ViewerCertificate class

A complex type that specifies the following:

• Whether you want viewers to use HTTP or HTTPS to request your objects.
• If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
• If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.

You must specify only one of the following values:

• ViewerCertificate$ACMCertificateArn
• ViewerCertificate$IAMCertificateId
• ViewerCertificate$CloudFrontDefaultCertificate

Don't specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP instead of HTTPS to request your objects: Specify the following value:

<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

• If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:
  • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.
  • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.
  If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

  If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution (such as https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

  • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.
  • sni-only: CloudFront drops the connection with the browser without returning the object.
• If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net : Specify the following value:

  <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:

• <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
• <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>

You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:

• <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
• <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>

For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Constructors

ViewerCertificate({String? aCMCertificateArn, String? certificate, CertificateSource? certificateSource, bool? cloudFrontDefaultCertificate, String? iAMCertificateId, MinimumProtocolVersion? minimumProtocolVersion, SSLSupportMethod? sSLSupportMethod})

ViewerCertificate.fromXml(XmlElement elem)

factory

Properties

aCMCertificateArn → String?

For information about how and when to use ACMCertificateArn, see ViewerCertificate.

final

certificate → String?

This field has been deprecated. Use one of the following fields instead:

final

certificateSource → CertificateSource?

This field has been deprecated. Use one of the following fields instead:

final

cloudFrontDefaultCertificate → bool?

For information about how and when to use CloudFrontDefaultCertificate, see ViewerCertificate.

final

hashCode → int

The hash code for this object.

no setter, inherited

iAMCertificateId → String?

For information about how and when to use IAMCertificateId, see ViewerCertificate.

final

minimumProtocolVersion → MinimumProtocolVersion?

Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings:

final

runtimeType → Type

A representation of the runtime type of the object.

no setter, inherited

sSLSupportMethod → SSLSupportMethod?

If you specify a value for ViewerCertificate$ACMCertificateArn or for ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients:

final

Methods

noSuchMethod(Invocation invocation) → dynamic

Invoked when a nonexistent method or property is accessed.

inherited

toString() → String

A string representation of this object.

inherited

toXml(String elemName, {List<XmlAttribute>? attributes}) → XmlElement

Operators

operator ==(Object other) → bool

The equality operator.

inherited