enum AccessLevel
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.CloudFront.AccessLevel |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#AccessLevel |
 Java | software.amazon.awscdk.services.cloudfront.AccessLevel |
 Python | aws_cdk.aws_cloudfront.AccessLevel |
 TypeScript (source) | aws-cdk-lib » aws_cloudfront » AccessLevel |
The level of permissions granted to the CloudFront Distribution when configuring OAC.
Example
// Create the simple Origin
const myBucket = new s3.Bucket(this, 'myBucket');
const s3Origin = origins.S3BucketOrigin.withOriginAccessControl(myBucket, {
originAccessLevels: [cloudfront.AccessLevel.READ, cloudfront.AccessLevel.LIST],
});
// Create the Distribution construct
const myMultiTenantDistribution = new cloudfront.Distribution(this, 'distribution', {
defaultBehavior: {
origin: s3Origin,
},
defaultRootObject: 'index.html', // recommended to specify
});
// Access the underlying L1 CfnDistribution to configure SaaS Manager properties which are not yet available in the L2 Distribution construct
const cfnDistribution = myMultiTenantDistribution.node.defaultChild as cloudfront.CfnDistribution;
const defaultCacheBehavior: cloudfront.CfnDistribution.DefaultCacheBehaviorProperty = {
targetOriginId: myBucket.bucketArn,
viewerProtocolPolicy: 'allow-all',
compress: false,
allowedMethods: ['GET', 'HEAD'],
cachePolicyId: cloudfront.CachePolicy.CACHING_OPTIMIZED.cachePolicyId
};
// Create the updated distributionConfig
const distributionConfig: cloudfront.CfnDistribution.DistributionConfigProperty = {
defaultCacheBehavior: defaultCacheBehavior,
enabled: true,
// the properties below are optional
connectionMode: 'tenant-only',
origins: [
{
id: myBucket.bucketArn,
domainName: myBucket.bucketDomainName,
s3OriginConfig: {},
originPath: "/{{tenantName}}"
},
],
tenantConfig: {
parameterDefinitions: [
{
definition: {
stringSchema: {
required: false,
// the properties below are optional
comment: 'tenantName',
defaultValue: 'root',
},
},
name: 'tenantName',
},
],
},
};
// Override the distribution configuration to enable multi-tenancy.
cfnDistribution.distributionConfig = distributionConfig;
// Create a distribution tenant using an existing ACM certificate
const cfnDistributionTenant = new cloudfront.CfnDistributionTenant(this, 'distribution-tenant', {
distributionId: myMultiTenantDistribution.distributionId,
domains: ['my-tenant.my.domain.com'],
name: 'my-tenant',
enabled: true,
parameters: [ // Override the default 'tenantName' parameter (root) defined in the multi-tenant distribution.
{
name: 'tenantName',
value: 'app',
},
],
customizations: {
certificate: {
arn: 'REPLACE_WITH_ARN', // Certificate must be in us-east-1 region and cover 'my-tenant.my.domain.com'
},
},
});
Members
| Name | Description |
|---|---|
| READ | Grants read permissions to CloudFront Distribution. |
| READ_VERSIONED | Grants versioned read permissions to CloudFront Distribution. |
| LIST | Grants list permissions to CloudFront Distribution. |
| WRITE | Grants write permission to CloudFront Distribution. |
| DELETE | Grants delete permission to CloudFront Distribution. |
READ
Grants read permissions to CloudFront Distribution.
READ_VERSIONED
Grants versioned read permissions to CloudFront Distribution.
LIST
Grants list permissions to CloudFront Distribution.
WRITE
Grants write permission to CloudFront Distribution.
DELETE
Grants delete permission to CloudFront Distribution.