AccessLevel

class aws_cdk.aws_cloudfront.AccessLevel(*values)

Bases: Enum

The level of permissions granted to the CloudFront Distribution when configuring OAC.

ExampleMetadata:: infused

Example:

# Create the simple Origin
my_bucket = s3.Bucket(self, "myBucket")
s3_origin = origins.S3BucketOrigin.with_origin_access_control(my_bucket,
    origin_access_levels=[cloudfront.AccessLevel.READ, cloudfront.AccessLevel.LIST]
)

# Create the Distribution construct
my_multi_tenant_distribution = cloudfront.Distribution(self, "distribution",
    default_behavior=cloudfront.BehaviorOptions(
        origin=s3_origin
    ),
    default_root_object="index.html"
)

# Access the underlying L1 CfnDistribution to configure SaaS Manager properties which are not yet available in the L2 Distribution construct
cfn_distribution = my_multi_tenant_distribution.node.default_child

default_cache_behavior = cloudfront.CfnDistribution.DefaultCacheBehaviorProperty(
    target_origin_id=my_bucket.bucket_arn,
    viewer_protocol_policy="allow-all",
    compress=False,
    allowed_methods=["GET", "HEAD"],
    cache_policy_id=cloudfront.CachePolicy.CACHING_OPTIMIZED.cache_policy_id
)
# Create the updated distributionConfig
distribution_config = cloudfront.CfnDistribution.DistributionConfigProperty(
    default_cache_behavior=default_cache_behavior,
    enabled=True,
    # the properties below are optional
    connection_mode="tenant-only",
    origins=[cloudfront.CfnDistribution.OriginProperty(
        id=my_bucket.bucket_arn,
        domain_name=my_bucket.bucket_domain_name,
        s3_origin_config=cloudfront.CfnDistribution.S3OriginConfigProperty(),
        origin_path="/{{tenantName}}"
    )
    ],
    tenant_config=cloudfront.CfnDistribution.TenantConfigProperty(
        parameter_definitions=[cloudfront.CfnDistribution.ParameterDefinitionProperty(
            definition=cloudfront.CfnDistribution.DefinitionProperty(
                string_schema=cloudfront.CfnDistribution.StringSchemaProperty(
                    required=False,
                    # the properties below are optional
                    comment="tenantName",
                    default_value="root"
                )
            ),
            name="tenantName"
        )
        ]
    )
)

# Override the distribution configuration to enable multi-tenancy.
cfn_distribution.distribution_config = distribution_config

# Create a distribution tenant using an existing ACM certificate
cfn_distribution_tenant = cloudfront.CfnDistributionTenant(self, "distribution-tenant",
    distribution_id=my_multi_tenant_distribution.distribution_id,
    domains=["my-tenant.my.domain.com"],
    name="my-tenant",
    enabled=True,
    parameters=[cloudfront.CfnDistributionTenant.ParameterProperty(
        name="tenantName",
        value="app"
    )],
    customizations=cloudfront.CfnDistributionTenant.CustomizationsProperty(
        certificate=cloudfront.CfnDistributionTenant.CertificateProperty(
            arn="REPLACE_WITH_ARN"
        )
    )
)

Attributes

DELETE: Grants delete permission to CloudFront Distribution.

LIST: Grants list permissions to CloudFront Distribution.

READ: Grants read permissions to CloudFront Distribution.

READ_VERSIONED: Grants versioned read permissions to CloudFront Distribution.

WRITE: Grants write permission to CloudFront Distribution.