aws-sdk-cloudfront 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0ba7db66bee691f7c25ba4822e21f64b08a4f575
4
- data.tar.gz: c82d274f40671fca92bb77b8c66ac917ae51b922
3
+ metadata.gz: 1a8d04d9be197dce3fe99699e992a8de84a29b3d
4
+ data.tar.gz: 4a872562cef983455023ceb9798ad2c1b334412a
5
5
  SHA512:
6
- metadata.gz: b44b3a5536d9d09202c061cb1e1c59608b74d002cd91b27a7d1c0269413b92027f7b5e8dd448a181c8d85a4ae3fd09700ad16ab8b43c70d803565f1e9c012683
7
- data.tar.gz: d03a9123e52736fd9c5e728d364cf61a1a354833bfa0ce7edba2d6e7c3b3196124fdb1d7466522ca268146a58e5a86b8eef34438d38849a9a022e6863424be72
6
+ metadata.gz: e6d64fd9300f58e927a5add8336851bad38f5a0382168aac4452d2c3dcf789e189b9e9e9c4b0d13e4baf9484fcbf14bcc91aa20baa12b4a0cb96e475ee1cfce9
7
+ data.tar.gz: 7214043c13fc023f760658045dd7df4479a8602f6c711ce353f177c6f0383f80657b86c8721a8e41258b050ca3c68e177b73386d3ddef6035b114e69bbcd0092
@@ -43,6 +43,6 @@ require_relative 'aws-sdk-cloudfront/customizations'
43
43
  # @service
44
44
  module Aws::CloudFront
45
45
 
46
- GEM_VERSION = '1.0.0'
46
+ GEM_VERSION = '1.1.0'
47
47
 
48
48
  end
@@ -376,7 +376,7 @@ module Aws::CloudFront
376
376
  # iam_certificate_id: "string",
377
377
  # acm_certificate_arn: "string",
378
378
  # ssl_support_method: "sni-only", # accepts sni-only, vip
379
- # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
379
+ # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
380
380
  # certificate: "string",
381
381
  # certificate_source: "cloudfront", # accepts cloudfront, iam, acm
382
382
  # },
@@ -515,7 +515,7 @@ module Aws::CloudFront
515
515
  # resp.distribution.distribution_config.viewer_certificate.iam_certificate_id #=> String
516
516
  # resp.distribution.distribution_config.viewer_certificate.acm_certificate_arn #=> String
517
517
  # resp.distribution.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
518
- # resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
518
+ # resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
519
519
  # resp.distribution.distribution_config.viewer_certificate.certificate #=> String
520
520
  # resp.distribution.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
521
521
  # resp.distribution.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -721,7 +721,7 @@ module Aws::CloudFront
721
721
  # iam_certificate_id: "string",
722
722
  # acm_certificate_arn: "string",
723
723
  # ssl_support_method: "sni-only", # accepts sni-only, vip
724
- # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
724
+ # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
725
725
  # certificate: "string",
726
726
  # certificate_source: "cloudfront", # accepts cloudfront, iam, acm
727
727
  # },
@@ -869,7 +869,7 @@ module Aws::CloudFront
869
869
  # resp.distribution.distribution_config.viewer_certificate.iam_certificate_id #=> String
870
870
  # resp.distribution.distribution_config.viewer_certificate.acm_certificate_arn #=> String
871
871
  # resp.distribution.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
872
- # resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
872
+ # resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
873
873
  # resp.distribution.distribution_config.viewer_certificate.certificate #=> String
874
874
  # resp.distribution.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
875
875
  # resp.distribution.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -1198,6 +1198,25 @@ module Aws::CloudFront
1198
1198
  req.send_request(options)
1199
1199
  end
1200
1200
 
1201
+ # @option params [required, String] :role_name
1202
+ #
1203
+ # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1204
+ #
1205
+ # @example Request syntax with placeholder values
1206
+ #
1207
+ # resp = client.delete_service_linked_role({
1208
+ # role_name: "string", # required
1209
+ # })
1210
+ #
1211
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/DeleteServiceLinkedRole2017_03_25 AWS API Documentation
1212
+ #
1213
+ # @overload delete_service_linked_role(params = {})
1214
+ # @param [Hash] params ({})
1215
+ def delete_service_linked_role(params = {}, options = {})
1216
+ req = build_request(:delete_service_linked_role, params)
1217
+ req.send_request(options)
1218
+ end
1219
+
1201
1220
  # Delete a streaming distribution. To delete an RTMP distribution using
1202
1221
  # the CloudFront API, perform the following steps.
1203
1222
  #
@@ -1470,7 +1489,7 @@ module Aws::CloudFront
1470
1489
  # resp.distribution.distribution_config.viewer_certificate.iam_certificate_id #=> String
1471
1490
  # resp.distribution.distribution_config.viewer_certificate.acm_certificate_arn #=> String
1472
1491
  # resp.distribution.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
1473
- # resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
1492
+ # resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
1474
1493
  # resp.distribution.distribution_config.viewer_certificate.certificate #=> String
1475
1494
  # resp.distribution.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
1476
1495
  # resp.distribution.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -1616,7 +1635,7 @@ module Aws::CloudFront
1616
1635
  # resp.distribution_config.viewer_certificate.iam_certificate_id #=> String
1617
1636
  # resp.distribution_config.viewer_certificate.acm_certificate_arn #=> String
1618
1637
  # resp.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
1619
- # resp.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
1638
+ # resp.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
1620
1639
  # resp.distribution_config.viewer_certificate.certificate #=> String
1621
1640
  # resp.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
1622
1641
  # resp.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -1962,7 +1981,7 @@ module Aws::CloudFront
1962
1981
  # resp.distribution_list.items[0].viewer_certificate.iam_certificate_id #=> String
1963
1982
  # resp.distribution_list.items[0].viewer_certificate.acm_certificate_arn #=> String
1964
1983
  # resp.distribution_list.items[0].viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
1965
- # resp.distribution_list.items[0].viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
1984
+ # resp.distribution_list.items[0].viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
1966
1985
  # resp.distribution_list.items[0].viewer_certificate.certificate #=> String
1967
1986
  # resp.distribution_list.items[0].viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
1968
1987
  # resp.distribution_list.items[0].restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -2128,7 +2147,7 @@ module Aws::CloudFront
2128
2147
  # resp.distribution_list.items[0].viewer_certificate.iam_certificate_id #=> String
2129
2148
  # resp.distribution_list.items[0].viewer_certificate.acm_certificate_arn #=> String
2130
2149
  # resp.distribution_list.items[0].viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
2131
- # resp.distribution_list.items[0].viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
2150
+ # resp.distribution_list.items[0].viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
2132
2151
  # resp.distribution_list.items[0].viewer_certificate.certificate #=> String
2133
2152
  # resp.distribution_list.items[0].viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
2134
2153
  # resp.distribution_list.items[0].restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -2641,7 +2660,7 @@ module Aws::CloudFront
2641
2660
  # iam_certificate_id: "string",
2642
2661
  # acm_certificate_arn: "string",
2643
2662
  # ssl_support_method: "sni-only", # accepts sni-only, vip
2644
- # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
2663
+ # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
2645
2664
  # certificate: "string",
2646
2665
  # certificate_source: "cloudfront", # accepts cloudfront, iam, acm
2647
2666
  # },
@@ -2782,7 +2801,7 @@ module Aws::CloudFront
2782
2801
  # resp.distribution.distribution_config.viewer_certificate.iam_certificate_id #=> String
2783
2802
  # resp.distribution.distribution_config.viewer_certificate.acm_certificate_arn #=> String
2784
2803
  # resp.distribution.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
2785
- # resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
2804
+ # resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
2786
2805
  # resp.distribution.distribution_config.viewer_certificate.certificate #=> String
2787
2806
  # resp.distribution.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
2788
2807
  # resp.distribution.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -2906,7 +2925,7 @@ module Aws::CloudFront
2906
2925
  params: params,
2907
2926
  config: config)
2908
2927
  context[:gem_name] = 'aws-sdk-cloudfront'
2909
- context[:gem_version] = '1.0.0'
2928
+ context[:gem_version] = '1.1.0'
2910
2929
  Seahorse::Client::Request.new(handlers, context)
2911
2930
  end
2912
2931
 
@@ -54,6 +54,7 @@ module Aws::CloudFront
54
54
  DefaultCacheBehavior = Shapes::StructureShape.new(name: 'DefaultCacheBehavior')
55
55
  DeleteCloudFrontOriginAccessIdentityRequest = Shapes::StructureShape.new(name: 'DeleteCloudFrontOriginAccessIdentityRequest')
56
56
  DeleteDistributionRequest = Shapes::StructureShape.new(name: 'DeleteDistributionRequest')
57
+ DeleteServiceLinkedRoleRequest = Shapes::StructureShape.new(name: 'DeleteServiceLinkedRoleRequest')
57
58
  DeleteStreamingDistributionRequest = Shapes::StructureShape.new(name: 'DeleteStreamingDistributionRequest')
58
59
  Distribution = Shapes::StructureShape.new(name: 'Distribution')
59
60
  DistributionAlreadyExists = Shapes::StructureShape.new(name: 'DistributionAlreadyExists')
@@ -158,6 +159,7 @@ module Aws::CloudFront
158
159
  QueryStringCacheKeys = Shapes::StructureShape.new(name: 'QueryStringCacheKeys')
159
160
  QueryStringCacheKeysList = Shapes::ListShape.new(name: 'QueryStringCacheKeysList')
160
161
  ResourceARN = Shapes::StringShape.new(name: 'ResourceARN')
162
+ ResourceInUse = Shapes::StructureShape.new(name: 'ResourceInUse')
161
163
  Restrictions = Shapes::StructureShape.new(name: 'Restrictions')
162
164
  S3Origin = Shapes::StructureShape.new(name: 'S3Origin')
163
165
  S3OriginConfig = Shapes::StructureShape.new(name: 'S3OriginConfig')
@@ -409,6 +411,9 @@ module Aws::CloudFront
409
411
  DeleteDistributionRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: string, location: "header", location_name: "If-Match"))
410
412
  DeleteDistributionRequest.struct_class = Types::DeleteDistributionRequest
411
413
 
414
+ DeleteServiceLinkedRoleRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "RoleName"))
415
+ DeleteServiceLinkedRoleRequest.struct_class = Types::DeleteServiceLinkedRoleRequest
416
+
412
417
  DeleteStreamingDistributionRequest.add_member(:id, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "Id"))
413
418
  DeleteStreamingDistributionRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: string, location: "header", location_name: "If-Match"))
414
419
  DeleteStreamingDistributionRequest.struct_class = Types::DeleteStreamingDistributionRequest
@@ -1050,6 +1055,18 @@ module Aws::CloudFront
1050
1055
  o.errors << Shapes::ShapeRef.new(shape: PreconditionFailed)
1051
1056
  end)
1052
1057
 
1058
+ api.add_operation(:delete_service_linked_role, Seahorse::Model::Operation.new.tap do |o|
1059
+ o.name = "DeleteServiceLinkedRole"
1060
+ o.http_method = "DELETE"
1061
+ o.http_request_uri = "/2017-03-25/service-linked-role/{RoleName}"
1062
+ o.input = Shapes::ShapeRef.new(shape: DeleteServiceLinkedRoleRequest)
1063
+ o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
1064
+ o.errors << Shapes::ShapeRef.new(shape: InvalidArgument)
1065
+ o.errors << Shapes::ShapeRef.new(shape: AccessDenied)
1066
+ o.errors << Shapes::ShapeRef.new(shape: ResourceInUse)
1067
+ o.errors << Shapes::ShapeRef.new(shape: NoSuchResource)
1068
+ end)
1069
+
1053
1070
  api.add_operation(:delete_streaming_distribution, Seahorse::Model::Operation.new.tap do |o|
1054
1071
  o.name = "DeleteStreamingDistribution"
1055
1072
  o.http_method = "DELETE"
@@ -570,7 +570,7 @@ module Aws::CloudFront
570
570
  # CloudFront origin access identity.
571
571
  #
572
572
  # @!attribute [rw] id
573
- # The ID for the origin access identity. For example:
573
+ # The ID for the origin access identity, for example,
574
574
  # `E74FTE3AJFJ256A`.
575
575
  # @return [String]
576
576
  #
@@ -1041,7 +1041,7 @@ module Aws::CloudFront
1041
1041
  # iam_certificate_id: "string",
1042
1042
  # acm_certificate_arn: "string",
1043
1043
  # ssl_support_method: "sni-only", # accepts sni-only, vip
1044
- # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
1044
+ # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
1045
1045
  # certificate: "string",
1046
1046
  # certificate_source: "cloudfront", # accepts cloudfront, iam, acm
1047
1047
  # },
@@ -1270,7 +1270,7 @@ module Aws::CloudFront
1270
1270
  # iam_certificate_id: "string",
1271
1271
  # acm_certificate_arn: "string",
1272
1272
  # ssl_support_method: "sni-only", # accepts sni-only, vip
1273
- # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
1273
+ # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
1274
1274
  # certificate: "string",
1275
1275
  # certificate_source: "cloudfront", # accepts cloudfront, iam, acm
1276
1276
  # },
@@ -1799,7 +1799,7 @@ module Aws::CloudFront
1799
1799
  include Aws::Structure
1800
1800
  end
1801
1801
 
1802
- # A complex type that describes the default cache behavior if you do not
1802
+ # A complex type that describes the default cache behavior if you don't
1803
1803
  # specify a `CacheBehavior` element or if files don't match any of the
1804
1804
  # values of `PathPattern` in `CacheBehavior` elements. You must create
1805
1805
  # exactly one default cache behavior.
@@ -2123,6 +2123,23 @@ module Aws::CloudFront
2123
2123
  include Aws::Structure
2124
2124
  end
2125
2125
 
2126
+ # @note When making an API call, you may pass DeleteServiceLinkedRoleRequest
2127
+ # data as a hash:
2128
+ #
2129
+ # {
2130
+ # role_name: "string", # required
2131
+ # }
2132
+ #
2133
+ # @!attribute [rw] role_name
2134
+ # @return [String]
2135
+ #
2136
+ # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/DeleteServiceLinkedRoleRequest AWS API Documentation
2137
+ #
2138
+ class DeleteServiceLinkedRoleRequest < Struct.new(
2139
+ :role_name)
2140
+ include Aws::Structure
2141
+ end
2142
+
2126
2143
  # The request to delete a streaming distribution.
2127
2144
  #
2128
2145
  # @note When making an API call, you may pass DeleteStreamingDistributionRequest
@@ -2177,8 +2194,8 @@ module Aws::CloudFront
2177
2194
  # @return [Integer]
2178
2195
  #
2179
2196
  # @!attribute [rw] domain_name
2180
- # The domain name corresponding to the distribution. For example:
2181
- # `d604721fxaaqy9.cloudfront.net`.
2197
+ # The domain name corresponding to the distribution, for example,
2198
+ # `d111111abcdef8.cloudfront.net`.
2182
2199
  # @return [String]
2183
2200
  #
2184
2201
  # @!attribute [rw] active_trusted_signers
@@ -2387,7 +2404,7 @@ module Aws::CloudFront
2387
2404
  # iam_certificate_id: "string",
2388
2405
  # acm_certificate_arn: "string",
2389
2406
  # ssl_support_method: "sni-only", # accepts sni-only, vip
2390
- # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
2407
+ # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
2391
2408
  # certificate: "string",
2392
2409
  # certificate_source: "cloudfront", # accepts cloudfront, iam, acm
2393
2410
  # },
@@ -2436,7 +2453,7 @@ module Aws::CloudFront
2436
2453
  # Specifying a default root object avoids exposing the contents of
2437
2454
  # your distribution.
2438
2455
  #
2439
- # Specify only the object name, for example, `index.html`. Do not add
2456
+ # Specify only the object name, for example, `index.html`. Don't add
2440
2457
  # a `/` before the object name.
2441
2458
  #
2442
2459
  # If you don't want to specify a default root object when you create
@@ -2463,10 +2480,10 @@ module Aws::CloudFront
2463
2480
  # @return [Types::Origins]
2464
2481
  #
2465
2482
  # @!attribute [rw] default_cache_behavior
2466
- # A complex type that describes the default cache behavior if you do
2467
- # not specify a `CacheBehavior` element or if files don't match any
2468
- # of the values of `PathPattern` in `CacheBehavior` elements. You must
2469
- # create exactly one default cache behavior.
2483
+ # A complex type that describes the default cache behavior if you
2484
+ # don't specify a `CacheBehavior` element or if files don't match
2485
+ # any of the values of `PathPattern` in `CacheBehavior` elements. You
2486
+ # must create exactly one default cache behavior.
2470
2487
  # @return [Types::DefaultCacheBehavior]
2471
2488
  #
2472
2489
  # @!attribute [rw] cache_behaviors
@@ -2551,21 +2568,104 @@ module Aws::CloudFront
2551
2568
  # @!attribute [rw] viewer_certificate
2552
2569
  # A complex type that specifies the following:
2553
2570
  #
2554
- # * Which SSL/TLS certificate to use when viewers request objects
2555
- # using HTTPS
2571
+ # * Whether you want viewers to use HTTP or HTTPS to request your
2572
+ # objects.
2573
+ #
2574
+ # * If you want viewers to use HTTPS, whether you're using an
2575
+ # alternate domain name such as `example.com` or the CloudFront
2576
+ # domain name for your distribution, such as
2577
+ # `d111111abcdef8.cloudfront.net`.
2578
+ #
2579
+ # * If you're using an alternate domain name, whether AWS Certificate
2580
+ # Manager (ACM) provided the certificate, or you purchased a
2581
+ # certificate from a third-party certificate authority and imported
2582
+ # it into ACM or uploaded it to the IAM certificate store.
2556
2583
  #
2557
- # * Whether you want CloudFront to use dedicated IP addresses or SNI
2558
- # when you're using alternate domain names in your object names
2584
+ # You must specify only one of the following values:
2559
2585
  #
2560
- # * The minimum protocol version that you want CloudFront to use when
2561
- # communicating with viewers
2586
+ # * ViewerCertificate$ACMCertificateArn
2562
2587
  #
2563
- # For more information, see [Using an HTTPS Connection to Access Your
2564
- # Objects][1] in the *Amazon Amazon CloudFront Developer Guide*.
2588
+ # * ViewerCertificate$IAMCertificateId
2565
2589
  #
2590
+ # * ViewerCertificate$CloudFrontDefaultCertificate
2566
2591
  #
2592
+ # Don't specify `false` for `CloudFrontDefaultCertificate`.
2567
2593
  #
2568
- # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
2594
+ # **If you want viewers to use HTTP instead of HTTPS to request your
2595
+ # objects**\: Specify the following value:
2596
+ #
2597
+ # `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`
2598
+ #
2599
+ # In addition, specify `allow-all` for `ViewerProtocolPolicy` for all
2600
+ # of your cache behaviors.
2601
+ #
2602
+ # **If you want viewers to use HTTPS to request your objects**\:
2603
+ # Choose the type of certificate that you want to use based on whether
2604
+ # you're using an alternate domain name for your objects or the
2605
+ # CloudFront domain name:
2606
+ #
2607
+ # * **If you're using an alternate domain name, such as
2608
+ # example.com**\: Specify one of the following values, depending on
2609
+ # whether ACM provided your certificate or you purchased your
2610
+ # certificate from third-party certificate authority:
2611
+ #
2612
+ # * `<ACMCertificateArn>ARN for ACM SSL/TLS
2613
+ # certificate<ACMCertificateArn>` where ` ARN for ACM SSL/TLS
2614
+ # certificate ` is the ARN for the ACM SSL/TLS certificate that
2615
+ # you want to use for this distribution.
2616
+ #
2617
+ # * `<IAMCertificateId>IAM certificate ID<IAMCertificateId>` where `
2618
+ # IAM certificate ID ` is the ID that IAM returned when you added
2619
+ # the certificate to the IAM certificate store.
2620
+ #
2621
+ # If you specify `ACMCertificateArn` or `IAMCertificateId`, you must
2622
+ # also specify a value for `SSLSupportMethod`.
2623
+ #
2624
+ # If you choose to use an ACM certificate or a certificate in the
2625
+ # IAM certificate store, we recommend that you use only an alternate
2626
+ # domain name in your object URLs (`https://example.com/logo.jpg`).
2627
+ # If you use the domain name that is associated with your CloudFront
2628
+ # distribution (such as
2629
+ # `https://d111111abcdef8.cloudfront.net/logo.jpg`) and the viewer
2630
+ # supports `SNI`, then CloudFront behaves normally. However, if the
2631
+ # browser does not support SNI, the user's experience depends on
2632
+ # the value that you choose for `SSLSupportMethod`\:
2633
+ #
2634
+ # * `vip`\: The viewer displays a warning because there is a
2635
+ # mismatch between the CloudFront domain name and the domain name
2636
+ # in your SSL/TLS certificate.
2637
+ #
2638
+ # * `sni-only`\: CloudFront drops the connection with the browser
2639
+ # without returning the object.
2640
+ #
2641
+ # * <b>If you're using the CloudFront domain name for your
2642
+ # distribution, such as <code>d111111abcdef8.cloudfront.net</code>
2643
+ # </b>\: Specify the following value:
2644
+ #
2645
+ # `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
2646
+ # `
2647
+ #
2648
+ # If you want viewers to use HTTPS, you must also specify one of the
2649
+ # following values in your cache behaviors:
2650
+ #
2651
+ # * ` <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>`
2652
+ #
2653
+ # * `<ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>`
2654
+ #
2655
+ # You can also optionally require that CloudFront use HTTPS to
2656
+ # communicate with your origin by specifying one of the following
2657
+ # values for the applicable origins:
2658
+ #
2659
+ # * `<OriginProtocolPolicy>https-only<OriginProtocolPolicy> `
2660
+ #
2661
+ # * `<OriginProtocolPolicy>match-viewer<OriginProtocolPolicy> `
2662
+ #
2663
+ # For more information, see [Using Alternate Domain Names and
2664
+ # HTTPS][1] in the *Amazon CloudFront Developer Guide*.
2665
+ #
2666
+ #
2667
+ #
2668
+ # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS
2569
2669
  # @return [Types::ViewerCertificate]
2570
2670
  #
2571
2671
  # @!attribute [rw] restrictions
@@ -2620,7 +2720,7 @@ module Aws::CloudFront
2620
2720
  # signed URLs or signed cookies to restrict access to your content,
2621
2721
  # and if you're using a custom policy that includes the `IpAddress`
2622
2722
  # parameter to restrict the IP addresses that can access your content,
2623
- # do not enable IPv6. If you want to restrict access to some content
2723
+ # don't enable IPv6. If you want to restrict access to some content
2624
2724
  # by IP address and not restrict access to other content (or restrict
2625
2725
  # access but not by IP address), you can create two distributions. For
2626
2726
  # more information, see [Creating a Signed URL Using a Custom
@@ -2848,7 +2948,7 @@ module Aws::CloudFront
2848
2948
  # iam_certificate_id: "string",
2849
2949
  # acm_certificate_arn: "string",
2850
2950
  # ssl_support_method: "sni-only", # accepts sni-only, vip
2851
- # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
2951
+ # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
2852
2952
  # certificate: "string",
2853
2953
  # certificate_source: "cloudfront", # accepts cloudfront, iam, acm
2854
2954
  # },
@@ -2957,8 +3057,8 @@ module Aws::CloudFront
2957
3057
  # @return [Time]
2958
3058
  #
2959
3059
  # @!attribute [rw] domain_name
2960
- # The domain name that corresponds to the distribution. For example:
2961
- # `d604721fxaaqy9.cloudfront.net`.
3060
+ # The domain name that corresponds to the distribution, for example,
3061
+ # `d111111abcdef8.cloudfront.net`.
2962
3062
  # @return [String]
2963
3063
  #
2964
3064
  # @!attribute [rw] aliases
@@ -2972,10 +3072,10 @@ module Aws::CloudFront
2972
3072
  # @return [Types::Origins]
2973
3073
  #
2974
3074
  # @!attribute [rw] default_cache_behavior
2975
- # A complex type that describes the default cache behavior if you do
2976
- # not specify a `CacheBehavior` element or if files don't match any
2977
- # of the values of `PathPattern` in `CacheBehavior` elements. You must
2978
- # create exactly one default cache behavior.
3075
+ # A complex type that describes the default cache behavior if you
3076
+ # don't specify a `CacheBehavior` element or if files don't match
3077
+ # any of the values of `PathPattern` in `CacheBehavior` elements. You
3078
+ # must create exactly one default cache behavior.
2979
3079
  # @return [Types::DefaultCacheBehavior]
2980
3080
  #
2981
3081
  # @!attribute [rw] cache_behaviors
@@ -3002,21 +3102,104 @@ module Aws::CloudFront
3002
3102
  # @!attribute [rw] viewer_certificate
3003
3103
  # A complex type that specifies the following:
3004
3104
  #
3005
- # * Which SSL/TLS certificate to use when viewers request objects
3006
- # using HTTPS
3105
+ # * Whether you want viewers to use HTTP or HTTPS to request your
3106
+ # objects.
3107
+ #
3108
+ # * If you want viewers to use HTTPS, whether you're using an
3109
+ # alternate domain name such as `example.com` or the CloudFront
3110
+ # domain name for your distribution, such as
3111
+ # `d111111abcdef8.cloudfront.net`.
3112
+ #
3113
+ # * If you're using an alternate domain name, whether AWS Certificate
3114
+ # Manager (ACM) provided the certificate, or you purchased a
3115
+ # certificate from a third-party certificate authority and imported
3116
+ # it into ACM or uploaded it to the IAM certificate store.
3007
3117
  #
3008
- # * Whether you want CloudFront to use dedicated IP addresses or SNI
3009
- # when you're using alternate domain names in your object names
3118
+ # You must specify only one of the following values:
3010
3119
  #
3011
- # * The minimum protocol version that you want CloudFront to use when
3012
- # communicating with viewers
3120
+ # * ViewerCertificate$ACMCertificateArn
3013
3121
  #
3014
- # For more information, see [Using an HTTPS Connection to Access Your
3015
- # Objects][1] in the *Amazon Amazon CloudFront Developer Guide*.
3122
+ # * ViewerCertificate$IAMCertificateId
3016
3123
  #
3124
+ # * ViewerCertificate$CloudFrontDefaultCertificate
3017
3125
  #
3126
+ # Don't specify `false` for `CloudFrontDefaultCertificate`.
3018
3127
  #
3019
- # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
3128
+ # **If you want viewers to use HTTP instead of HTTPS to request your
3129
+ # objects**\: Specify the following value:
3130
+ #
3131
+ # `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`
3132
+ #
3133
+ # In addition, specify `allow-all` for `ViewerProtocolPolicy` for all
3134
+ # of your cache behaviors.
3135
+ #
3136
+ # **If you want viewers to use HTTPS to request your objects**\:
3137
+ # Choose the type of certificate that you want to use based on whether
3138
+ # you're using an alternate domain name for your objects or the
3139
+ # CloudFront domain name:
3140
+ #
3141
+ # * **If you're using an alternate domain name, such as
3142
+ # example.com**\: Specify one of the following values, depending on
3143
+ # whether ACM provided your certificate or you purchased your
3144
+ # certificate from third-party certificate authority:
3145
+ #
3146
+ # * `<ACMCertificateArn>ARN for ACM SSL/TLS
3147
+ # certificate<ACMCertificateArn>` where ` ARN for ACM SSL/TLS
3148
+ # certificate ` is the ARN for the ACM SSL/TLS certificate that
3149
+ # you want to use for this distribution.
3150
+ #
3151
+ # * `<IAMCertificateId>IAM certificate ID<IAMCertificateId>` where `
3152
+ # IAM certificate ID ` is the ID that IAM returned when you added
3153
+ # the certificate to the IAM certificate store.
3154
+ #
3155
+ # If you specify `ACMCertificateArn` or `IAMCertificateId`, you must
3156
+ # also specify a value for `SSLSupportMethod`.
3157
+ #
3158
+ # If you choose to use an ACM certificate or a certificate in the
3159
+ # IAM certificate store, we recommend that you use only an alternate
3160
+ # domain name in your object URLs (`https://example.com/logo.jpg`).
3161
+ # If you use the domain name that is associated with your CloudFront
3162
+ # distribution (such as
3163
+ # `https://d111111abcdef8.cloudfront.net/logo.jpg`) and the viewer
3164
+ # supports `SNI`, then CloudFront behaves normally. However, if the
3165
+ # browser does not support SNI, the user's experience depends on
3166
+ # the value that you choose for `SSLSupportMethod`\:
3167
+ #
3168
+ # * `vip`\: The viewer displays a warning because there is a
3169
+ # mismatch between the CloudFront domain name and the domain name
3170
+ # in your SSL/TLS certificate.
3171
+ #
3172
+ # * `sni-only`\: CloudFront drops the connection with the browser
3173
+ # without returning the object.
3174
+ #
3175
+ # * <b>If you're using the CloudFront domain name for your
3176
+ # distribution, such as <code>d111111abcdef8.cloudfront.net</code>
3177
+ # </b>\: Specify the following value:
3178
+ #
3179
+ # `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
3180
+ # `
3181
+ #
3182
+ # If you want viewers to use HTTPS, you must also specify one of the
3183
+ # following values in your cache behaviors:
3184
+ #
3185
+ # * ` <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>`
3186
+ #
3187
+ # * `<ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>`
3188
+ #
3189
+ # You can also optionally require that CloudFront use HTTPS to
3190
+ # communicate with your origin by specifying one of the following
3191
+ # values for the applicable origins:
3192
+ #
3193
+ # * `<OriginProtocolPolicy>https-only<OriginProtocolPolicy> `
3194
+ #
3195
+ # * `<OriginProtocolPolicy>match-viewer<OriginProtocolPolicy> `
3196
+ #
3197
+ # For more information, see [Using Alternate Domain Names and
3198
+ # HTTPS][1] in the *Amazon CloudFront Developer Guide*.
3199
+ #
3200
+ #
3201
+ #
3202
+ # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS
3020
3203
  # @return [Types::ViewerCertificate]
3021
3204
  #
3022
3205
  # @!attribute [rw] restrictions
@@ -3135,7 +3318,7 @@ module Aws::CloudFront
3135
3318
  #
3136
3319
  # @!attribute [rw] headers
3137
3320
  # A complex type that specifies the `Headers`, if any, that you want
3138
- # CloudFront to vary upon for this cache behavior.
3321
+ # CloudFront to base caching on for this cache behavior.
3139
3322
  # @return [Types::Headers]
3140
3323
  #
3141
3324
  # @!attribute [rw] query_string_cache_keys
@@ -3175,7 +3358,7 @@ module Aws::CloudFront
3175
3358
  # is not restricted by client geo location.
3176
3359
  #
3177
3360
  # * `blacklist`\: The `Location` elements specify the countries in
3178
- # which you do not want CloudFront to distribute your content.
3361
+ # which you don't want CloudFront to distribute your content.
3179
3362
  #
3180
3363
  # * `whitelist`\: The `Location` elements specify the countries in
3181
3364
  # which you want CloudFront to distribute your content.
@@ -3199,7 +3382,7 @@ module Aws::CloudFront
3199
3382
  # CloudFront and `MaxMind` both use `ISO 3166` country codes. For the
3200
3383
  # current list of countries and the corresponding codes, see `ISO
3201
3384
  # 3166-1-alpha-2` code on the *International Organization for
3202
- # Standardization* website. You can also refer to the country list in
3385
+ # Standardization* website. You can also refer to the country list on
3203
3386
  # the CloudFront console, which includes both country names and codes.
3204
3387
  # @return [Array<String>]
3205
3388
  #
@@ -3492,15 +3675,15 @@ module Aws::CloudFront
3492
3675
  include Aws::Structure
3493
3676
  end
3494
3677
 
3495
- # A complex type that specifies the headers that you want CloudFront to
3496
- # forward to the origin for this cache behavior.
3497
- #
3498
- # For the headers that you specify, CloudFront also caches separate
3499
- # versions of a specified object based on the header values in viewer
3500
- # requests. For example, suppose viewer requests for `logo.jpg` contain
3501
- # a custom `Product` header that has a value of either `Acme` or `Apex`,
3502
- # and you configure CloudFront to cache your content based on values in
3503
- # the `Product` header. CloudFront forwards the `Product` header to the
3678
+ # A complex type that specifies the request headers, if any, that you
3679
+ # want CloudFront to base caching on for this cache behavior.
3680
+ #
3681
+ # For the headers that you specify, CloudFront caches separate versions
3682
+ # of a specified object based on the header values in viewer requests.
3683
+ # For example, suppose viewer requests for `logo.jpg` contain a custom
3684
+ # `product` header that has a value of either `acme` or `apex`, and you
3685
+ # configure CloudFront to cache your content based on values in the
3686
+ # `product` header. CloudFront forwards the `product` header to the
3504
3687
  # origin and caches the response from the origin once for each header
3505
3688
  # value. For more information about caching based on header values, see
3506
3689
  # [How CloudFront Forwards and Caches Headers][1] in the *Amazon
@@ -3519,33 +3702,46 @@ module Aws::CloudFront
3519
3702
  # }
3520
3703
  #
3521
3704
  # @!attribute [rw] quantity
3522
- # The number of different headers that you want CloudFront to forward
3523
- # to the origin for this cache behavior. You can configure each cache
3705
+ # The number of different headers that you want CloudFront to base
3706
+ # caching on for this cache behavior. You can configure each cache
3524
3707
  # behavior in a web distribution to do one of the following:
3525
3708
  #
3526
3709
  # * **Forward all headers to your origin**\: Specify `1` for
3527
3710
  # `Quantity` and `*` for `Name`.
3528
3711
  #
3529
- # If you configure CloudFront to forward all headers to your origin,
3530
- # CloudFront doesn't cache the objects associated with this cache
3531
- # behavior. Instead, it sends every request to the origin.
3712
+ # CloudFront doesn't cache the objects that are associated with
3713
+ # this cache behavior. Instead, CloudFront sends every request to
3714
+ # the origin.
3532
3715
  #
3533
- # * *Forward a whitelist of headers you specify*\: Specify the number
3534
- # of headers that you want to forward, and specify the header names
3535
- # in `Name` elements. CloudFront caches your objects based on the
3536
- # values in all of the specified headers. CloudFront also forwards
3537
- # the headers that it forwards by default, but it caches your
3538
- # objects based only on the headers that you specify.
3716
+ # * **Forward a whitelist of headers you specify**\: Specify the
3717
+ # number of headers that you want CloudFront to base caching on.
3718
+ # Then specify the header names in `Name` elements. CloudFront
3719
+ # caches your objects based on the values in the specified headers.
3539
3720
  #
3540
3721
  # * **Forward only the default headers**\: Specify `0` for `Quantity`
3541
3722
  # and omit `Items`. In this configuration, CloudFront doesn't cache
3542
3723
  # based on the values in the request headers.
3724
+ #
3725
+ # Regardless of which option you choose, CloudFront forwards headers
3726
+ # to your origin based on whether the origin is an S3 bucket or a
3727
+ # custom origin. See the following documentation:
3728
+ #
3729
+ # * **S3 bucket**\: See [HTTP Request Headers That CloudFront Removes
3730
+ # or Updates][1]
3731
+ #
3732
+ # * **Custom origin**\: See [HTTP Request Headers and CloudFront
3733
+ # Behavior][2]
3734
+ #
3735
+ #
3736
+ #
3737
+ # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorS3Origin.html#request-s3-removed-headers
3738
+ # [2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-headers-behavior
3543
3739
  # @return [Integer]
3544
3740
  #
3545
3741
  # @!attribute [rw] items
3546
- # A complex type that contains one `Name` element for each header that
3547
- # you want CloudFront to forward to the origin and to vary on for this
3548
- # cache behavior. If `Quantity` is `0`, omit `Items`.
3742
+ # A list that contains one `Name` element for each header that you
3743
+ # want CloudFront to use for caching in this cache behavior. If
3744
+ # `Quantity` is `0`, omit `Items`.
3549
3745
  # @return [Array<String>]
3550
3746
  #
3551
3747
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/Headers AWS API Documentation
@@ -3750,20 +3946,36 @@ module Aws::CloudFront
3750
3946
  # }
3751
3947
  #
3752
3948
  # @!attribute [rw] lambda_function_arn
3753
- # The ARN of the Lambda function.
3949
+ # The ARN of the Lambda function. You must specify the ARN of a
3950
+ # function version; you can't specify a Lambda alias or $LATEST.
3754
3951
  # @return [String]
3755
3952
  #
3756
3953
  # @!attribute [rw] event_type
3757
3954
  # Specifies the event type that triggers a Lambda function invocation.
3758
- # Valid values are:
3955
+ # You can specify the following values:
3759
3956
  #
3760
- # * `viewer-request`
3957
+ # * `viewer-request`\: The function executes when CloudFront receives
3958
+ # a request from a viewer and before it checks to see whether the
3959
+ # requested object is in the edge cache.
3761
3960
  #
3762
- # * `origin-request`
3961
+ # * `origin-request`\: The function executes only when CloudFront
3962
+ # forwards a request to your origin. When the requested object is in
3963
+ # the edge cache, the function doesn't execute.
3763
3964
  #
3764
- # * `viewer-response`
3965
+ # * `origin-response`\: The function executes after CloudFront
3966
+ # receives a response from the origin and before it caches the
3967
+ # object in the response. When the requested object is in the edge
3968
+ # cache, the function doesn't execute.
3765
3969
  #
3766
- # * `origin-response`
3970
+ # If the origin returns an HTTP status code other than HTTP 200
3971
+ # (OK), the function doesn't execute.
3972
+ #
3973
+ # * `viewer-response`\: The function executes before CloudFront
3974
+ # returns the requested object to the viewer. The function executes
3975
+ # regardless of whether the object was already in the edge cache.
3976
+ #
3977
+ # If the origin returns an HTTP status code other than HTTP 200
3978
+ # (OK), the function doesn't execute.
3767
3979
  # @return [String]
3768
3980
  #
3769
3981
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/LambdaFunctionAssociation AWS API Documentation
@@ -4104,7 +4316,7 @@ module Aws::CloudFront
4104
4316
  #
4105
4317
  # @!attribute [rw] enabled
4106
4318
  # Specifies whether you want CloudFront to save access logs to an
4107
- # Amazon S3 bucket. If you do not want to enable logging when you
4319
+ # Amazon S3 bucket. If you don't want to enable logging when you
4108
4320
  # create a distribution or if you want to disable logging for an
4109
4321
  # existing distribution, specify `false` for `Enabled`, and specify
4110
4322
  # empty `Bucket` and `Prefix` elements. If you specify `false` for
@@ -4116,7 +4328,7 @@ module Aws::CloudFront
4116
4328
  # Specifies whether you want CloudFront to include cookies in access
4117
4329
  # logs, specify `true` for `IncludeCookies`. If you choose to include
4118
4330
  # cookies in logs, CloudFront logs all cookies regardless of how you
4119
- # configure the cache behaviors for this distribution. If you do not
4331
+ # configure the cache behaviors for this distribution. If you don't
4120
4332
  # want to include cookies when you create a distribution or if you
4121
4333
  # want to disable include cookies for an existing distribution,
4122
4334
  # specify `false` for `IncludeCookies`.
@@ -4130,7 +4342,7 @@ module Aws::CloudFront
4130
4342
  # @!attribute [rw] prefix
4131
4343
  # An optional string that you want CloudFront to prefix to the access
4132
4344
  # log `filenames` for this distribution, for example, `myprefix/`. If
4133
- # you want to enable logging, but you do not want to specify a prefix,
4345
+ # you want to enable logging, but you don't want to specify a prefix,
4134
4346
  # you still must include an empty `Prefix` element in the `Logging`
4135
4347
  # element.
4136
4348
  # @return [String]
@@ -4215,7 +4427,7 @@ module Aws::CloudFront
4215
4427
  # Constraints for Amazon S3 origins:
4216
4428
  #
4217
4429
  # * If you configured Amazon S3 Transfer Acceleration for your bucket,
4218
- # do not specify the `s3-accelerate` endpoint for `DomainName`.
4430
+ # don't specify the `s3-accelerate` endpoint for `DomainName`.
4219
4431
  #
4220
4432
  # * The bucket name must be between 3 and 63 characters long
4221
4433
  # (inclusive).
@@ -4647,8 +4859,8 @@ module Aws::CloudFront
4647
4859
  # @return [Time]
4648
4860
  #
4649
4861
  # @!attribute [rw] domain_name
4650
- # The domain name that corresponds to the streaming distribution. For
4651
- # example: `s5c39gqb8ow64r.cloudfront.net`.
4862
+ # The domain name that corresponds to the streaming distribution, for
4863
+ # example, `s5c39gqb8ow64r.cloudfront.net`.
4652
4864
  # @return [String]
4653
4865
  #
4654
4866
  # @!attribute [rw] active_trusted_signers
@@ -4898,7 +5110,7 @@ module Aws::CloudFront
4898
5110
  # distribution.
4899
5111
  #
4900
5112
  # @!attribute [rw] id
4901
- # The identifier for the distribution. For example: `EDFDVBD632BHDS5`.
5113
+ # The identifier for the distribution, for example, `EDFDVBD632BHDS5`.
4902
5114
  # @return [String]
4903
5115
  #
4904
5116
  # @!attribute [rw] arn
@@ -4919,8 +5131,8 @@ module Aws::CloudFront
4919
5131
  # @return [Time]
4920
5132
  #
4921
5133
  # @!attribute [rw] domain_name
4922
- # The domain name corresponding to the distribution. For example:
4923
- # `d604721fxaaqy9.cloudfront.net`.
5134
+ # The domain name corresponding to the distribution, for example,
5135
+ # `d111111abcdef8.cloudfront.net`.
4924
5136
  # @return [String]
4925
5137
  #
4926
5138
  # @!attribute [rw] s3_origin
@@ -4992,7 +5204,7 @@ module Aws::CloudFront
4992
5204
  #
4993
5205
  # @!attribute [rw] enabled
4994
5206
  # Specifies whether you want CloudFront to save access logs to an
4995
- # Amazon S3 bucket. If you do not want to enable logging when you
5207
+ # Amazon S3 bucket. If you don't want to enable logging when you
4996
5208
  # create a streaming distribution or if you want to disable logging
4997
5209
  # for an existing streaming distribution, specify `false` for
4998
5210
  # `Enabled`, and specify `empty Bucket` and `Prefix` elements. If you
@@ -5007,8 +5219,8 @@ module Aws::CloudFront
5007
5219
  #
5008
5220
  # @!attribute [rw] prefix
5009
5221
  # An optional string that you want CloudFront to prefix to the access
5010
- # log `filenames` for this streaming distribution, for example,
5011
- # `myprefix/`. If you want to enable logging, but you do not want to
5222
+ # log filenames for this streaming distribution, for example,
5223
+ # `myprefix/`. If you want to enable logging, but you don't want to
5012
5224
  # specify a prefix, you still must include an empty `Prefix` element
5013
5225
  # in the `Logging` element.
5014
5226
  # @return [String]
@@ -5450,7 +5662,7 @@ module Aws::CloudFront
5450
5662
  # iam_certificate_id: "string",
5451
5663
  # acm_certificate_arn: "string",
5452
5664
  # ssl_support_method: "sni-only", # accepts sni-only, vip
5453
- # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
5665
+ # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
5454
5666
  # certificate: "string",
5455
5667
  # certificate_source: "cloudfront", # accepts cloudfront, iam, acm
5456
5668
  # },
@@ -5588,21 +5800,102 @@ module Aws::CloudFront
5588
5800
 
5589
5801
  # A complex type that specifies the following:
5590
5802
  #
5591
- # * Which SSL/TLS certificate to use when viewers request objects using
5592
- # HTTPS
5803
+ # * Whether you want viewers to use HTTP or HTTPS to request your
5804
+ # objects.
5805
+ #
5806
+ # * If you want viewers to use HTTPS, whether you're using an alternate
5807
+ # domain name such as `example.com` or the CloudFront domain name for
5808
+ # your distribution, such as `d111111abcdef8.cloudfront.net`.
5809
+ #
5810
+ # * If you're using an alternate domain name, whether AWS Certificate
5811
+ # Manager (ACM) provided the certificate, or you purchased a
5812
+ # certificate from a third-party certificate authority and imported it
5813
+ # into ACM or uploaded it to the IAM certificate store.
5814
+ #
5815
+ # You must specify only one of the following values:
5816
+ #
5817
+ # * ViewerCertificate$ACMCertificateArn
5818
+ #
5819
+ # * ViewerCertificate$IAMCertificateId
5820
+ #
5821
+ # * ViewerCertificate$CloudFrontDefaultCertificate
5822
+ #
5823
+ # Don't specify `false` for `CloudFrontDefaultCertificate`.
5824
+ #
5825
+ # **If you want viewers to use HTTP instead of HTTPS to request your
5826
+ # objects**\: Specify the following value:
5827
+ #
5828
+ # `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`
5829
+ #
5830
+ # In addition, specify `allow-all` for `ViewerProtocolPolicy` for all of
5831
+ # your cache behaviors.
5832
+ #
5833
+ # **If you want viewers to use HTTPS to request your objects**\: Choose
5834
+ # the type of certificate that you want to use based on whether you're
5835
+ # using an alternate domain name for your objects or the CloudFront
5836
+ # domain name:
5837
+ #
5838
+ # * **If you're using an alternate domain name, such as example.com**\:
5839
+ # Specify one of the following values, depending on whether ACM
5840
+ # provided your certificate or you purchased your certificate from
5841
+ # third-party certificate authority:
5593
5842
  #
5594
- # * Whether you want CloudFront to use dedicated IP addresses or SNI
5595
- # when you're using alternate domain names in your object names
5843
+ # * `<ACMCertificateArn>ARN for ACM SSL/TLS
5844
+ # certificate<ACMCertificateArn>` where ` ARN for ACM SSL/TLS
5845
+ # certificate ` is the ARN for the ACM SSL/TLS certificate that you
5846
+ # want to use for this distribution.
5596
5847
  #
5597
- # * The minimum protocol version that you want CloudFront to use when
5598
- # communicating with viewers
5848
+ # * `<IAMCertificateId>IAM certificate ID<IAMCertificateId>` where `
5849
+ # IAM certificate ID ` is the ID that IAM returned when you added
5850
+ # the certificate to the IAM certificate store.
5599
5851
  #
5600
- # For more information, see [Using an HTTPS Connection to Access Your
5601
- # Objects][1] in the *Amazon Amazon CloudFront Developer Guide*.
5852
+ # If you specify `ACMCertificateArn` or `IAMCertificateId`, you must
5853
+ # also specify a value for `SSLSupportMethod`.
5602
5854
  #
5855
+ # If you choose to use an ACM certificate or a certificate in the IAM
5856
+ # certificate store, we recommend that you use only an alternate
5857
+ # domain name in your object URLs (`https://example.com/logo.jpg`). If
5858
+ # you use the domain name that is associated with your CloudFront
5859
+ # distribution (such as
5860
+ # `https://d111111abcdef8.cloudfront.net/logo.jpg`) and the viewer
5861
+ # supports `SNI`, then CloudFront behaves normally. However, if the
5862
+ # browser does not support SNI, the user's experience depends on the
5863
+ # value that you choose for `SSLSupportMethod`\:
5603
5864
  #
5865
+ # * `vip`\: The viewer displays a warning because there is a mismatch
5866
+ # between the CloudFront domain name and the domain name in your
5867
+ # SSL/TLS certificate.
5604
5868
  #
5605
- # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
5869
+ # * `sni-only`\: CloudFront drops the connection with the browser
5870
+ # without returning the object.
5871
+ #
5872
+ # * <b>If you're using the CloudFront domain name for your
5873
+ # distribution, such as <code>d111111abcdef8.cloudfront.net</code>
5874
+ # </b>\: Specify the following value:
5875
+ #
5876
+ # `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate> `
5877
+ #
5878
+ # If you want viewers to use HTTPS, you must also specify one of the
5879
+ # following values in your cache behaviors:
5880
+ #
5881
+ # * ` <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>`
5882
+ #
5883
+ # * `<ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>`
5884
+ #
5885
+ # You can also optionally require that CloudFront use HTTPS to
5886
+ # communicate with your origin by specifying one of the following values
5887
+ # for the applicable origins:
5888
+ #
5889
+ # * `<OriginProtocolPolicy>https-only<OriginProtocolPolicy> `
5890
+ #
5891
+ # * `<OriginProtocolPolicy>match-viewer<OriginProtocolPolicy> `
5892
+ #
5893
+ # For more information, see [Using Alternate Domain Names and HTTPS][1]
5894
+ # in the *Amazon CloudFront Developer Guide*.
5895
+ #
5896
+ #
5897
+ #
5898
+ # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS
5606
5899
  #
5607
5900
  # @note When making an API call, you may pass ViewerCertificate
5608
5901
  # data as a hash:
@@ -5612,25 +5905,31 @@ module Aws::CloudFront
5612
5905
  # iam_certificate_id: "string",
5613
5906
  # acm_certificate_arn: "string",
5614
5907
  # ssl_support_method: "sni-only", # accepts sni-only, vip
5615
- # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
5908
+ # minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
5616
5909
  # certificate: "string",
5617
5910
  # certificate_source: "cloudfront", # accepts cloudfront, iam, acm
5618
5911
  # }
5619
5912
  #
5620
5913
  # @!attribute [rw] cloud_front_default_certificate
5914
+ # For information about how and when to use
5915
+ # `CloudFrontDefaultCertificate`, see ViewerCertificate.
5621
5916
  # @return [Boolean]
5622
5917
  #
5623
5918
  # @!attribute [rw] iam_certificate_id
5919
+ # For information about how and when to use `IAMCertificateId`, see
5920
+ # ViewerCertificate.
5624
5921
  # @return [String]
5625
5922
  #
5626
5923
  # @!attribute [rw] acm_certificate_arn
5924
+ # For information about how and when to use `ACMCertificateArn`, see
5925
+ # ViewerCertificate.
5627
5926
  # @return [String]
5628
5927
  #
5629
5928
  # @!attribute [rw] ssl_support_method
5630
- # If you specify a value for `ACMCertificateArn` or for
5631
- # `IAMCertificateId`, you must also specify how you want CloudFront to
5632
- # serve HTTPS requests: using a method that works for all clients or
5633
- # one that works for most clients:
5929
+ # If you specify a value for ViewerCertificate$ACMCertificateArn or
5930
+ # for ViewerCertificate$IAMCertificateId, you must also specify how
5931
+ # you want CloudFront to serve HTTPS requests: using a method that
5932
+ # works for all clients or one that works for most clients:
5634
5933
  #
5635
5934
  # * `vip`\: CloudFront uses dedicated IP addresses for your content
5636
5935
  # and can respond to HTTPS requests from any viewer. However, you
@@ -5655,7 +5954,7 @@ module Aws::CloudFront
5655
5954
  #
5656
5955
  # * Use HTTP instead of HTTPS.
5657
5956
  #
5658
- # Do not specify a value for `SSLSupportMethod` if you specified
5957
+ # Don't specify a value for `SSLSupportMethod` if you specified
5659
5958
  # `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`.
5660
5959
  #
5661
5960
  # For more information, see [Using Alternate Domain Names and
@@ -5667,127 +5966,66 @@ module Aws::CloudFront
5667
5966
  # @return [String]
5668
5967
  #
5669
5968
  # @!attribute [rw] minimum_protocol_version
5670
- # Specify the minimum version of the SSL/TLS protocol that you want
5671
- # CloudFront to use for HTTPS connections between viewers and
5672
- # CloudFront: `SSLv3` or `TLSv1`. CloudFront serves your objects only
5673
- # to viewers that support SSL/TLS version that you specify and later
5674
- # versions. The `TLSv1` protocol is more secure, so we recommend that
5675
- # you specify `SSLv3` only if your users are using browsers or devices
5676
- # that don't support `TLSv1`. Note the following:
5677
- #
5678
- # * If you specify
5679
- # &lt;CloudFrontDefaultCertificate&gt;true&lt;CloudFrontDefaultCertificate&gt;,
5680
- # the minimum SSL protocol version is `TLSv1` and can't be changed.
5969
+ # Specify the security policy that you want CloudFront to use for
5970
+ # HTTPS connections. A security policy determines two settings:
5681
5971
  #
5682
- # * If you're using a custom certificate (if you specify a value for
5683
- # `ACMCertificateArn` or for `IAMCertificateId`) and if you're
5684
- # using SNI (if you specify `sni-only` for `SSLSupportMethod`), you
5685
- # must specify `TLSv1` for `MinimumProtocolVersion`.
5686
- # @return [String]
5687
- #
5688
- # @!attribute [rw] certificate
5689
- # Include one of these values to specify the following:
5690
- #
5691
- # * Whether you want viewers to use HTTP or HTTPS to request your
5692
- # objects.
5693
- #
5694
- # * If you want viewers to use HTTPS, whether you're using an
5695
- # alternate domain name such as example.com or the CloudFront domain
5696
- # name for your distribution, such as
5697
- # `d111111abcdef8.cloudfront.net`.
5698
- #
5699
- # * If you're using an alternate domain name, whether AWS Certificate
5700
- # Manager (ACM) provided the certificate, or you purchased a
5701
- # certificate from a third-party certificate authority and imported
5702
- # it into ACM or uploaded it to the IAM certificate store.
5703
- #
5704
- # You must specify one (and only one) of the three values. Do not
5705
- # specify `false` for `CloudFrontDefaultCertificate`.
5706
- #
5707
- # **If you want viewers to use HTTP to request your objects**\:
5708
- # Specify the following value:
5709
- #
5710
- # `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`
5711
- #
5712
- # In addition, specify `allow-all` for `ViewerProtocolPolicy` for all
5713
- # of your cache behaviors.
5714
- #
5715
- # **If you want viewers to use HTTPS to request your objects**\:
5716
- # Choose the type of certificate that you want to use based on whether
5717
- # you're using an alternate domain name for your objects or the
5718
- # CloudFront domain name:
5719
- #
5720
- # * **If you're using an alternate domain name, such as
5721
- # example.com**\: Specify one of the following values, depending on
5722
- # whether ACM provided your certificate or you purchased your
5723
- # certificate from third-party certificate authority:
5724
- #
5725
- # * `<ACMCertificateArn>ARN for ACM SSL/TLS
5726
- # certificate<ACMCertificateArn>` where ARN for ACM SSL/TLS
5727
- # certificate is the ARN for the ACM SSL/TLS certificate that you
5728
- # want to use for this distribution.
5972
+ # * The minimum SSL/TLS protocol that CloudFront uses to communicate
5973
+ # with viewers
5729
5974
  #
5730
- # * `<IAMCertificateId>IAM certificate ID<IAMCertificateId>` where
5731
- # IAM certificate ID is the ID that IAM returned when you added
5732
- # the certificate to the IAM certificate store.
5975
+ # * The cipher that CloudFront uses to encrypt the content that it
5976
+ # returns to viewers
5733
5977
  #
5734
- # If you specify `ACMCertificateArn` or `IAMCertificateId`, you must
5735
- # also specify a value for `SSLSupportMethod`.
5978
+ # <note markdown="1"> On the CloudFront console, this setting is called **Security
5979
+ # policy**.
5736
5980
  #
5737
- # If you choose to use an ACM certificate or a certificate in the
5738
- # IAM certificate store, we recommend that you use only an alternate
5739
- # domain name in your object URLs (`https://example.com/logo.jpg`).
5740
- # If you use the domain name that is associated with your CloudFront
5741
- # distribution (`https://d111111abcdef8.cloudfront.net/logo.jpg`)
5742
- # and the viewer supports `SNI`, then CloudFront behaves normally.
5743
- # However, if the browser does not support SNI, the user's
5744
- # experience depends on the value that you choose for
5745
- # `SSLSupportMethod`\:
5746
- #
5747
- # * `vip`\: The viewer displays a warning because there is a
5748
- # mismatch between the CloudFront domain name and the domain name
5749
- # in your SSL/TLS certificate.
5981
+ # </note>
5750
5982
  #
5751
- # * `sni-only`\: CloudFront drops the connection with the browser
5752
- # without returning the object.
5983
+ # We recommend that you specify `TLSv1.1_2016` unless your users are
5984
+ # using browsers or devices that do not support TLSv1.1 or later.
5753
5985
  #
5754
- # * <b>If you're using the CloudFront domain name for your
5755
- # distribution, such as <code>d111111abcdef8.cloudfront.net</code>
5756
- # </b>\: Specify the following value:
5986
+ # When both of the following are true, you must specify `TLSv1` or
5987
+ # later for the security policy:
5757
5988
  #
5758
- # ` <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
5759
- # `
5989
+ # * You're using a custom certificate: you specified a value for
5990
+ # `ACMCertificateArn` or for `IAMCertificateId`
5760
5991
  #
5761
- # If you want viewers to use HTTPS, you must also specify one of the
5762
- # following values in your cache behaviors:
5992
+ # * You're using SNI: you specified `sni-only` for `SSLSupportMethod`
5763
5993
  #
5764
- # * ` <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy> `
5994
+ # If you specify `true` for `CloudFrontDefaultCertificate`, CloudFront
5995
+ # automatically sets the security policy to `TLSv1` regardless of the
5996
+ # value that you specify for `MinimumProtocolVersion`.
5765
5997
  #
5766
- # * ` <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
5767
- # `
5998
+ # For information about the relationship between the security policy
5999
+ # that you choose and the protocols and ciphers that CloudFront uses
6000
+ # to communicate with viewers, see [ Supported SSL/TLS Protocols and
6001
+ # Ciphers for Communication Between Viewers and CloudFront][1] in the
6002
+ # *Amazon CloudFront Developer Guide*.
5768
6003
  #
5769
- # You can also optionally require that CloudFront use HTTPS to
5770
- # communicate with your origin by specifying one of the following
5771
- # values for the applicable origins:
5772
6004
  #
5773
- # * ` <OriginProtocolPolicy>https-only<OriginProtocolPolicy> `
5774
6005
  #
5775
- # * ` <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy> `
6006
+ # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers
6007
+ # @return [String]
5776
6008
  #
5777
- # For more information, see [Using Alternate Domain Names and
5778
- # HTTPS][1] in the *Amazon CloudFront Developer Guide*.
6009
+ # @!attribute [rw] certificate
6010
+ # This field has been deprecated. Use one of the following fields
6011
+ # instead:
5779
6012
  #
6013
+ # * ViewerCertificate$ACMCertificateArn
5780
6014
  #
6015
+ # * ViewerCertificate$IAMCertificateId
5781
6016
  #
5782
- # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS
6017
+ # * ViewerCertificate$CloudFrontDefaultCertificate
5783
6018
  # @return [String]
5784
6019
  #
5785
6020
  # @!attribute [rw] certificate_source
5786
- # <note markdown="1"> This field is deprecated. You can use one of the following:
5787
- # `[ACMCertificateArn`, `IAMCertificateId`, or
5788
- # `CloudFrontDefaultCertificate]`.
6021
+ # This field has been deprecated. Use one of the following fields
6022
+ # instead:
5789
6023
  #
5790
- # </note>
6024
+ # * ViewerCertificate$ACMCertificateArn
6025
+ #
6026
+ # * ViewerCertificate$IAMCertificateId
6027
+ #
6028
+ # * ViewerCertificate$CloudFrontDefaultCertificate
5791
6029
  # @return [String]
5792
6030
  #
5793
6031
  # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/ViewerCertificate AWS API Documentation
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-cloudfront
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-08-29 00:00:00.000000000 Z
11
+ date: 2017-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -60,7 +60,9 @@ files:
60
60
  homepage: http://github.com/aws/aws-sdk-ruby
61
61
  licenses:
62
62
  - Apache-2.0
63
- metadata: {}
63
+ metadata:
64
+ source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-cloudfront
65
+ changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-cloudfront/CHANGELOG.md
64
66
  post_install_message:
65
67
  rdoc_options: []
66
68
  require_paths: