community.aws.cloudfront_distribution module – Create, update and delete AWS CloudFront distributions
Note
This module is part of the community.aws collection (version 5.5.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.aws
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.aws.cloudfront_distribution
.
New in community.aws 1.0.0
Synopsis
Allows for easy creation, updating and deletion of CloudFront distributions.
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.6
boto3 >= 1.18.0
botocore >= 1.21.0
Parameters
Parameter |
Comments |
---|---|
AWS access key ID. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The aws_access_key and profile options are mutually exclusive. The aws_access_key_id alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_access_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
The name of an alias (CNAME) that is used in a distribution. This is used to effectively reference a distribution by its alias as an alias can only be used by one distribution per AWS account. This variable avoids having to provide the distribution_id as well as the e_tag, or caller_reference of an existing distribution. |
|
A list of domain name aliases (CNAMEs) as strings to be used for the distribution. Each alias must be unique across all distribution for the AWS account. Default: |
|
The location of a CA Bundle to use when validating SSL certificates. The |
|
A dictionary to modify the botocore configuration. Parameters can be found in the AWS documentation https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config. |
|
A list of dictionaries describing the cache behaviors for the distribution. The order of the list is preserved across runs unless purge_cache_behaviors is enabled. |
|
A dict that specifies how CloudFront handles query strings and cookies. |
|
A dict that controls which HTTP methods CloudFront processes and forwards. |
|
A list of HTTP methods that you want CloudFront to apply caching to. This can either be |
|
A list of HTTP methods that you want CloudFront to process and forward. |
|
Whether you want CloudFront to automatically compress files. Choices:
|
|
A dict that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. |
|
Specifies which cookies to forward to the origin for this cache behavior. Valid values are |
|
A list of cookies to forward to the origin for this cache behavior. |
|
The default amount of time that you want objects to stay in CloudFront caches. |
|
The field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data. |
|
A list of headers to forward to the origin for this cache behavior. To forward all headers use a list containing a single element ‘*’ ( |
|
A list of Lambda function associations to use for this cache behavior. |
|
Specifies the event type that triggers a Lambda function invocation. This can be |
|
The ARN of the Lambda function. |
|
The maximum amount of time that you want objects to stay in CloudFront caches. |
|
The minimum amount of time that you want objects to stay in CloudFront caches. |
|
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior. Choices:
|
|
A list that contains the query string parameters you want CloudFront to use as a basis for caching for a cache behavior. |
|
Whether you want to distribute media files in the Microsoft Smooth Streaming format. Choices:
|
|
A dict that specifies the AWS accounts that you want to allow to create signed URLs for private content. |
|
Whether you want to require viewers to use signed URLs to access the files specified by path_pattern and target_origin_id Choices:
|
|
A list of trusted signers for this cache behavior. |
|
The protocol that viewers can use to access the files in the origin specified by target_origin_id when a request matches path_pattern. Valid values are |
|
The pattern that specifies which requests to apply the behavior to. |
|
The ID of the header policy that CloudFront adds to responses that it sends to viewers. |
|
The ID of the origin that you want CloudFront to route requests to by default. |
|
A unique identifier for creating and updating CloudFront distributions. Each caller reference must be unique across all distributions. e.g. a caller reference used in a web distribution cannot be reused in a streaming distribution. This parameter can be used instead of distribution_id to reference an existing distribution. If not specified, this defaults to a datetime stamp of the format |
|
A comment that describes the CloudFront distribution. If not specified, it defaults to a generic message that it has been created with Ansible, and a datetime stamp. |
|
A config element that is a list[] of complex custom error responses to be specified for the distribution. This attribute configures custom http error messages returned to the user. |
|
The length of time (in seconds) that CloudFront will cache status codes for. |
|
The error code the custom error page is for. |
|
The HTTP status code that CloudFront should return to a user when the origin returns the HTTP status code specified by error_code. |
|
The path to the custom error page that you want CloudFront to return to a viewer when your origin returns the HTTP status code specified by error_code. |
|
Use a The Choices:
|
|
A dict specifying the default cache behavior of the distribution. If not specified, the target_origin_id is defined as the target_origin_id of the first valid cache_behavior in cache_behaviors with defaults. |
|
A dict that specifies how CloudFront handles query strings and cookies. |
|
A dict that controls which HTTP methods CloudFront processes and forwards. |
|
A list of HTTP methods that you want CloudFront to apply caching to. This can either be |
|
A list of HTTP methods that you want CloudFront to process and forward. |
|
Whether you want CloudFront to automatically compress files. Choices:
|
|
A dict that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. |
|
Specifies which cookies to forward to the origin for this cache behavior. Valid values are |
|
A list of cookies to forward to the origin for this cache behavior. |
|
The default amount of time that you want objects to stay in CloudFront caches. |
|
The field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data. |
|
A list of headers to forward to the origin for this cache behavior. To forward all headers use a list containing a single element ‘*’ ( |
|
A list of Lambda function associations to use for this cache behavior. |
|
Specifies the event type that triggers a Lambda function invocation. This can be |
|
The ARN of the Lambda function. |
|
The maximum amount of time that you want objects to stay in CloudFront caches. |
|
The minimum amount of time that you want objects to stay in CloudFront caches. |
|
Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior. Choices:
|
|
A list that contains the query string parameters you want CloudFront to use as a basis for caching for a cache behavior. |
|
Whether you want to distribute media files in the Microsoft Smooth Streaming format. Choices:
|
|
A dict that specifies the AWS accounts that you want to allow to create signed URLs for private content. |
|
Whether you want to require viewers to use signed URLs to access the files specified by target_origin_id Choices:
|
|
A list of trusted signers for this cache behavior. |
|
The protocol that viewers can use to access the files in the origin specified by target_origin_id. Valid values are |
|
The ID of the header policy that CloudFront adds to responses that it sends to viewers. |
|
The ID of the origin that you want CloudFront to route requests to by default. |
|
The domain name to use for an origin if no origins have been specified. Should only be used on a first run of generating a distribution and not on subsequent runs. Should not be used in conjunction with distribution_id, caller_reference or alias. |
|
The default origin path to specify for an origin if no origins have been specified. Defaults to empty if not specified. |
|
A config element that specifies the path to request when the user requests the origin. e.g. if specified as ‘index.html’, this maps to www.example.com/index.html when www.example.com is called by the user. This prevents the entire distribution origin from being exposed at the root. |
|
The ID of the CloudFront distribution. This parameter can be exchanged with alias or caller_reference and is used in conjunction with e_tag. |
|
A unique identifier of a modified or existing distribution. Used in conjunction with distribution_id. Is determined automatically if not specified. |
|
A boolean value that specifies whether the distribution is enabled or disabled. Defaults to Choices:
|
|
URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS. The The ec2_url and s3_url aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
The version of the http protocol to use for the distribution. AWS defaults this to Valid values are |
|
Determines whether IPv6 support is enabled or not. Defaults to Choices:
|
|
A config element that is a complex object that defines logging for the distribution. |
|
The S3 bucket to store the log in. |
|
When enabled=true CloudFront will log access to an S3 bucket. Choices:
|
|
When include_cookies=true CloudFront will include cookies in the logs. Choices:
|
|
A prefix to include in the S3 object names. |
|
A config element that is a list of complex origin objects to be specified for the distribution. Used for creating and updating distributions. |
|
Custom headers you wish to add to the request before passing it to the origin. For more information see the CloudFront documentation at https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html. |
|
The name of a header that you want CloudFront to forward to your origin. |
|
The value for the header that you specified in the header_name field. |
|
Connection information about the origin. |
|
The HTTP port the custom origin listens on. |
|
The HTTPS port the custom origin listens on. |
|
A keep-alive timeout (in seconds). |
|
The origin protocol policy to apply to your origin. |
|
A timeout (in seconds) when reading from your origin. |
|
A list of SSL/TLS protocols that you want CloudFront to use when communicating to the origin over HTTPS. |
|
The domain name which CloudFront will query as the origin. For more information see the CloudFront documentation at https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesDomainName |
|
A unique identifier for the origin or origin group. id must be unique within the distribution. |
|
Tells CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. |
|
Use an origin access identity to configure the origin so that viewers can only access objects in an Amazon S3 bucket through CloudFront. Will automatically create an Identity for you if no s3_origin_config is specified. See also https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html. Choices:
|
|
Specify origin access identity for S3 origins. |
|
Existing origin access identity in the format |
|
A string that specifies the pricing class of the distribution. As per https://aws.amazon.com/cloudfront/pricing/ price_class=PriceClass_100 consists of the areas United States, Canada and Europe. price_class=PriceClass_200 consists of the areas United States, Canada, Europe, Japan, India, Hong Kong, Philippines, S. Korea, Singapore & Taiwan. price_class=PriceClass_All consists of the areas United States, Canada, Europe, Japan, India, South America, Australia, Hong Kong, Philippines, S. Korea, Singapore & Taiwan. AWS defaults this to Valid values are |
|
A named AWS profile to use for authentication. See the AWS documentation for more information about named profiles https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html. The The profile option is mutually exclusive with the aws_access_key, aws_secret_key and security_token options. |
|
Specifies whether existing aliases will be removed before adding new aliases. When purge_aliases=true, existing aliases are removed and aliases are added. Choices:
|
|
Whether to remove any cache behaviors that aren’t listed in cache_behaviors. This switch also allows the reordering of cache_behaviors. Choices:
|
|
Whether to remove any custom error responses that aren’t listed in custom_error_responses. Choices:
|
|
Whether to remove any origins that aren’t listed in origins. Choices:
|
|
If purge_tags=true and tags is set, existing tags will be purged from the resource to match exactly what is defined by tags parameter. If the tags parameter is not set then tags will not be modified, even if purge_tags=True. Tag keys beginning with Choices:
|
|
The AWS region to use. For global services such as IAM, Route53 and CloudFront, region is ignored. The See the Amazon AWS documentation for more information http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region. The Support for the |
|
A config element that is a complex object that describes how a distribution should restrict it’s content. |
|
Apply a restriction based on the location of the requester. |
|
A list of ISO 3166-1 two letter (Alpha 2) country codes that the restriction should apply to. See the ISO website for a full list of codes https://www.iso.org/obp/ui/#search/code/. |
|
The method that you want to use to restrict distribution of your content by country. Valid values are |
|
AWS secret access key. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The secret_key and profile options are mutually exclusive. The aws_secret_access_key alias was added in release 5.1.0 for consistency with the AWS botocore SDK. The ec2_secret_key alias has been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
AWS STS session token for use with temporary credentials. See the AWS documentation for more information about access tokens https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys. The The security_token and profile options are mutually exclusive. Aliases aws_session_token and session_token were added in release 3.2.0, with the parameter being renamed from security_token to session_token in release 6.0.0. The security_token, aws_security_token, and access_token aliases have been deprecated and will be removed in a release after 2024-12-01. Support for the |
|
The desired state of the distribution. state=present creates a new distribution or updates an existing distribution. state=absent deletes an existing distribution. Choices:
|
|
A dictionary representing the tags to be applied to the resource. If the tags parameter is not set then tags will not be modified. |
|
When set to Setting validate_certs=false is strongly discouraged, as an alternative, consider setting aws_ca_bundle instead. Choices:
|
|
A dict that specifies the encryption details of the distribution. |
|
The ID of a certificate stored in ACM to use for HTTPS connections. If acm_certificate_id is set then you must also specify ssl_support_method. |
|
If you’re using the CloudFront domain name for your distribution, such as If cloudfront_default_certificate=true do not set ssl_support_method. Choices:
|
|
The ID of a certificate stored in IAM to use for HTTPS connections. If iam_certificate_id is set then you must also specify ssl_support_method. |
|
The security policy that you want CloudFront to use for HTTPS connections. See https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html for supported security policies. |
|
How CloudFront should serve SSL certificates. Valid values are |
|
Specifies whether the module waits until the distribution has completed processing the creation or update. Choices:
|
|
Specifies the duration in seconds to wait for a timeout of a cloudfront create or update. Default: |
|
The ID of a Web Application Firewall (WAF) Access Control List (ACL). |
Notes
Note
Caution: For modules, environment variables and configuration files are read from the Ansible ‘host’ context and not the ‘controller’ context. As such, files may need to be explicitly copied to the ‘host’. For lookup and connection plugins, environment variables and configuration files are read from the Ansible ‘controller’ context and not the ‘host’ context.
The AWS SDK (boto3) that Ansible uses may also read defaults for credentials and other settings, such as the region, from its configuration files in the Ansible ‘host’ context (typically
~/.aws/credentials
). See https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html for more information.
Examples
- name: create a basic distribution with defaults and tags
community.aws.cloudfront_distribution:
state: present
default_origin_domain_name: www.my-cloudfront-origin.com
tags:
Name: example distribution
Project: example project
Priority: '1'
- name: update a distribution comment by distribution_id
community.aws.cloudfront_distribution:
state: present
distribution_id: E1RP5A2MJ8073O
comment: modified by ansible cloudfront.py
- name: update a distribution comment by caller_reference
community.aws.cloudfront_distribution:
state: present
caller_reference: my cloudfront distribution 001
comment: modified by ansible cloudfront.py
- name: update a distribution's aliases and comment using the distribution_id as a reference
community.aws.cloudfront_distribution:
state: present
distribution_id: E1RP5A2MJ8073O
comment: modified by cloudfront.py again
aliases: [ 'www.my-distribution-source.com', 'zzz.aaa.io' ]
- name: update a distribution's aliases and comment using an alias as a reference
community.aws.cloudfront_distribution:
state: present
caller_reference: my test distribution
comment: modified by cloudfront.py again
aliases:
- www.my-distribution-source.com
- zzz.aaa.io
- name: update a distribution's comment and aliases and tags and remove existing tags
community.aws.cloudfront_distribution:
state: present
distribution_id: E15BU8SDCGSG57
comment: modified by cloudfront.py again
aliases:
- tested.com
tags:
Project: distribution 1.2
purge_tags: true
- name: create a distribution with an origin, logging and default cache behavior
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
origins:
- id: 'my test origin-000111'
domain_name: www.example.com
origin_path: /production
custom_headers:
- header_name: MyCustomHeaderName
header_value: MyCustomHeaderValue
default_cache_behavior:
target_origin_id: 'my test origin-000111'
forwarded_values:
query_string: true
cookies:
forward: all
headers:
- '*'
viewer_protocol_policy: allow-all
smooth_streaming: true
compress: true
allowed_methods:
items:
- GET
- HEAD
cached_methods:
- GET
- HEAD
logging:
enabled: true
include_cookies: false
bucket: mylogbucket.s3.amazonaws.com
prefix: myprefix/
enabled: false
comment: this is a CloudFront distribution with logging
- name: delete a distribution
community.aws.cloudfront_distribution:
state: absent
caller_reference: replaceable distribution
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Key pair IDs that CloudFront is aware of for each trusted signer. Returned: always |
|
Whether trusted signers are in use. Returned: always Sample: |
|
Number of trusted signers. Returned: when there are trusted signers Sample: |
|
Number of trusted signers. Returned: always Sample: |
|
Aliases that refer to the distribution. Returned: always |
|
List of aliases. Returned: always Sample: |
|
Number of aliases. Returned: always Sample: |
|
Amazon Resource Name of the distribution. Returned: always Sample: |
|
CloudFront cache behaviors. Returned: always |
|
List of cache behaviors. Returned: always |
|
Methods allowed by the cache behavior. Returned: always |
|
Methods cached by the cache behavior. Returned: always |
|
List of cached methods. Returned: always Sample: |
|
Count of cached methods. Returned: always Sample: |
|
List of methods allowed by the cache behavior. Returned: always Sample: |
|
Count of methods allowed by the cache behavior. Returned: always Sample: |
|
Whether compression is turned on for the cache behavior. Returned: always Sample: |
|
Default Time to Live of the cache behavior. Returned: always Sample: |
|
Values forwarded to the origin for this cache behavior. Returned: always |
|
Cookies to forward to the origin. Returned: always |
|
Which cookies to forward to the origin for this cache behavior. Returned: always Sample: |
|
The names of the cookies to forward to the origin for this cache behavior. Returned: when forward=whitelist |
|
List of cookies to forward. Returned: when list is not empty Sample: |
|
Count of cookies to forward. Returned: always Sample: |
|
Which headers are used to vary on cache retrievals. Returned: always |
|
List of headers to vary on. Returned: when list is not empty Sample: |
|
Count of headers to vary on. Returned: always Sample: |
|
Whether the query string is used in cache lookups. Returned: always Sample: |
|
Which query string keys to use in cache lookups. Returned: always |
|
List of query string cache keys to use in cache lookups. Returned: when list is not empty |
|
Count of query string cache keys to use in cache lookups. Returned: always Sample: |
|
Lambda function associations for a cache behavior. Returned: always |
|
List of lambda function associations. Returned: when list is not empty Sample: |
|
Count of lambda function associations. Returned: always Sample: |
|
Maximum Time to Live. Returned: always Sample: |
|
Minimum Time to Live. Returned: always Sample: |
|
Path pattern that determines this cache behavior. Returned: always Sample: |
|
Whether smooth streaming is enabled. Returned: always Sample: |
|
ID of origin reference by this cache behavior. Returned: always Sample: |
|
Trusted signers. Returned: always |
|
Whether trusted signers are enabled for this cache behavior. Returned: always Sample: |
|
Count of trusted signers. Returned: always Sample: |
|
Policy of how to handle http/https. Returned: always Sample: |
|
Count of cache behaviors. Returned: always Sample: |
|
Idempotency reference given when creating CloudFront distribution. Returned: always Sample: |
|
Any comments you want to include about the distribution. Returned: always Sample: |
|
Custom error responses to use for error handling. Returned: always |
|
List of custom error responses. Returned: always |
|
Minimum time to cache this error response. Returned: always Sample: |
|
Origin response code that triggers this error response. Returned: always Sample: |
|
Response code to return to the requester. Returned: always Sample: |
|
Path that contains the error page to display. Returned: always Sample: |
|
Count of custom error response items Returned: always Sample: |
|
Default cache behavior. Returned: always |
|
Methods allowed by the cache behavior. Returned: always |
|
Methods cached by the cache behavior. Returned: always |
|
List of cached methods. Returned: always Sample: |
|
Count of cached methods. Returned: always Sample: |
|
List of methods allowed by the cache behavior. Returned: always Sample: |
|
Count of methods allowed by the cache behavior. Returned: always Sample: |
|
Whether compression is turned on for the cache behavior. Returned: always Sample: |
|
Default Time to Live of the cache behavior. Returned: always Sample: |
|
Values forwarded to the origin for this cache behavior. Returned: always |
|
Cookies to forward to the origin. Returned: always |
|
Which cookies to forward to the origin for this cache behavior. Returned: always Sample: |
|
The names of the cookies to forward to the origin for this cache behavior. Returned: when forward=whitelist |
|
List of cookies to forward. Returned: when list is not empty Sample: |
|
Count of cookies to forward. Returned: always Sample: |
|
Which headers are used to vary on cache retrievals. Returned: always |
|
List of headers to vary on. Returned: when list is not empty Sample: |
|
Count of headers to vary on. Returned: always Sample: |
|
Whether the query string is used in cache lookups. Returned: always Sample: |
|
Which query string keys to use in cache lookups. Returned: always |
|
List of query string cache keys to use in cache lookups. Returned: when list is not empty |
|
Count of query string cache keys to use in cache lookups. Returned: always Sample: |
|
Lambda function associations for a cache behavior. Returned: always |
|
List of lambda function associations. Returned: when list is not empty Sample: |
|
Count of lambda function associations. Returned: always Sample: |
|
Maximum Time to Live. Returned: always Sample: |
|
Minimum Time to Live. Returned: always Sample: |
|
Path pattern that determines this cache behavior. Returned: always Sample: |
|
Whether smooth streaming is enabled. Returned: always Sample: |
|
ID of origin reference by this cache behavior. Returned: always Sample: |
|
Trusted signers. Returned: always |
|
Whether trusted signers are enabled for this cache behavior. Returned: always Sample: |
|
Count of trusted signers. Returned: always Sample: |
|
Policy of how to handle http/https. Returned: always Sample: |
|
The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. Returned: always Sample: |
|
Difference between previous configuration and new configuration. Returned: always Sample: |
|
Domain name of CloudFront distribution. Returned: always Sample: |
|
Whether the CloudFront distribution is enabled or not. Returned: always Sample: |
|
Version of HTTP supported by the distribution. Returned: always Sample: |
|
CloudFront distribution ID. Returned: always Sample: |
|
The number of invalidation batches currently in progress. Returned: always Sample: |
|
Whether IPv6 is enabled. Returned: always Sample: |
|
Date and time distribution was last modified. Returned: always Sample: |
|
Logging information. Returned: always |
|
S3 bucket logging destination. Returned: always Sample: |
|
Whether logging is enabled. Returned: always Sample: |
|
Whether to log cookies. Returned: always Sample: |
|
Prefix added to logging object names. Returned: always Sample: |
|
Origins in the CloudFront distribution. Returned: always |
|
List of origins. Returned: always |
|
Custom headers passed to the origin. Returned: always |
|
Count of headers. Returned: always Sample: |
|
Configuration of the origin. Returned: always |
|
Port on which HTTP is listening. Returned: always Sample: |
|
Port on which HTTPS is listening. Returned: always Sample: |
|
Keep-alive timeout. Returned: always Sample: |
|
Policy of which protocols are supported. Returned: always Sample: |
|
Timeout for reads to the origin. Returned: always Sample: |
|
SSL protocols allowed by the origin. Returned: always |
|
List of SSL protocols. Returned: always Sample: |
|
Count of SSL protocols. Returned: always Sample: |
|
Domain name of the origin. Returned: always Sample: |
|
ID of the origin. Returned: always Sample: |
|
Subdirectory to prefix the request from the S3 or HTTP origin. Returned: always Sample: |
|
Origin access identity configuration for S3 Origin. Returned: when s3_origin_access_identity_enabled is true |
|
The origin access id as a path. Returned: success Sample: |
|
Count of origins. Returned: always Sample: |
|
Price class of CloudFront distribution. Returned: always Sample: |
|
Restrictions in use by CloudFront. Returned: always |
|
Controls the countries in which your content is distributed. Returned: always |
|
List of country codes allowed or disallowed. Returned: always Sample: |
|
Count of restrictions. Returned: always Sample: |
|
Type of restriction. Returned: always Sample: |
|
Status of the CloudFront distribution. Returned: always Sample: |
|
Distribution tags. Returned: always Sample: |
|
Certificate used by CloudFront distribution. Returned: always |
|
ARN of ACM certificate. Returned: when certificate comes from ACM Sample: |
|
Reference to certificate. Returned: always Sample: |
|
Where certificate comes from. Returned: always Sample: |
|
Minimum SSL/TLS protocol supported by this distribution. Returned: always Sample: |
|
Support for pre-SNI browsers or not. Returned: always Sample: |
|
ID of Web Access Control List (from WAF service). Returned: always Sample: |