com.pulumi.azurenative.awsconnector.inputs.DistributionConfigArgs Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of azure-native Show documentation
Show all versions of azure-native Show documentation
A native Pulumi package for creating and managing Azure resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.azurenative.awsconnector.inputs;
import com.pulumi.azurenative.awsconnector.enums.Origin;
import com.pulumi.azurenative.awsconnector.inputs.CacheBehaviorArgs;
import com.pulumi.azurenative.awsconnector.inputs.CustomErrorResponseArgs;
import com.pulumi.azurenative.awsconnector.inputs.DefaultCacheBehaviorArgs;
import com.pulumi.azurenative.awsconnector.inputs.LegacyCustomOriginArgs;
import com.pulumi.azurenative.awsconnector.inputs.LegacyS3OriginArgs;
import com.pulumi.azurenative.awsconnector.inputs.LoggingArgs;
import com.pulumi.azurenative.awsconnector.inputs.OriginGroupsArgs;
import com.pulumi.azurenative.awsconnector.inputs.RestrictionsArgs;
import com.pulumi.azurenative.awsconnector.inputs.ViewerCertificateArgs;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.core.internal.Codegen;
import java.lang.Boolean;
import java.lang.String;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
/**
* Definition of DistributionConfig
*
*/
public final class DistributionConfigArgs extends com.pulumi.resources.ResourceArgs {
public static final DistributionConfigArgs Empty = new DistributionConfigArgs();
/**
* A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.
*
*/
@Import(name="aliases")
private @Nullable Output> aliases;
/**
* @return A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.
*
*/
public Optional>> aliases() {
return Optional.ofNullable(this.aliases);
}
/**
* A complex type that contains zero or more ``CacheBehavior`` elements.
*
*/
@Import(name="cacheBehaviors")
private @Nullable Output> cacheBehaviors;
/**
* @return A complex type that contains zero or more ``CacheBehavior`` elements.
*
*/
public Optional>> cacheBehaviors() {
return Optional.ofNullable(this.cacheBehaviors);
}
/**
* Property cnamEs
*
*/
@Import(name="cnamEs")
private @Nullable Output> cnamEs;
/**
* @return Property cnamEs
*
*/
public Optional>> cnamEs() {
return Optional.ofNullable(this.cnamEs);
}
/**
* A comment to describe the distribution. The comment cannot be longer than 128 characters.
*
*/
@Import(name="comment")
private @Nullable Output comment;
/**
* @return A comment to describe the distribution. The comment cannot be longer than 128 characters.
*
*/
public Optional> comment() {
return Optional.ofNullable(this.comment);
}
/**
* The identifier of a continuous deployment policy. For more information, see ``CreateContinuousDeploymentPolicy``.
*
*/
@Import(name="continuousDeploymentPolicyId")
private @Nullable Output continuousDeploymentPolicyId;
/**
* @return The identifier of a continuous deployment policy. For more information, see ``CreateContinuousDeploymentPolicy``.
*
*/
public Optional> continuousDeploymentPolicyId() {
return Optional.ofNullable(this.continuousDeploymentPolicyId);
}
/**
* A complex type that controls the following: + Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. + How long CloudFront caches HTTP status codes in the 4xx and 5xx range. For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide*.
*
*/
@Import(name="customErrorResponses")
private @Nullable Output> customErrorResponses;
/**
* @return A complex type that controls the following: + Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. + How long CloudFront caches HTTP status codes in the 4xx and 5xx range. For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide*.
*
*/
public Optional>> customErrorResponses() {
return Optional.ofNullable(this.customErrorResponses);
}
/**
* Property customOrigin
*
*/
@Import(name="customOrigin")
private @Nullable Output customOrigin;
/**
* @return Property customOrigin
*
*/
public Optional> customOrigin() {
return Optional.ofNullable(this.customOrigin);
}
/**
* A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if files don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior. A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if request URLs don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior.
*
*/
@Import(name="defaultCacheBehavior")
private @Nullable Output defaultCacheBehavior;
/**
* @return A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if files don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior. A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if request URLs don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior.
*
*/
public Optional> defaultCacheBehavior() {
return Optional.ofNullable(this.defaultCacheBehavior);
}
/**
* The object that you want CloudFront to request from your origin (for example, ``index.html``) when a viewer requests the root URL for your distribution (``https://www.example.com``) instead of an object in your distribution (``https://www.example.com/product-description.html``). Specifying a default root object avoids exposing the contents of your distribution. Specify only the object name, for example, ``index.html``. Don't add a ``/`` before the object name. If you don't want to specify a default root object when you create a distribution, include an empty ``DefaultRootObject`` element. To delete the default root object from an existing distribution, update the distribution configuration and include an empty ``DefaultRootObject`` element. To replace the default root object, update the distribution configuration and specify the new object. For more information about the default root object, see [Creating a Default Root Object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide*.
*
*/
@Import(name="defaultRootObject")
private @Nullable Output defaultRootObject;
/**
* @return The object that you want CloudFront to request from your origin (for example, ``index.html``) when a viewer requests the root URL for your distribution (``https://www.example.com``) instead of an object in your distribution (``https://www.example.com/product-description.html``). Specifying a default root object avoids exposing the contents of your distribution. Specify only the object name, for example, ``index.html``. Don't add a ``/`` before the object name. If you don't want to specify a default root object when you create a distribution, include an empty ``DefaultRootObject`` element. To delete the default root object from an existing distribution, update the distribution configuration and include an empty ``DefaultRootObject`` element. To replace the default root object, update the distribution configuration and specify the new object. For more information about the default root object, see [Creating a Default Root Object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide*.
*
*/
public Optional> defaultRootObject() {
return Optional.ofNullable(this.defaultRootObject);
}
/**
* From this field, you can enable or disable the selected distribution.
*
*/
@Import(name="enabled")
private @Nullable Output enabled;
/**
* @return From this field, you can enable or disable the selected distribution.
*
*/
public Optional> enabled() {
return Optional.ofNullable(this.enabled);
}
/**
* (Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate with CF. The default value for new distributions is ``http1.1``. For viewers and CF to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI). For viewers and CF to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CF supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see [Connection Migration](https://docs.aws.amazon.com/https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration) at RFC 9000. For more information about supported TLSv1.3 ciphers, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html).
*
*/
@Import(name="httpVersion")
private @Nullable Output httpVersion;
/**
* @return (Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate with CF. The default value for new distributions is ``http1.1``. For viewers and CF to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI). For viewers and CF to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CF supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see [Connection Migration](https://docs.aws.amazon.com/https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration) at RFC 9000. For more information about supported TLSv1.3 ciphers, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html).
*
*/
public Optional> httpVersion() {
return Optional.ofNullable(this.httpVersion);
}
/**
* If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify ``true``. If you specify ``false``, CloudFront responds to IPv6 DNS requests with the DNS response code ``NOERROR`` and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution. In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the ``IpAddress`` parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see [Creating a Signed URL Using a Custom Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) in the *Amazon CloudFront Developer Guide*. If you're using an R53AWSIntlong alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true: + You enable IPv6 for the distribution + You're using alternate domain names in the URLs for your objects For more information, see [Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) in the *Developer Guide*. If you created a CNAME resource record set, either with R53AWSIntlong or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.
*
*/
@Import(name="ipV6Enabled")
private @Nullable Output ipV6Enabled;
/**
* @return If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify ``true``. If you specify ``false``, CloudFront responds to IPv6 DNS requests with the DNS response code ``NOERROR`` and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution. In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the ``IpAddress`` parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see [Creating a Signed URL Using a Custom Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) in the *Amazon CloudFront Developer Guide*. If you're using an R53AWSIntlong alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true: + You enable IPv6 for the distribution + You're using alternate domain names in the URLs for your objects For more information, see [Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) in the *Developer Guide*. If you created a CNAME resource record set, either with R53AWSIntlong or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.
*
*/
public Optional> ipV6Enabled() {
return Optional.ofNullable(this.ipV6Enabled);
}
/**
* A complex type that controls whether access logs are written for the distribution. For more information about logging, see [Access Logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide*. A complex type that controls whether access logs are written for the distribution.
*
*/
@Import(name="logging")
private @Nullable Output logging;
/**
* @return A complex type that controls whether access logs are written for the distribution. For more information about logging, see [Access Logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide*. A complex type that controls whether access logs are written for the distribution.
*
*/
public Optional> logging() {
return Optional.ofNullable(this.logging);
}
/**
* A complex type that contains information about origin groups for this distribution. A complex data type for the origin groups specified for a distribution.
*
*/
@Import(name="originGroups")
private @Nullable Output originGroups;
/**
* @return A complex type that contains information about origin groups for this distribution. A complex data type for the origin groups specified for a distribution.
*
*/
public Optional> originGroups() {
return Optional.ofNullable(this.originGroups);
}
/**
* A complex type that contains information about origins for this distribution.
*
*/
@Import(name="origins")
private @Nullable Output> origins;
/**
* @return A complex type that contains information about origins for this distribution.
*
*/
public Optional>> origins() {
return Optional.ofNullable(this.origins);
}
/**
* The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify ``PriceClass_All``, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than ``PriceClass_All``, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance. For more information about price classes, see [Choosing the Price Class for a CloudFront Distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PriceClass.html) in the *Amazon CloudFront Developer Guide*. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see [Amazon CloudFront Pricing](https://docs.aws.amazon.com/cloudfront/pricing/).
*
*/
@Import(name="priceClass")
private @Nullable Output priceClass;
/**
* @return The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify ``PriceClass_All``, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than ``PriceClass_All``, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance. For more information about price classes, see [Choosing the Price Class for a CloudFront Distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PriceClass.html) in the *Amazon CloudFront Developer Guide*. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see [Amazon CloudFront Pricing](https://docs.aws.amazon.com/cloudfront/pricing/).
*
*/
public Optional> priceClass() {
return Optional.ofNullable(this.priceClass);
}
/**
* A complex type that identifies ways in which you want to restrict distribution of your content. A complex type that identifies ways in which you want to restrict distribution of your content.
*
*/
@Import(name="restrictions")
private @Nullable Output restrictions;
/**
* @return A complex type that identifies ways in which you want to restrict distribution of your content. A complex type that identifies ways in which you want to restrict distribution of your content.
*
*/
public Optional> restrictions() {
return Optional.ofNullable(this.restrictions);
}
/**
* Property s3Origin
*
*/
@Import(name="s3Origin")
private @Nullable Output s3Origin;
/**
* @return Property s3Origin
*
*/
public Optional> s3Origin() {
return Optional.ofNullable(this.s3Origin);
}
/**
* A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution.
*
*/
@Import(name="staging")
private @Nullable Output staging;
/**
* @return A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution.
*
*/
public Optional> staging() {
return Optional.ofNullable(this.staging);
}
/**
* A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. If the distribution doesn't use ``Aliases`` (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``—set ``CloudFrontDefaultCertificate`` to ``true`` and leave all other fields empty. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), use the fields in this type to specify the following settings: + Which viewers the distribution accepts HTTPS connections from: only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) (recommended), or all viewers including those that don't support SNI. + To accept HTTPS connections from only viewers that support SNI, set ``SSLSupportMethod`` to ``sni-only``. This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + To accept HTTPS connections from all viewers, including those that don't support SNI, set ``SSLSupportMethod`` to ``vip``. This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion``. For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) in the *Amazon CloudFront Developer Guide*. + The location of the SSL/TLS certificate, [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) or [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). You specify the location by setting a value in one of the following fields (not both): + ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.) + ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.) All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ``ViewerProtocolPolicy`` in the ``CacheBehavior`` or ``DefaultCacheBehavior``. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use ``CustomOriginConfig``. For more information, see [Using HTTPS with CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html) and [Using Alternate Domain Names and HTTPS](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html) in the *Amazon CloudFront Developer Guide*.
*
*/
@Import(name="viewerCertificate")
private @Nullable Output viewerCertificate;
/**
* @return A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. If the distribution doesn't use ``Aliases`` (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``—set ``CloudFrontDefaultCertificate`` to ``true`` and leave all other fields empty. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), use the fields in this type to specify the following settings: + Which viewers the distribution accepts HTTPS connections from: only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) (recommended), or all viewers including those that don't support SNI. + To accept HTTPS connections from only viewers that support SNI, set ``SSLSupportMethod`` to ``sni-only``. This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + To accept HTTPS connections from all viewers, including those that don't support SNI, set ``SSLSupportMethod`` to ``vip``. This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion``. For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) in the *Amazon CloudFront Developer Guide*. + The location of the SSL/TLS certificate, [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) or [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). You specify the location by setting a value in one of the following fields (not both): + ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.) + ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.) All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ``ViewerProtocolPolicy`` in the ``CacheBehavior`` or ``DefaultCacheBehavior``. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use ``CustomOriginConfig``. For more information, see [Using HTTPS with CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html) and [Using Alternate Domain Names and HTTPS](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html) in the *Amazon CloudFront Developer Guide*.
*
*/
public Optional> viewerCertificate() {
return Optional.ofNullable(this.viewerCertificate);
}
/**
* A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``473e64fd-f30b-4765-81a0-62ad96dd167a``. WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).
*
*/
@Import(name="webACLId")
private @Nullable Output webACLId;
/**
* @return A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``473e64fd-f30b-4765-81a0-62ad96dd167a``. WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).
*
*/
public Optional> webACLId() {
return Optional.ofNullable(this.webACLId);
}
private DistributionConfigArgs() {}
private DistributionConfigArgs(DistributionConfigArgs $) {
this.aliases = $.aliases;
this.cacheBehaviors = $.cacheBehaviors;
this.cnamEs = $.cnamEs;
this.comment = $.comment;
this.continuousDeploymentPolicyId = $.continuousDeploymentPolicyId;
this.customErrorResponses = $.customErrorResponses;
this.customOrigin = $.customOrigin;
this.defaultCacheBehavior = $.defaultCacheBehavior;
this.defaultRootObject = $.defaultRootObject;
this.enabled = $.enabled;
this.httpVersion = $.httpVersion;
this.ipV6Enabled = $.ipV6Enabled;
this.logging = $.logging;
this.originGroups = $.originGroups;
this.origins = $.origins;
this.priceClass = $.priceClass;
this.restrictions = $.restrictions;
this.s3Origin = $.s3Origin;
this.staging = $.staging;
this.viewerCertificate = $.viewerCertificate;
this.webACLId = $.webACLId;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(DistributionConfigArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private DistributionConfigArgs $;
public Builder() {
$ = new DistributionConfigArgs();
}
public Builder(DistributionConfigArgs defaults) {
$ = new DistributionConfigArgs(Objects.requireNonNull(defaults));
}
/**
* @param aliases A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.
*
* @return builder
*
*/
public Builder aliases(@Nullable Output> aliases) {
$.aliases = aliases;
return this;
}
/**
* @param aliases A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.
*
* @return builder
*
*/
public Builder aliases(List aliases) {
return aliases(Output.of(aliases));
}
/**
* @param aliases A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.
*
* @return builder
*
*/
public Builder aliases(String... aliases) {
return aliases(List.of(aliases));
}
/**
* @param cacheBehaviors A complex type that contains zero or more ``CacheBehavior`` elements.
*
* @return builder
*
*/
public Builder cacheBehaviors(@Nullable Output> cacheBehaviors) {
$.cacheBehaviors = cacheBehaviors;
return this;
}
/**
* @param cacheBehaviors A complex type that contains zero or more ``CacheBehavior`` elements.
*
* @return builder
*
*/
public Builder cacheBehaviors(List cacheBehaviors) {
return cacheBehaviors(Output.of(cacheBehaviors));
}
/**
* @param cacheBehaviors A complex type that contains zero or more ``CacheBehavior`` elements.
*
* @return builder
*
*/
public Builder cacheBehaviors(CacheBehaviorArgs... cacheBehaviors) {
return cacheBehaviors(List.of(cacheBehaviors));
}
/**
* @param cnamEs Property cnamEs
*
* @return builder
*
*/
public Builder cnamEs(@Nullable Output> cnamEs) {
$.cnamEs = cnamEs;
return this;
}
/**
* @param cnamEs Property cnamEs
*
* @return builder
*
*/
public Builder cnamEs(List cnamEs) {
return cnamEs(Output.of(cnamEs));
}
/**
* @param cnamEs Property cnamEs
*
* @return builder
*
*/
public Builder cnamEs(String... cnamEs) {
return cnamEs(List.of(cnamEs));
}
/**
* @param comment A comment to describe the distribution. The comment cannot be longer than 128 characters.
*
* @return builder
*
*/
public Builder comment(@Nullable Output comment) {
$.comment = comment;
return this;
}
/**
* @param comment A comment to describe the distribution. The comment cannot be longer than 128 characters.
*
* @return builder
*
*/
public Builder comment(String comment) {
return comment(Output.of(comment));
}
/**
* @param continuousDeploymentPolicyId The identifier of a continuous deployment policy. For more information, see ``CreateContinuousDeploymentPolicy``.
*
* @return builder
*
*/
public Builder continuousDeploymentPolicyId(@Nullable Output continuousDeploymentPolicyId) {
$.continuousDeploymentPolicyId = continuousDeploymentPolicyId;
return this;
}
/**
* @param continuousDeploymentPolicyId The identifier of a continuous deployment policy. For more information, see ``CreateContinuousDeploymentPolicy``.
*
* @return builder
*
*/
public Builder continuousDeploymentPolicyId(String continuousDeploymentPolicyId) {
return continuousDeploymentPolicyId(Output.of(continuousDeploymentPolicyId));
}
/**
* @param customErrorResponses A complex type that controls the following: + Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. + How long CloudFront caches HTTP status codes in the 4xx and 5xx range. For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide*.
*
* @return builder
*
*/
public Builder customErrorResponses(@Nullable Output> customErrorResponses) {
$.customErrorResponses = customErrorResponses;
return this;
}
/**
* @param customErrorResponses A complex type that controls the following: + Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. + How long CloudFront caches HTTP status codes in the 4xx and 5xx range. For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide*.
*
* @return builder
*
*/
public Builder customErrorResponses(List customErrorResponses) {
return customErrorResponses(Output.of(customErrorResponses));
}
/**
* @param customErrorResponses A complex type that controls the following: + Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. + How long CloudFront caches HTTP status codes in the 4xx and 5xx range. For more information about custom error pages, see [Customizing Error Responses](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-error-pages.html) in the *Amazon CloudFront Developer Guide*.
*
* @return builder
*
*/
public Builder customErrorResponses(CustomErrorResponseArgs... customErrorResponses) {
return customErrorResponses(List.of(customErrorResponses));
}
/**
* @param customOrigin Property customOrigin
*
* @return builder
*
*/
public Builder customOrigin(@Nullable Output customOrigin) {
$.customOrigin = customOrigin;
return this;
}
/**
* @param customOrigin Property customOrigin
*
* @return builder
*
*/
public Builder customOrigin(LegacyCustomOriginArgs customOrigin) {
return customOrigin(Output.of(customOrigin));
}
/**
* @param defaultCacheBehavior A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if files don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior. A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if request URLs don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior.
*
* @return builder
*
*/
public Builder defaultCacheBehavior(@Nullable Output defaultCacheBehavior) {
$.defaultCacheBehavior = defaultCacheBehavior;
return this;
}
/**
* @param defaultCacheBehavior A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if files don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior. A complex type that describes the default cache behavior if you don't specify a ``CacheBehavior`` element or if request URLs don't match any of the values of ``PathPattern`` in ``CacheBehavior`` elements. You must create exactly one default cache behavior.
*
* @return builder
*
*/
public Builder defaultCacheBehavior(DefaultCacheBehaviorArgs defaultCacheBehavior) {
return defaultCacheBehavior(Output.of(defaultCacheBehavior));
}
/**
* @param defaultRootObject The object that you want CloudFront to request from your origin (for example, ``index.html``) when a viewer requests the root URL for your distribution (``https://www.example.com``) instead of an object in your distribution (``https://www.example.com/product-description.html``). Specifying a default root object avoids exposing the contents of your distribution. Specify only the object name, for example, ``index.html``. Don't add a ``/`` before the object name. If you don't want to specify a default root object when you create a distribution, include an empty ``DefaultRootObject`` element. To delete the default root object from an existing distribution, update the distribution configuration and include an empty ``DefaultRootObject`` element. To replace the default root object, update the distribution configuration and specify the new object. For more information about the default root object, see [Creating a Default Root Object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide*.
*
* @return builder
*
*/
public Builder defaultRootObject(@Nullable Output defaultRootObject) {
$.defaultRootObject = defaultRootObject;
return this;
}
/**
* @param defaultRootObject The object that you want CloudFront to request from your origin (for example, ``index.html``) when a viewer requests the root URL for your distribution (``https://www.example.com``) instead of an object in your distribution (``https://www.example.com/product-description.html``). Specifying a default root object avoids exposing the contents of your distribution. Specify only the object name, for example, ``index.html``. Don't add a ``/`` before the object name. If you don't want to specify a default root object when you create a distribution, include an empty ``DefaultRootObject`` element. To delete the default root object from an existing distribution, update the distribution configuration and include an empty ``DefaultRootObject`` element. To replace the default root object, update the distribution configuration and specify the new object. For more information about the default root object, see [Creating a Default Root Object](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DefaultRootObject.html) in the *Amazon CloudFront Developer Guide*.
*
* @return builder
*
*/
public Builder defaultRootObject(String defaultRootObject) {
return defaultRootObject(Output.of(defaultRootObject));
}
/**
* @param enabled From this field, you can enable or disable the selected distribution.
*
* @return builder
*
*/
public Builder enabled(@Nullable Output enabled) {
$.enabled = enabled;
return this;
}
/**
* @param enabled From this field, you can enable or disable the selected distribution.
*
* @return builder
*
*/
public Builder enabled(Boolean enabled) {
return enabled(Output.of(enabled));
}
/**
* @param httpVersion (Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate with CF. The default value for new distributions is ``http1.1``. For viewers and CF to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI). For viewers and CF to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CF supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see [Connection Migration](https://docs.aws.amazon.com/https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration) at RFC 9000. For more information about supported TLSv1.3 ciphers, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html).
*
* @return builder
*
*/
public Builder httpVersion(@Nullable Output httpVersion) {
$.httpVersion = httpVersion;
return this;
}
/**
* @param httpVersion (Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate with CF. The default value for new distributions is ``http1.1``. For viewers and CF to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI). For viewers and CF to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CF supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see [Connection Migration](https://docs.aws.amazon.com/https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration) at RFC 9000. For more information about supported TLSv1.3 ciphers, see [Supported protocols and ciphers between viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html).
*
* @return builder
*
*/
public Builder httpVersion(String httpVersion) {
return httpVersion(Output.of(httpVersion));
}
/**
* @param ipV6Enabled If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify ``true``. If you specify ``false``, CloudFront responds to IPv6 DNS requests with the DNS response code ``NOERROR`` and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution. In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the ``IpAddress`` parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see [Creating a Signed URL Using a Custom Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) in the *Amazon CloudFront Developer Guide*. If you're using an R53AWSIntlong alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true: + You enable IPv6 for the distribution + You're using alternate domain names in the URLs for your objects For more information, see [Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) in the *Developer Guide*. If you created a CNAME resource record set, either with R53AWSIntlong or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.
*
* @return builder
*
*/
public Builder ipV6Enabled(@Nullable Output ipV6Enabled) {
$.ipV6Enabled = ipV6Enabled;
return this;
}
/**
* @param ipV6Enabled If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify ``true``. If you specify ``false``, CloudFront responds to IPv6 DNS requests with the DNS response code ``NOERROR`` and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution. In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the ``IpAddress`` parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see [Creating a Signed URL Using a Custom Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) in the *Amazon CloudFront Developer Guide*. If you're using an R53AWSIntlong alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true: + You enable IPv6 for the distribution + You're using alternate domain names in the URLs for your objects For more information, see [Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) in the *Developer Guide*. If you created a CNAME resource record set, either with R53AWSIntlong or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.
*
* @return builder
*
*/
public Builder ipV6Enabled(Boolean ipV6Enabled) {
return ipV6Enabled(Output.of(ipV6Enabled));
}
/**
* @param logging A complex type that controls whether access logs are written for the distribution. For more information about logging, see [Access Logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide*. A complex type that controls whether access logs are written for the distribution.
*
* @return builder
*
*/
public Builder logging(@Nullable Output logging) {
$.logging = logging;
return this;
}
/**
* @param logging A complex type that controls whether access logs are written for the distribution. For more information about logging, see [Access Logs](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html) in the *Amazon CloudFront Developer Guide*. A complex type that controls whether access logs are written for the distribution.
*
* @return builder
*
*/
public Builder logging(LoggingArgs logging) {
return logging(Output.of(logging));
}
/**
* @param originGroups A complex type that contains information about origin groups for this distribution. A complex data type for the origin groups specified for a distribution.
*
* @return builder
*
*/
public Builder originGroups(@Nullable Output originGroups) {
$.originGroups = originGroups;
return this;
}
/**
* @param originGroups A complex type that contains information about origin groups for this distribution. A complex data type for the origin groups specified for a distribution.
*
* @return builder
*
*/
public Builder originGroups(OriginGroupsArgs originGroups) {
return originGroups(Output.of(originGroups));
}
/**
* @param origins A complex type that contains information about origins for this distribution.
*
* @return builder
*
*/
public Builder origins(@Nullable Output> origins) {
$.origins = origins;
return this;
}
/**
* @param origins A complex type that contains information about origins for this distribution.
*
* @return builder
*
*/
public Builder origins(List origins) {
return origins(Output.of(origins));
}
/**
* @param origins A complex type that contains information about origins for this distribution.
*
* @return builder
*
*/
public Builder origins(Origin... origins) {
return origins(List.of(origins));
}
/**
* @param priceClass The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify ``PriceClass_All``, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than ``PriceClass_All``, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance. For more information about price classes, see [Choosing the Price Class for a CloudFront Distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PriceClass.html) in the *Amazon CloudFront Developer Guide*. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see [Amazon CloudFront Pricing](https://docs.aws.amazon.com/cloudfront/pricing/).
*
* @return builder
*
*/
public Builder priceClass(@Nullable Output priceClass) {
$.priceClass = priceClass;
return this;
}
/**
* @param priceClass The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify ``PriceClass_All``, CloudFront responds to requests for your objects from all CloudFront edge locations. If you specify a price class other than ``PriceClass_All``, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance. For more information about price classes, see [Choosing the Price Class for a CloudFront Distribution](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PriceClass.html) in the *Amazon CloudFront Developer Guide*. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see [Amazon CloudFront Pricing](https://docs.aws.amazon.com/cloudfront/pricing/).
*
* @return builder
*
*/
public Builder priceClass(String priceClass) {
return priceClass(Output.of(priceClass));
}
/**
* @param restrictions A complex type that identifies ways in which you want to restrict distribution of your content. A complex type that identifies ways in which you want to restrict distribution of your content.
*
* @return builder
*
*/
public Builder restrictions(@Nullable Output restrictions) {
$.restrictions = restrictions;
return this;
}
/**
* @param restrictions A complex type that identifies ways in which you want to restrict distribution of your content. A complex type that identifies ways in which you want to restrict distribution of your content.
*
* @return builder
*
*/
public Builder restrictions(RestrictionsArgs restrictions) {
return restrictions(Output.of(restrictions));
}
/**
* @param s3Origin Property s3Origin
*
* @return builder
*
*/
public Builder s3Origin(@Nullable Output s3Origin) {
$.s3Origin = s3Origin;
return this;
}
/**
* @param s3Origin Property s3Origin
*
* @return builder
*
*/
public Builder s3Origin(LegacyS3OriginArgs s3Origin) {
return s3Origin(Output.of(s3Origin));
}
/**
* @param staging A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution.
*
* @return builder
*
*/
public Builder staging(@Nullable Output staging) {
$.staging = staging;
return this;
}
/**
* @param staging A Boolean that indicates whether this is a staging distribution. When this value is ``true``, this is a staging distribution. When this value is ``false``, this is not a staging distribution.
*
* @return builder
*
*/
public Builder staging(Boolean staging) {
return staging(Output.of(staging));
}
/**
* @param viewerCertificate A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. If the distribution doesn't use ``Aliases`` (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``—set ``CloudFrontDefaultCertificate`` to ``true`` and leave all other fields empty. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), use the fields in this type to specify the following settings: + Which viewers the distribution accepts HTTPS connections from: only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) (recommended), or all viewers including those that don't support SNI. + To accept HTTPS connections from only viewers that support SNI, set ``SSLSupportMethod`` to ``sni-only``. This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + To accept HTTPS connections from all viewers, including those that don't support SNI, set ``SSLSupportMethod`` to ``vip``. This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion``. For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) in the *Amazon CloudFront Developer Guide*. + The location of the SSL/TLS certificate, [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) or [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). You specify the location by setting a value in one of the following fields (not both): + ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.) + ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.) All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ``ViewerProtocolPolicy`` in the ``CacheBehavior`` or ``DefaultCacheBehavior``. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use ``CustomOriginConfig``. For more information, see [Using HTTPS with CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html) and [Using Alternate Domain Names and HTTPS](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html) in the *Amazon CloudFront Developer Guide*.
*
* @return builder
*
*/
public Builder viewerCertificate(@Nullable Output viewerCertificate) {
$.viewerCertificate = viewerCertificate;
return this;
}
/**
* @param viewerCertificate A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. If the distribution doesn't use ``Aliases`` (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``—set ``CloudFrontDefaultCertificate`` to ``true`` and leave all other fields empty. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), use the fields in this type to specify the following settings: + Which viewers the distribution accepts HTTPS connections from: only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) (recommended), or all viewers including those that don't support SNI. + To accept HTTPS connections from only viewers that support SNI, set ``SSLSupportMethod`` to ``sni-only``. This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + To accept HTTPS connections from all viewers, including those that don't support SNI, set ``SSLSupportMethod`` to ``vip``. This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.) + The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion``. For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) in the *Amazon CloudFront Developer Guide*. + The location of the SSL/TLS certificate, [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) or [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). You specify the location by setting a value in one of the following fields (not both): + ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.) + ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.) All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ``ViewerProtocolPolicy`` in the ``CacheBehavior`` or ``DefaultCacheBehavior``. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use ``CustomOriginConfig``. For more information, see [Using HTTPS with CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html) and [Using Alternate Domain Names and HTTPS](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html) in the *Amazon CloudFront Developer Guide*.
*
* @return builder
*
*/
public Builder viewerCertificate(ViewerCertificateArgs viewerCertificate) {
return viewerCertificate(Output.of(viewerCertificate));
}
/**
* @param webACLId A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``473e64fd-f30b-4765-81a0-62ad96dd167a``. WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).
*
* @return builder
*
*/
public Builder webACLId(@Nullable Output webACLId) {
$.webACLId = webACLId;
return this;
}
/**
* @param webACLId A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example ``arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a``. To specify a web ACL created using WAF Classic, use the ACL ID, for example ``473e64fd-f30b-4765-81a0-62ad96dd167a``. WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the [Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html).
*
* @return builder
*
*/
public Builder webACLId(String webACLId) {
return webACLId(Output.of(webACLId));
}
public DistributionConfigArgs build() {
$.httpVersion = Codegen.stringProp("httpVersion").output().arg($.httpVersion).def("http1.1").getNullable();
$.priceClass = Codegen.stringProp("priceClass").output().arg($.priceClass).def("PriceClass_All").getNullable();
return $;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy