aws-cdk-lib 2.215.0__py3-none-any.whl → 2.217.0__py3-none-any.whl

aws_cdk/aws_cloudfront/__init__.py

@@ -9903,6 +9903,7 @@ class OriginBase(
         origin_id: typing.Optional[builtins.str] = None,
         origin_shield_enabled: typing.Optional[builtins.bool] = None,
         origin_shield_region: typing.Optional[builtins.str] = None,
+        response_completion_timeout: typing.Optional[_Duration_4839e8c3] = None,
     ) -> None:
         '''
         :param domain_name: -
@@ -9914,6 +9915,7 @@ class OriginBase(
         :param origin_id: A unique identifier for the origin. This value must be unique within the distribution. Default: - an originid will be generated for you
         :param origin_shield_enabled: Origin Shield is enabled by setting originShieldRegion to a valid region, after this to disable Origin Shield again you must set this flag to false. Default: - true
         :param origin_shield_region: When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance. Default: - origin shield not enabled
+        :param response_completion_timeout: The time that a request from CloudFront to the origin can stay open and wait for a response. If the complete response isn't received from the origin by this time, CloudFront ends the connection. Valid values are 1-3600 seconds, inclusive. Default: undefined - AWS CloudFront default is not enforcing a maximum value
         '''
         if __debug__:
             type_hints = typing.get_type_hints(_typecheckingstub__5b13f814bf47a5f3949ffc4b53034b4702a02836213167c9ba4c6a8d6e8f623e)
@@ -9927,6 +9929,7 @@ class OriginBase(
             origin_id=origin_id,
             origin_shield_enabled=origin_shield_enabled,
             origin_shield_region=origin_shield_region,
+            response_completion_timeout=response_completion_timeout,
         )
 
         jsii.create(self.__class__, self, [domain_name, props])
@@ -9974,6 +9977,25 @@ class OriginBase(
     ) -> typing.Optional["CfnDistribution.VpcOriginConfigProperty"]:
         return typing.cast(typing.Optional["CfnDistribution.VpcOriginConfigProperty"], jsii.invoke(self, "renderVpcOriginConfig", []))
 
+    @jsii.member(jsii_name="validateResponseCompletionTimeoutWithReadTimeout")
+    def _validate_response_completion_timeout_with_read_timeout(
+        self,
+        response_completion_timeout: typing.Optional[_Duration_4839e8c3] = None,
+        read_timeout: typing.Optional[_Duration_4839e8c3] = None,
+    ) -> None:
+        '''Validates that responseCompletionTimeout is greater than or equal to readTimeout when both are specified.
+
+        This method should be called by subclasses that support readTimeout.
+
+        :param response_completion_timeout: -
+        :param read_timeout: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__2a6162e2b8ea3b5399119fc8b631f66d8bac30203424ac043fac74ad6d5bf84d)
+            check_type(argname="argument response_completion_timeout", value=response_completion_timeout, expected_type=type_hints["response_completion_timeout"])
+            check_type(argname="argument read_timeout", value=read_timeout, expected_type=type_hints["read_timeout"])
+        return typing.cast(None, jsii.invoke(self, "validateResponseCompletionTimeoutWithReadTimeout", [response_completion_timeout, read_timeout]))
+
 
 class _OriginBaseProxy(OriginBase):
     pass
@@ -10279,6 +10301,7 @@ class OriginFailoverConfig:
         "origin_id": "originId",
         "origin_shield_enabled": "originShieldEnabled",
         "origin_shield_region": "originShieldRegion",
+        "response_completion_timeout": "responseCompletionTimeout",
     },
 )
 class OriginOptions:
@@ -10292,6 +10315,7 @@ class OriginOptions:
         origin_id: typing.Optional[builtins.str] = None,
         origin_shield_enabled: typing.Optional[builtins.bool] = None,
         origin_shield_region: typing.Optional[builtins.str] = None,
+        response_completion_timeout: typing.Optional[_Duration_4839e8c3] = None,
     ) -> None:
         '''Options to define an Origin.
 
@@ -10302,6 +10326,7 @@ class OriginOptions:
         :param origin_id: A unique identifier for the origin. This value must be unique within the distribution. Default: - an originid will be generated for you
         :param origin_shield_enabled: Origin Shield is enabled by setting originShieldRegion to a valid region, after this to disable Origin Shield again you must set this flag to false. Default: - true
         :param origin_shield_region: When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance. Default: - origin shield not enabled
+        :param response_completion_timeout: The time that a request from CloudFront to the origin can stay open and wait for a response. If the complete response isn't received from the origin by this time, CloudFront ends the connection. Valid values are 1-3600 seconds, inclusive. Default: undefined - AWS CloudFront default is not enforcing a maximum value
 
         :exampleMetadata: fixture=_generated
 
@@ -10321,7 +10346,8 @@ class OriginOptions:
                 origin_access_control_id="originAccessControlId",
                 origin_id="originId",
                 origin_shield_enabled=False,
-                origin_shield_region="originShieldRegion"
+                origin_shield_region="originShieldRegion",
+                response_completion_timeout=cdk.Duration.minutes(30)
             )
         '''
         if __debug__:
@@ -10333,6 +10359,7 @@ class OriginOptions:
             check_type(argname="argument origin_id", value=origin_id, expected_type=type_hints["origin_id"])
             check_type(argname="argument origin_shield_enabled", value=origin_shield_enabled, expected_type=type_hints["origin_shield_enabled"])
             check_type(argname="argument origin_shield_region", value=origin_shield_region, expected_type=type_hints["origin_shield_region"])
+            check_type(argname="argument response_completion_timeout", value=response_completion_timeout, expected_type=type_hints["response_completion_timeout"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if connection_attempts is not None:
             self._values["connection_attempts"] = connection_attempts
@@ -10348,6 +10375,8 @@ class OriginOptions:
             self._values["origin_shield_enabled"] = origin_shield_enabled
         if origin_shield_region is not None:
             self._values["origin_shield_region"] = origin_shield_region
+        if response_completion_timeout is not None:
+            self._values["response_completion_timeout"] = response_completion_timeout
 
     @builtins.property
     def connection_attempts(self) -> typing.Optional[jsii.Number]:
@@ -10422,6 +10451,21 @@ class OriginOptions:
         result = self._values.get("origin_shield_region")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def response_completion_timeout(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''The time that a request from CloudFront to the origin can stay open and wait for a response.
+
+        If the complete response isn't received from the origin by this time, CloudFront ends the connection.
+
+        Valid values are 1-3600 seconds, inclusive.
+
+        :default: undefined -  AWS CloudFront default is not enforcing a maximum value
+
+        :see: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#response-completion-timeout
+        '''
+        result = self._values.get("response_completion_timeout")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
     def __eq__(self, rhs: typing.Any) -> builtins.bool:
         return isinstance(rhs, self.__class__) and rhs._values == self._values
 
@@ -10445,6 +10489,7 @@ class OriginOptions:
         "origin_id": "originId",
         "origin_shield_enabled": "originShieldEnabled",
         "origin_shield_region": "originShieldRegion",
+        "response_completion_timeout": "responseCompletionTimeout",
         "origin_path": "originPath",
     },
 )
@@ -10459,6 +10504,7 @@ class OriginProps(OriginOptions):
         origin_id: typing.Optional[builtins.str] = None,
         origin_shield_enabled: typing.Optional[builtins.bool] = None,
         origin_shield_region: typing.Optional[builtins.str] = None,
+        response_completion_timeout: typing.Optional[_Duration_4839e8c3] = None,
         origin_path: typing.Optional[builtins.str] = None,
     ) -> None:
         '''Properties to define an Origin.
@@ -10470,6 +10516,7 @@ class OriginProps(OriginOptions):
         :param origin_id: A unique identifier for the origin. This value must be unique within the distribution. Default: - an originid will be generated for you
         :param origin_shield_enabled: Origin Shield is enabled by setting originShieldRegion to a valid region, after this to disable Origin Shield again you must set this flag to false. Default: - true
         :param origin_shield_region: When you enable Origin Shield in the AWS Region that has the lowest latency to your origin, you can get better network performance. Default: - origin shield not enabled
+        :param response_completion_timeout: The time that a request from CloudFront to the origin can stay open and wait for a response. If the complete response isn't received from the origin by this time, CloudFront ends the connection. Valid values are 1-3600 seconds, inclusive. Default: undefined - AWS CloudFront default is not enforcing a maximum value
         :param origin_path: An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin. Must begin, but not end, with '/' (e.g., '/production/images'). Default: '/'
 
         :exampleMetadata: fixture=_generated
@@ -10491,7 +10538,8 @@ class OriginProps(OriginOptions):
                 origin_id="originId",
                 origin_path="originPath",
                 origin_shield_enabled=False,
-                origin_shield_region="originShieldRegion"
+                origin_shield_region="originShieldRegion",
+                response_completion_timeout=cdk.Duration.minutes(30)
             )
         '''
         if __debug__:
@@ -10503,6 +10551,7 @@ class OriginProps(OriginOptions):
             check_type(argname="argument origin_id", value=origin_id, expected_type=type_hints["origin_id"])
             check_type(argname="argument origin_shield_enabled", value=origin_shield_enabled, expected_type=type_hints["origin_shield_enabled"])
             check_type(argname="argument origin_shield_region", value=origin_shield_region, expected_type=type_hints["origin_shield_region"])
+            check_type(argname="argument response_completion_timeout", value=response_completion_timeout, expected_type=type_hints["response_completion_timeout"])
             check_type(argname="argument origin_path", value=origin_path, expected_type=type_hints["origin_path"])
         self._values: typing.Dict[builtins.str, typing.Any] = {}
         if connection_attempts is not None:
@@ -10519,6 +10568,8 @@ class OriginProps(OriginOptions):
             self._values["origin_shield_enabled"] = origin_shield_enabled
         if origin_shield_region is not None:
             self._values["origin_shield_region"] = origin_shield_region
+        if response_completion_timeout is not None:
+            self._values["response_completion_timeout"] = response_completion_timeout
         if origin_path is not None:
             self._values["origin_path"] = origin_path
 
@@ -10595,6 +10646,21 @@ class OriginProps(OriginOptions):
         result = self._values.get("origin_shield_region")
         return typing.cast(typing.Optional[builtins.str], result)
 
+    @builtins.property
+    def response_completion_timeout(self) -> typing.Optional[_Duration_4839e8c3]:
+        '''The time that a request from CloudFront to the origin can stay open and wait for a response.
+
+        If the complete response isn't received from the origin by this time, CloudFront ends the connection.
+
+        Valid values are 1-3600 seconds, inclusive.
+
+        :default: undefined -  AWS CloudFront default is not enforcing a maximum value
+
+        :see: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#response-completion-timeout
+        '''
+        result = self._values.get("response_completion_timeout")
+        return typing.cast(typing.Optional[_Duration_4839e8c3], result)
+
     @builtins.property
     def origin_path(self) -> typing.Optional[builtins.str]:
         '''An optional path that CloudFront appends to the origin domain name when CloudFront requests content from the origin.
@@ -10632,6 +10698,7 @@ class OriginProtocolPolicy(enum.Enum):
             connection_attempts=3,
             connection_timeout=Duration.seconds(5),
             read_timeout=Duration.seconds(45),
+            response_completion_timeout=Duration.seconds(120),
             keepalive_timeout=Duration.seconds(45),
             protocol_policy=cloudfront.OriginProtocolPolicy.MATCH_VIEWER
         )
@@ -21805,7 +21872,7 @@ class CfnDistribution(
             - To accept HTTPS connections from only viewers that support SNI, set ``SSLSupportMethod`` to ``sni-only`` . This is recommended. Most browsers and clients support SNI. (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
             - To accept HTTPS connections from all viewers, including those that don't support SNI, set ``SSLSupportMethod`` to ``vip`` . This is not recommended, and results in additional monthly charges from CloudFront. (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
             - The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for ``MinimumProtocolVersion`` . For more information, see `Security Policy <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy>`_ in the *Amazon CloudFront Developer Guide* .
-            - The location of the SSL/TLS certificate, `AWS Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ (recommended) or `AWS Identity and Access Management (IAM) <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html>`_ . You specify the location by setting a value in one of the following fields (not both):
+            - The location of the SSL/TLS certificate, `Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ (recommended) or `AWS Identity and Access Management (IAM) <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html>`_ . You specify the location by setting a value in one of the following fields (not both):
             - ``ACMCertificateArn`` (In CloudFormation, this field name is ``AcmCertificateArn`` . Note the different capitalization.)
             - ``IAMCertificateId`` (In CloudFormation, this field name is ``IamCertificateId`` . Note the different capitalization.)
 
@@ -21813,7 +21880,7 @@ class CfnDistribution(
 
             For more information, see `Using HTTPS with CloudFront <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html>`_ and `Using Alternate Domain Names and HTTPS <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html>`_ in the *Amazon CloudFront Developer Guide* .
 
-            :param acm_certificate_arn: .. epigraph:: In CloudFormation, this field name is ``AcmCertificateArn`` . Note the different capitalization. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `AWS Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( ``us-east-1`` ). If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod`` . (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
+            :param acm_certificate_arn: .. epigraph:: In CloudFormation, this field name is ``AcmCertificateArn`` . Note the different capitalization. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( ``us-east-1`` ). If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod`` . (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
             :param cloud_front_default_certificate: If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net`` , set this field to ``true`` . If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), omit this field and specify values for the following fields: - ``AcmCertificateArn`` or ``IamCertificateId`` (specify a value for one, not both) - ``MinimumProtocolVersion`` - ``SslSupportMethod``
             :param iam_certificate_id: .. epigraph:: This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see `Unsupported features for SaaS Manager for Amazon CloudFront <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas>`_ in the *Amazon CloudFront Developer Guide* . > In CloudFormation, this field name is ``IamCertificateId`` . Note the different capitalization. If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `AWS Identity and Access Management (IAM) <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html>`_ , provide the ID of the IAM certificate. If you specify an IAM certificate ID, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod`` . (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
             :param minimum_protocol_version: If the distribution uses ``Aliases`` (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings: - The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers. - The ciphers that CloudFront can use to encrypt the content that it returns to viewers. For more information, see `Security Policy <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy>`_ and `Supported Protocols and Ciphers Between Viewers and CloudFront <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers>`_ in the *Amazon CloudFront Developer Guide* . .. epigraph:: On the CloudFront console, this setting is called *Security Policy* . When you're using SNI only (you set ``SSLSupportMethod`` to ``sni-only`` ), you must specify ``TLSv1`` or higher. (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.) If the distribution uses the CloudFront domain name such as ``d111111abcdef8.cloudfront.net`` (you set ``CloudFrontDefaultCertificate`` to ``true`` ), CloudFront automatically sets the security policy to ``TLSv1`` regardless of the value that you set here.
@@ -21861,7 +21928,7 @@ class CfnDistribution(
 
    In CloudFormation, this field name is ``AcmCertificateArn`` . Note the different capitalization.
 
-            If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `AWS Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( ``us-east-1`` ).
+            If the distribution uses ``Aliases`` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in `Certificate Manager (ACM) <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html>`_ , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( ``us-east-1`` ).
 
             If you specify an ACM certificate ARN, you must also specify values for ``MinimumProtocolVersion`` and ``SSLSupportMethod`` . (In CloudFormation, the field name is ``SslSupportMethod`` . Note the different capitalization.)
 
@@ -22458,7 +22525,7 @@ class CfnDistributionTenant(
     )
     class CertificateProperty:
         def __init__(self, *, arn: typing.Optional[builtins.str] = None) -> None:
-            '''The AWS Certificate Manager (ACM) certificate associated with your distribution.
+            '''The Certificate Manager (ACM) certificate associated with your distribution.
 
             :param arn: The Amazon Resource Name (ARN) of the ACM certificate.
 
@@ -22523,7 +22590,7 @@ class CfnDistributionTenant(
 
             For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and AWS WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.
 
-            :param certificate: The AWS Certificate Manager (ACM) certificate.
+            :param certificate: The Certificate Manager (ACM) certificate.
             :param geo_restrictions: The geographic restrictions.
             :param web_acl: The AWS WAF web ACL.
 
@@ -22567,7 +22634,7 @@ class CfnDistributionTenant(
         def certificate(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnDistributionTenant.CertificateProperty"]]:
-            '''The AWS Certificate Manager (ACM) certificate.
+            '''The Certificate Manager (ACM) certificate.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-customizations.html#cfn-cloudfront-distributiontenant-customizations-certificate
             '''
@@ -22770,7 +22837,7 @@ class CfnDistributionTenant(
         ) -> None:
             '''An object that represents the request for the Amazon CloudFront managed ACM certificate.
 
-            :param certificate_transparency_logging_preference: You can opt out of certificate transparency logging by specifying the ``disabled`` option. Opt in by specifying ``enabled`` . For more information, see `Certificate Transparency Logging <https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency>`_ in the *AWS Certificate Manager User Guide* .
+            :param certificate_transparency_logging_preference: You can opt out of certificate transparency logging by specifying the ``disabled`` option. Opt in by specifying ``enabled`` . For more information, see `Certificate Transparency Logging <https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency>`_ in the *Certificate Manager User Guide* .
             :param primary_domain_name: The primary domain name associated with the CloudFront managed ACM certificate.
             :param validation_token_host: Specify how the HTTP validation token will be served when requesting the CloudFront managed ACM certificate. - For ``cloudfront`` , CloudFront will automatically serve the validation token. Choose this mode if you can point the domain's DNS to CloudFront immediately. - For ``self-hosted`` , you serve the validation token from your existing infrastructure. Choose this mode when you need to maintain current traffic flow while your certificate is being issued. You can place the validation token at the well-known path on your existing web server, wait for ACM to validate and issue the certificate, and then update your DNS to point to CloudFront.
 
@@ -22808,7 +22875,7 @@ class CfnDistributionTenant(
         ) -> typing.Optional[builtins.str]:
             '''You can opt out of certificate transparency logging by specifying the ``disabled`` option.
 
-            Opt in by specifying ``enabled`` . For more information, see `Certificate Transparency Logging <https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency>`_ in the *AWS Certificate Manager User Guide* .
+            Opt in by specifying ``enabled`` . For more information, see `Certificate Transparency Logging <https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency>`_ in the *Certificate Manager User Guide* .
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distributiontenant-managedcertificaterequest.html#cfn-cloudfront-distributiontenant-managedcertificaterequest-certificatetransparencyloggingpreference
             '''
@@ -24979,6 +25046,8 @@ class CfnPublicKey(
 ):
     '''A public key that you can use with `signed URLs and signed cookies <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html>`_ , or with `field-level encryption <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html>`_ .
 
+    CloudFront supports signed URLs and signed cookies with RSA 2048 or ECDSA 256 key signatures. Field-level encryption is only compatible with RSA 2048 key signatures.
+
     :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-publickey.html
     :cloudformationResource: AWS::CloudFront::PublicKey
     :exampleMetadata: fixture=_generated
@@ -25119,6 +25188,8 @@ class CfnPublicKey(
         ) -> None:
             '''Configuration information about a public key that you can use with `signed URLs and signed cookies <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html>`_ , or with `field-level encryption <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html>`_ .
 
+            CloudFront supports signed URLs and signed cookies with RSA 2048 or ECDSA 256 key signatures. Field-level encryption is only compatible with RSA 2048 key signatures.
+
             :param caller_reference: A string included in the request to help make sure that the request can't be replayed.
             :param encoded_key: The public key that you can use with `signed URLs and signed cookies <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html>`_ , or with `field-level encryption <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html>`_ .
             :param name: A name to help identify the public key.
@@ -32539,6 +32610,7 @@ def _typecheckingstub__5b13f814bf47a5f3949ffc4b53034b4702a02836213167c9ba4c6a8d6
     origin_id: typing.Optional[builtins.str] = None,
     origin_shield_enabled: typing.Optional[builtins.bool] = None,
     origin_shield_region: typing.Optional[builtins.str] = None,
+    response_completion_timeout: typing.Optional[_Duration_4839e8c3] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -32552,6 +32624,13 @@ def _typecheckingstub__8428dfc90e69bdd5363e69afd9c590a4ed2f1363b22242197295117dc
     """Type checking stubs"""
     pass
 
+def _typecheckingstub__2a6162e2b8ea3b5399119fc8b631f66d8bac30203424ac043fac74ad6d5bf84d(
+    response_completion_timeout: typing.Optional[_Duration_4839e8c3] = None,
+    read_timeout: typing.Optional[_Duration_4839e8c3] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
 def _typecheckingstub__d3e6a8992dd905a0c0d851cfed62aa0f881803068317a0b59eb84571249e84f1(
     *,
     failover_config: typing.Optional[typing.Union[OriginFailoverConfig, typing.Dict[builtins.str, typing.Any]]] = None,
@@ -32586,6 +32665,7 @@ def _typecheckingstub__554f93c57439378c8175676cc442eaea5c8ec961a156b1f26e60df9cd
     origin_id: typing.Optional[builtins.str] = None,
     origin_shield_enabled: typing.Optional[builtins.bool] = None,
     origin_shield_region: typing.Optional[builtins.str] = None,
+    response_completion_timeout: typing.Optional[_Duration_4839e8c3] = None,
 ) -> None:
     """Type checking stubs"""
     pass
@@ -32599,6 +32679,7 @@ def _typecheckingstub__e1f5da480c426bb32e14bbbeb482146cc90bcd3678f902c46f0f2f739
     origin_id: typing.Optional[builtins.str] = None,
     origin_shield_enabled: typing.Optional[builtins.bool] = None,
     origin_shield_region: typing.Optional[builtins.str] = None,
+    response_completion_timeout: typing.Optional[_Duration_4839e8c3] = None,
     origin_path: typing.Optional[builtins.str] = None,
 ) -> None:
     """Type checking stubs"""