ViewerCertificate class

A complex type that specifies the following:

  • Whether you want viewers to use HTTP or HTTPS to request your objects.
  • If you want viewers to use HTTPS, whether you're using an alternate domain name such as example.com or the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net.
  • If you're using an alternate domain name, whether AWS Certificate Manager (ACM) provided the certificate, or you purchased a certificate from a third-party certificate authority and imported it into ACM or uploaded it to the IAM certificate store.
You must specify only one of the following values: Don't specify false for CloudFrontDefaultCertificate.

If you want viewers to use HTTP instead of HTTPS to request your objects: Specify the following value:

<CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

In addition, specify allow-all for ViewerProtocolPolicy for all of your cache behaviors.

If you want viewers to use HTTPS to request your objects: Choose the type of certificate that you want to use based on whether you're using an alternate domain name for your objects or the CloudFront domain name:

  • If you're using an alternate domain name, such as example.com: Specify one of the following values, depending on whether ACM provided your certificate or you purchased your certificate from third-party certificate authority:
    • <ACMCertificateArn>ARN for ACM SSL/TLS certificate<ACMCertificateArn> where ARN for ACM SSL/TLS certificate is the ARN for the ACM SSL/TLS certificate that you want to use for this distribution.
    • <IAMCertificateId>IAM certificate ID<IAMCertificateId> where IAM certificate ID is the ID that IAM returned when you added the certificate to the IAM certificate store.
    If you specify ACMCertificateArn or IAMCertificateId, you must also specify a value for SSLSupportMethod.

    If you choose to use an ACM certificate or a certificate in the IAM certificate store, we recommend that you use only an alternate domain name in your object URLs (https://example.com/logo.jpg). If you use the domain name that is associated with your CloudFront distribution (such as https://d111111abcdef8.cloudfront.net/logo.jpg) and the viewer supports SNI, then CloudFront behaves normally. However, if the browser does not support SNI, the user's experience depends on the value that you choose for SSLSupportMethod:

    • vip: The viewer displays a warning because there is a mismatch between the CloudFront domain name and the domain name in your SSL/TLS certificate.
    • sni-only: CloudFront drops the connection with the browser without returning the object.
  • If you're using the CloudFront domain name for your distribution, such as d111111abcdef8.cloudfront.net : Specify the following value:

    <CloudFrontDefaultCertificate>true<CloudFrontDefaultCertificate>

If you want viewers to use HTTPS, you must also specify one of the following values in your cache behaviors:
  • <ViewerProtocolPolicy>https-only<ViewerProtocolPolicy>
  • <ViewerProtocolPolicy>redirect-to-https<ViewerProtocolPolicy>
You can also optionally require that CloudFront use HTTPS to communicate with your origin by specifying one of the following values for the applicable origins:
  • <OriginProtocolPolicy>https-only<OriginProtocolPolicy>
  • <OriginProtocolPolicy>match-viewer<OriginProtocolPolicy>
For more information, see Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

Constructors

ViewerCertificate({String aCMCertificateArn, String certificate, CertificateSource certificateSource, bool cloudFrontDefaultCertificate, String iAMCertificateId, MinimumProtocolVersion minimumProtocolVersion, SSLSupportMethod sSLSupportMethod})
ViewerCertificate.fromXml(XmlElement elem)
factory

Properties

aCMCertificateArn → String
For information about how and when to use ACMCertificateArn, see ViewerCertificate.
final
certificate → String
This field has been deprecated. Use one of the following fields instead: [...]
final
certificateSource CertificateSource
This field has been deprecated. Use one of the following fields instead: [...]
final
cloudFrontDefaultCertificate → bool
For information about how and when to use CloudFrontDefaultCertificate, see ViewerCertificate.
final
hashCode → int
The hash code for this object. [...]
read-only, inherited
iAMCertificateId → String
For information about how and when to use IAMCertificateId, see ViewerCertificate.
final
minimumProtocolVersion MinimumProtocolVersion
Specify the security policy that you want CloudFront to use for HTTPS connections. A security policy determines two settings: [...]
final
runtimeType → Type
A representation of the runtime type of the object.
read-only, inherited
sSLSupportMethod SSLSupportMethod
If you specify a value for ViewerCertificate$ACMCertificateArn or for ViewerCertificate$IAMCertificateId, you must also specify how you want CloudFront to serve HTTPS requests: using a method that works for all clients or one that works for most clients: [...]
final

Methods

noSuchMethod(Invocation invocation) → dynamic
Invoked when a non-existent method or property is accessed. [...]
inherited
toString() → String
Returns a string representation of this object.
inherited
toXml(String elemName, {List<XmlAttribute> attributes}) → XmlElement

Operators

operator ==(Object other) → bool
The equality operator. [...]
inherited