Trechos de modelo do Amazon CloudFront
Use esses trechos do modelo de exemplo com o recurso de distribuição do Amazon CloudFront no AWS CloudFormation. Para obter mais informações, consulte Amazon CloudFront resource type reference.
Tópicos
Recurso de distribuição do Amazon CloudFront com uma origem do Amazon S3
O modelo de exemplo, apresentado a seguir, mostra uma distribuição do Amazon CloudFront usando um S3Origin e uma identidade do acesso de origem (OAI) herdada. Para obter informações sobre como usar o controle do acesso à origem (OAC), consulte Restringir o acesso ao conteúdo de uma origem do Amazon Simple Storage Service no Guia do desenvolvedor do Amazon CloudFront.
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Resources" : { "myDistribution" : { "Type" : "AWS::CloudFront::Distribution", "Properties" : { "DistributionConfig" : { "Origins" : [ { "DomainName" : "amzn-s3-demo-bucket.s3.amazonaws.com", "Id" : "myS3Origin", "S3OriginConfig" : { "OriginAccessIdentity" : "origin-access-identity/cloudfront/E127EXAMPLE51Z" } }], "Enabled" : "true", "Comment" : "Some comment", "DefaultRootObject" : "index.html", "Logging" : { "IncludeCookies" : "false", "Bucket" : "amzn-s3-demo-logging-bucket.s3.amazonaws.com", "Prefix" : "myprefix" }, "Aliases" : [ "mysite.example.com", "yoursite.example.com" ], "DefaultCacheBehavior" : { "AllowedMethods" : [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ], "TargetOriginId" : "myS3Origin", "ForwardedValues" : { "QueryString" : "false", "Cookies" : { "Forward" : "none" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all" }, "PriceClass" : "PriceClass_200", "Restrictions" : { "GeoRestriction" : { "RestrictionType" : "whitelist", "Locations" : [ "AQ", "CV" ] } }, "ViewerCertificate" : { "CloudFrontDefaultCertificate" : "true" } } } } } }
YAML
AWSTemplateFormatVersion: '2010-09-09' Resources: myDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Origins: - DomainName: amzn-s3-demo-bucket.s3.amazonaws.com Id: myS3Origin S3OriginConfig: OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z Enabled: 'true' Comment: Some comment DefaultRootObject: index.html Logging: IncludeCookies: 'false' Bucket: amzn-s3-demo-logging-bucket.s3.amazonaws.com Prefix: myprefix Aliases: - mysite.example.com - yoursite.example.com DefaultCacheBehavior: AllowedMethods: - DELETE - GET - HEAD - OPTIONS - PATCH - POST - PUT TargetOriginId: myS3Origin ForwardedValues: QueryString: 'false' Cookies: Forward: none TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all PriceClass: PriceClass_200 Restrictions: GeoRestriction: RestrictionType: whitelist Locations: - AQ - CV ViewerCertificate: CloudFrontDefaultCertificate: 'true'
Recurso de distribuição do Amazon CloudFront com origem personalizada
O seguinte modelo de exemplo mostra uma distribuição do Amazon CloudFront usando um CustomOrigin.
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Resources" : { "myDistribution" : { "Type" : "AWS::CloudFront::Distribution", "Properties" : { "DistributionConfig" : { "Origins" : [ { "DomainName" : "www.example.com", "Id" : "myCustomOrigin", "CustomOriginConfig" : { "HTTPPort" : "80", "HTTPSPort" : "443", "OriginProtocolPolicy" : "http-only" } } ], "Enabled" : "true", "Comment" : "Somecomment", "DefaultRootObject" : "index.html", "Logging" : { "IncludeCookies" : "true", "Bucket" : "amzn-s3-demo-logging-bucket.s3.amazonaws.com", "Prefix": "myprefix" }, "Aliases" : [ "mysite.example.com", "*.yoursite.example.com" ], "DefaultCacheBehavior" : { "TargetOriginId" : "myCustomOrigin", "SmoothStreaming" : "false", "ForwardedValues" : { "QueryString" : "false", "Cookies" : { "Forward" : "all" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all" }, "CustomErrorResponses" : [ { "ErrorCode" : "404", "ResponsePagePath" : "/error-pages/404.html", "ResponseCode" : "200", "ErrorCachingMinTTL" : "30" } ], "PriceClass" : "PriceClass_200", "Restrictions" : { "GeoRestriction" : { "RestrictionType" : "whitelist", "Locations" : [ "AQ", "CV" ] } }, "ViewerCertificate": { "CloudFrontDefaultCertificate" : "true" } } } } } }
YAML
AWSTemplateFormatVersion: '2010-09-09' Resources: myDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Origins: - DomainName: www.example.com Id: myCustomOrigin CustomOriginConfig: HTTPPort: '80' HTTPSPort: '443' OriginProtocolPolicy: http-only Enabled: 'true' Comment: Somecomment DefaultRootObject: index.html Logging: IncludeCookies: 'true' Bucket: amzn-s3-demo-logging-bucket.s3.amazonaws.com Prefix: myprefix Aliases: - mysite.example.com - "*.yoursite.example.com" DefaultCacheBehavior: TargetOriginId: myCustomOrigin SmoothStreaming: 'false' ForwardedValues: QueryString: 'false' Cookies: Forward: all TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all CustomErrorResponses: - ErrorCode: '404' ResponsePagePath: "/error-pages/404.html" ResponseCode: '200' ErrorCachingMinTTL: '30' PriceClass: PriceClass_200 Restrictions: GeoRestriction: RestrictionType: whitelist Locations: - AQ - CV ViewerCertificate: CloudFrontDefaultCertificate: 'true'
Distribuição do Amazon CloudFront com suporte a múltiplas origens.
O seguinte exemplo mostra como declarar uma distribuição do CloudFront com suporte para múltiplas origens. Em DistributionConfig, uma lista de origens é fornecida e um DefaultCacheBehavior é definido.
JSON
{ "AWSTemplateFormatVersion" : "2010-09-09", "Resources" : { "myDistribution" : { "Type" : "AWS::CloudFront::Distribution", "Properties" : { "DistributionConfig" : { "Origins" : [ { "Id" : "myS3Origin", "DomainName" : "amzn-s3-demo-bucket.s3.amazonaws.com", "S3OriginConfig" : { "OriginAccessIdentity" : "origin-access-identity/cloudfront/E127EXAMPLE51Z" } }, { "Id" : "myCustomOrigin", "DomainName" : "www.example.com", "CustomOriginConfig" : { "HTTPPort" : "80", "HTTPSPort" : "443", "OriginProtocolPolicy" : "http-only" } } ], "Enabled" : "true", "Comment" : "Some comment", "DefaultRootObject" : "index.html", "Logging" : { "IncludeCookies" : "true", "Bucket" : "amzn-s3-demo-logging-bucket.s3.amazonaws.com", "Prefix" : "myprefix" }, "Aliases" : [ "mysite.example.com", "yoursite.example.com" ], "DefaultCacheBehavior" : { "TargetOriginId" : "myS3Origin", "ForwardedValues" : { "QueryString" : "false", "Cookies" : { "Forward" : "all" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all", "MinTTL" : "100", "SmoothStreaming" : "true" }, "CacheBehaviors" : [ { "AllowedMethods" : [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ], "TargetOriginId" : "myS3Origin", "ForwardedValues" : { "QueryString" : "true", "Cookies" : { "Forward" : "none" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all", "MinTTL" : "50", "PathPattern" : "images1/*.jpg" }, { "AllowedMethods" : [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ], "TargetOriginId" : "myCustomOrigin", "ForwardedValues" : { "QueryString" : "true", "Cookies" : { "Forward" : "none" } }, "TrustedSigners" : [ "1234567890EX", "1234567891EX" ], "ViewerProtocolPolicy" : "allow-all", "MinTTL" : "50", "PathPattern" : "images2/*.jpg" } ], "CustomErrorResponses" : [ { "ErrorCode" : "404", "ResponsePagePath" : "/error-pages/404.html", "ResponseCode" : "200", "ErrorCachingMinTTL" : "30" } ], "PriceClass" : "PriceClass_All", "ViewerCertificate" : { "CloudFrontDefaultCertificate" : "true" } } } } } }
YAML
AWSTemplateFormatVersion: '2010-09-09' Resources: myDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: Origins: - Id: myS3Origin DomainName: amzn-s3-demo-bucket.s3.amazonaws.com S3OriginConfig: OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z - Id: myCustomOrigin DomainName: www.example.com CustomOriginConfig: HTTPPort: '80' HTTPSPort: '443' OriginProtocolPolicy: http-only Enabled: 'true' Comment: Some comment DefaultRootObject: index.html Logging: IncludeCookies: 'true' Bucket: amzn-s3-demo-logging-bucket.s3.amazonaws.com Prefix: myprefix Aliases: - mysite.example.com - yoursite.example.com DefaultCacheBehavior: TargetOriginId: myS3Origin ForwardedValues: QueryString: 'false' Cookies: Forward: all TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all MinTTL: '100' SmoothStreaming: 'true' CacheBehaviors: - AllowedMethods: - DELETE - GET - HEAD - OPTIONS - PATCH - POST - PUT TargetOriginId: myS3Origin ForwardedValues: QueryString: 'true' Cookies: Forward: none TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all MinTTL: '50' PathPattern: images1/*.jpg - AllowedMethods: - DELETE - GET - HEAD - OPTIONS - PATCH - POST - PUT TargetOriginId: myCustomOrigin ForwardedValues: QueryString: 'true' Cookies: Forward: none TrustedSigners: - 1234567890EX - 1234567891EX ViewerProtocolPolicy: allow-all MinTTL: '50' PathPattern: images2/*.jpg CustomErrorResponses: - ErrorCode: '404' ResponsePagePath: "/error-pages/404.html" ResponseCode: '200' ErrorCachingMinTTL: '30' PriceClass: PriceClass_All ViewerCertificate: CloudFrontDefaultCertificate: 'true'
Distribuição do Amazon CloudFront com uma função do Lambda como origem
O exemplo a seguir cria uma distribuição do CloudFront que apresenta um URL específico da função do Lambda (fornecida como parâmetro), possibilitando o acesso somente por HTTPS, o armazenamento em cache, a compactação e a entrega global. Ele configura o URL do Lambda como uma origem HTTPS personalizada e aplica uma política de armazenamento em cache da AWS padrão. A distribuição é otimizada para performance com suporte a HTTP/2 e IPv6 e gera o nome de domínio do CloudFront, permitindo que os usuários acessem a função do Lambda por meio de um endpoint seguro baseado em CDN. Para obter mais informações, consulte Using Amazon CloudFront with AWS Lambda as origin to accelerate your web applications
JSON
{ "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { "LambdaEndpoint": { "Type": "String", "Description": "The Lambda function URL endpoint without the 'https://'" } }, "Resources": { "MyDistribution": { "Type": "AWS::CloudFront::Distribution", "Properties": { "DistributionConfig": { "PriceClass": "PriceClass_All", "HttpVersion": "http2", "IPV6Enabled": true, "Origins": [ { "DomainName": { "Ref": "LambdaEndpoint" }, "Id": "LambdaOrigin", "CustomOriginConfig": { "HTTPSPort": 443, "OriginProtocolPolicy": "https-only" } } ], "Enabled": "true", "DefaultCacheBehavior": { "TargetOriginId": "LambdaOrigin", "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", "ViewerProtocolPolicy": "redirect-to-https", "SmoothStreaming": "false", "Compress": "true" } } } } }, "Outputs": { "CloudFrontDomain": { "Description": "CloudFront default domain name configured", "Value": { "Fn::Sub": "https://${MyDistribution.DomainName}/" } } } }
YAML
AWSTemplateFormatVersion: 2010-09-09 Parameters: LambdaEndpoint: Type: String Description: The Lambda function URL endpoint without the 'https://' Resources: MyDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: PriceClass: PriceClass_All HttpVersion: http2 IPV6Enabled: true Origins: - DomainName: !Ref LambdaEndpoint Id: LambdaOrigin CustomOriginConfig: HTTPSPort: 443 OriginProtocolPolicy: https-only Enabled: 'true' DefaultCacheBehavior: TargetOriginId: LambdaOrigin CachePolicyId: '658327ea-f89d-4fab-a63d-7e88639e58f6' ViewerProtocolPolicy: redirect-to-https SmoothStreaming: 'false' Compress: 'true' Outputs: CloudFrontDomain: Description: CloudFront default domain name configured Value: !Sub https://${MyDistribution.DomainName}/
Consulte também
Para obter um exemplo de adição de um alias personalizado a um registro do Route 53 para criar um nome amigável para uma distribuição do CloudFront, consulte Conjunto de registros de recursos de alias para uma distribuição do CloudFront.
