...
Property | Required | Value | Justification |
|---|---|---|---|
Aliases | No | N/A | For CNAMEs for static website, not applicable. |
CacheBehaviors | No | N/A | Covered by default cache behavior |
CNAMEs | No | N/A | Not applicable. |
Comment | No | “CloudFront distribution for ${stack}data.sagebase.org” | Gives info about distribution. |
ContinuousDeploymentPolicyId | No | N/A | Continuous deployment is for distributing traffic for a custom domain name to two different CF distributions. Not applicable. |
CustomErrorResponses | No | N/A | For replacing status code in 4xx and 5xx range with custom error messages. No use case for this. |
CustomOrigin | No | N/A | Legacy. Covered under Origin. |
DefaultCacheBehavior | Yes | Required - describes default caches behavior. | |
DefaultRootObject | No | N/A | Returns a default object when the user sends a request using the root URL and doesn’t include the object. Not applicable to our case since we are signing the URLs and users will always specify an object. |
Enabled | Yes | True | Enables the distribution |
HttpVersion | No | http2and3 | Defaults to HTTP 1.1 , but due to security concerns with HTTP 1.1, will require either HTTP 2 or 3. |
IPV6Enabled | No | False | Since we won’t create signed URLs that use IPV6, this is not applicable. |
Logging | No | Will allow tracking for data requests. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/AccessLogs.html | |
OriginGroups | No | N/A | Only used when multiple origins are used. Not applicable. |
Origins | No | Specifies where data will be pulled from. | |
PriceClass | No | “PriceClass_100” | Serves objects from the CloudFront edge location that has the lowest latency among the edge locations in the price class. Cost to transfer data out to internet from CloudFront compared to from S3 is only less for North America/Europe, which are the only two regions in Price Class 100. “If you select a price class that does not include all locations, some of your viewers, especially those in geographic locations that are not in your price class, may experience higher latency than if your content were being served from all Amazon CloudFront locations.“ https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PriceClass.html |
Restrictions | No | N/A | Restrictions only relate to countries where content is distributed. Not applicable |
S3Origin | No | N/A | Legacy. Not applicable. |
Staging | No | N/A | Indicates if this is a staging distribution. Not applicable. |
ViewerCertificate | No | Not required. Minimum TLS requirement set in HttpVersion. | |
WebACLId | No | N/A | Current signed URLs through S3 do not use a Web ACL. |
...
Property | Required | Value | Justification |
|---|---|---|---|
OriginAccessIdentity | No | ““ | Per documentation, if you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty |
...
Property
Required
Value
Justification
AcmCertificateArn
Conditional
N/A
Not applicable, since we won’t be using alternate domain names or CNAMEs.
CloudFrontDefaultCertificate
Conditional
True
The distribution uses the CloudFront domain name instead of an Alias/CNAME
IamCertificateId
Conditional
N/A
Not applicable, since we won’t be using alternate domain names or CNAMEs.
MinimumProtocolVersion
Conditional
N/A
Not applicable, since we won’t be using alternate domain names or CNAMEs. When SSL Certificate is default CloudFront certificate (*.cloudfront.net), CloudFront automatically sets the security policy to TLSv1. However, setting HTTPVersion in the origin to HTTP/2and3 requires that viewers support TLSv1.2 and TLSv1.3
SslSupportMethod
Conditional
N/A
. |
KeyGroup
| Anchor | ||||
|---|---|---|---|---|
|
...