Distribution tenant customizations
When using a multi-tenant distribution, your distribution tenants inherit the multi-tenant distribution configuration. However, you can customize some settings at the distribution tenant level.
You can customize the following:
-
Parameters – Parameters are key-value pairs that you can use for the origin domain or origin paths. See How parameters work with distribution tenants.
-
AWS WAF web ACL (V2) – You can specify a separate web ACL for the distribution tenant, which will override the web ACL used for the multi-tenant distribution. You can also disable this setting for a specific distribution tenant, which means the distribution tenant won't inherit the web ACL protections from the multi-tenant distribution. For more information, see AWS WAF web ACL.
-
Geographic restrictions – Geographic restrictions that you specify for a distribution tenant will override any geographic restrictions for the multi-tenant distribution. For example, if you block Germany (DE) in your multi-tenant distribution, all associated distribution tenants will also block DE. However, if you allow DE for a specific distribution tenant, that distribution tenant settings will override the settings for the multi-tenant distribution. For more information, see Restrict the geographic distribution of your content.
-
Invalidation paths – Specify the file paths to the content that you want to invalidate for the distribution tenant. For more information, see Invalidate files.
-
Custom TLS certificates – AWS Certificate Manager (ACM) certificates that you specify for distribution tenants are supplemental to the certificate provided in the multi-tenant distribution. However, if the same domain is covered by both the multi-tenant distribution and distribution tenant certificates, then the tenant certificate is used. For more information, see Request certificates for your CloudFront distribution tenant.
-
Domain names – Unlike standard distributions, you can specify domain names for your distribution tenants (at the tenant-level). You must specify at least one domain name per distribution tenant.
How parameters work with distribution tenants
A parameter is a key-value pair that you can use for placeholder values. Define the parameters that you want to use in your multi-tenant distribution and specify whether they're required.
When you define parameters in your multi-tenant distribution, you choose whether those parameters are required to be entered at the distribution tenant level.
If you define the parameters as required in the multi-tenant distribution, then they must be entered at the distribution tenant level. (They are not inherited).
If the parameters are not required, then you can provide a default value in the multi-tenant distribution that is inherited by the distribution tenant.
You can use parameters in the following properties:
-
Origin domain name
-
Origin path
In the multi-tenant distribution, you can define up to two parameters for each of the preceding properties.
Example
You want to create multiple websites (tenants) for your customers, and you need to ensure that each distribution tenant resource uses the correct values.
-
You create a multi-tenant distribution and include two parameters for the distribution tenant configuration.
-
For the origin domain name, you create a parameter named
customer-nameand specify that it's required. You enter the parameter after the S3 bucket, so that it appears ashttps://amzn-s3-demo-bucket1.s3.region-code.amazonaws.com/.{{customer-name}} -
For origin path, you create a second parameter named
my-theme, and specify that it's optional, with a default value ofbasic. Your origin path appears as/{{my-theme}} -
When you create a distribution tenant, you must specify a value for
{{customer-name}}for the origin domain name because it's required. For the origin path, you can specify your own value for the{{my-theme}}parameter. If you don't, the distribution tenant will use the default value that you specified earlier.
