResponse will result in that property being returned. Specifying -Select '^ParameterName' will result in the cmdlet returning the selected cmdlet parameter value.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-TrustedKeyGroups_Enabled <Boolean>

This field is true if any of the key groups in the list have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_TrustedKeyGroups_Enabled

-TrustedKeyGroups_Item <String[]>

A list of key groups identifiers.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_TrustedKeyGroups_Items

-TrustedKeyGroups_Quantity <Int32>

The number of key groups in the list.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_TrustedKeyGroups_Quantity

-TrustedSigners_Enabled <Boolean>

This field is true if any of the Amazon Web Services accounts in the list are configured as trusted signers. If not, this field is false.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_TrustedSigners_Enabled

-TrustedSigners_Item <String[]>

A list of Amazon Web Services account identifiers.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_TrustedSigners_Items

-TrustedSigners_Quantity <Int32>

The number of Amazon Web Services accounts in the list.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_TrustedSigners_Quantity

-ViewerCertificate_ACMCertificateArn <String>

If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Certificate Manager (ACM), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (us-east-1).If you specify an ACM certificate ARN, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_ViewerCertificate_ACMCertificateArn

-ViewerCertificate_Certificate <String>

This field is deprecated. Use one of the following fields instead:

ACMCertificateArn
IAMCertificateId
CloudFrontDefaultCertificate

This parameter is deprecated.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_ViewerCertificate_Certificate

-ViewerCertificate_CertificateSource <CertificateSource>

This field is deprecated. Use one of the following fields instead:

ACMCertificateArn
IAMCertificateId
CloudFrontDefaultCertificate

This parameter is deprecated.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_ViewerCertificate_CertificateSource

-ViewerCertificate_CloudFrontDefaultCertificate <Boolean>

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, set this field to true.If the distribution uses Aliases (alternate domain names or CNAMEs), set this field to false and specify values for the following fields:

ACMCertificateArn or IAMCertificateId (specify a value for one, not both)
MinimumProtocolVersion
SSLSupportMethod

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_ViewerCertificate_CloudFrontDefaultCertificate

-ViewerCertificate_IAMCertificateId <String>

If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Identity and Access Management (IAM), provide the ID of the IAM certificate.If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_ViewerCertificate_IAMCertificateId

-ViewerCertificate_MinimumProtocolVersion <MinimumProtocolVersion>

If the distribution uses Aliases (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:

The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers.
The ciphers that CloudFront can use to encrypt the content that it returns to viewers.

For more information, see Security Policy and Supported Protocols and Ciphers Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.On the CloudFront console, this setting is called Security Policy.When you're using SNI only (you set SSLSupportMethod to sni-only), you must specify TLSv1 or higher.If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net (you set CloudFrontDefaultCertificate to true), CloudFront automatically sets the security policy to TLSv1 regardless of the value that you set here.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_ViewerCertificate_MinimumProtocolVersion

-ViewerCertificate_SSLSupportMethod <SSLSupportMethod>

If the distribution uses Aliases (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.

sni-only – The distribution accepts HTTPS connections from only viewers that support server name indication (SNI). This is recommended. Most browsers and clients support SNI.
vip – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
static-ip - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the Amazon Web ServicesSupport Center.

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, don't set a value for this field.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_ViewerCertificate_SSLSupportMethod

-WhitelistedNames_Item <String[]>

A list of cookie names.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ForwardedValues_Cookies_WhitelistedNames_Items

-WhitelistedNames_Quantity <Int32>

The number of cookie names in the Items list.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	DistributionConfig_DefaultCacheBehavior_ForwardedValues_Cookies_WhitelistedNames_Quantity

Common Credential and Region Parameters

-AccessKey <String>

The AWS access key for the user account. This can be a temporary access key if the corresponding session token is supplied to the -SessionToken parameter.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	AK

-Credential <AWSCredentials>

An AWSCredentials object instance containing access and secret key information, and optionally a token for session-based credentials.

Required?	False
Position?	Named
Accept pipeline input?	True (ByValue, ByPropertyName)

-EndpointUrl <String>

The endpoint to make the call against.Note: This parameter is primarily for internal AWS use and is not required/should not be specified for normal usage. The cmdlets normally determine which endpoint to call based on the region specified to the -Region parameter or set as default in the shell (via Set-DefaultAWSRegion). Only specify this parameter if you must direct the call to a specific custom endpoint.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)

-NetworkCredential <PSCredential>

Used with SAML-based authentication when ProfileName references a SAML role profile. Contains the network credentials to be supplied during authentication with the configured identity provider's endpoint. This parameter is not required if the user's default network identity can or should be used during authentication.

Required?	False
Position?	Named
Accept pipeline input?	True (ByValue, ByPropertyName)

-ProfileLocation <String>

Used to specify the name and location of the ini-format credential file (shared with the AWS CLI and other AWS SDKs)If this optional parameter is omitted this cmdlet will search the encrypted credential file used by the AWS SDK for .NET and AWS Toolkit for Visual Studio first. If the profile is not found then the cmdlet will search in the ini-format credential file at the default location: (user's home directory)\.aws\credentials.If this parameter is specified then this cmdlet will only search the ini-format credential file at the location given.As the current folder can vary in a shell or during script execution it is advised that you use specify a fully qualified path instead of a relative path.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	AWSProfilesLocation, ProfilesLocation

-ProfileName <String>

The user-defined name of an AWS credentials or SAML-based role profile containing credential information. The profile is expected to be found in the secure credential file shared with the AWS SDK for .NET and AWS Toolkit for Visual Studio. You can also specify the name of a profile stored in the .ini-format credential file used with the AWS CLI and other AWS SDKs.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	StoredCredentials, AWSProfileName

-Region <Object>

The system name of an AWS region or an AWSRegion instance. This governs the endpoint that will be used when calling service operations. Note that the AWS resources referenced in a call are usually region-specific.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	RegionToCall

-SecretKey <String>

The AWS secret key for the user account. This can be a temporary secret key if the corresponding session token is supplied to the -SessionToken parameter.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	SK, SecretAccessKey

-SessionToken <String>

The session token if the access and secret keys are temporary session-based credentials.

Required?	False
Position?	Named
Accept pipeline input?	True (ByPropertyName)
Aliases	ST

Outputs

Amazon.CloudFront.Model.CreateDistributionResponse

This cmdlet returns an Amazon.CloudFront.Model.CreateDistributionResponse object containing multiple properties.

New-CFDistribution Cmdlet

Amazon CloudFront
Available in AWS.Tools.CloudFront, AWSPowerShell.NetCore and AWSPowerShell

Synopsis

Syntax

Description

Parameters

Common Credential and Region Parameters

Outputs

Examples

Example 1

Supported Version

New-CFDistribution Cmdlet

Amazon CloudFrontAvailable in AWS.Tools.CloudFront, AWSPowerShell.NetCore and AWSPowerShell

Synopsis

Syntax

Description

Parameters

Common Credential and Region Parameters

Outputs

Examples

Example 1

Related Links

Supported Version

Amazon CloudFront
Available in AWS.Tools.CloudFront, AWSPowerShell.NetCore and AWSPowerShell