Amazon CloudFront テンプレートスニペット
AWS CloudFormation の Amazon CloudFront に対して、テンプレートのサンプルスニペットを使用します。詳細については、「Amazon CloudFront resource type reference」を参照してください。
トピック
Amazon S3 オリジンを使用した Amazon CloudFront Distribution リソース
次のサンプルテンプレートは、S3Origin とレガシーオリジンアクセスアイデンティティ (OAI) を使用する Amazon CloudFront ディストリビューションを示しています。代わりにオリジンアクセスコントロール (OAC) を使用する方法については、「Amazon CloudFront デベロッパーガイド」の「Restricting access to an Amazon Simple Storage Service origin」を参照してください。
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Resources" : { "myDistribution" : { "Type" : "AWS::CloudFront::Distribution", "Properties" : { "DistributionConfig" : { "Origins" : [ { "DomainName" : "amzn-s3-demo-bucket.s3.amazonaws.com", "Id" : "myS3Origin", "S3OriginConfig" : { "OriginAccessIdentity" : "origin-access-identity/cloudfront/E127EXAMPLE51Z" } }], "Enabled" : "true", "Comment" : "Some comment", "DefaultRootObject" : "index.html", "Logging" : { "IncludeCookies" : "false", "Bucket" : "amzn-s3-demo-logging-bucket.s3.amazonaws.com", "Prefix" : "myprefix" }, "Aliases" : [ "mysite.example.com", "yoursite.example.com" ], "DefaultCacheBehavior" : { "AllowedMethods" : [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ], "TargetOriginId" : "myS3Origin", "ForwardedValues" : { "QueryString" : "false", "Cookies" : { "Forward" : "none" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all" }, "PriceClass" : "PriceClass_200", "Restrictions" : { "GeoRestriction" : { "RestrictionType" : "whitelist", "Locations" : [ "AQ", "CV" ] } }, "ViewerCertificate" : { "CloudFrontDefaultCertificate" : "true" } } } } } }
YAML
AWSTemplateFormatVersion: '2010-09-09' Resources: myDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Origins: - DomainName: amzn-s3-demo-bucket.s3.amazonaws.com Id: myS3Origin S3OriginConfig: OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z Enabled: 'true' Comment: Some comment DefaultRootObject: index.html Logging: IncludeCookies: 'false' Bucket: amzn-s3-demo-logging-bucket.s3.amazonaws.com Prefix: myprefix Aliases: - mysite.example.com - yoursite.example.com DefaultCacheBehavior: AllowedMethods: - DELETE - GET - HEAD - OPTIONS - PATCH - POST - PUT TargetOriginId: myS3Origin ForwardedValues: QueryString: 'false' Cookies: Forward: none TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all PriceClass: PriceClass_200 Restrictions: GeoRestriction: RestrictionType: whitelist Locations: - AQ - CV ViewerCertificate: CloudFrontDefaultCertificate: 'true'
カスタムオリジンを使用した Amazon CloudFront Distribution リソース
次のテンプレートの例では、CustomOrigin を使用した Amazon CloudFront [Distribution] (ディストリビューション) を示します。
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Resources" : { "myDistribution" : { "Type" : "AWS::CloudFront::Distribution", "Properties" : { "DistributionConfig" : { "Origins" : [ { "DomainName" : "www.example.com", "Id" : "myCustomOrigin", "CustomOriginConfig" : { "HTTPPort" : "80", "HTTPSPort" : "443", "OriginProtocolPolicy" : "http-only" } } ], "Enabled" : "true", "Comment" : "Somecomment", "DefaultRootObject" : "index.html", "Logging" : { "IncludeCookies" : "true", "Bucket" : "amzn-s3-demo-logging-bucket.s3.amazonaws.com", "Prefix": "myprefix" }, "Aliases" : [ "mysite.example.com", "*.yoursite.example.com" ], "DefaultCacheBehavior" : { "TargetOriginId" : "myCustomOrigin", "SmoothStreaming" : "false", "ForwardedValues" : { "QueryString" : "false", "Cookies" : { "Forward" : "all" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all" }, "CustomErrorResponses" : [ { "ErrorCode" : "404", "ResponsePagePath" : "/error-pages/404.html", "ResponseCode" : "200", "ErrorCachingMinTTL" : "30" } ], "PriceClass" : "PriceClass_200", "Restrictions" : { "GeoRestriction" : { "RestrictionType" : "whitelist", "Locations" : [ "AQ", "CV" ] } }, "ViewerCertificate": { "CloudFrontDefaultCertificate" : "true" } } } } } }
YAML
AWSTemplateFormatVersion: '2010-09-09' Resources: myDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Origins: - DomainName: www.example.com Id: myCustomOrigin CustomOriginConfig: HTTPPort: '80' HTTPSPort: '443' OriginProtocolPolicy: http-only Enabled: 'true' Comment: Somecomment DefaultRootObject: index.html Logging: IncludeCookies: 'true' Bucket: amzn-s3-demo-logging-bucket.s3.amazonaws.com Prefix: myprefix Aliases: - mysite.example.com - "*.yoursite.example.com" DefaultCacheBehavior: TargetOriginId: myCustomOrigin SmoothStreaming: 'false' ForwardedValues: QueryString: 'false' Cookies: Forward: all TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all CustomErrorResponses: - ErrorCode: '404' ResponsePagePath: "/error-pages/404.html" ResponseCode: '200' ErrorCachingMinTTL: '30' PriceClass: PriceClass_200 Restrictions: GeoRestriction: RestrictionType: whitelist Locations: - AQ - CV ViewerCertificate: CloudFrontDefaultCertificate: 'true'
複数のオリジンをサポートする Amazon CloudFront ディストリビューション
次のテンプレート例では、複数のオリジンをサポートする CloudFront ディストリビューションを宣言する方法を示します。DistributionConfig では、オリジンのリストが指定され、DefaultCacheBehavior が設定されます。
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Resources" : { "myDistribution" : { "Type" : "AWS::CloudFront::Distribution", "Properties" : { "DistributionConfig" : { "Origins" : [ { "Id" : "myS3Origin", "DomainName" : "amzn-s3-demo-bucket.s3.amazonaws.com", "S3OriginConfig" : { "OriginAccessIdentity" : "origin-access-identity/cloudfront/E127EXAMPLE51Z" } }, { "Id" : "myCustomOrigin", "DomainName" : "www.example.com", "CustomOriginConfig" : { "HTTPPort" : "80", "HTTPSPort" : "443", "OriginProtocolPolicy" : "http-only" } } ], "Enabled" : "true", "Comment" : "Some comment", "DefaultRootObject" : "index.html", "Logging" : { "IncludeCookies" : "true", "Bucket" : "amzn-s3-demo-logging-bucket.s3.amazonaws.com", "Prefix" : "myprefix" }, "Aliases" : [ "mysite.example.com", "yoursite.example.com" ], "DefaultCacheBehavior" : { "TargetOriginId" : "myS3Origin", "ForwardedValues" : { "QueryString" : "false", "Cookies" : { "Forward" : "all" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all", "MinTTL" : "100", "SmoothStreaming" : "true" }, "CacheBehaviors" : [ { "AllowedMethods" : [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ], "TargetOriginId" : "myS3Origin", "ForwardedValues" : { "QueryString" : "true", "Cookies" : { "Forward" : "none" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all", "MinTTL" : "50", "PathPattern" : "images1/*.jpg" }, { "AllowedMethods" : [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ], "TargetOriginId" : "myCustomOrigin", "ForwardedValues" : { "QueryString" : "true", "Cookies" : { "Forward" : "none" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all", "MinTTL" : "50", "PathPattern" : "images2/*.jpg" } ], "CustomErrorResponses" : [ { "ErrorCode" : "404", "ResponsePagePath" : "/error-pages/404.html", "ResponseCode" : "200", "ErrorCachingMinTTL" : "30" } ], "PriceClass" : "PriceClass_All", "ViewerCertificate" : { "CloudFrontDefaultCertificate" : "true" } } } } } }
YAML
AWSTemplateFormatVersion: '2010-09-09' Resources: myDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Origins: - Id: myS3Origin DomainName: amzn-s3-demo-bucket.s3.amazonaws.com S3OriginConfig: OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z - Id: myCustomOrigin DomainName: www.example.com CustomOriginConfig: HTTPPort: '80' HTTPSPort: '443' OriginProtocolPolicy: http-only Enabled: 'true' Comment: Some comment DefaultRootObject: index.html Logging: IncludeCookies: 'true' Bucket: amzn-s3-demo-logging-bucket.s3.amazonaws.com Prefix: myprefix Aliases: - mysite.example.com - yoursite.example.com DefaultCacheBehavior: TargetOriginId: myS3Origin ForwardedValues: QueryString: 'false' Cookies: Forward: all TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all MinTTL: '100' SmoothStreaming: 'true' CacheBehaviors: - AllowedMethods: - DELETE - GET - HEAD - OPTIONS - PATCH - POST - PUT TargetOriginId: myS3Origin ForwardedValues: QueryString: 'true' Cookies: Forward: none TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all MinTTL: '50' PathPattern: images1/*.jpg - AllowedMethods: - DELETE - GET - HEAD - OPTIONS - PATCH - POST - PUT TargetOriginId: myCustomOrigin ForwardedValues: QueryString: 'true' Cookies: Forward: none TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all MinTTL: '50' PathPattern: images2/*.jpg CustomErrorResponses: - ErrorCode: '404' ResponsePagePath: "/error-pages/404.html" ResponseCode: '200' ErrorCachingMinTTL: '30' PriceClass: PriceClass_All ViewerCertificate: CloudFrontDefaultCertificate: 'true'
Lambda 関数をオリジンとする Amazon CloudFront ディストリビューション
次の例では、指定された Lambda 関数 URL (パラメータとして提供) をフロントとする CloudFront ディストリビューションを作成し、HTTPS のみのアクセス、キャッシュ、圧縮、およびグローバル配信を有効にします。Lambda URL をカスタム HTTPS オリジンとして設定し、標準の AWS キャッシュポリシーを適用します。このディストリビューションは、HTTP/2 および IPv6 サポートによりパフォーマンスが最適化されており、CloudFront ドメイン名を出力します。これにより、ユーザーは安全な CDN ベースのエンドポイントを介して Lambda 関数にアクセスできます。詳細については、AWS ブログの「Using Amazon CloudFront with AWS Lambda as origin to accelerate your web applications
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { "LambdaEndpoint": { "Type": "String", "Description": "The Lambda function URL endpoint without the 'https://'" } }, "Resources": { "MyDistribution": { "Type": "AWS::CloudFront::Distribution", "Properties": { "DistributionConfig": { "PriceClass": "PriceClass_All", "HttpVersion": "http2", "IPV6Enabled": true, "Origins": [ { "DomainName": { "Ref": "LambdaEndpoint" }, "Id": "LambdaOrigin", "CustomOriginConfig": { "HTTPSPort": 443, "OriginProtocolPolicy": "https-only" } } ], "Enabled": "true", "DefaultCacheBehavior": { "TargetOriginId": "LambdaOrigin", "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", "ViewerProtocolPolicy": "redirect-to-https", "SmoothStreaming": "false", "Compress": "true" } } } } }, "Outputs": { "CloudFrontDomain": { "Description": "CloudFront default domain name configured", "Value": { "Fn::Sub": "https://${MyDistribution.DomainName}/" } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Parameters: LambdaEndpoint: Type: String Description: The Lambda function URL endpoint without the 'https://' Resources: MyDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: PriceClass: PriceClass_All HttpVersion: http2 IPV6Enabled: true Origins: - DomainName: !Ref LambdaEndpoint Id: LambdaOrigin CustomOriginConfig: HTTPSPort: 443 OriginProtocolPolicy: https-only Enabled: 'true' DefaultCacheBehavior: TargetOriginId: LambdaOrigin CachePolicyId: '658327ea-f89d-4fab-a63d-7e88639e58f6' ViewerProtocolPolicy: redirect-to-https SmoothStreaming: 'false' Compress: 'true' Outputs: CloudFrontDomain: Description: CloudFront default domain name configured Value: !Sub https://${MyDistribution.DomainName}/
関連情報
Route 53 レコードにカスタムエイリアスを追加して CloudFront ディストリビューションにわかりやすい名前を付ける例については、「CloudFront ディストリビューションのエイリアスリソースレコードセット」を参照してください。
