aws-sdk-cloudfront 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0ba7db66bee691f7c25ba4822e21f64b08a4f575
-  data.tar.gz: c82d274f40671fca92bb77b8c66ac917ae51b922
+  metadata.gz: 1a8d04d9be197dce3fe99699e992a8de84a29b3d
+  data.tar.gz: 4a872562cef983455023ceb9798ad2c1b334412a
 SHA512:
-  metadata.gz: b44b3a5536d9d09202c061cb1e1c59608b74d002cd91b27a7d1c0269413b92027f7b5e8dd448a181c8d85a4ae3fd09700ad16ab8b43c70d803565f1e9c012683
-  data.tar.gz: d03a9123e52736fd9c5e728d364cf61a1a354833bfa0ce7edba2d6e7c3b3196124fdb1d7466522ca268146a58e5a86b8eef34438d38849a9a022e6863424be72
+  metadata.gz: e6d64fd9300f58e927a5add8336851bad38f5a0382168aac4452d2c3dcf789e189b9e9e9c4b0d13e4baf9484fcbf14bcc91aa20baa12b4a0cb96e475ee1cfce9
+  data.tar.gz: 7214043c13fc023f760658045dd7df4479a8602f6c711ce353f177c6f0383f80657b86c8721a8e41258b050ca3c68e177b73386d3ddef6035b114e69bbcd0092

data/lib/aws-sdk-cloudfront.rb

@@ -43,6 +43,6 @@ require_relative 'aws-sdk-cloudfront/customizations'
 # @service
 module Aws::CloudFront
 
-  GEM_VERSION = '1.0.0'
+  GEM_VERSION = '1.1.0'
 
 end

data/lib/aws-sdk-cloudfront/client.rb

@@ -376,7 +376,7 @@ module Aws::CloudFront
     #         iam_certificate_id: "string",
     #         acm_certificate_arn: "string",
     #         ssl_support_method: "sni-only", # accepts sni-only, vip
-    #         minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
+    #         minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
     #         certificate: "string",
     #         certificate_source: "cloudfront", # accepts cloudfront, iam, acm
     #       },
@@ -515,7 +515,7 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.viewer_certificate.iam_certificate_id #=> String
     #   resp.distribution.distribution_config.viewer_certificate.acm_certificate_arn #=> String
     #   resp.distribution.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
-    #   resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
+    #   resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
     #   resp.distribution.distribution_config.viewer_certificate.certificate #=> String
     #   resp.distribution.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
     #   resp.distribution.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -721,7 +721,7 @@ module Aws::CloudFront
     #           iam_certificate_id: "string",
     #           acm_certificate_arn: "string",
     #           ssl_support_method: "sni-only", # accepts sni-only, vip
-    #           minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
+    #           minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
     #           certificate: "string",
     #           certificate_source: "cloudfront", # accepts cloudfront, iam, acm
     #         },
@@ -869,7 +869,7 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.viewer_certificate.iam_certificate_id #=> String
     #   resp.distribution.distribution_config.viewer_certificate.acm_certificate_arn #=> String
     #   resp.distribution.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
-    #   resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
+    #   resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
     #   resp.distribution.distribution_config.viewer_certificate.certificate #=> String
     #   resp.distribution.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
     #   resp.distribution.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -1198,6 +1198,25 @@ module Aws::CloudFront
       req.send_request(options)
     end
 
+    # @option params [required, String] :role_name
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_service_linked_role({
+    #     role_name: "string", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/DeleteServiceLinkedRole2017_03_25 AWS API Documentation
+    #
+    # @overload delete_service_linked_role(params = {})
+    # @param [Hash] params ({})
+    def delete_service_linked_role(params = {}, options = {})
+      req = build_request(:delete_service_linked_role, params)
+      req.send_request(options)
+    end
+
     # Delete a streaming distribution. To delete an RTMP distribution using
     # the CloudFront API, perform the following steps.
     #
@@ -1470,7 +1489,7 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.viewer_certificate.iam_certificate_id #=> String
     #   resp.distribution.distribution_config.viewer_certificate.acm_certificate_arn #=> String
     #   resp.distribution.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
-    #   resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
+    #   resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
     #   resp.distribution.distribution_config.viewer_certificate.certificate #=> String
     #   resp.distribution.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
     #   resp.distribution.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -1616,7 +1635,7 @@ module Aws::CloudFront
     #   resp.distribution_config.viewer_certificate.iam_certificate_id #=> String
     #   resp.distribution_config.viewer_certificate.acm_certificate_arn #=> String
     #   resp.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
-    #   resp.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
+    #   resp.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
     #   resp.distribution_config.viewer_certificate.certificate #=> String
     #   resp.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
     #   resp.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -1962,7 +1981,7 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].viewer_certificate.iam_certificate_id #=> String
     #   resp.distribution_list.items[0].viewer_certificate.acm_certificate_arn #=> String
     #   resp.distribution_list.items[0].viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
-    #   resp.distribution_list.items[0].viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
+    #   resp.distribution_list.items[0].viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
     #   resp.distribution_list.items[0].viewer_certificate.certificate #=> String
     #   resp.distribution_list.items[0].viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
     #   resp.distribution_list.items[0].restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -2128,7 +2147,7 @@ module Aws::CloudFront
     #   resp.distribution_list.items[0].viewer_certificate.iam_certificate_id #=> String
     #   resp.distribution_list.items[0].viewer_certificate.acm_certificate_arn #=> String
     #   resp.distribution_list.items[0].viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
-    #   resp.distribution_list.items[0].viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
+    #   resp.distribution_list.items[0].viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
     #   resp.distribution_list.items[0].viewer_certificate.certificate #=> String
     #   resp.distribution_list.items[0].viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
     #   resp.distribution_list.items[0].restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -2641,7 +2660,7 @@ module Aws::CloudFront
     #         iam_certificate_id: "string",
     #         acm_certificate_arn: "string",
     #         ssl_support_method: "sni-only", # accepts sni-only, vip
-    #         minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
+    #         minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
     #         certificate: "string",
     #         certificate_source: "cloudfront", # accepts cloudfront, iam, acm
     #       },
@@ -2782,7 +2801,7 @@ module Aws::CloudFront
     #   resp.distribution.distribution_config.viewer_certificate.iam_certificate_id #=> String
     #   resp.distribution.distribution_config.viewer_certificate.acm_certificate_arn #=> String
     #   resp.distribution.distribution_config.viewer_certificate.ssl_support_method #=> String, one of "sni-only", "vip"
-    #   resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1"
+    #   resp.distribution.distribution_config.viewer_certificate.minimum_protocol_version #=> String, one of "SSLv3", "TLSv1", "TLSv1_2016", "TLSv1.1_2016", "TLSv1.2_2018"
     #   resp.distribution.distribution_config.viewer_certificate.certificate #=> String
     #   resp.distribution.distribution_config.viewer_certificate.certificate_source #=> String, one of "cloudfront", "iam", "acm"
     #   resp.distribution.distribution_config.restrictions.geo_restriction.restriction_type #=> String, one of "blacklist", "whitelist", "none"
@@ -2906,7 +2925,7 @@ module Aws::CloudFront
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-cloudfront'
-      context[:gem_version] = '1.0.0'
+      context[:gem_version] = '1.1.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-cloudfront/client_api.rb

@@ -54,6 +54,7 @@ module Aws::CloudFront
     DefaultCacheBehavior = Shapes::StructureShape.new(name: 'DefaultCacheBehavior')
     DeleteCloudFrontOriginAccessIdentityRequest = Shapes::StructureShape.new(name: 'DeleteCloudFrontOriginAccessIdentityRequest')
     DeleteDistributionRequest = Shapes::StructureShape.new(name: 'DeleteDistributionRequest')
+    DeleteServiceLinkedRoleRequest = Shapes::StructureShape.new(name: 'DeleteServiceLinkedRoleRequest')
     DeleteStreamingDistributionRequest = Shapes::StructureShape.new(name: 'DeleteStreamingDistributionRequest')
     Distribution = Shapes::StructureShape.new(name: 'Distribution')
     DistributionAlreadyExists = Shapes::StructureShape.new(name: 'DistributionAlreadyExists')
@@ -158,6 +159,7 @@ module Aws::CloudFront
     QueryStringCacheKeys = Shapes::StructureShape.new(name: 'QueryStringCacheKeys')
     QueryStringCacheKeysList = Shapes::ListShape.new(name: 'QueryStringCacheKeysList')
     ResourceARN = Shapes::StringShape.new(name: 'ResourceARN')
+    ResourceInUse = Shapes::StructureShape.new(name: 'ResourceInUse')
     Restrictions = Shapes::StructureShape.new(name: 'Restrictions')
     S3Origin = Shapes::StructureShape.new(name: 'S3Origin')
     S3OriginConfig = Shapes::StructureShape.new(name: 'S3OriginConfig')
@@ -409,6 +411,9 @@ module Aws::CloudFront
     DeleteDistributionRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: string, location: "header", location_name: "If-Match"))
     DeleteDistributionRequest.struct_class = Types::DeleteDistributionRequest
 
+    DeleteServiceLinkedRoleRequest.add_member(:role_name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "RoleName"))
+    DeleteServiceLinkedRoleRequest.struct_class = Types::DeleteServiceLinkedRoleRequest
+
     DeleteStreamingDistributionRequest.add_member(:id, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "Id"))
     DeleteStreamingDistributionRequest.add_member(:if_match, Shapes::ShapeRef.new(shape: string, location: "header", location_name: "If-Match"))
     DeleteStreamingDistributionRequest.struct_class = Types::DeleteStreamingDistributionRequest
@@ -1050,6 +1055,18 @@ module Aws::CloudFront
         o.errors << Shapes::ShapeRef.new(shape: PreconditionFailed)
       end)
 
+      api.add_operation(:delete_service_linked_role, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteServiceLinkedRole"
+        o.http_method = "DELETE"
+        o.http_request_uri = "/2017-03-25/service-linked-role/{RoleName}"
+        o.input = Shapes::ShapeRef.new(shape: DeleteServiceLinkedRoleRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArgument)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDenied)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceInUse)
+        o.errors << Shapes::ShapeRef.new(shape: NoSuchResource)
+      end)
+
       api.add_operation(:delete_streaming_distribution, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteStreamingDistribution"
         o.http_method = "DELETE"

data/lib/aws-sdk-cloudfront/types.rb

@@ -570,7 +570,7 @@ module Aws::CloudFront
     # CloudFront origin access identity.
     #
     # @!attribute [rw] id
-    #   The ID for the origin access identity. For example:
+    #   The ID for the origin access identity, for example,
     #   `E74FTE3AJFJ256A`.
     #   @return [String]
     #
@@ -1041,7 +1041,7 @@ module Aws::CloudFront
     #             iam_certificate_id: "string",
     #             acm_certificate_arn: "string",
     #             ssl_support_method: "sni-only", # accepts sni-only, vip
-    #             minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
+    #             minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
     #             certificate: "string",
     #             certificate_source: "cloudfront", # accepts cloudfront, iam, acm
     #           },
@@ -1270,7 +1270,7 @@ module Aws::CloudFront
     #               iam_certificate_id: "string",
     #               acm_certificate_arn: "string",
     #               ssl_support_method: "sni-only", # accepts sni-only, vip
-    #               minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
+    #               minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
     #               certificate: "string",
     #               certificate_source: "cloudfront", # accepts cloudfront, iam, acm
     #             },
@@ -1799,7 +1799,7 @@ module Aws::CloudFront
       include Aws::Structure
     end
 
-    # A complex type that describes the default cache behavior if you do not
+    # A complex type that describes the default cache behavior if you don't
     # specify a `CacheBehavior` element or if files don't match any of the
     # values of `PathPattern` in `CacheBehavior` elements. You must create
     # exactly one default cache behavior.
@@ -2123,6 +2123,23 @@ module Aws::CloudFront
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteServiceLinkedRoleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         role_name: "string", # required
+    #       }
+    #
+    # @!attribute [rw] role_name
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/DeleteServiceLinkedRoleRequest AWS API Documentation
+    #
+    class DeleteServiceLinkedRoleRequest < Struct.new(
+      :role_name)
+      include Aws::Structure
+    end
+
     # The request to delete a streaming distribution.
     #
     # @note When making an API call, you may pass DeleteStreamingDistributionRequest
@@ -2177,8 +2194,8 @@ module Aws::CloudFront
     #   @return [Integer]
     #
     # @!attribute [rw] domain_name
-    #   The domain name corresponding to the distribution. For example:
-    #   `d604721fxaaqy9.cloudfront.net`.
+    #   The domain name corresponding to the distribution, for example,
+    #   `d111111abcdef8.cloudfront.net`.
     #   @return [String]
     #
     # @!attribute [rw] active_trusted_signers
@@ -2387,7 +2404,7 @@ module Aws::CloudFront
     #           iam_certificate_id: "string",
     #           acm_certificate_arn: "string",
     #           ssl_support_method: "sni-only", # accepts sni-only, vip
-    #           minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
+    #           minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
     #           certificate: "string",
     #           certificate_source: "cloudfront", # accepts cloudfront, iam, acm
     #         },
@@ -2436,7 +2453,7 @@ module Aws::CloudFront
     #   Specifying a default root object avoids exposing the contents of
     #   your distribution.
     #
-    #   Specify only the object name, for example, `index.html`. Do not add
+    #   Specify only the object name, for example, `index.html`. Don't add
     #   a `/` before the object name.
     #
     #   If you don't want to specify a default root object when you create
@@ -2463,10 +2480,10 @@ module Aws::CloudFront
     #   @return [Types::Origins]
     #
     # @!attribute [rw] default_cache_behavior
-    #   A complex type that describes the default cache behavior if you do
-    #   not specify a `CacheBehavior` element or if files don't match any
-    #   of the values of `PathPattern` in `CacheBehavior` elements. You must
-    #   create exactly one default cache behavior.
+    #   A complex type that describes the default cache behavior if you
+    #   don't specify a `CacheBehavior` element or if files don't match
+    #   any of the values of `PathPattern` in `CacheBehavior` elements. You
+    #   must create exactly one default cache behavior.
     #   @return [Types::DefaultCacheBehavior]
     #
     # @!attribute [rw] cache_behaviors
@@ -2551,21 +2568,104 @@ module Aws::CloudFront
     # @!attribute [rw] viewer_certificate
     #   A complex type that specifies the following:
     #
-    #   * Which SSL/TLS certificate to use when viewers request objects
-    #     using HTTPS
+    #   * Whether you want viewers to use HTTP or HTTPS to request your
+    #     objects.
+    #
+    #   * If you want viewers to use HTTPS, whether you're using an
+    #     alternate domain name such as `example.com` or the CloudFront
+    #     domain name for your distribution, such as
+    #     `d111111abcdef8.cloudfront.net`.
+    #
+    #   * If you're using an alternate domain name, whether AWS Certificate
+    #     Manager (ACM) provided the certificate, or you purchased a
+    #     certificate from a third-party certificate authority and imported
+    #     it into ACM or uploaded it to the IAM certificate store.
     #
-    #   * Whether you want CloudFront to use dedicated IP addresses or SNI
-    #     when you're using alternate domain names in your object names
+    #   You must specify only one of the following values:
     #
-    #   * The minimum protocol version that you want CloudFront to use when
-    #     communicating with viewers
+    #   * ViewerCertificate$ACMCertificateArn
     #
-    #   For more information, see [Using an HTTPS Connection to Access Your
-    #   Objects][1] in the *Amazon Amazon CloudFront Developer Guide*.
+    #   * ViewerCertificate$IAMCertificateId
     #
+    #   * ViewerCertificate$CloudFrontDefaultCertificate
     #
+    #   Don't specify `false` for `CloudFrontDefaultCertificate`.
     #
-    #   [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
+    #   **If you want viewers to use HTTP instead of HTTPS to request your
+    #   objects**\: Specify the following value:
+    #
+    #   `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`
+    #
+    #   In addition, specify `allow-all` for `ViewerProtocolPolicy` for all
+    #   of your cache behaviors.
+    #
+    #   **If you want viewers to use HTTPS to request your objects**\:
+    #   Choose the type of certificate that you want to use based on whether
+    #   you're using an alternate domain name for your objects or the
+    #   CloudFront domain name:
+    #
+    #   * **If you're using an alternate domain name, such as
+    #     example.com**\: Specify one of the following values, depending on
+    #     whether ACM provided your certificate or you purchased your
+    #     certificate from third-party certificate authority:
+    #
+    #     * `<ACMCertificateArn>ARN for ACM SSL/TLS
+    #       certificate<ACMCertificateArn>` where ` ARN for ACM SSL/TLS
+    #       certificate ` is the ARN for the ACM SSL/TLS certificate that
+    #       you want to use for this distribution.
+    #
+    #     * `<IAMCertificateId>IAM certificate ID<IAMCertificateId>` where `
+    #       IAM certificate ID ` is the ID that IAM returned when you added
+    #       the certificate to the IAM certificate store.
+    #
+    #     If you specify `ACMCertificateArn` or `IAMCertificateId`, you must
+    #     also specify a value for `SSLSupportMethod`.
+    #
+    #     If you choose to use an ACM certificate or a certificate in the
+    #     IAM certificate store, we recommend that you use only an alternate
+    #     domain name in your object URLs (`https://example.com/logo.jpg`).
+    #     If you use the domain name that is associated with your CloudFront
+    #     distribution (such as
+    #     `https://d111111abcdef8.cloudfront.net/logo.jpg`) and the viewer
+    #     supports `SNI`, then CloudFront behaves normally. However, if the
+    #     browser does not support SNI, the user's experience depends on
+    #     the value that you choose for `SSLSupportMethod`\:
+    #
+    #     * `vip`\: The viewer displays a warning because there is a
+    #       mismatch between the CloudFront domain name and the domain name
+    #       in your SSL/TLS certificate.
+    #
+    #     * `sni-only`\: CloudFront drops the connection with the browser
+    #       without returning the object.
+    #
+    #   * <b>If you're using the CloudFront domain name for your
+    #     distribution, such as <code>d111111abcdef8.cloudfront.net</code>
+    #     </b>\: Specify the following value:
+    #
+    #     `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
+    #     `
+    #
+    #   If you want viewers to use HTTPS, you must also specify one of the
+    #   following values in your cache behaviors:
+    #
+    #   * ` <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>`
+    #
+    #   * `<ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>`
+    #
+    #   You can also optionally require that CloudFront use HTTPS to
+    #   communicate with your origin by specifying one of the following
+    #   values for the applicable origins:
+    #
+    #   * `<OriginProtocolPolicy>https-only<OriginProtocolPolicy> `
+    #
+    #   * `<OriginProtocolPolicy>match-viewer<OriginProtocolPolicy> `
+    #
+    #   For more information, see [Using Alternate Domain Names and
+    #   HTTPS][1] in the *Amazon CloudFront Developer Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS
     #   @return [Types::ViewerCertificate]
     #
     # @!attribute [rw] restrictions
@@ -2620,7 +2720,7 @@ module Aws::CloudFront
     #   signed URLs or signed cookies to restrict access to your content,
     #   and if you're using a custom policy that includes the `IpAddress`
     #   parameter to restrict the IP addresses that can access your content,
-    #   do not enable IPv6. If you want to restrict access to some content
+    #   don't enable IPv6. If you want to restrict access to some content
     #   by IP address and not restrict access to other content (or restrict
     #   access but not by IP address), you can create two distributions. For
     #   more information, see [Creating a Signed URL Using a Custom
@@ -2848,7 +2948,7 @@ module Aws::CloudFront
     #             iam_certificate_id: "string",
     #             acm_certificate_arn: "string",
     #             ssl_support_method: "sni-only", # accepts sni-only, vip
-    #             minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
+    #             minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
     #             certificate: "string",
     #             certificate_source: "cloudfront", # accepts cloudfront, iam, acm
     #           },
@@ -2957,8 +3057,8 @@ module Aws::CloudFront
     #   @return [Time]
     #
     # @!attribute [rw] domain_name
-    #   The domain name that corresponds to the distribution. For example:
-    #   `d604721fxaaqy9.cloudfront.net`.
+    #   The domain name that corresponds to the distribution, for example,
+    #   `d111111abcdef8.cloudfront.net`.
     #   @return [String]
     #
     # @!attribute [rw] aliases
@@ -2972,10 +3072,10 @@ module Aws::CloudFront
     #   @return [Types::Origins]
     #
     # @!attribute [rw] default_cache_behavior
-    #   A complex type that describes the default cache behavior if you do
-    #   not specify a `CacheBehavior` element or if files don't match any
-    #   of the values of `PathPattern` in `CacheBehavior` elements. You must
-    #   create exactly one default cache behavior.
+    #   A complex type that describes the default cache behavior if you
+    #   don't specify a `CacheBehavior` element or if files don't match
+    #   any of the values of `PathPattern` in `CacheBehavior` elements. You
+    #   must create exactly one default cache behavior.
     #   @return [Types::DefaultCacheBehavior]
     #
     # @!attribute [rw] cache_behaviors
@@ -3002,21 +3102,104 @@ module Aws::CloudFront
     # @!attribute [rw] viewer_certificate
     #   A complex type that specifies the following:
     #
-    #   * Which SSL/TLS certificate to use when viewers request objects
-    #     using HTTPS
+    #   * Whether you want viewers to use HTTP or HTTPS to request your
+    #     objects.
+    #
+    #   * If you want viewers to use HTTPS, whether you're using an
+    #     alternate domain name such as `example.com` or the CloudFront
+    #     domain name for your distribution, such as
+    #     `d111111abcdef8.cloudfront.net`.
+    #
+    #   * If you're using an alternate domain name, whether AWS Certificate
+    #     Manager (ACM) provided the certificate, or you purchased a
+    #     certificate from a third-party certificate authority and imported
+    #     it into ACM or uploaded it to the IAM certificate store.
     #
-    #   * Whether you want CloudFront to use dedicated IP addresses or SNI
-    #     when you're using alternate domain names in your object names
+    #   You must specify only one of the following values:
     #
-    #   * The minimum protocol version that you want CloudFront to use when
-    #     communicating with viewers
+    #   * ViewerCertificate$ACMCertificateArn
     #
-    #   For more information, see [Using an HTTPS Connection to Access Your
-    #   Objects][1] in the *Amazon Amazon CloudFront Developer Guide*.
+    #   * ViewerCertificate$IAMCertificateId
     #
+    #   * ViewerCertificate$CloudFrontDefaultCertificate
     #
+    #   Don't specify `false` for `CloudFrontDefaultCertificate`.
     #
-    #   [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
+    #   **If you want viewers to use HTTP instead of HTTPS to request your
+    #   objects**\: Specify the following value:
+    #
+    #   `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`
+    #
+    #   In addition, specify `allow-all` for `ViewerProtocolPolicy` for all
+    #   of your cache behaviors.
+    #
+    #   **If you want viewers to use HTTPS to request your objects**\:
+    #   Choose the type of certificate that you want to use based on whether
+    #   you're using an alternate domain name for your objects or the
+    #   CloudFront domain name:
+    #
+    #   * **If you're using an alternate domain name, such as
+    #     example.com**\: Specify one of the following values, depending on
+    #     whether ACM provided your certificate or you purchased your
+    #     certificate from third-party certificate authority:
+    #
+    #     * `<ACMCertificateArn>ARN for ACM SSL/TLS
+    #       certificate<ACMCertificateArn>` where ` ARN for ACM SSL/TLS
+    #       certificate ` is the ARN for the ACM SSL/TLS certificate that
+    #       you want to use for this distribution.
+    #
+    #     * `<IAMCertificateId>IAM certificate ID<IAMCertificateId>` where `
+    #       IAM certificate ID ` is the ID that IAM returned when you added
+    #       the certificate to the IAM certificate store.
+    #
+    #     If you specify `ACMCertificateArn` or `IAMCertificateId`, you must
+    #     also specify a value for `SSLSupportMethod`.
+    #
+    #     If you choose to use an ACM certificate or a certificate in the
+    #     IAM certificate store, we recommend that you use only an alternate
+    #     domain name in your object URLs (`https://example.com/logo.jpg`).
+    #     If you use the domain name that is associated with your CloudFront
+    #     distribution (such as
+    #     `https://d111111abcdef8.cloudfront.net/logo.jpg`) and the viewer
+    #     supports `SNI`, then CloudFront behaves normally. However, if the
+    #     browser does not support SNI, the user's experience depends on
+    #     the value that you choose for `SSLSupportMethod`\:
+    #
+    #     * `vip`\: The viewer displays a warning because there is a
+    #       mismatch between the CloudFront domain name and the domain name
+    #       in your SSL/TLS certificate.
+    #
+    #     * `sni-only`\: CloudFront drops the connection with the browser
+    #       without returning the object.
+    #
+    #   * <b>If you're using the CloudFront domain name for your
+    #     distribution, such as <code>d111111abcdef8.cloudfront.net</code>
+    #     </b>\: Specify the following value:
+    #
+    #     `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
+    #     `
+    #
+    #   If you want viewers to use HTTPS, you must also specify one of the
+    #   following values in your cache behaviors:
+    #
+    #   * ` <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>`
+    #
+    #   * `<ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>`
+    #
+    #   You can also optionally require that CloudFront use HTTPS to
+    #   communicate with your origin by specifying one of the following
+    #   values for the applicable origins:
+    #
+    #   * `<OriginProtocolPolicy>https-only<OriginProtocolPolicy> `
+    #
+    #   * `<OriginProtocolPolicy>match-viewer<OriginProtocolPolicy> `
+    #
+    #   For more information, see [Using Alternate Domain Names and
+    #   HTTPS][1] in the *Amazon CloudFront Developer Guide*.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS
     #   @return [Types::ViewerCertificate]
     #
     # @!attribute [rw] restrictions
@@ -3135,7 +3318,7 @@ module Aws::CloudFront
     #
     # @!attribute [rw] headers
     #   A complex type that specifies the `Headers`, if any, that you want
-    #   CloudFront to vary upon for this cache behavior.
+    #   CloudFront to base caching on for this cache behavior.
     #   @return [Types::Headers]
     #
     # @!attribute [rw] query_string_cache_keys
@@ -3175,7 +3358,7 @@ module Aws::CloudFront
     #     is not restricted by client geo location.
     #
     #   * `blacklist`\: The `Location` elements specify the countries in
-    #     which you do not want CloudFront to distribute your content.
+    #     which you don't want CloudFront to distribute your content.
     #
     #   * `whitelist`\: The `Location` elements specify the countries in
     #     which you want CloudFront to distribute your content.
@@ -3199,7 +3382,7 @@ module Aws::CloudFront
     #   CloudFront and `MaxMind` both use `ISO 3166` country codes. For the
     #   current list of countries and the corresponding codes, see `ISO
     #   3166-1-alpha-2` code on the *International Organization for
-    #   Standardization* website. You can also refer to the country list in
+    #   Standardization* website. You can also refer to the country list on
     #   the CloudFront console, which includes both country names and codes.
     #   @return [Array<String>]
     #
@@ -3492,15 +3675,15 @@ module Aws::CloudFront
       include Aws::Structure
     end
 
-    # A complex type that specifies the headers that you want CloudFront to
-    # forward to the origin for this cache behavior.
-    #
-    # For the headers that you specify, CloudFront also caches separate
-    # versions of a specified object based on the header values in viewer
-    # requests. For example, suppose viewer requests for `logo.jpg` contain
-    # a custom `Product` header that has a value of either `Acme` or `Apex`,
-    # and you configure CloudFront to cache your content based on values in
-    # the `Product` header. CloudFront forwards the `Product` header to the
+    # A complex type that specifies the request headers, if any, that you
+    # want CloudFront to base caching on for this cache behavior.
+    #
+    # For the headers that you specify, CloudFront caches separate versions
+    # of a specified object based on the header values in viewer requests.
+    # For example, suppose viewer requests for `logo.jpg` contain a custom
+    # `product` header that has a value of either `acme` or `apex`, and you
+    # configure CloudFront to cache your content based on values in the
+    # `product` header. CloudFront forwards the `product` header to the
     # origin and caches the response from the origin once for each header
     # value. For more information about caching based on header values, see
     # [How CloudFront Forwards and Caches Headers][1] in the *Amazon
@@ -3519,33 +3702,46 @@ module Aws::CloudFront
     #       }
     #
     # @!attribute [rw] quantity
-    #   The number of different headers that you want CloudFront to forward
-    #   to the origin for this cache behavior. You can configure each cache
+    #   The number of different headers that you want CloudFront to base
+    #   caching on for this cache behavior. You can configure each cache
     #   behavior in a web distribution to do one of the following:
     #
     #   * **Forward all headers to your origin**\: Specify `1` for
     #     `Quantity` and `*` for `Name`.
     #
-    #     If you configure CloudFront to forward all headers to your origin,
-    #     CloudFront doesn't cache the objects associated with this cache
-    #     behavior. Instead, it sends every request to the origin.
+    #     CloudFront doesn't cache the objects that are associated with
+    #     this cache behavior. Instead, CloudFront sends every request to
+    #     the origin.
     #
-    #   * *Forward a whitelist of headers you specify*\: Specify the number
-    #     of headers that you want to forward, and specify the header names
-    #     in `Name` elements. CloudFront caches your objects based on the
-    #     values in all of the specified headers. CloudFront also forwards
-    #     the headers that it forwards by default, but it caches your
-    #     objects based only on the headers that you specify.
+    #   * **Forward a whitelist of headers you specify**\: Specify the
+    #     number of headers that you want CloudFront to base caching on.
+    #     Then specify the header names in `Name` elements. CloudFront
+    #     caches your objects based on the values in the specified headers.
     #
     #   * **Forward only the default headers**\: Specify `0` for `Quantity`
     #     and omit `Items`. In this configuration, CloudFront doesn't cache
     #     based on the values in the request headers.
+    #
+    #   Regardless of which option you choose, CloudFront forwards headers
+    #   to your origin based on whether the origin is an S3 bucket or a
+    #   custom origin. See the following documentation:
+    #
+    #   * **S3 bucket**\: See [HTTP Request Headers That CloudFront Removes
+    #     or Updates][1]
+    #
+    #   * **Custom origin**\: See [HTTP Request Headers and CloudFront
+    #     Behavior][2]
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorS3Origin.html#request-s3-removed-headers
+    #   [2]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-headers-behavior
     #   @return [Integer]
     #
     # @!attribute [rw] items
-    #   A complex type that contains one `Name` element for each header that
-    #   you want CloudFront to forward to the origin and to vary on for this
-    #   cache behavior. If `Quantity` is `0`, omit `Items`.
+    #   A list that contains one `Name` element for each header that you
+    #   want CloudFront to use for caching in this cache behavior. If
+    #   `Quantity` is `0`, omit `Items`.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/Headers AWS API Documentation
@@ -3750,20 +3946,36 @@ module Aws::CloudFront
     #       }
     #
     # @!attribute [rw] lambda_function_arn
-    #   The ARN of the Lambda function.
+    #   The ARN of the Lambda function. You must specify the ARN of a
+    #   function version; you can't specify a Lambda alias or $LATEST.
     #   @return [String]
     #
     # @!attribute [rw] event_type
     #   Specifies the event type that triggers a Lambda function invocation.
-    #   Valid values are:
+    #   You can specify the following values:
     #
-    #   * `viewer-request`
+    #   * `viewer-request`\: The function executes when CloudFront receives
+    #     a request from a viewer and before it checks to see whether the
+    #     requested object is in the edge cache.
     #
-    #   * `origin-request`
+    #   * `origin-request`\: The function executes only when CloudFront
+    #     forwards a request to your origin. When the requested object is in
+    #     the edge cache, the function doesn't execute.
     #
-    #   * `viewer-response`
+    #   * `origin-response`\: The function executes after CloudFront
+    #     receives a response from the origin and before it caches the
+    #     object in the response. When the requested object is in the edge
+    #     cache, the function doesn't execute.
     #
-    #   * `origin-response`
+    #     If the origin returns an HTTP status code other than HTTP 200
+    #     (OK), the function doesn't execute.
+    #
+    #   * `viewer-response`\: The function executes before CloudFront
+    #     returns the requested object to the viewer. The function executes
+    #     regardless of whether the object was already in the edge cache.
+    #
+    #     If the origin returns an HTTP status code other than HTTP 200
+    #     (OK), the function doesn't execute.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/LambdaFunctionAssociation AWS API Documentation
@@ -4104,7 +4316,7 @@ module Aws::CloudFront
     #
     # @!attribute [rw] enabled
     #   Specifies whether you want CloudFront to save access logs to an
-    #   Amazon S3 bucket. If you do not want to enable logging when you
+    #   Amazon S3 bucket. If you don't want to enable logging when you
     #   create a distribution or if you want to disable logging for an
     #   existing distribution, specify `false` for `Enabled`, and specify
     #   empty `Bucket` and `Prefix` elements. If you specify `false` for
@@ -4116,7 +4328,7 @@ module Aws::CloudFront
     #   Specifies whether you want CloudFront to include cookies in access
     #   logs, specify `true` for `IncludeCookies`. If you choose to include
     #   cookies in logs, CloudFront logs all cookies regardless of how you
-    #   configure the cache behaviors for this distribution. If you do not
+    #   configure the cache behaviors for this distribution. If you don't
     #   want to include cookies when you create a distribution or if you
     #   want to disable include cookies for an existing distribution,
     #   specify `false` for `IncludeCookies`.
@@ -4130,7 +4342,7 @@ module Aws::CloudFront
     # @!attribute [rw] prefix
     #   An optional string that you want CloudFront to prefix to the access
     #   log `filenames` for this distribution, for example, `myprefix/`. If
-    #   you want to enable logging, but you do not want to specify a prefix,
+    #   you want to enable logging, but you don't want to specify a prefix,
     #   you still must include an empty `Prefix` element in the `Logging`
     #   element.
     #   @return [String]
@@ -4215,7 +4427,7 @@ module Aws::CloudFront
     #   Constraints for Amazon S3 origins:
     #
     #   * If you configured Amazon S3 Transfer Acceleration for your bucket,
-    #     do not specify the `s3-accelerate` endpoint for `DomainName`.
+    #     don't specify the `s3-accelerate` endpoint for `DomainName`.
     #
     #   * The bucket name must be between 3 and 63 characters long
     #     (inclusive).
@@ -4647,8 +4859,8 @@ module Aws::CloudFront
     #   @return [Time]
     #
     # @!attribute [rw] domain_name
-    #   The domain name that corresponds to the streaming distribution. For
-    #   example: `s5c39gqb8ow64r.cloudfront.net`.
+    #   The domain name that corresponds to the streaming distribution, for
+    #   example, `s5c39gqb8ow64r.cloudfront.net`.
     #   @return [String]
     #
     # @!attribute [rw] active_trusted_signers
@@ -4898,7 +5110,7 @@ module Aws::CloudFront
     # distribution.
     #
     # @!attribute [rw] id
-    #   The identifier for the distribution. For example: `EDFDVBD632BHDS5`.
+    #   The identifier for the distribution, for example, `EDFDVBD632BHDS5`.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -4919,8 +5131,8 @@ module Aws::CloudFront
     #   @return [Time]
     #
     # @!attribute [rw] domain_name
-    #   The domain name corresponding to the distribution. For example:
-    #   `d604721fxaaqy9.cloudfront.net`.
+    #   The domain name corresponding to the distribution, for example,
+    #   `d111111abcdef8.cloudfront.net`.
     #   @return [String]
     #
     # @!attribute [rw] s3_origin
@@ -4992,7 +5204,7 @@ module Aws::CloudFront
     #
     # @!attribute [rw] enabled
     #   Specifies whether you want CloudFront to save access logs to an
-    #   Amazon S3 bucket. If you do not want to enable logging when you
+    #   Amazon S3 bucket. If you don't want to enable logging when you
     #   create a streaming distribution or if you want to disable logging
     #   for an existing streaming distribution, specify `false` for
     #   `Enabled`, and specify `empty Bucket` and `Prefix` elements. If you
@@ -5007,8 +5219,8 @@ module Aws::CloudFront
     #
     # @!attribute [rw] prefix
     #   An optional string that you want CloudFront to prefix to the access
-    #   log `filenames` for this streaming distribution, for example,
-    #   `myprefix/`. If you want to enable logging, but you do not want to
+    #   log filenames for this streaming distribution, for example,
+    #   `myprefix/`. If you want to enable logging, but you don't want to
     #   specify a prefix, you still must include an empty `Prefix` element
     #   in the `Logging` element.
     #   @return [String]
@@ -5450,7 +5662,7 @@ module Aws::CloudFront
     #             iam_certificate_id: "string",
     #             acm_certificate_arn: "string",
     #             ssl_support_method: "sni-only", # accepts sni-only, vip
-    #             minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
+    #             minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
     #             certificate: "string",
     #             certificate_source: "cloudfront", # accepts cloudfront, iam, acm
     #           },
@@ -5588,21 +5800,102 @@ module Aws::CloudFront
 
     # A complex type that specifies the following:
     #
-    # * Which SSL/TLS certificate to use when viewers request objects using
-    #   HTTPS
+    # * Whether you want viewers to use HTTP or HTTPS to request your
+    #   objects.
+    #
+    # * If you want viewers to use HTTPS, whether you're using an alternate
+    #   domain name such as `example.com` or the CloudFront domain name for
+    #   your distribution, such as `d111111abcdef8.cloudfront.net`.
+    #
+    # * If you're using an alternate domain name, whether AWS Certificate
+    #   Manager (ACM) provided the certificate, or you purchased a
+    #   certificate from a third-party certificate authority and imported it
+    #   into ACM or uploaded it to the IAM certificate store.
+    #
+    # You must specify only one of the following values:
+    #
+    # * ViewerCertificate$ACMCertificateArn
+    #
+    # * ViewerCertificate$IAMCertificateId
+    #
+    # * ViewerCertificate$CloudFrontDefaultCertificate
+    #
+    # Don't specify `false` for `CloudFrontDefaultCertificate`.
+    #
+    # **If you want viewers to use HTTP instead of HTTPS to request your
+    # objects**\: Specify the following value:
+    #
+    # `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`
+    #
+    # In addition, specify `allow-all` for `ViewerProtocolPolicy` for all of
+    # your cache behaviors.
+    #
+    # **If you want viewers to use HTTPS to request your objects**\: Choose
+    # the type of certificate that you want to use based on whether you're
+    # using an alternate domain name for your objects or the CloudFront
+    # domain name:
+    #
+    # * **If you're using an alternate domain name, such as example.com**\:
+    #   Specify one of the following values, depending on whether ACM
+    #   provided your certificate or you purchased your certificate from
+    #   third-party certificate authority:
     #
-    # * Whether you want CloudFront to use dedicated IP addresses or SNI
-    #   when you're using alternate domain names in your object names
+    #   * `<ACMCertificateArn>ARN for ACM SSL/TLS
+    #     certificate<ACMCertificateArn>` where ` ARN for ACM SSL/TLS
+    #     certificate ` is the ARN for the ACM SSL/TLS certificate that you
+    #     want to use for this distribution.
     #
-    # * The minimum protocol version that you want CloudFront to use when
-    #   communicating with viewers
+    #   * `<IAMCertificateId>IAM certificate ID<IAMCertificateId>` where `
+    #     IAM certificate ID ` is the ID that IAM returned when you added
+    #     the certificate to the IAM certificate store.
     #
-    # For more information, see [Using an HTTPS Connection to Access Your
-    # Objects][1] in the *Amazon Amazon CloudFront Developer Guide*.
+    #   If you specify `ACMCertificateArn` or `IAMCertificateId`, you must
+    #   also specify a value for `SSLSupportMethod`.
     #
+    #   If you choose to use an ACM certificate or a certificate in the IAM
+    #   certificate store, we recommend that you use only an alternate
+    #   domain name in your object URLs (`https://example.com/logo.jpg`). If
+    #   you use the domain name that is associated with your CloudFront
+    #   distribution (such as
+    #   `https://d111111abcdef8.cloudfront.net/logo.jpg`) and the viewer
+    #   supports `SNI`, then CloudFront behaves normally. However, if the
+    #   browser does not support SNI, the user's experience depends on the
+    #   value that you choose for `SSLSupportMethod`\:
     #
+    #   * `vip`\: The viewer displays a warning because there is a mismatch
+    #     between the CloudFront domain name and the domain name in your
+    #     SSL/TLS certificate.
     #
-    # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html
+    #   * `sni-only`\: CloudFront drops the connection with the browser
+    #     without returning the object.
+    #
+    # * <b>If you're using the CloudFront domain name for your
+    #   distribution, such as <code>d111111abcdef8.cloudfront.net</code>
+    #   </b>\: Specify the following value:
+    #
+    #   `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate> `
+    #
+    # If you want viewers to use HTTPS, you must also specify one of the
+    # following values in your cache behaviors:
+    #
+    # * ` <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>`
+    #
+    # * `<ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>`
+    #
+    # You can also optionally require that CloudFront use HTTPS to
+    # communicate with your origin by specifying one of the following values
+    # for the applicable origins:
+    #
+    # * `<OriginProtocolPolicy>https-only<OriginProtocolPolicy> `
+    #
+    # * `<OriginProtocolPolicy>match-viewer<OriginProtocolPolicy> `
+    #
+    # For more information, see [Using Alternate Domain Names and HTTPS][1]
+    # in the *Amazon CloudFront Developer Guide*.
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS
     #
     # @note When making an API call, you may pass ViewerCertificate
     #   data as a hash:
@@ -5612,25 +5905,31 @@ module Aws::CloudFront
     #         iam_certificate_id: "string",
     #         acm_certificate_arn: "string",
     #         ssl_support_method: "sni-only", # accepts sni-only, vip
-    #         minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1
+    #         minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
     #         certificate: "string",
     #         certificate_source: "cloudfront", # accepts cloudfront, iam, acm
     #       }
     #
     # @!attribute [rw] cloud_front_default_certificate
+    #   For information about how and when to use
+    #   `CloudFrontDefaultCertificate`, see ViewerCertificate.
     #   @return [Boolean]
     #
     # @!attribute [rw] iam_certificate_id
+    #   For information about how and when to use `IAMCertificateId`, see
+    #   ViewerCertificate.
     #   @return [String]
     #
     # @!attribute [rw] acm_certificate_arn
+    #   For information about how and when to use `ACMCertificateArn`, see
+    #   ViewerCertificate.
     #   @return [String]
     #
     # @!attribute [rw] ssl_support_method
-    #   If you specify a value for `ACMCertificateArn` or for
-    #   `IAMCertificateId`, you must also specify how you want CloudFront to
-    #   serve HTTPS requests: using a method that works for all clients or
-    #   one that works for most clients:
+    #   If you specify a value for ViewerCertificate$ACMCertificateArn or
+    #   for ViewerCertificate$IAMCertificateId, you must also specify how
+    #   you want CloudFront to serve HTTPS requests: using a method that
+    #   works for all clients or one that works for most clients:
     #
     #   * `vip`\: CloudFront uses dedicated IP addresses for your content
     #     and can respond to HTTPS requests from any viewer. However, you
@@ -5655,7 +5954,7 @@ module Aws::CloudFront
     #
     #     * Use HTTP instead of HTTPS.
     #
-    #   Do not specify a value for `SSLSupportMethod` if you specified
+    #   Don't specify a value for `SSLSupportMethod` if you specified
     #   `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`.
     #
     #   For more information, see [Using Alternate Domain Names and
@@ -5667,127 +5966,66 @@ module Aws::CloudFront
     #   @return [String]
     #
     # @!attribute [rw] minimum_protocol_version
-    #   Specify the minimum version of the SSL/TLS protocol that you want
-    #   CloudFront to use for HTTPS connections between viewers and
-    #   CloudFront: `SSLv3` or `TLSv1`. CloudFront serves your objects only
-    #   to viewers that support SSL/TLS version that you specify and later
-    #   versions. The `TLSv1` protocol is more secure, so we recommend that
-    #   you specify `SSLv3` only if your users are using browsers or devices
-    #   that don't support `TLSv1`. Note the following:
-    #
-    #   * If you specify
-    #     &lt;CloudFrontDefaultCertificate&gt;true&lt;CloudFrontDefaultCertificate&gt;,
-    #     the minimum SSL protocol version is `TLSv1` and can't be changed.
+    #   Specify the security policy that you want CloudFront to use for
+    #   HTTPS connections. A security policy determines two settings:
     #
-    #   * If you're using a custom certificate (if you specify a value for
-    #     `ACMCertificateArn` or for `IAMCertificateId`) and if you're
-    #     using SNI (if you specify `sni-only` for `SSLSupportMethod`), you
-    #     must specify `TLSv1` for `MinimumProtocolVersion`.
-    #   @return [String]
-    #
-    # @!attribute [rw] certificate
-    #   Include one of these values to specify the following:
-    #
-    #   * Whether you want viewers to use HTTP or HTTPS to request your
-    #     objects.
-    #
-    #   * If you want viewers to use HTTPS, whether you're using an
-    #     alternate domain name such as example.com or the CloudFront domain
-    #     name for your distribution, such as
-    #     `d111111abcdef8.cloudfront.net`.
-    #
-    #   * If you're using an alternate domain name, whether AWS Certificate
-    #     Manager (ACM) provided the certificate, or you purchased a
-    #     certificate from a third-party certificate authority and imported
-    #     it into ACM or uploaded it to the IAM certificate store.
-    #
-    #   You must specify one (and only one) of the three values. Do not
-    #   specify `false` for `CloudFrontDefaultCertificate`.
-    #
-    #   **If you want viewers to use HTTP to request your objects**\:
-    #   Specify the following value:
-    #
-    #   `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`
-    #
-    #   In addition, specify `allow-all` for `ViewerProtocolPolicy` for all
-    #   of your cache behaviors.
-    #
-    #   **If you want viewers to use HTTPS to request your objects**\:
-    #   Choose the type of certificate that you want to use based on whether
-    #   you're using an alternate domain name for your objects or the
-    #   CloudFront domain name:
-    #
-    #   * **If you're using an alternate domain name, such as
-    #     example.com**\: Specify one of the following values, depending on
-    #     whether ACM provided your certificate or you purchased your
-    #     certificate from third-party certificate authority:
-    #
-    #     * `<ACMCertificateArn>ARN for ACM SSL/TLS
-    #       certificate<ACMCertificateArn>` where ARN for ACM SSL/TLS
-    #       certificate is the ARN for the ACM SSL/TLS certificate that you
-    #       want to use for this distribution.
+    #   * The minimum SSL/TLS protocol that CloudFront uses to communicate
+    #     with viewers
     #
-    #     * `<IAMCertificateId>IAM certificate ID<IAMCertificateId>` where
-    #       IAM certificate ID is the ID that IAM returned when you added
-    #       the certificate to the IAM certificate store.
+    #   * The cipher that CloudFront uses to encrypt the content that it
+    #     returns to viewers
     #
-    #     If you specify `ACMCertificateArn` or `IAMCertificateId`, you must
-    #     also specify a value for `SSLSupportMethod`.
+    #   <note markdown="1"> On the CloudFront console, this setting is called **Security
+    #   policy**.
     #
-    #     If you choose to use an ACM certificate or a certificate in the
-    #     IAM certificate store, we recommend that you use only an alternate
-    #     domain name in your object URLs (`https://example.com/logo.jpg`).
-    #     If you use the domain name that is associated with your CloudFront
-    #     distribution (`https://d111111abcdef8.cloudfront.net/logo.jpg`)
-    #     and the viewer supports `SNI`, then CloudFront behaves normally.
-    #     However, if the browser does not support SNI, the user's
-    #     experience depends on the value that you choose for
-    #     `SSLSupportMethod`\:
-    #
-    #     * `vip`\: The viewer displays a warning because there is a
-    #       mismatch between the CloudFront domain name and the domain name
-    #       in your SSL/TLS certificate.
+    #    </note>
     #
-    #     * `sni-only`\: CloudFront drops the connection with the browser
-    #       without returning the object.
+    #   We recommend that you specify `TLSv1.1_2016` unless your users are
+    #   using browsers or devices that do not support TLSv1.1 or later.
     #
-    #   * <b>If you're using the CloudFront domain name for your
-    #     distribution, such as <code>d111111abcdef8.cloudfront.net</code>
-    #     </b>\: Specify the following value:
+    #   When both of the following are true, you must specify `TLSv1` or
+    #   later for the security policy:
     #
-    #     ` <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>
-    #     `
+    #   * You're using a custom certificate: you specified a value for
+    #     `ACMCertificateArn` or for `IAMCertificateId`
     #
-    #     If you want viewers to use HTTPS, you must also specify one of the
-    #     following values in your cache behaviors:
+    #   * You're using SNI: you specified `sni-only` for `SSLSupportMethod`
     #
-    #     * ` <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy> `
+    #   If you specify `true` for `CloudFrontDefaultCertificate`, CloudFront
+    #   automatically sets the security policy to `TLSv1` regardless of the
+    #   value that you specify for `MinimumProtocolVersion`.
     #
-    #     * ` <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
-    #       `
+    #   For information about the relationship between the security policy
+    #   that you choose and the protocols and ciphers that CloudFront uses
+    #   to communicate with viewers, see [ Supported SSL/TLS Protocols and
+    #   Ciphers for Communication Between Viewers and CloudFront][1] in the
+    #   *Amazon CloudFront Developer Guide*.
     #
-    #     You can also optionally require that CloudFront use HTTPS to
-    #     communicate with your origin by specifying one of the following
-    #     values for the applicable origins:
     #
-    #     * ` <OriginProtocolPolicy>https-only<OriginProtocolPolicy> `
     #
-    #     * ` <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy> `
+    #   [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers
+    #   @return [String]
     #
-    #     For more information, see [Using Alternate Domain Names and
-    #     HTTPS][1] in the *Amazon CloudFront Developer Guide*.
+    # @!attribute [rw] certificate
+    #   This field has been deprecated. Use one of the following fields
+    #   instead:
     #
+    #   * ViewerCertificate$ACMCertificateArn
     #
+    #   * ViewerCertificate$IAMCertificateId
     #
-    #   [1]: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS
+    #   * ViewerCertificate$CloudFrontDefaultCertificate
     #   @return [String]
     #
     # @!attribute [rw] certificate_source
-    #   <note markdown="1"> This field is deprecated. You can use one of the following:
-    #   `[ACMCertificateArn`, `IAMCertificateId`, or
-    #   `CloudFrontDefaultCertificate]`.
+    #   This field has been deprecated. Use one of the following fields
+    #   instead:
     #
-    #    </note>
+    #   * ViewerCertificate$ACMCertificateArn
+    #
+    #   * ViewerCertificate$IAMCertificateId
+    #
+    #   * ViewerCertificate$CloudFrontDefaultCertificate
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/cloudfront-2017-03-25/ViewerCertificate AWS API Documentation

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-cloudfront
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-29 00:00:00.000000000 Z
+date: 2017-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -60,7 +60,9 @@ files:
 homepage: http://github.com/aws/aws-sdk-ruby
 licenses:
 - Apache-2.0
-metadata: {}
+metadata:
+  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-cloudfront
+  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-cloudfront/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths: