• Home
• org.virtuslab
• pulumi-aws-native-kotlin
• 0.112.0.0
• source code
• DistributionViewerCertificateArgs.kt

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.pulumi.awsnative.cloudfront.kotlin.inputs.DistributionViewerCertificateArgs.kt Maven / Gradle / Ivy

@file:Suppress("NAME_SHADOWING", "DEPRECATION")

package com.pulumi.awsnative.cloudfront.kotlin.inputs

import com.pulumi.awsnative.cloudfront.inputs.DistributionViewerCertificateArgs.builder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import kotlin.Boolean
import kotlin.String
import kotlin.Suppress
import kotlin.jvm.JvmName

/**
 * A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers.
 *  If the distribution doesn't use ``Aliases`` (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``—set ``CloudFrontDefaultCertificate`` to ``true`` and leave all other fields empty.
 *  If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), use the fields in this type to specify the following settings:
 *   +  Which viewers the distribution accepts HTTPS connections from: only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication) (recommended), or all viewers including those that don't support SNI.
 *   +  To accept HTTPS connections from only viewers that support SNI, set ``SSLSupportMethod`` to ``sni-only``. This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
 *   +  To accept HTTPS connections from all viewers, including those that don't support SNI, set ``SSLSupportMethod`` to ``vip``. This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
 *   +  The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion``. For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) in the *Amazon CloudFront Developer Guide*.
 *   +  The location of the SSL/TLS certificate, [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) or [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). You specify the location by setting a value in one of the following fields (not both):
 *   +   ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.)
 *   +   ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.)
 *  All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ``ViewerProtocolPolicy`` in the ``CacheBehavior`` or ``DefaultCacheBehavior``. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use ``CustomOriginConfig``.
 *  For more information, see [Using HTTPS with CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html) and [Using Alternate Domain Names and HTTPS](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html) in the *Amazon CloudFront Developer Guide*.
 * @property acmCertificateArn In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.
 *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (``us-east-1``).
 *  If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod``. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
 * @property cloudFrontDefaultCertificate If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, set this field to ``true``.
 *  If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), omit this field and specify values for the following fields:
 *   +   ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both)
 *   +   ``MinimumProtocolVersion``
 *   +   ``SslSupportMethod``
 * @property iamCertificateId In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.
 *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html), provide the ID of the IAM certificate.
 *  If you specify an IAM certificate ID, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod``. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
 * @property minimumProtocolVersion If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:
 *   +  The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers.
 *   +  The ciphers that CloudFront can use to encrypt the content that it returns to viewers.
 *  For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) and [Supported Protocols and Ciphers Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) in the *Amazon CloudFront Developer Guide*.
 *   On the CloudFront console, this setting is called *Security Policy*.
 *   When you're using SNI only (you set ``SSLSupportMethod`` to ``sni-only``), you must specify ``TLSv1`` or higher. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
 *  If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net`` (you set ``CloudFrontDefaultCertificate`` to ``true``), CloudFront automatically sets the security policy to ``TLSv1`` regardless of the value that you set here.
 * @property sslSupportMethod In CloudFormation, this field name is ``SslSupportMethod``. Note the different capitalization.
 *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.
 *   +   ``sni-only`` – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication). This is recommended. Most browsers and clients support SNI.
 *   +   ``vip`` – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
 *   +   ``static-ip`` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Center](https://docs.aws.amazon.com/support/home).
 *  If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, don't set a value for this field.
 */
public data class DistributionViewerCertificateArgs(
    public val acmCertificateArn: Output? = null,
    public val cloudFrontDefaultCertificate: Output? = null,
    public val iamCertificateId: Output? = null,
    public val minimumProtocolVersion: Output? = null,
    public val sslSupportMethod: Output? = null,
) : ConvertibleToJava {
    override fun toJava(): com.pulumi.awsnative.cloudfront.inputs.DistributionViewerCertificateArgs =
        com.pulumi.awsnative.cloudfront.inputs.DistributionViewerCertificateArgs.builder()
            .acmCertificateArn(acmCertificateArn?.applyValue({ args0 -> args0 }))
            .cloudFrontDefaultCertificate(cloudFrontDefaultCertificate?.applyValue({ args0 -> args0 }))
            .iamCertificateId(iamCertificateId?.applyValue({ args0 -> args0 }))
            .minimumProtocolVersion(minimumProtocolVersion?.applyValue({ args0 -> args0 }))
            .sslSupportMethod(sslSupportMethod?.applyValue({ args0 -> args0 })).build()
}

/**
 * Builder for [DistributionViewerCertificateArgs].
 */
@PulumiTagMarker
public class DistributionViewerCertificateArgsBuilder internal constructor() {
    private var acmCertificateArn: Output? = null

    private var cloudFrontDefaultCertificate: Output? = null

    private var iamCertificateId: Output? = null

    private var minimumProtocolVersion: Output? = null

    private var sslSupportMethod: Output? = null

    /**
     * @param value In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.
     *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (``us-east-1``).
     *  If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod``. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
     */
    @JvmName("nkygrqntumapsrgw")
    public suspend fun acmCertificateArn(`value`: Output) {
        this.acmCertificateArn = value
    }

    /**
     * @param value If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, set this field to ``true``.
     *  If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), omit this field and specify values for the following fields:
     *   +   ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both)
     *   +   ``MinimumProtocolVersion``
     *   +   ``SslSupportMethod``
     */
    @JvmName("jrhsfcjunxqsphny")
    public suspend fun cloudFrontDefaultCertificate(`value`: Output) {
        this.cloudFrontDefaultCertificate = value
    }

    /**
     * @param value In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.
     *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html), provide the ID of the IAM certificate.
     *  If you specify an IAM certificate ID, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod``. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
     */
    @JvmName("jftrqvfckhlgowdm")
    public suspend fun iamCertificateId(`value`: Output) {
        this.iamCertificateId = value
    }

    /**
     * @param value If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:
     *   +  The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers.
     *   +  The ciphers that CloudFront can use to encrypt the content that it returns to viewers.
     *  For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) and [Supported Protocols and Ciphers Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) in the *Amazon CloudFront Developer Guide*.
     *   On the CloudFront console, this setting is called *Security Policy*.
     *   When you're using SNI only (you set ``SSLSupportMethod`` to ``sni-only``), you must specify ``TLSv1`` or higher. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
     *  If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net`` (you set ``CloudFrontDefaultCertificate`` to ``true``), CloudFront automatically sets the security policy to ``TLSv1`` regardless of the value that you set here.
     */
    @JvmName("hysumsyxqgclcjin")
    public suspend fun minimumProtocolVersion(`value`: Output) {
        this.minimumProtocolVersion = value
    }

    /**
     * @param value In CloudFormation, this field name is ``SslSupportMethod``. Note the different capitalization.
     *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.
     *   +   ``sni-only`` – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication). This is recommended. Most browsers and clients support SNI.
     *   +   ``vip`` – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
     *   +   ``static-ip`` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Center](https://docs.aws.amazon.com/support/home).
     *  If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, don't set a value for this field.
     */
    @JvmName("lnryshgkcdboyvnu")
    public suspend fun sslSupportMethod(`value`: Output) {
        this.sslSupportMethod = value
    }

    /**
     * @param value In CloudFormation, this field name is ``AcmCertificateArn``. Note the different capitalization.
     *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [(ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (``us-east-1``).
     *  If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod``. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
     */
    @JvmName("snbfraihmvtxkysd")
    public suspend fun acmCertificateArn(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.acmCertificateArn = mapped
    }

    /**
     * @param value If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, set this field to ``true``.
     *  If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), omit this field and specify values for the following fields:
     *   +   ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both)
     *   +   ``MinimumProtocolVersion``
     *   +   ``SslSupportMethod``
     */
    @JvmName("tmtpidaufyvytmlw")
    public suspend fun cloudFrontDefaultCertificate(`value`: Boolean?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.cloudFrontDefaultCertificate = mapped
    }

    /**
     * @param value In CloudFormation, this field name is ``IamCertificateId``. Note the different capitalization.
     *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [(IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html), provide the ID of the IAM certificate.
     *  If you specify an IAM certificate ID, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod``. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
     */
    @JvmName("gwptujdmtxdvyhuu")
    public suspend fun iamCertificateId(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.iamCertificateId = mapped
    }

    /**
     * @param value If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:
     *   +  The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers.
     *   +  The ciphers that CloudFront can use to encrypt the content that it returns to viewers.
     *  For more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) and [Supported Protocols and Ciphers Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) in the *Amazon CloudFront Developer Guide*.
     *   On the CloudFront console, this setting is called *Security Policy*.
     *   When you're using SNI only (you set ``SSLSupportMethod`` to ``sni-only``), you must specify ``TLSv1`` or higher. (In CloudFormation, the field name is ``SslSupportMethod``. Note the different capitalization.)
     *  If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net`` (you set ``CloudFrontDefaultCertificate`` to ``true``), CloudFront automatically sets the security policy to ``TLSv1`` regardless of the value that you set here.
     */
    @JvmName("gxjvrcokcfbvuenx")
    public suspend fun minimumProtocolVersion(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.minimumProtocolVersion = mapped
    }

    /**
     * @param value In CloudFormation, this field name is ``SslSupportMethod``. Note the different capitalization.
     *   If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.
     *   +   ``sni-only`` – The distribution accepts HTTPS connections from only viewers that support [server name indication (SNI)](https://docs.aws.amazon.com/https://en.wikipedia.org/wiki/Server_Name_Indication). This is recommended. Most browsers and clients support SNI.
     *   +   ``vip`` – The distribution accepts HTTPS connections from all viewers including those that don't support SNI. This is not recommended, and results in additional monthly charges from CloudFront.
     *   +   ``static-ip`` - Do not specify this value unless your distribution has been enabled for this feature by the CloudFront team. If you have a use case that requires static IP addresses for a distribution, contact CloudFront through the [Center](https://docs.aws.amazon.com/support/home).
     *  If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net``, don't set a value for this field.
     */
    @JvmName("aegmdkykyrfttfps")
    public suspend fun sslSupportMethod(`value`: String?) {
        val toBeMapped = value
        val mapped = toBeMapped?.let({ args0 -> of(args0) })
        this.sslSupportMethod = mapped
    }

    internal fun build(): DistributionViewerCertificateArgs = DistributionViewerCertificateArgs(
        acmCertificateArn = acmCertificateArn,
        cloudFrontDefaultCertificate = cloudFrontDefaultCertificate,
        iamCertificateId = iamCertificateId,
        minimumProtocolVersion = minimumProtocolVersion,
        sslSupportMethod = sslSupportMethod,
    )
}