Class: Aws::CloudFront::Types::ViewerCertificate

Inherits:

Struct

• Object
• Struct
• Aws::CloudFront::Types::ViewerCertificate

Includes:

Structure

Defined in:

lib/aws-sdk-cloudfront/types.rb

Overview

Note:

When making an API call, you may pass ViewerCertificate data as a hash:

{
  cloud_front_default_certificate: false,
  iam_certificate_id: "string",
  acm_certificate_arn: "string",
  ssl_support_method: "sni-only", # accepts sni-only, vip
  minimum_protocol_version: "SSLv3", # accepts SSLv3, TLSv1, TLSv1_2016, TLSv1.1_2016, TLSv1.2_2018
  certificate: "string",
  certificate_source: "cloudfront", # accepts cloudfront, iam, acm
}

A complex type that specifies the following:

• Whether you want viewers to use HTTP or HTTPS to request your objects.

• If you want viewers to use HTTPS, whether you’re using an alternate domain name such as ‘example.com` or the CloudFront domain name for your distribution, such as `d111111abcdef8.cloudfront.net`.

• If you’re using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

Specify only one of the following values:

• ACMCertificateArn][1

• IAMCertificateId][2

• CloudFrontDefaultCertificate][3

For more information, see [ Using Alternate Domain Names and HTTPS] in the *Amazon CloudFront Developer Guide*.

[1]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-ACMCertificateArn [2]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-IAMCertificateId [3]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-CloudFrontDefaultCertificate [4]: docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/SecureConnections.html#CNAMEsAndHTTPS

See Also:

• AWS API Documentation

Instance Attribute Summary

• #acm_certificate_arn ⇒ String

  If you want viewers to use HTTPS to request your objects and you’re using an alternate domain name, you must choose the type of certificate that you want to use.

• #certificate ⇒ String

  This field is no longer used.

• #certificate_source ⇒ String

  This field is no longer used.

• #cloud_front_default_certificate ⇒ Boolean

  If you’re using the CloudFront domain name for your distribution, such as ‘d111111abcdef8.cloudfront.net`, specify the following value:.

• #iam_certificate_id ⇒ String

  If you want viewers to use HTTPS to request your objects and you’re using an alternate domain name, you must choose the type of certificate that you want to use.

• #minimum_protocol_version ⇒ String

  Specify the security policy that you want CloudFront to use for HTTPS connections.

• #ssl_support_method ⇒ String

  If you specify a value for [ACMCertificateArn] or for [IAMCertificateId], you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for browsers and clients released after 2010 or one that works for all clients.

Instance Attribute Details

#acm_certificate_arn ⇒ String

If you want viewers to use HTTPS to request your objects and you’re using an alternate domain name, you must choose the type of certificate that you want to use. Specify the following value if ACM provided your certificate:

• ‘<ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn>` where ` ARN for ACM SSL/TLS certificate ` is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.

^

If you specify ‘ACMCertificateArn`, you must also specify a value for `SSLSupportMethod`.

Returns:

• (String)

# File 'lib/aws-sdk-cloudfront/types.rb', line 8862

class ViewerCertificate < Struct.new(
  :cloud_front_default_certificate,
  :iam_certificate_id,
  :acm_certificate_arn,
  :ssl_support_method,
  :minimum_protocol_version,
  :certificate,
  :certificate_source)
  include Aws::Structure
end

#certificate ⇒ String

This field is no longer used. Use one of the following fields instead:

• ACMCertificateArn][1

• IAMCertificateId][2

• CloudFrontDefaultCertificate][3

[1]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-ACMCertificateArn [2]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-IAMCertificateId [3]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-CloudFrontDefaultCertificate

Returns:

• (String)

# File 'lib/aws-sdk-cloudfront/types.rb', line 8862

class ViewerCertificate < Struct.new(
  :cloud_front_default_certificate,
  :iam_certificate_id,
  :acm_certificate_arn,
  :ssl_support_method,
  :minimum_protocol_version,
  :certificate,
  :certificate_source)
  include Aws::Structure
end

#certificate_source ⇒ String

This field is no longer used. Use one of the following fields instead:

• ACMCertificateArn][1

• IAMCertificateId][2

• CloudFrontDefaultCertificate][3

[1]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-ACMCertificateArn [2]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-IAMCertificateId [3]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-CloudFrontDefaultCertificate

Returns:

• (String)

# File 'lib/aws-sdk-cloudfront/types.rb', line 8862

class ViewerCertificate < Struct.new(
  :cloud_front_default_certificate,
  :iam_certificate_id,
  :acm_certificate_arn,
  :ssl_support_method,
  :minimum_protocol_version,
  :certificate,
  :certificate_source)
  include Aws::Structure
end

#cloud_front_default_certificate ⇒ Boolean

If you’re using the CloudFront domain name for your distribution, such as ‘d111111abcdef8.cloudfront.net`, specify the following value:

• ‘<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate> `

^

Returns:

• (Boolean)

# File 'lib/aws-sdk-cloudfront/types.rb', line 8862

class ViewerCertificate < Struct.new(
  :cloud_front_default_certificate,
  :iam_certificate_id,
  :acm_certificate_arn,
  :ssl_support_method,
  :minimum_protocol_version,
  :certificate,
  :certificate_source)
  include Aws::Structure
end

#iam_certificate_id ⇒ String

If you want viewers to use HTTPS to request your objects and you’re using an alternate domain name, you must choose the type of certificate that you want to use. Specify the following value if you purchased your certificate from a third-party certificate authority:

• ‘<IAMCertificateId>IAM certificate ID<IAMCertificateId>` where ` IAM certificate ID ` is the ID that IAM returned when you added the certificate to the IAM certificate store.

^

If you specify ‘IAMCertificateId`, you must also specify a value for `SSLSupportMethod`.

Returns:

• (String)

# File 'lib/aws-sdk-cloudfront/types.rb', line 8862

class ViewerCertificate < Struct.new(
  :cloud_front_default_certificate,
  :iam_certificate_id,
  :acm_certificate_arn,
  :ssl_support_method,
  :minimum_protocol_version,
  :certificate,
  :certificate_source)
  include Aws::Structure
end

#minimum_protocol_version ⇒ String

Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:

• The minimum SSL/TLS protocol that CloudFront uses to communicate with viewers

• The cipher that CloudFront uses to encrypt the content that it returns to viewers

<note markdown=“1”> On the CloudFront console, this setting is called **Security policy**.

</note>

We recommend that you specify ‘TLSv1.1_2016` unless your users are using browsers or devices that do not support TLSv1.1 or later.

When both of the following are true, you must specify ‘TLSv1` or later for the security policy:

• You’re using a custom certificate: you specified a value for ‘ACMCertificateArn` or for `IAMCertificateId`

• You’re using SNI: you specified ‘sni-only` for `SSLSupportMethod`

If you specify ‘true` for `CloudFrontDefaultCertificate`, CloudFront automatically sets the security policy to `TLSv1` regardless of the value that you specify for `MinimumProtocolVersion`.

For information about the relationship between the security policy that you choose and the protocols and ciphers that CloudFront uses to communicate with viewers, see [ Supported SSL/TLS Protocols and Ciphers for Communication Between Viewers and CloudFront] in the *Amazon CloudFront Developer Guide*.

[1]: docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers

Returns:

• (String)

# File 'lib/aws-sdk-cloudfront/types.rb', line 8862

class ViewerCertificate < Struct.new(
  :cloud_front_default_certificate,
  :iam_certificate_id,
  :acm_certificate_arn,
  :ssl_support_method,
  :minimum_protocol_version,
  :certificate,
  :certificate_source)
  include Aws::Structure
end

#ssl_support_method ⇒ String

If you specify a value for [ACMCertificateArn] or for [IAMCertificateId], you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for browsers and clients released after 2010 or one that works for all clients.

• ‘sni-only`: CloudFront can respond to HTTPS requests from viewers that support Server Name Indication (SNI). All modern browsers support SNI, but there are a few that don’t. For a current list of the browsers that support SNI, see the [Wikipedia entry Server Name Indication]. To learn about options to explore if you have users with browsers that don’t include SNI support, see [Choosing How CloudFront Serves HTTPS Requests] in the *Amazon CloudFront Developer Guide*.

• ‘vip`: CloudFront uses dedicated IP addresses for your content and can respond to HTTPS requests from any viewer. However, there are additional monthly charges. For details, including specific pricing information, see [Custom SSL options for Amazon CloudFront] on the AWS marketing site.

Don’t specify a value for ‘SSLSupportMethod` if you specified `<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>`.

For more information, see [Choosing How CloudFront Serves HTTPS Requests] in the *Amazon CloudFront Developer Guide*.

[1]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-ACMCertificateArn [2]: docs.aws.amazon.com/cloudfront/latest/APIReference/API_ViewerCertificate.html#cloudfront-Type-ViewerCertificate-IAMCertificateId [3]: en.wikipedia.org/wiki/Server_Name_Indication [4]: docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cnames-https-dedicated-ip-or-sni.html [5]: aws.amazon.com/cloudfront/custom-ssl-domains/

Returns:

• (String)

# File 'lib/aws-sdk-cloudfront/types.rb', line 8862

class ViewerCertificate < Struct.new(
  :cloud_front_default_certificate,
  :iam_certificate_id,
  :acm_certificate_arn,
  :ssl_support_method,
  :minimum_protocol_version,
  :certificate,
  :certificate_source)
  include Aws::Structure
end