Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » Amazon CloudFront Resource Types Reference » AWS::CloudFront::Distribution » CloudFront Distribution ViewerCertificate

CloudFront Distribution ViewerCertificate

ViewerCertificate is a property of the CloudFront Distribution DistributionConfig property that specifies which certificate to use when viewers use HTTPS to request objects.

Syntax

JSON

{
  "AcmCertificateArn" : String,
  "CloudFrontDefaultCertificate" : Boolean,
  "IamCertificateId" : String,
  "MinimumProtocolVersion" : String,
  "SslSupportMethod" : String
}

Properties

AcmCertificateArn

If you're using an alternate domain name, the Amazon Resource Name (ARN) of an AWS Certificate Manager (ACM) certificate. Use the ACM service to provision and manage your certificates. For more information, see the AWS Certificate Manager User Guide.

Note

Currently, you can specify only certificates that are in the US East (N. Virginia) region.

Required: Conditional. You must specify one of the following properties: AcmCertificateArn, CloudFrontDefaultCertificate, or IamCertificateId.

Type: String

Update requires: No interruption

CloudFrontDefaultCertificate

Indicates whether to use the default certificate for your CloudFront domain name when viewers use HTTPS to request your content.

Required: Conditional. You must specify one of the following properties: AcmCertificateArn, CloudFrontDefaultCertificate, or IamCertificateId.

Type: Boolean

Update requires: No interruption

IamCertificateId

If you're using an alternate domain name, the ID of a server certificate that was purchased from a certificate authority. This ID is the ServerCertificateId value, which AWS Identity and Access Management (IAM) returns when the certificate is added to the IAM certificate store, such as ASCACKCEVSQ6CEXAMPLE1.

Required: Conditional. You must specify one of the following properties: AcmCertificateArn, CloudFrontDefaultCertificate, or IamCertificateId.

Type: String

Update requires: No interruption

MinimumProtocolVersion

The minimum version of the SSL protocol that you want CloudFront to use for HTTPS connections. CloudFront serves your objects only to browsers or devices that support at least the SSL version that you specify. For valid values, see the MinimumProtocolVersion content for the ViewerCertificate data type in the Amazon CloudFront API Reference.

AWS CloudFormation specifies SSLv3 by default. However, if you specify the IamCertificateId or AcmCertificateArn property and specify SNI only for the SslSupportMethod property, AWS CloudFormation specifies TLSv1 for the minimum protocol version.

Note

On the CloudFront console, this setting is called Security policy.

Required: No

Type: String

Update requires: No interruption

SslSupportMethod

Specifies how CloudFront serves HTTPS requests. For valid values, see the SslSupportMethod content for the ViewerCertificate data type in the Amazon CloudFront API Reference.

Required: Conditional. Required if you specified the IamCertificateId or AcmCertificateArn property.

Type: String

Update requires: No interruption

On this page: