@aws-sdk/client-cloudfront 3.145.0 → 3.157.0

package/dist-types/models/models_0.d.ts

@@ -1861,7 +1861,7 @@ export interface DefaultCacheBehavior {
      */
     MaxTTL?: number;
 }
-export declare type HttpVersion = "http1.1" | "http2";
+export declare type HttpVersion = "http1.1" | "http2" | "http2and3" | "http3";
 /**
  * <p>A complex type that controls whether access logs are written for the
  * 			distribution.</p>
@@ -2247,6 +2247,12 @@ export interface Origin {
      * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html">Using Origin Shield</a> in the <i>Amazon CloudFront Developer Guide</i>.</p>
      */
     OriginShield?: OriginShield;
+    /**
+     * <p>The unique identifier of an origin access control for this origin.</p>
+     * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html">Restricting access to an Amazon S3 origin</a> in the
+     * 			<i>Amazon CloudFront Developer Guide</i>.</p>
+     */
+    OriginAccessControlId?: string;
 }
 /**
  * <p>Contains information about the origins for this distribution.</p>
@@ -2667,14 +2673,16 @@ export interface DistributionConfig {
      */
     WebACLId?: string;
     /**
-     * <p>(Optional) Specify the maximum HTTP version that you want viewers to use to communicate
-     * 			with CloudFront. The default value for new web distributions is http2. Viewers that don't support
-     * 			HTTP/2 automatically use an earlier HTTP version.</p>
-     * 		       <p>For viewers and CloudFront to use HTTP/2, viewers must support TLS 1.2 or later, and must
-     * 			support Server Name Identification (SNI).</p>
-     * 		       <p>In general, configuring CloudFront to communicate with viewers using HTTP/2 reduces latency.
-     * 			You can improve performance by optimizing for HTTP/2. For more information, do an Internet
-     * 			search for "http/2 optimization." </p>
+     * <p>(Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate
+     * 			with CloudFront. The default value for new web distributions is <code>http2</code>. Viewers
+     * 			that don't support HTTP/2 automatically use an earlier HTTP version.</p>
+     * 		       <p>For viewers and CloudFront to use HTTP/2, viewers must support TLSv1.2 or later, and must
+     * 			support Server Name Indication (SNI).</p>
+     * 		       <p>For viewers and CloudFront to use HTTP/3, viewers must support TLSv1.3 and Server Name
+     * 			Indication (SNI). CloudFront supports HTTP/3 connection migration to allow the
+     * 			viewer to switch networks without losing connection. For more information
+     * 			about connection migration, see <a href="https://www.rfc-editor.org/rfc/rfc9000.html#name-connection-migration">Connection Migration</a> at RFC 9000. For more information about
+     * 			supported TLSv1.3 ciphers, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html">Supported protocols and ciphers between viewers and CloudFront</a>.</p>
      */
     HttpVersion?: HttpVersion | string;
     /**
@@ -2827,6 +2835,19 @@ export declare class IllegalFieldLevelEncryptionConfigAssociationWithCacheBehavi
      */
     constructor(opts: __ExceptionOptionType<IllegalFieldLevelEncryptionConfigAssociationWithCacheBehavior, __BaseException>);
 }
+/**
+ * <p>An origin cannot contain both an origin access control (OAC) and an origin access identity
+ * 			(OAI).</p>
+ */
+export declare class IllegalOriginAccessConfiguration extends __BaseException {
+    readonly name: "IllegalOriginAccessConfiguration";
+    readonly $fault: "client";
+    Message?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<IllegalOriginAccessConfiguration, __BaseException>);
+}
 /**
  * <p>The default root object file name is too big or contains an invalid character.</p>
  */
@@ -2839,6 +2860,19 @@ export declare class InvalidDefaultRootObject extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<InvalidDefaultRootObject, __BaseException>);
 }
+/**
+ * <p>An origin access control is associated with an origin whose domain name is not
+ * 			supported.</p>
+ */
+export declare class InvalidDomainNameForOriginAccessControl extends __BaseException {
+    readonly name: "InvalidDomainNameForOriginAccessControl";
+    readonly $fault: "client";
+    Message?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InvalidDomainNameForOriginAccessControl, __BaseException>);
+}
 /**
  * <p>An invalid error code was specified.</p>
  */
@@ -2948,6 +2982,18 @@ export declare class InvalidOrigin extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<InvalidOrigin, __BaseException>);
 }
+/**
+ * <p>The origin access control is not valid.</p>
+ */
+export declare class InvalidOriginAccessControl extends __BaseException {
+    readonly name: "InvalidOriginAccessControl";
+    readonly $fault: "client";
+    Message?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<InvalidOriginAccessControl, __BaseException>);
+}
 /**
  * <p>The origin access identity is not valid or doesn't exist.</p>
  */
@@ -3258,6 +3304,21 @@ export declare class TooManyDistributionsAssociatedToKeyGroup extends __BaseExce
      */
     constructor(opts: __ExceptionOptionType<TooManyDistributionsAssociatedToKeyGroup, __BaseException>);
 }
+/**
+ * <p>The maximum number of distributions have been associated with the specified origin
+ * 			access control.</p>
+ * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html">Quotas</a> (formerly known as limits) in the
+ * 			<i>Amazon CloudFront Developer Guide</i>.</p>
+ */
+export declare class TooManyDistributionsAssociatedToOriginAccessControl extends __BaseException {
+    readonly name: "TooManyDistributionsAssociatedToOriginAccessControl";
+    readonly $fault: "client";
+    Message?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<TooManyDistributionsAssociatedToOriginAccessControl, __BaseException>);
+}
 /**
  * <p>The maximum number of distributions have been associated with the specified origin
  * 			request policy. For more information, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html">Quotas</a> (formerly known as limits) in the
@@ -4341,6 +4402,144 @@ export interface CreateMonitoringSubscriptionResult {
      */
     MonitoringSubscription?: MonitoringSubscription;
 }
+/**
+ * <p>A monitoring subscription already exists for the specified distribution.</p>
+ */
+export declare class MonitoringSubscriptionAlreadyExists extends __BaseException {
+    readonly name: "MonitoringSubscriptionAlreadyExists";
+    readonly $fault: "client";
+    Message?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<MonitoringSubscriptionAlreadyExists, __BaseException>);
+}
+export declare enum OriginAccessControlOriginTypes {
+    s3 = "s3"
+}
+export declare enum OriginAccessControlSigningBehaviors {
+    always = "always",
+    never = "never",
+    no_override = "no-override"
+}
+export declare enum OriginAccessControlSigningProtocols {
+    sigv4 = "sigv4"
+}
+/**
+ * <p>A CloudFront origin access control.</p>
+ */
+export interface OriginAccessControlConfig {
+    /**
+     * <p>A name to identify the origin access control.</p>
+     */
+    Name: string | undefined;
+    /**
+     * <p>A description of the origin access control.</p>
+     */
+    Description: string | undefined;
+    /**
+     * <p>The signing protocol of the origin access control, which determines how CloudFront signs
+     * 			(authenticates) requests. The only valid value is <code>sigv4</code>.</p>
+     */
+    SigningProtocol: OriginAccessControlSigningProtocols | string | undefined;
+    /**
+     * <p>Specifies which requests CloudFront signs (adds authentication information to). Specify
+     * 			<code>always</code> for the most common use case. For more information, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#oac-advanced-settings">origin access control advanced settings</a> in the
+     * 			<i>Amazon CloudFront Developer Guide</i>.</p>
+     * 		       <p>This field can have one of the following values:</p>
+     * 		       <ul>
+     *             <li>
+     * 				           <p>
+     *                   <code>always</code> – CloudFront signs all origin requests, overwriting the
+     * 					<code>Authorization</code> header from the viewer request if one exists.</p>
+     * 			         </li>
+     *             <li>
+     * 				           <p>
+     *                   <code>never</code> – CloudFront doesn't sign any origin requests. This value turns off origin
+     * 					access control for all origins in all distributions that use this origin access
+     * 					control.</p>
+     * 			         </li>
+     *             <li>
+     * 				           <p>
+     *                   <code>no-override</code> – If the viewer request doesn't contain the
+     * 					<code>Authorization</code> header, then CloudFront signs the origin request. If the
+     * 					viewer request contains the <code>Authorization</code> header, then CloudFront doesn't
+     * 					sign the origin request and instead passes along the <code>Authorization</code>
+     * 					header from the viewer request. <b>WARNING: To pass along the
+     * 					<code>Authorization</code> header from the viewer request, you
+     * 					<i>must</i> add the <code>Authorization</code> header to an <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html">origin request policy</a> for all cache behaviors that
+     * 					use origins associated with this origin access control.</b>
+     *                </p>
+     * 			         </li>
+     *          </ul>
+     */
+    SigningBehavior: OriginAccessControlSigningBehaviors | string | undefined;
+    /**
+     * <p>The type of origin that this origin access control is for. The only valid value is
+     * 			<code>s3</code>.</p>
+     */
+    OriginAccessControlOriginType: OriginAccessControlOriginTypes | string | undefined;
+}
+export interface CreateOriginAccessControlRequest {
+    /**
+     * <p>Contains the origin access control.</p>
+     */
+    OriginAccessControlConfig: OriginAccessControlConfig | undefined;
+}
+/**
+ * <p>A CloudFront origin access control.</p>
+ */
+export interface OriginAccessControl {
+    /**
+     * <p>The unique identifier of the origin access control.</p>
+     */
+    Id: string | undefined;
+    /**
+     * <p>The origin access control.</p>
+     */
+    OriginAccessControlConfig?: OriginAccessControlConfig;
+}
+export interface CreateOriginAccessControlResult {
+    /**
+     * <p>Contains an origin access control.</p>
+     */
+    OriginAccessControl?: OriginAccessControl;
+    /**
+     * <p>The URL of the origin access control.</p>
+     */
+    Location?: string;
+    /**
+     * <p>The version identifier for the current version of the origin access control.</p>
+     */
+    ETag?: string;
+}
+/**
+ * <p>An origin access control with the specified parameters already exists.</p>
+ */
+export declare class OriginAccessControlAlreadyExists extends __BaseException {
+    readonly name: "OriginAccessControlAlreadyExists";
+    readonly $fault: "client";
+    Message?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<OriginAccessControlAlreadyExists, __BaseException>);
+}
+/**
+ * <p>The number of origin access controls in your Amazon Web Services account exceeds the maximum
+ * 			allowed.</p>
+ * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html">Quotas</a> (formerly known as limits) in the
+ * 			<i>Amazon CloudFront Developer Guide</i>.</p>
+ */
+export declare class TooManyOriginAccessControls extends __BaseException {
+    readonly name: "TooManyOriginAccessControls";
+    readonly $fault: "client";
+    Message?: string;
+    /**
+     * @internal
+     */
+    constructor(opts: __ExceptionOptionType<TooManyOriginAccessControls, __BaseException>);
+}
 export declare type OriginRequestPolicyCookieBehavior = "all" | "none" | "whitelist";
 /**
  * <p>An object that determines whether any cookies in viewer requests (and if so, which cookies)
@@ -5345,15 +5544,15 @@ export interface ResponseHeadersPolicyConfig {
      * <p>A configuration for a set of security-related HTTP response headers.</p>
      */
     SecurityHeadersConfig?: ResponseHeadersPolicySecurityHeadersConfig;
-    /**
-     * <p>A configuration for a set of custom HTTP response headers.</p>
-     */
-    CustomHeadersConfig?: ResponseHeadersPolicyCustomHeadersConfig;
     /**
      * <p>A configuration for enabling the <code>Server-Timing</code> header in HTTP responses
      * 			sent from CloudFront.</p>
      */
     ServerTimingHeadersConfig?: ResponseHeadersPolicyServerTimingHeadersConfig;
+    /**
+     * <p>A configuration for a set of custom HTTP response headers.</p>
+     */
+    CustomHeadersConfig?: ResponseHeadersPolicyCustomHeadersConfig;
 }
 export interface CreateResponseHeadersPolicyRequest {
     /**
@@ -5765,224 +5964,6 @@ export declare class PreconditionFailed extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<PreconditionFailed, __BaseException>);
 }
-/**
- * <p>The Origin Access Identity specified is already in use.</p>
- */
-export declare class CloudFrontOriginAccessIdentityInUse extends __BaseException {
-    readonly name: "CloudFrontOriginAccessIdentityInUse";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<CloudFrontOriginAccessIdentityInUse, __BaseException>);
-}
-/**
- * <p>Deletes a origin access identity.</p>
- */
-export interface DeleteCloudFrontOriginAccessIdentityRequest {
-    /**
-     * <p>The origin access identity's ID.</p>
-     */
-    Id: string | undefined;
-    /**
-     * <p>The value of the <code>ETag</code> header you received from a previous <code>GET</code>
-     * 			or <code>PUT</code> request. For example: <code>E2QWRUHAPOMQZL</code>.</p>
-     */
-    IfMatch?: string;
-}
-/**
- * <p>The specified origin access identity does not exist.</p>
- */
-export declare class NoSuchCloudFrontOriginAccessIdentity extends __BaseException {
-    readonly name: "NoSuchCloudFrontOriginAccessIdentity";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<NoSuchCloudFrontOriginAccessIdentity, __BaseException>);
-}
-/**
- * <p>This action deletes a web distribution. To delete a web distribution using the CloudFront
- * 			API, perform the following steps.</p>
- * 		       <p>
- * 			         <b>To delete a web distribution using the CloudFront API:</b>
- * 		       </p>
- * 		       <ol>
- *             <li>
- * 				           <p>Disable the web distribution </p>
- * 			         </li>
- *             <li>
- * 				           <p>Submit a <code>GET Distribution Config</code> request to get the current
- * 					configuration and the <code>Etag</code> header for the distribution.</p>
- * 			         </li>
- *             <li>
- * 				           <p>Update the XML document that was returned in the response to your <code>GET
- * 						Distribution Config</code> request to change the value of <code>Enabled</code> to
- * 						<code>false</code>.</p>
- * 			         </li>
- *             <li>
- * 				           <p>Submit a <code>PUT Distribution Config</code> request to update the configuration
- * 					for your distribution. In the request body, include the XML document that you updated in
- * 					Step 3. Set the value of the HTTP <code>If-Match</code> header to the value of the
- * 						<code>ETag</code> header that CloudFront returned when you submitted the <code>GET
- * 						Distribution Config</code> request in Step 2.</p>
- * 			         </li>
- *             <li>
- * 				           <p>Review the response to the <code>PUT Distribution Config</code> request to confirm
- * 					that the distribution was successfully disabled.</p>
- * 			         </li>
- *             <li>
- * 				           <p>Submit a <code>GET Distribution</code> request to confirm that your changes have
- * 					propagated. When propagation is complete, the value of <code>Status</code> is
- * 						<code>Deployed</code>.</p>
- * 			         </li>
- *             <li>
- * 				           <p>Submit a <code>DELETE Distribution</code> request. Set the value of the HTTP
- * 						<code>If-Match</code> header to the value of the <code>ETag</code> header that CloudFront
- * 					returned when you submitted the <code>GET Distribution Config</code> request in Step
- * 					6.</p>
- * 			         </li>
- *             <li>
- * 				           <p>Review the response to your <code>DELETE Distribution</code> request to confirm
- * 					that the distribution was successfully deleted.</p>
- * 			         </li>
- *          </ol>
- * 		       <p>For information about deleting a distribution using the CloudFront console, see <a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/HowToDeleteDistribution.html">Deleting a Distribution</a> in the
- * 				<i>Amazon CloudFront Developer Guide</i>.</p>
- */
-export interface DeleteDistributionRequest {
-    /**
-     * <p>The distribution ID. </p>
-     */
-    Id: string | undefined;
-    /**
-     * <p>The value of the <code>ETag</code> header that you received when you disabled the
-     * 			distribution. For example: <code>E2QWRUHAPOMQZL</code>. </p>
-     */
-    IfMatch?: string;
-}
-/**
- * <p>The specified CloudFront distribution is not disabled. You must disable
- * 			the distribution before you can delete it.</p>
- */
-export declare class DistributionNotDisabled extends __BaseException {
-    readonly name: "DistributionNotDisabled";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<DistributionNotDisabled, __BaseException>);
-}
-export interface DeleteFieldLevelEncryptionConfigRequest {
-    /**
-     * <p>The ID of the configuration you want to delete from CloudFront.</p>
-     */
-    Id: string | undefined;
-    /**
-     * <p>The value of the <code>ETag</code> header that you received when retrieving the
-     * 			configuration identity to delete. For example: <code>E2QWRUHAPOMQZL</code>.</p>
-     */
-    IfMatch?: string;
-}
-/**
- * <p>The specified configuration for field-level encryption is in use.</p>
- */
-export declare class FieldLevelEncryptionConfigInUse extends __BaseException {
-    readonly name: "FieldLevelEncryptionConfigInUse";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<FieldLevelEncryptionConfigInUse, __BaseException>);
-}
-export interface DeleteFieldLevelEncryptionProfileRequest {
-    /**
-     * <p>Request the ID of the profile you want to delete from CloudFront.</p>
-     */
-    Id: string | undefined;
-    /**
-     * <p>The value of the <code>ETag</code> header that you received when retrieving the
-     * 			profile to delete. For example: <code>E2QWRUHAPOMQZL</code>.</p>
-     */
-    IfMatch?: string;
-}
-/**
- * <p>The specified profile for field-level encryption is in use.</p>
- */
-export declare class FieldLevelEncryptionProfileInUse extends __BaseException {
-    readonly name: "FieldLevelEncryptionProfileInUse";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<FieldLevelEncryptionProfileInUse, __BaseException>);
-}
-export interface DeleteFunctionRequest {
-    /**
-     * <p>The name of the function that you are deleting.</p>
-     */
-    Name: string | undefined;
-    /**
-     * <p>The current version (<code>ETag</code> value) of the function that you are deleting, which
-     * 			you can get using <code>DescribeFunction</code>.</p>
-     */
-    IfMatch: string | undefined;
-}
-/**
- * <p>Cannot delete the function because it’s attached to one or more cache
- * 			behaviors.</p>
- */
-export declare class FunctionInUse extends __BaseException {
-    readonly name: "FunctionInUse";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<FunctionInUse, __BaseException>);
-}
-/**
- * <p>The function does not exist.</p>
- */
-export declare class NoSuchFunctionExists extends __BaseException {
-    readonly name: "NoSuchFunctionExists";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<NoSuchFunctionExists, __BaseException>);
-}
-export interface DeleteKeyGroupRequest {
-    /**
-     * <p>The identifier of the key group that you are deleting. To get the identifier, use
-     * 			<code>ListKeyGroups</code>.</p>
-     */
-    Id: string | undefined;
-    /**
-     * <p>The version of the key group that you are deleting. The version is the key group’s
-     * 			<code>ETag</code> value. To get the <code>ETag</code>, use <code>GetKeyGroup</code> or
-     * 			<code>GetKeyGroupConfig</code>.</p>
-     */
-    IfMatch?: string;
-}
-/**
- * <p>A resource that was specified is not valid.</p>
- */
-export declare class NoSuchResource extends __BaseException {
-    readonly name: "NoSuchResource";
-    readonly $fault: "client";
-    Message?: string;
-    /**
-     * @internal
-     */
-    constructor(opts: __ExceptionOptionType<NoSuchResource, __BaseException>);
-}
 /**
  * @internal
  */
@@ -6395,6 +6376,22 @@ export declare const CreateMonitoringSubscriptionRequestFilterSensitiveLog: (obj
  * @internal
  */
 export declare const CreateMonitoringSubscriptionResultFilterSensitiveLog: (obj: CreateMonitoringSubscriptionResult) => any;
+/**
+ * @internal
+ */
+export declare const OriginAccessControlConfigFilterSensitiveLog: (obj: OriginAccessControlConfig) => any;
+/**
+ * @internal
+ */
+export declare const CreateOriginAccessControlRequestFilterSensitiveLog: (obj: CreateOriginAccessControlRequest) => any;
+/**
+ * @internal
+ */
+export declare const OriginAccessControlFilterSensitiveLog: (obj: OriginAccessControl) => any;
+/**
+ * @internal
+ */
+export declare const CreateOriginAccessControlResultFilterSensitiveLog: (obj: CreateOriginAccessControlResult) => any;
 /**
  * @internal
  */
@@ -6575,27 +6572,3 @@ export declare const CreateStreamingDistributionWithTagsResultFilterSensitiveLog
  * @internal
  */
 export declare const DeleteCachePolicyRequestFilterSensitiveLog: (obj: DeleteCachePolicyRequest) => any;
-/**
- * @internal
- */
-export declare const DeleteCloudFrontOriginAccessIdentityRequestFilterSensitiveLog: (obj: DeleteCloudFrontOriginAccessIdentityRequest) => any;
-/**
- * @internal
- */
-export declare const DeleteDistributionRequestFilterSensitiveLog: (obj: DeleteDistributionRequest) => any;
-/**
- * @internal
- */
-export declare const DeleteFieldLevelEncryptionConfigRequestFilterSensitiveLog: (obj: DeleteFieldLevelEncryptionConfigRequest) => any;
-/**
- * @internal
- */
-export declare const DeleteFieldLevelEncryptionProfileRequestFilterSensitiveLog: (obj: DeleteFieldLevelEncryptionProfileRequest) => any;
-/**
- * @internal
- */
-export declare const DeleteFunctionRequestFilterSensitiveLog: (obj: DeleteFunctionRequest) => any;
-/**
- * @internal
- */
-export declare const DeleteKeyGroupRequestFilterSensitiveLog: (obj: DeleteKeyGroupRequest) => any;