ViewerCertificate class

A complex type that specifies the following:

  • Whether you want viewers to use HTTP or HTTPS to request your objects.
  • If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
  • If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.
You must specify only one of the following values: Don't specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP instead of HTTPS to request your objects: Specify the following value:

<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

  • If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:
    • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.
    • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.
    If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

    If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution (such as https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

    • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.
    • sni-only: CloudFront drops the connection with the browser without returning the object.
  • If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net : Specify the following value:

    <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:
  • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
  • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:
  • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
  • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Constructors

ViewerCertificate({String aCMCertificateArn, String certificate, CertificateSource certificateSource, bool cloudFrontDefaultCertificate, String iAMCertificateId, MinimumProtocolVersion minimumProtocolVersion, SSLSupportMethod sSLSupportMethod})
ViewerCertificate.fromXml(XmlElement elem)
factory

Properties

aCMCertificateArn String
For information about how and when to use ACMCertificateArn, see ViewerCertificate.
final
certificate String
This field has been deprecated. Use one of the following fields instead: [...]
final
certificateSource CertificateSource
This field has been deprecated. Use one of the following fields instead: [...]
final
cloudFrontDefaultCertificate bool
For information about how and when to use CloudFrontDefaultCertificate, see ViewerCertificate.
final
hashCode int
The hash code for this object. [...]
read-only, inherited
iAMCertificateId String
For information about how and when to use IAMCertificateId, see ViewerCertificate.
final
minimumProtocolVersion MinimumProtocolVersion
Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings: [...]
final
runtimeType Type
A representation of the runtime type of the object.
read-only, inherited
sSLSupportMethod SSLSupportMethod
If you specify a value for ViewerCertificate$ACMCertificateArn or for ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients: [...]
final

Methods

noSuchMethod(Invocation invocation) → dynamic
Invoked when a non-existent method or property is accessed. [...]
inherited
toString() String
Returns a string representation of this object.
inherited
toXml(String elemName) XmlElement

Operators

operator ==(dynamic other) bool
The equality operator. [...]
inherited