Try SpotterCreate, update and delete AWS CloudFront distributions.
| "added in version" 1.0.0 of community.aws"
Authors: Willem van Ketwich (@wilvk), Will Thames (@willthames)
Install with ansible-galaxy collection install community.aws:==1.1.0
collections:
- name: community.aws
version: 1.1.0Allows for easy creation, updating and deletion of CloudFront distributions.
- name: create a basic distribution with defaults and tags
community.aws.cloudfront_distribution:
state: present
default_origin_domain_name: www.my-cloudfront-origin.com
tags:
Name: example distribution
Project: example project
Priority: '1'
- name: update a distribution comment by distribution_id
community.aws.cloudfront_distribution:
state: present
distribution_id: E1RP5A2MJ8073O
comment: modified by ansible cloudfront.py
- name: update a distribution comment by caller_reference
community.aws.cloudfront_distribution:
state: present
caller_reference: my cloudfront distribution 001
comment: modified by ansible cloudfront.py
- name: update a distribution's aliases and comment using the distribution_id as a reference
community.aws.cloudfront_distribution:
state: present
distribution_id: E1RP5A2MJ8073O
comment: modified by cloudfront.py again
aliases: [ 'www.my-distribution-source.com', 'zzz.aaa.io' ]
- name: update a distribution's aliases and comment using an alias as a reference
community.aws.cloudfront_distribution:
state: present
caller_reference: my test distribution
comment: modified by cloudfront.py again
aliases:
- www.my-distribution-source.com
- zzz.aaa.io
- name: update a distribution's comment and aliases and tags and remove existing tags
community.aws.cloudfront_distribution:
state: present
distribution_id: E15BU8SDCGSG57
comment: modified by cloudfront.py again
aliases:
- tested.com
tags:
Project: distribution 1.2
purge_tags: yes
- name: create a distribution with an origin, logging and default cache behavior
community.aws.cloudfront_distribution:
state: present
caller_reference: unique test distribution ID
origins:
- id: 'my test origin-000111'
domain_name: www.example.com
origin_path: /production
custom_headers:
- header_name: MyCustomHeaderName
header_value: MyCustomHeaderValue
default_cache_behavior:
target_origin_id: 'my test origin-000111'
forwarded_values:
query_string: true
cookies:
forward: all
headers:
- '*'
viewer_protocol_policy: allow-all
smooth_streaming: true
compress: true
allowed_methods:
items:
- GET
- HEAD
cached_methods:
- GET
- HEAD
logging:
enabled: true
include_cookies: false
bucket: mylogbucket.s3.amazonaws.com
prefix: myprefix/
enabled: false
comment: this is a CloudFront distribution with logging
- name: delete a distribution
community.aws.cloudfront_distribution:
state: absent
caller_reference: replaceable distribution
tags:
description:
- Should be input as a dict of key-value pairs.
- Note that numeric keys or values must be wrapped in quotes. e.g. "Priority:" '1'
type: dict
wait:
default: false
description:
- Specifies whether the module waits until the distribution has completed processing
the creation or update.
type: bool
alias:
description:
- The name of an alias (CNAME) that is used in a distribution. This is used to effectively
reference a distribution by its alias as an alias can only be used by one distribution
per AWS account. This variable avoids having to provide the I(distribution_id) as
well as the I(e_tag), or I(caller_reference) of an existing distribution.
type: str
e_tag:
description:
- A unique identifier of a modified or existing distribution. Used in conjunction
with I(distribution_id).
- Is determined automatically if not specified.
type: str
state:
choices:
- present
- absent
default: present
description:
- The desired state of the distribution.
- I(state=present) creates a new distribution or updates an existing distribution.
- I(state=absent) deletes an existing distribution.
type: str
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use.
- For global services such as IAM, Route53 and CloudFront, I(region) is ignored.
- The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used.
- See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region).
- The C(ec2_region) alias has been deprecated and will be removed in a release after
2024-12-01
- Support for the C(EC2_REGION) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
aliases:
description:
- A list) of domain name aliases (CNAMEs) as strings to be used for the distribution.
- Each alias must be unique across all distribution for the AWS account.
elements: str
type: list
comment:
description:
- A comment that describes the CloudFront distribution.
- If not specified, it defaults to a generic message that it has been created with
Ansible, and a datetime stamp.
type: str
enabled:
default: false
description:
- A boolean value that specifies whether the distribution is enabled or disabled.
type: bool
logging:
description:
- A config element that is a complex object that defines logging for the distribution.
suboptions:
bucket:
description: The S3 bucket to store the log in.
type: str
enabled:
description: When I(enabled=true) CloudFront will log access to an S3 bucket.
type: bool
include_cookies:
description: When I(include_cookies=true) CloudFront will include cookies in the
logs.
type: bool
prefix:
description: A prefix to include in the S3 object names.
type: str
type: dict
origins:
description:
- A config element that is a list of complex origin objects to be specified for the
distribution. Used for creating and updating distributions.
elements: dict
suboptions:
custom_headers:
description:
- Custom headers you wish to add to the request before passing it to the origin.
- For more information see the CloudFront documentation at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html)
elements: dict
suboptions:
header_name:
description: The name of a header that you want CloudFront to forward to your
origin.
type: str
header_value:
description: The value for the header that you specified in the I(header_name)
field.
type: str
type: list
custom_origin_config:
description: Connection information about the origin.
suboptions:
http_port:
description: The HTTP port the custom origin listens on.
type: int
https_port:
description: The HTTPS port the custom origin listens on.
type: int
origin_keepalive_timeout:
description: A keep-alive timeout (in seconds).
type: int
origin_protocol_policy:
description: The origin protocol policy to apply to your origin.
type: str
origin_read_timeout:
description: A timeout (in seconds) when reading from your origin.
type: int
origin_ssl_protocols:
description: A list of SSL/TLS protocols that you want CloudFront to use when
communicating to the origin over HTTPS.
elements: str
type: list
type: dict
domain_name:
description:
- The domain name which CloudFront will query as the origin.
- For more information see the CloudFront documentation at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesDomainName)
type: str
id:
description: A unique identifier for the origin or origin group. I(id) must be
unique within the distribution.
type: str
origin_path:
description: Tells CloudFront to request your content from a directory in your
Amazon S3 bucket or your custom origin.
type: str
s3_origin_access_identity_enabled:
description:
- Use an origin access identity to configure the origin so that viewers can only
access objects in an Amazon S3 bucket through CloudFront.
- Will automatically create an Identity for you.
- See also U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html).
type: bool
type: list
profile:
aliases:
- aws_profile
description:
- A named AWS profile to use for authentication.
- See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html).
- The C(AWS_PROFILE) environment variable may also be used.
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
access_key:
aliases:
- aws_access_key_id
- aws_access_key
- ec2_access_key
description:
- AWS access key ID.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables
may also be used in decreasing order of preference.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
- The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the
AWS botocore SDK.
- The I(ec2_access_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
purge_tags:
default: false
description:
- Specifies whether existing tags will be removed before adding new tags.
- When I(purge_tags=yes), existing tags are removed and I(tags) are added, if specified.
If no tags are specified, it removes all existing tags for the distribution.
- When I(purge_tags=no), existing tags are kept and I(tags) are added, if specified.
type: bool
secret_key:
aliases:
- aws_secret_access_key
- aws_secret_key
- ec2_secret_key
description:
- AWS secret access key.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment
variables may also be used in decreasing order of preference.
- The I(secret_key) and I(profile) options are mutually exclusive.
- The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with
the AWS botocore SDK.
- The I(ec2_secret_key) alias has been deprecated and will be removed in a release
after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will
be removed in a release after 2024-12-01.
type: str
web_acl_id:
description:
- The ID of a Web Application Firewall (WAF) Access Control List (ACL).
type: str
price_class:
description:
- A string that specifies the pricing class of the distribution. As per U(https://aws.amazon.com/cloudfront/pricing/)
- I(price_class=PriceClass_100) consists of the areas United States, Canada and Europe.
- I(price_class=PriceClass_200) consists of the areas United States, Canada, Europe,
Japan, India, Hong Kong, Philippines, S. Korea, Singapore & Taiwan.
- I(price_class=PriceClass_All) consists of the areas United States, Canada, Europe,
Japan, India, South America, Australia, Hong Kong, Philippines, S. Korea, Singapore
& Taiwan.
- AWS defaults this to C(PriceClass_All).
- Valid values are C(PriceClass_100), C(PriceClass_200) and C(PriceClass_All)
type: str
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to connect to instead of the default AWS endpoints. While this can be used
to connection to other AWS-compatible services the amazon.aws and community.aws
collections are only tested against AWS.
- The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing
order of preference.
- The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in
a release after 2024-12-01.
- Support for the C(EC2_URL) environment variable has been deprecated and will be
removed in a release after 2024-12-01.
type: str
http_version:
description:
- The version of the http protocol to use for the distribution.
- AWS defaults this to C(http2).
- Valid values are C(http1.1) and C(http2)
type: str
ipv6_enabled:
default: false
description:
- Determines whether IPv6 support is enabled or not.
type: bool
restrictions:
description:
- A config element that is a complex object that describes how a distribution should
restrict it's content.
suboptions:
geo_restriction:
description: Apply a restriction based on the location of the requester.
suboptions:
items:
description:
- A list of ISO 3166-1 two letter (Alpha 2) country codes that the restriction
should apply to.
- See the ISO website for a full list of codes U(https://www.iso.org/obp/ui/#search/code/)
type: list
restriction_type:
description:
- The method that you want to use to restrict distribution of your content
by country.
- Valid values are C(none), C(whitelist), C(blacklist)
type: str
type: dict
type: dict
wait_timeout:
default: 1800
description:
- Specifies the duration in seconds to wait for a timeout of a cloudfront create or
update.
type: int
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- The C(AWS_CA_BUNDLE) environment variable may also be used.
type: path
purge_aliases:
default: false
description:
- Specifies whether existing aliases will be removed before adding new aliases.
- When I(purge_aliases=yes), existing aliases are removed and I(aliases) are added.
type: bool
purge_origins:
default: false
description: Whether to remove any origins that aren't listed in I(origins).
type: bool
session_token:
aliases:
- aws_session_token
- security_token
- aws_security_token
- access_token
description:
- AWS STS session token for use with temporary credentials.
- See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys).
- The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment
variables may also be used in decreasing order of preference.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with
the parameter being renamed from I(security_token) to I(session_token) in release
6.0.0.
- The I(security_token), I(aws_security_token), and I(access_token) aliases have been
deprecated and will be removed in a release after 2024-12-01.
- Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables
has been deprecated and will be removed in a release after 2024-12-01.
type: str
validate_certs:
default: true
description:
- When set to C(false), SSL certificates will not be validated for communication with
the AWS APIs.
- Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider
setting I(aws_ca_bundle) instead.
type: bool
cache_behaviors:
description:
- A list of dictionaries describing the cache behaviors for the distribution.
- The order of the list is preserved across runs unless I(purge_cache_behaviors) is
enabled.
elements: dict
suboptions:
forwarded_values:
description:
- A dict that specifies how CloudFront handles query strings and cookies.
suboptions:
allowed_methods:
description: A dict that controls which HTTP methods CloudFront processes
and forwards.
suboptions:
cached_methods:
description:
- A list of HTTP methods that you want CloudFront to apply caching to.
- This can either be C([GET,HEAD]), or C([GET,HEAD,OPTIONS]).
elements: str
type: list
items:
description: A list of HTTP methods that you want CloudFront to process
and forward.
elements: str
type: list
type: dict
compress:
description:
- Whether you want CloudFront to automatically compress files.
type: bool
cookies:
description: A dict that specifies whether you want CloudFront to forward
cookies to the origin and, if so, which ones.
suboptions:
forward:
description:
- Specifies which cookies to forward to the origin for this cache behavior.
- Valid values are C(all), C(none), or C(whitelist).
type: str
whitelisted_names:
description: A list of cookies to forward to the origin for this cache
behavior.
elements: str
type: list
type: dict
default_ttl:
description: The default amount of time that you want objects to stay in CloudFront
caches.
type: int
field_level_encryption_id:
description:
- The field-level encryption configuration that you want CloudFront to use
for encrypting specific fields of data.
type: str
headers:
description:
- A list of headers to forward to the origin for this cache behavior.
- To forward all headers use a list containing a single element '*' (C(['*']))
elements: str
type: list
lambda_function_associations:
description:
- A list of Lambda function associations to use for this cache behavior.
elements: dict
suboptions:
event_type:
description:
- Specifies the event type that triggers a Lambda function invocation.
- This can be C(viewer-request), C(origin-request), C(origin-response)
or C(viewer-response).
type: str
lambda_function_arn:
description: The ARN of the Lambda function.
type: str
type: list
max_ttl:
description: The maximum amount of time that you want objects to stay in CloudFront
caches.
type: int
min_ttl:
description: The minimum amount of time that you want objects to stay in CloudFront
caches.
type: int
query_string:
description:
- Indicates whether you want CloudFront to forward query strings to the origin
that is associated with this cache behavior.
type: bool
query_string_cache_keys:
description:
- A list that contains the query string parameters you want CloudFront to
use as a basis for caching for a cache behavior.
elements: str
type: list
smooth_streaming:
description:
- Whether you want to distribute media files in the Microsoft Smooth Streaming
format.
type: bool
trusted_signers:
description:
- A dict that specifies the AWS accounts that you want to allow to create
signed URLs for private content.
suboptions:
enabled:
description: Whether you want to require viewers to use signed URLs to
access the files specified by I(path_pattern) and I(target_origin_id)
type: bool
items:
description: A list of trusted signers for this cache behavior.
elements: str
type: list
type: dict
viewer_protocol_policy:
description:
- The protocol that viewers can use to access the files in the origin specified
by I(target_origin_id) when a request matches I(path_pattern).
- Valid values are C(allow-all), C(redirect-to-https) and C(https-only).
type: str
type: dict
path_pattern:
description:
- The pattern that specifies which requests to apply the behavior to.
type: str
target_origin_id:
description:
- The ID of the origin that you want CloudFront to route requests to by default.
type: str
type: list
distribution_id:
description:
- The ID of the CloudFront distribution.
- This parameter can be exchanged with I(alias) or I(caller_reference) and is used
in conjunction with I(e_tag).
type: str
caller_reference:
description:
- A unique identifier for creating and updating CloudFront distributions.
- Each caller reference must be unique across all distributions. e.g. a caller reference
used in a web distribution cannot be reused in a streaming distribution. This parameter
can be used instead of I(distribution_id) to reference an existing distribution.
If not specified, this defaults to a datetime stamp of the format C(YYYY-MM-DDTHH:MM:SS.ffffff).
type: str
viewer_certificate:
description:
- A dict that specifies the encryption details of the distribution.
suboptions:
acm_certificate_arn:
description:
- The ID of a certificate stored in ACM to use for HTTPS connections.
- If I(acm_certificate_id) is set then you must also specify I(ssl_support_method)
type: str
cloudfront_default_certificate:
description:
- If you're using the CloudFront domain name for your distribution, such as C(123456789abcde.cloudfront.net)
you should set I(cloudfront_default_certificate=true)
- If I(cloudfront_default_certificate=true) do not set I(ssl_support_method).
type: bool
iam_certificate_id:
description:
- The ID of a certificate stored in IAM to use for HTTPS connections.
- If I(iam_certificate_id) is set then you must also specify I(ssl_support_method)
type: str
minimum_protocol_version:
description:
- The security policy that you want CloudFront to use for HTTPS connections.
- See U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html)
for supported security policies.
type: str
ssl_support_method:
description:
- How CloudFront should serve SSL certificates.
- Valid values are C(sni-only) for SNI, and C(vip) if CloudFront is configured
to use a dedicated IP for your content.
type: str
type: dict
default_origin_path:
description:
- The default origin path to specify for an origin if no I(origins) have been specified.
Defaults to empty if not specified.
type: str
default_root_object:
description:
- A config element that specifies the path to request when the user requests the origin.
- e.g. if specified as 'index.html', this maps to www.example.com/index.html when
www.example.com is called by the user.
- This prevents the entire distribution origin from being exposed at the root.
type: str
purge_cache_behaviors:
default: false
description:
- Whether to remove any cache behaviors that aren't listed in I(cache_behaviors).
- This switch also allows the reordering of I(cache_behaviors).
type: bool
custom_error_responses:
description:
- A config element that is a I(list[]) of complex custom error responses to be specified
for the distribution.
- This attribute configures custom http error messages returned to the user.
elements: dict
suboptions:
error_caching_min_ttl:
description: The length of time (in seconds) that CloudFront will cache status
codes for.
type: int
error_code:
description: The error code the custom error page is for.
type: int
response_code:
description:
- The HTTP status code that CloudFront should return to a user when the origin
returns the HTTP status code specified by I(error_code).
type: int
response_page_path:
description:
- The path to the custom error page that you want CloudFront to return to a viewer
when your origin returns the HTTP status code specified by I(error_code).
type: str
type: list
default_cache_behavior:
description:
- A dict specifying the default cache behavior of the distribution.
- If not specified, the I(target_origin_id) is defined as the I(target_origin_id)
of the first valid I(cache_behavior) in I(cache_behaviors) with defaults.
suboptions:
forwarded_values:
description:
- A dict that specifies how CloudFront handles query strings and cookies.
suboptions:
allowed_methods:
description: A dict that controls which HTTP methods CloudFront processes
and forwards.
suboptions:
cached_methods:
description:
- A list of HTTP methods that you want CloudFront to apply caching to.
- This can either be C([GET,HEAD]), or C([GET,HEAD,OPTIONS]).
elements: str
type: list
items:
description: A list of HTTP methods that you want CloudFront to process
and forward.
elements: str
type: list
type: dict
compress:
description:
- Whether you want CloudFront to automatically compress files.
type: bool
cookies:
description: A dict that specifies whether you want CloudFront to forward
cookies to the origin and, if so, which ones.
suboptions:
forward:
description:
- Specifies which cookies to forward to the origin for this cache behavior.
- Valid values are C(all), C(none), or C(whitelist).
type: str
whitelisted_names:
description: A list of cookies to forward to the origin for this cache
behavior.
elements: str
type: list
type: dict
default_ttl:
description: The default amount of time that you want objects to stay in CloudFront
caches.
type: int
field_level_encryption_id:
description:
- The field-level encryption configuration that you want CloudFront to use
for encrypting specific fields of data.
type: str
headers:
description:
- A list of headers to forward to the origin for this cache behavior.
- To forward all headers use a list containing a single element '*' (C(['*']))
elements: str
type: list
lambda_function_associations:
description:
- A list of Lambda function associations to use for this cache behavior.
elements: dict
suboptions:
event_type:
description:
- Specifies the event type that triggers a Lambda function invocation.
- This can be C(viewer-request), C(origin-request), C(origin-response)
or C(viewer-response).
type: str
lambda_function_arn:
description: The ARN of the Lambda function.
type: str
type: list
max_ttl:
description: The maximum amount of time that you want objects to stay in CloudFront
caches.
type: int
min_ttl:
description: The minimum amount of time that you want objects to stay in CloudFront
caches.
type: int
query_string:
description:
- Indicates whether you want CloudFront to forward query strings to the origin
that is associated with this cache behavior.
type: bool
query_string_cache_keys:
description:
- A list that contains the query string parameters you want CloudFront to
use as a basis for caching for a cache behavior.
elements: str
type: list
smooth_streaming:
description:
- Whether you want to distribute media files in the Microsoft Smooth Streaming
format.
type: bool
trusted_signers:
description:
- A dict that specifies the AWS accounts that you want to allow to create
signed URLs for private content.
suboptions:
enabled:
description: Whether you want to require viewers to use signed URLs to
access the files specified by I(target_origin_id)
type: bool
items:
description: A list of trusted signers for this cache behavior.
elements: str
type: list
type: dict
viewer_protocol_policy:
description:
- The protocol that viewers can use to access the files in the origin specified
by I(target_origin_id).
- Valid values are C(allow-all), C(redirect-to-https) and C(https-only).
type: str
type: dict
target_origin_id:
description:
- The ID of the origin that you want CloudFront to route requests to by default.
type: str
type: dict
default_origin_domain_name:
description:
- The domain name to use for an origin if no I(origins) have been specified.
- Should only be used on a first run of generating a distribution and not on subsequent
runs.
- Should not be used in conjunction with I(distribution_id), I(caller_reference) or
I(alias).
type: str
debug_botocore_endpoint_logs:
default: false
description:
- Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action")
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the C(aws_resource_action) callback to output to total list made
during a playbook.
- The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used.
type: bool
purge_custom_error_responses:
default: false
description: Whether to remove any custom error responses that aren't listed in I(custom_error_responses).
type: bool
active_trusted_signers:
contains:
enabled:
description: Whether trusted signers are in use.
returned: always
sample: false
type: bool
items:
description: Number of trusted signers.
returned: when there are trusted signers
sample:
- key_pair_id
type: list
quantity:
description: Number of trusted signers.
returned: always
sample: 1
type: int
description: Key pair IDs that CloudFront is aware of for each trusted signer.
returned: always
type: complex
aliases:
contains:
items:
description: List of aliases.
returned: always
sample:
- test.example.com
type: list
quantity:
description: Number of aliases.
returned: always
sample: 1
type: int
description: Aliases that refer to the distribution.
returned: always
type: complex
arn:
description: Amazon Resource Name of the distribution.
returned: always
sample: arn:aws:cloudfront::123456789012:distribution/E1234ABCDEFGHI
type: str
cache_behaviors:
contains:
items:
contains:
allowed_methods:
contains:
cached_methods:
contains:
items:
description: List of cached methods.
returned: always
sample:
- HEAD
- GET
type: list
quantity:
description: Count of cached methods.
returned: always
sample: 2
type: int
description: Methods cached by the cache behavior.
returned: always
type: complex
items:
description: List of methods allowed by the cache behavior.
returned: always
sample:
- HEAD
- GET
type: list
quantity:
description: Count of methods allowed by the cache behavior.
returned: always
sample: 2
type: int
description: Methods allowed by the cache behavior.
returned: always
type: complex
compress:
description: Whether compression is turned on for the cache behavior.
returned: always
sample: false
type: bool
default_ttl:
description: Default Time to Live of the cache behavior.
returned: always
sample: 86400
type: int
forwarded_values:
contains:
cookies:
contains:
forward:
description: Which cookies to forward to the origin for this cache
behavior.
returned: always
sample: none
type: str
whitelisted_names:
contains:
items:
description: List of cookies to forward.
returned: when list is not empty
sample: my_cookie
type: list
quantity:
description: Count of cookies to forward.
returned: always
sample: 1
type: int
description: The names of the cookies to forward to the origin for
this cache behavior.
returned: when I(forward=whitelist)
type: complex
description: Cookies to forward to the origin.
returned: always
type: complex
headers:
contains:
items:
description: List of headers to vary on.
returned: when list is not empty
sample:
- Host
type: list
quantity:
description: Count of headers to vary on.
returned: always
sample: 1
type: int
description: Which headers are used to vary on cache retrievals.
returned: always
type: complex
query_string:
description: Whether the query string is used in cache lookups.
returned: always
sample: false
type: bool
query_string_cache_keys:
contains:
items:
description: List of query string cache keys to use in cache lookups.
returned: when list is not empty
sample: null
type: list
quantity:
description: Count of query string cache keys to use in cache lookups.
returned: always
sample: 1
type: int
description: Which query string keys to use in cache lookups.
returned: always
type: complex
description: Values forwarded to the origin for this cache behavior.
returned: always
type: complex
lambda_function_associations:
contains:
items:
description: List of lambda function associations.
returned: when list is not empty
sample:
- event_type: viewer-response
lambda_function_arn: arn:aws:lambda:123456789012:us-east-1/lambda/lambda-function
type: list
quantity:
description: Count of lambda function associations.
returned: always
sample: 1
type: int
description: Lambda function associations for a cache behavior.
returned: always
type: complex
max_ttl:
description: Maximum Time to Live.
returned: always
sample: 31536000
type: int
min_ttl:
description: Minimum Time to Live.
returned: always
sample: 0
type: int
path_pattern:
description: Path pattern that determines this cache behavior.
returned: always
sample: /path/to/files/*
type: str
smooth_streaming:
description: Whether smooth streaming is enabled.
returned: always
sample: false
type: bool
target_origin_id:
description: ID of origin reference by this cache behavior.
returned: always
sample: origin_abcd
type: str
trusted_signers:
contains:
enabled:
description: Whether trusted signers are enabled for this cache behavior.
returned: always
sample: false
type: bool
quantity:
description: Count of trusted signers.
returned: always
sample: 1
type: int
description: Trusted signers.
returned: always
type: complex
viewer_protocol_policy:
description: Policy of how to handle http/https.
returned: always
sample: redirect-to-https
type: str
description: List of cache behaviors.
returned: always
type: complex
quantity:
description: Count of cache behaviors.
returned: always
sample: 1
type: int
description: CloudFront cache behaviors.
returned: always
type: complex
caller_reference:
description: Idempotency reference given when creating CloudFront distribution.
returned: always
sample: '1484796016700'
type: str
comment:
description: Any comments you want to include about the distribution.
returned: always
sample: my first CloudFront distribution
type: str
custom_error_responses:
contains:
items:
contains:
error_caching_min_ttl:
description: Minimum time to cache this error response.
returned: always
sample: 300
type: int
error_code:
description: Origin response code that triggers this error response.
returned: always
sample: 500
type: int
response_code:
description: Response code to return to the requester.
returned: always
sample: '500'
type: str
response_page_path:
description: Path that contains the error page to display.
returned: always
sample: /errors/5xx.html
type: str
description: List of custom error responses.
returned: always
type: complex
quantity:
description: Count of custom error response items
returned: always
sample: 1
type: int
description: Custom error responses to use for error handling.
returned: always
type: complex
default_cache_behavior:
contains:
allowed_methods:
contains:
cached_methods:
contains:
items:
description: List of cached methods.
returned: always
sample:
- HEAD
- GET
type: list
quantity:
description: Count of cached methods.
returned: always
sample: 2
type: int
description: Methods cached by the cache behavior.
returned: always
type: complex
items:
description: List of methods allowed by the cache behavior.
returned: always
sample:
- HEAD
- GET
type: list
quantity:
description: Count of methods allowed by the cache behavior.
returned: always
sample: 2
type: int
description: Methods allowed by the cache behavior.
returned: always
type: complex
compress:
description: Whether compression is turned on for the cache behavior.
returned: always
sample: false
type: bool
default_ttl:
description: Default Time to Live of the cache behavior.
returned: always
sample: 86400
type: int
forwarded_values:
contains:
cookies:
contains:
forward:
description: Which cookies to forward to the origin for this cache behavior.
returned: always
sample: none
type: str
whitelisted_names:
contains:
items:
description: List of cookies to forward.
returned: when list is not empty
sample: my_cookie
type: list
quantity:
description: Count of cookies to forward.
returned: always
sample: 1
type: int
description: The names of the cookies to forward to the origin for this
cache behavior.
returned: when I(forward=whitelist)
type: complex
description: Cookies to forward to the origin.
returned: always
type: complex
headers:
contains:
items:
description: List of headers to vary on.
returned: when list is not empty
sample:
- Host
type: list
quantity:
description: Count of headers to vary on.
returned: always
sample: 1
type: int
description: Which headers are used to vary on cache retrievals.
returned: always
type: complex
query_string:
description: Whether the query string is used in cache lookups.
returned: always
sample: false
type: bool
query_string_cache_keys:
contains:
items:
description: List of query string cache keys to use in cache lookups.
returned: when list is not empty
sample: null
type: list
quantity:
description: Count of query string cache keys to use in cache lookups.
returned: always
sample: 1
type: int
description: Which query string keys to use in cache lookups.
returned: always
type: complex
description: Values forwarded to the origin for this cache behavior.
returned: always
type: complex
lambda_function_associations:
contains:
items:
description: List of lambda function associations.
returned: when list is not empty
sample:
- event_type: viewer-response
lambda_function_arn: arn:aws:lambda:123456789012:us-east-1/lambda/lambda-function
type: list
quantity:
description: Count of lambda function associations.
returned: always
sample: 1
type: int
description: Lambda function associations for a cache behavior.
returned: always
type: complex
max_ttl:
description: Maximum Time to Live.
returned: always
sample: 31536000
type: int
min_ttl:
description: Minimum Time to Live.
returned: always
sample: 0
type: int
path_pattern:
description: Path pattern that determines this cache behavior.
returned: always
sample: /path/to/files/*
type: str
smooth_streaming:
description: Whether smooth streaming is enabled.
returned: always
sample: false
type: bool
target_origin_id:
description: ID of origin reference by this cache behavior.
returned: always
sample: origin_abcd
type: str
trusted_signers:
contains:
enabled:
description: Whether trusted signers are enabled for this cache behavior.
returned: always
sample: false
type: bool
quantity:
description: Count of trusted signers.
returned: always
sample: 1
type: int
description: Trusted signers.
returned: always
type: complex
viewer_protocol_policy:
description: Policy of how to handle http/https.
returned: always
sample: redirect-to-https
type: str
description: Default cache behavior.
returned: always
type: complex
default_root_object:
description: The object that you want CloudFront to request from your origin (for
example, index.html) when a viewer requests the root URL for your distribution.
returned: always
sample: ''
type: str
diff:
description: Difference between previous configuration and new configuration.
returned: always
sample: {}
type: dict
domain_name:
description: Domain name of CloudFront distribution.
returned: always
sample: d1vz8pzgurxosf.cloudfront.net
type: str
enabled:
description: Whether the CloudFront distribution is enabled or not.
returned: always
sample: true
type: bool
http_version:
description: Version of HTTP supported by the distribution.
returned: always
sample: http2
type: str
id:
description: CloudFront distribution ID.
returned: always
sample: E123456ABCDEFG
type: str
in_progress_invalidation_batches:
description: The number of invalidation batches currently in progress.
returned: always
sample: 0
type: int
is_ipv6_enabled:
description: Whether IPv6 is enabled.
returned: always
sample: true
type: bool
last_modified_time:
description: Date and time distribution was last modified.
returned: always
sample: '2017-10-13T01:51:12.656000+00:00'
type: str
logging:
contains:
bucket:
description: S3 bucket logging destination.
returned: always
sample: logs-example-com.s3.amazonaws.com
type: str
enabled:
description: Whether logging is enabled.
returned: always
sample: true
type: bool
include_cookies:
description: Whether to log cookies.
returned: always
sample: false
type: bool
prefix:
description: Prefix added to logging object names.
returned: always
sample: cloudfront/test
type: str
description: Logging information.
returned: always
type: complex
origins:
contains:
items:
contains:
custom_headers:
contains:
quantity:
description: Count of headers.
returned: always
sample: 1
type: int
description: Custom headers passed to the origin.
returned: always
type: complex
custom_origin_config:
contains:
http_port:
description: Port on which HTTP is listening.
returned: always
sample: 80
type: int
https_port:
description: Port on which HTTPS is listening.
returned: always
sample: 443
type: int
origin_keepalive_timeout:
description: Keep-alive timeout.
returned: always
sample: 5
type: int
origin_protocol_policy:
description: Policy of which protocols are supported.
returned: always
sample: https-only
type: str
origin_read_timeout:
description: Timeout for reads to the origin.
returned: always
sample: 30
type: int
origin_ssl_protocols:
contains:
items:
description: List of SSL protocols.
returned: always
sample:
- TLSv1
- TLSv1.1
- TLSv1.2
type: list
quantity:
description: Count of SSL protocols.
returned: always
sample: 3
type: int
description: SSL protocols allowed by the origin.
returned: always
type: complex
description: Configuration of the origin.
returned: always
type: complex
domain_name:
description: Domain name of the origin.
returned: always
sample: test-origin.example.com
type: str
id:
description: ID of the origin.
returned: always
sample: test-origin.example.com
type: str
origin_path:
description: Subdirectory to prefix the request from the S3 or HTTP origin.
returned: always
sample: ''
type: str
description: List of origins.
returned: always
type: complex
quantity:
description: Count of origins.
returned: always
sample: 1
type: int
description: Origins in the CloudFront distribution.
returned: always
type: complex
price_class:
description: Price class of CloudFront distribution.
returned: always
sample: PriceClass_All
type: str
restrictions:
contains:
geo_restriction:
contains:
items:
description: List of country codes allowed or disallowed.
returned: always
sample: xy
type: list
quantity:
description: Count of restrictions.
returned: always
sample: 1
type: int
restriction_type:
description: Type of restriction.
returned: always
sample: blacklist
type: str
description: Controls the countries in which your content is distributed.
returned: always
type: complex
description: Restrictions in use by CloudFront.
returned: always
type: complex
status:
description: Status of the CloudFront distribution.
returned: always
sample: InProgress
type: str
tags:
description: Distribution tags.
returned: always
sample:
Hello: World
type: dict
viewer_certificate:
contains:
acm_certificate_arn:
description: ARN of ACM certificate.
returned: when certificate comes from ACM
sample: arn:aws:acm:us-east-1:123456789012:certificate/abcd1234-1234-1234-abcd-123456abcdef
type: str
certificate:
description: Reference to certificate.
returned: always
sample: arn:aws:acm:us-east-1:123456789012:certificate/abcd1234-1234-1234-abcd-123456abcdef
type: str
certificate_source:
description: Where certificate comes from.
returned: always
sample: acm
type: str
minimum_protocol_version:
description: Minimum SSL/TLS protocol supported by this distribution.
returned: always
sample: TLSv1
type: str
ssl_support_method:
description: Support for pre-SNI browsers or not.
returned: always
sample: sni-only
type: str
description: Certificate used by CloudFront distribution.
returned: always
type: complex
web_acl_id:
description: ID of Web Access Control List (from WAF service).
returned: always
sample: abcd1234-1234-abcd-abcd-abcd12345678
type: str