There are more AWS SDK examples available in the AWS Doc SDK Examples
CloudFront examples using AWS CLI
The following code examples show you how to perform actions and implement common scenarios by using the AWS Command Line Interface with CloudFront.
Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
Topics
Actions
The following code example shows how to use create-cloud-front-origin-access-identity.
- AWS CLI
-
To create a CloudFront origin access identity
The following example creates a CloudFront origin access identity (OAI) by providing the OAI configuration as a command line argument:
aws cloudfront create-cloud-front-origin-access-identity \ --cloud-front-origin-access-identity-config \ CallerReference="cli-example",Comment="Example OAI"You can accomplish the same thing by providing the OAI configuration in a JSON file, as shown in the following example:
aws cloudfront create-cloud-front-origin-access-identity \ --cloud-front-origin-access-identity-configfile://OAI-config.jsonThe file
OAI-config.jsonis a JSON document in the current directory that contains the following:{ "CallerReference": "cli-example", "Comment": "Example OAI" }Whether you provide the OAI configuration with a command line argument or a JSON file, the output is the same:
{ "Location": "https://cloudfront.amazonaws.com/2019-03-26/origin-access-identity/cloudfront/E74FTE3AEXAMPLE", "ETag": "E2QWRUHEXAMPLE", "CloudFrontOriginAccessIdentity": { "Id": "E74FTE3AEXAMPLE", "S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE", "CloudFrontOriginAccessIdentityConfig": { "CallerReference": "cli-example", "Comment": "Example OAI" } } }-
For API details, see CreateCloudFrontOriginAccessIdentity
in AWS CLI Command Reference.
-
The following code example shows how to use create-distribution-with-tags.
- AWS CLI
-
To create a CloudFront distribution with tags
The following example creates a distribution with two tags by providing the distribution configuration and tags in a JSON file named
dist-config-with-tags.json:aws cloudfront create-distribution-with-tags \ --distribution-config-with-tagsfile://dist-config-with-tags.jsonThe file
dist-config-with-tags.jsonis a JSON document in the current folder that contains the following. Note theTagsobject at the top of the file, which contains two tags:Name = ExampleDistributionProject = ExampleProject{ "Tags": { "Items": [ { "Key": "Name", "Value": "ExampleDistribution" }, { "Key": "Project", "Value": "ExampleProject" } ] }, "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "awsexamplebucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } }Output:
{ "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EDFDVBD6EXAMPLE", "ETag": "E2QWRUHEXAMPLE", "Distribution": { "Id": "EDFDVBD6EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE", "Status": "InProgress", "LastModifiedTime": "2019-12-04T23:35:41.433Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "awsexamplebucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } } }-
For API details, see CreateDistributionWithTags
in AWS CLI Command Reference.
-
The following code example shows how to use create-distribution.
- AWS CLI
-
To create a CloudFront distribution
The following example creates a distribution for an S3 bucket named
awsexamplebucket, and also specifiesindex.htmlas the default root object, using command line arguments:aws cloudfront create-distribution \ --origin-domain-nameawsexamplebucket.s3.amazonaws.com\ --default-root-objectindex.htmlInstead of using command line arguments, you can provide the distribution configuration in a JSON file, as shown in the following example:
aws cloudfront create-distribution \ --distribution-configfile://dist-config.jsonThe file
dist-config.jsonis a JSON document in the current folder that contains the following:{ "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "awsexamplebucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true }Whether you provide the distribution information with a command line argument or a JSON file, the output is the same:
{ "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EMLARXS9EXAMPLE", "ETag": "E9LHASXEXAMPLE", "Distribution": { "Id": "EMLARXS9EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE", "Status": "InProgress", "LastModifiedTime": "2019-11-22T00:55:15.705Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "awsexamplebucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } } }-
For API details, see CreateDistribution
in AWS CLI Command Reference.
-
The following code example shows how to use create-field-level-encryption-config.
- AWS CLI
-
To create a CloudFront field-level encryption configuration
The following example creates a field-level encryption configuration by providing the configuration parameters in a JSON file named
fle-config.json. Before you can create a field-level encryption configuration, you must have a field-level encryption profile. To create a profile, see the create-field-level-encryption-profile command.For more information about CloudFront field-level encryption, see Using Field-Level Encryption to Help Protect Sensitive Data in the Amazon CloudFront Developer Guide.
aws cloudfront create-field-level-encryption-config \ --field-level-encryption-configfile://fle-config.jsonThe file
fle-config.jsonis a JSON document in the current folder that contains the following:{ "CallerReference": "cli-example", "Comment": "Example FLE configuration", "QueryArgProfileConfig": { "ForwardWhenQueryArgProfileIsUnknown": true, "QueryArgProfiles": { "Quantity": 0 } }, "ContentTypeProfileConfig": { "ForwardWhenContentTypeIsUnknown": true, "ContentTypeProfiles": { "Quantity": 1, "Items": [ { "Format": "URLEncoded", "ProfileId": "P280MFCLSYOCVU", "ContentType": "application/x-www-form-urlencoded" } ] } } }Output:
{ "Location": "https://cloudfront.amazonaws.com/2019-03-26/field-level-encryption/C3KM2WVD605UAY", "ETag": "E2P4Z4VU7TY5SG", "FieldLevelEncryption": { "Id": "C3KM2WVD605UAY", "LastModifiedTime": "2019-12-10T21:30:18.974Z", "FieldLevelEncryptionConfig": { "CallerReference": "cli-example", "Comment": "Example FLE configuration", "QueryArgProfileConfig": { "ForwardWhenQueryArgProfileIsUnknown": true, "QueryArgProfiles": { "Quantity": 0, "Items": [] } }, "ContentTypeProfileConfig": { "ForwardWhenContentTypeIsUnknown": true, "ContentTypeProfiles": { "Quantity": 1, "Items": [ { "Format": "URLEncoded", "ProfileId": "P280MFCLSYOCVU", "ContentType": "application/x-www-form-urlencoded" } ] } } } } }-
For API details, see CreateFieldLevelEncryptionConfig
in AWS CLI Command Reference.
-
The following code example shows how to use create-field-level-encryption-profile.
- AWS CLI
-
To create a CloudFront field-level encryption profile
The following example creates a field-level encryption profile by providing the parameters in a JSON file named
fle-profile-config.json. Before you can create a field-level encryption profile, you must have a CloudFront public key. To create a CloudFront public key, see the create-public-key command.For more information about CloudFront field-level encryption, see Using Field-Level Encryption to Help Protect Sensitive Data in the Amazon CloudFront Developer Guide.
aws cloudfront create-field-level-encryption-profile \ --field-level-encryption-profile-configfile://fle-profile-config.jsonThe file
fle-profile-config.jsonis a JSON document in the current folder that contains the following:{ "Name": "ExampleFLEProfile", "CallerReference": "cli-example", "Comment": "FLE profile for AWS CLI example", "EncryptionEntities": { "Quantity": 1, "Items": [ { "PublicKeyId": "K2K8NC4HVFE3M0", "ProviderId": "ExampleFLEProvider", "FieldPatterns": { "Quantity": 1, "Items": [ "ExampleSensitiveField" ] } } ] } }Output:
{ "Location": "https://cloudfront.amazonaws.com/2019-03-26/field-level-encryption-profile/PPK0UOSIF5WSV", "ETag": "E2QWRUHEXAMPLE", "FieldLevelEncryptionProfile": { "Id": "PPK0UOSIF5WSV", "LastModifiedTime": "2019-12-10T01:03:16.537Z", "FieldLevelEncryptionProfileConfig": { "Name": "ExampleFLEProfile", "CallerReference": "cli-example", "Comment": "FLE profile for AWS CLI example", "EncryptionEntities": { "Quantity": 1, "Items": [ { "PublicKeyId": "K2K8NC4HVFE3M0", "ProviderId": "ExampleFLEProvider", "FieldPatterns": { "Quantity": 1, "Items": [ "ExampleSensitiveField" ] } } ] } } } }-
For API details, see CreateFieldLevelEncryptionProfile
in AWS CLI Command Reference.
-
The following code example shows how to use create-invalidation.
- AWS CLI
-
To create an invalidation for a CloudFront distribution
The following
create-invalidationexample creates an invalidation for the specified files in the specified CloudFront distribution:aws cloudfront create-invalidation \ --distribution-idEDFDVBD6EXAMPLE\ --paths"/example-path/example-file.jpg""/example-path/example-file2.png"Output:
{ "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EDFDVBD6EXAMPLE/invalidation/I1JLWSDAP8FU89", "Invalidation": { "Id": "I1JLWSDAP8FU89", "Status": "InProgress", "CreateTime": "2019-12-05T18:24:51.407Z", "InvalidationBatch": { "Paths": { "Quantity": 2, "Items": [ "/example-path/example-file2.png", "/example-path/example-file.jpg" ] }, "CallerReference": "cli-1575570291-670203" } } }In the previous example, the AWS CLI automatically generated a random
CallerReference. To specify your ownCallerReference, or to avoid passing the invalidation parameters as command line arguments, you can use a JSON file. The following example creates an invalidation for two files, by providing the invalidation parameters in a JSON file namedinv-batch.json:aws cloudfront create-invalidation \ --distribution-idEDFDVBD6EXAMPLE\ --invalidation-batchfile://inv-batch.jsonContents of
inv-batch.json:{ "Paths": { "Quantity": 2, "Items": [ "/example-path/example-file.jpg", "/example-path/example-file2.png" ] }, "CallerReference": "cli-example" }Output:
{ "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EDFDVBD6EXAMPLE/invalidation/I2J0I21PCUYOIK", "Invalidation": { "Id": "I2J0I21PCUYOIK", "Status": "InProgress", "CreateTime": "2019-12-05T18:40:49.413Z", "InvalidationBatch": { "Paths": { "Quantity": 2, "Items": [ "/example-path/example-file.jpg", "/example-path/example-file2.png" ] }, "CallerReference": "cli-example" } } }-
For API details, see CreateInvalidation
in AWS CLI Command Reference.
-
The following code example shows how to use create-public-key.
- AWS CLI
-
To create a CloudFront public key
The following example creates a CloudFront public key by providing the parameters in a JSON file named
pub-key-config.json. Before you can use this command, you must have a PEM-encoded public key. For more information, see Create an RSA Key Pair in the Amazon CloudFront Developer Guide.aws cloudfront create-public-key \ --public-key-configfile://pub-key-config.jsonThe file
pub-key-config.jsonis a JSON document in the current folder that contains the following. Note that the public key is encoded in PEM format.{ "CallerReference": "cli-example", "Name": "ExampleKey", "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n", "Comment": "example public key" }Output:
{ "Location": "https://cloudfront.amazonaws.com/2019-03-26/public-key/KDFB19YGCR002", "ETag": "E2QWRUHEXAMPLE", "PublicKey": { "Id": "KDFB19YGCR002", "CreatedTime": "2019-12-05T18:51:43.781Z", "PublicKeyConfig": { "CallerReference": "cli-example", "Name": "ExampleKey", "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n", "Comment": "example public key" } } }-
For API details, see CreatePublicKey
in AWS CLI Command Reference.
-
The following code example shows how to use delete-cloud-front-origin-access-identity.
- AWS CLI
-
To delete a CloudFront origin access identity
The following example deletes the origin access identity (OAI) with the ID
E74FTE3AEXAMPLE. To delete an OAI, you must have the OAI's ID andETag. The OAI ID is returned in the output of the create-cloud-front-origin-access-identity and list-cloud-front-origin-access-identities commands. To get theETag, use the get-cloud-front-origin-access-identity or get-cloud-front-origin-access-identity-config command. Use the--if-matchoption to provide the OAI'sETag.aws cloudfront delete-cloud-front-origin-access-identity \ --idE74FTE3AEXAMPLE\ --if-matchE2QWRUHEXAMPLEWhen successful, this command has no output.
-
For API details, see DeleteCloudFrontOriginAccessIdentity
in AWS CLI Command Reference.
-
The following code example shows how to use delete-distribution.
- AWS CLI
-
To delete a CloudFront distribution
The following example deletes the CloudFront distribution with the ID
EDFDVBD6EXAMPLE. Before you can delete a distribution, you must disable it. To disable a distribution, use the update-distribution command. For more information, see the update-distribution examples.When a distribution is disabled, you can delete it. To delete a distribution, you must use the
--if-matchoption to provide the distribution'sETag. To get theETag, use the get-distribution or get-distribution-config command.aws cloudfront delete-distribution \ --idEDFDVBD6EXAMPLE\ --if-matchE2QWRUHEXAMPLEWhen successful, this command has no output.
-
For API details, see DeleteDistribution
in AWS CLI Command Reference.
-
The following code example shows how to use delete-field-level-encryption-config.
- AWS CLI
-
To delete a CloudFront field-level encryption configuration
The following example deletes the CloudFront field-level encryption configuration with the ID
C3KM2WVD605UAY. To delete a field-level encryption configuration, you must have its ID andETag. The ID is returned in the output of the create-field-level-encryption-config and list-field-level-encryption-configs commands. To get theETag, use the get-field-level-encryption or get-field-level-encryption-config command. Use the--if-matchoption to provide the configuration'sETag.aws cloudfront delete-field-level-encryption-config \ --idC3KM2WVD605UAY\ --if-matchE26M4BIAV81ZF6When successful, this command has no output.
-
For API details, see DeleteFieldLevelEncryptionConfig
in AWS CLI Command Reference.
-
The following code example shows how to use delete-field-level-encryption-profile.
- AWS CLI
-
To delete a CloudFront field-level encryption profile
The following example deletes the CloudFront field-level encryption profile with the ID
PPK0UOSIF5WSV. To delete a field-level encryption profile, you must have its ID andETag. The ID is returned in the output of the create-field-level-encryption-profile and list-field-level-encryption-profiles commands. To get theETag, use the get-field-level-encryption-profile or get-field-level-encryption-profile-config command. Use the--if-matchoption to provide the profile'sETag.aws cloudfront delete-field-level-encryption-profile \ --idPPK0UOSIF5WSV\ --if-matchEJETYFJ9CL66DWhen successful, this command has no output.
-
For API details, see DeleteFieldLevelEncryptionProfile
in AWS CLI Command Reference.
-
The following code example shows how to use delete-public-key.
- AWS CLI
-
To delete a CloudFront public key
The following example deletes the CloudFront public key with the ID
KDFB19YGCR002. To delete a public key, you must have its ID andETag. The ID is returned in the output of the create-public-key and list-public-keys commands. To get theETag, use the get-public-key or get-public-key-config command. Use the--if-matchoption to provide the public key'sETag.aws cloudfront delete-public-key \ --idKDFB19YGCR002\ --if-matchE2QWRUHEXAMPLEWhen successful, this command has no output.
-
For API details, see DeletePublicKey
in AWS CLI Command Reference.
-
The following code example shows how to use get-cloud-front-origin-access-identity-config.
- AWS CLI
-
To get a CloudFront origin access identity configuration
The following example gets metadata about the CloudFront origin access identity (OAI) with the ID
E74FTE3AEXAMPLE, including itsETag. The OAI ID is returned in the output of the create-cloud-front-origin-access-identity and list-cloud-front-origin-access-identities commands.aws cloudfront get-cloud-front-origin-access-identity-config --idE74FTE3AEXAMPLEOutput:
{ "ETag": "E2QWRUHEXAMPLE", "CloudFrontOriginAccessIdentityConfig": { "CallerReference": "cli-example", "Comment": "Example OAI" } }-
For API details, see GetCloudFrontOriginAccessIdentityConfig
in AWS CLI Command Reference.
-
The following code example shows how to use get-cloud-front-origin-access-identity.
- AWS CLI
-
To get a CloudFront origin access identity
The following example gets the CloudFront origin access identity (OAI) with the ID
E74FTE3AEXAMPLE, including itsETagand the associated S3 canonical ID. The OAI ID is returned in the output of the create-cloud-front-origin-access-identity and list-cloud-front-origin-access-identities commands.aws cloudfront get-cloud-front-origin-access-identity --idE74FTE3AEXAMPLEOutput:
{ "ETag": "E2QWRUHEXAMPLE", "CloudFrontOriginAccessIdentity": { "Id": "E74FTE3AEXAMPLE", "S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE", "CloudFrontOriginAccessIdentityConfig": { "CallerReference": "cli-example", "Comment": "Example OAI" } } }-
For API details, see GetCloudFrontOriginAccessIdentity
in AWS CLI Command Reference.
-
The following code example shows how to use get-distribution-config.
- AWS CLI
-
To get a CloudFront distribution configuration
The following example gets metadata about the CloudFront distribution with the ID
EDFDVBD6EXAMPLE, including itsETag. The distribution ID is returned in the create-distribution and list-distributions commands.aws cloudfront get-distribution-config --idEDFDVBD6EXAMPLEOutput:
{ "ETag": "E2QWRUHEXAMPLE", "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "awsexamplebucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } }-
For API details, see GetDistributionConfig
in AWS CLI Command Reference.
-
The following code example shows how to use get-distribution.
- AWS CLI
-
To get a CloudFront distribution
The following example gets the CloudFront distribution with the ID
EDFDVBD6EXAMPLE, including itsETag. The distribution ID is returned in the create-distribution and list-distributions commands.aws cloudfront get-distribution --idEDFDVBD6EXAMPLEOutput:
{ "ETag": "E2QWRUHEXAMPLE", "Distribution": { "Id": "EDFDVBD6EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE", "Status": "Deployed", "LastModifiedTime": "2019-12-04T23:35:41.433Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "awsexamplebucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } } }-
For API details, see GetDistribution
in AWS CLI Command Reference.
-
The following code example shows how to use get-field-level-encryption-config.
- AWS CLI
-
To get metadata about a CloudFront field-level encryption configuration
The following example gets metadata about the CloudFront field-level encryption configuration with the ID
C3KM2WVD605UAY, including itsETag:aws cloudfront get-field-level-encryption-config --idC3KM2WVD605UAYOutput:
{ "ETag": "E2P4Z4VU7TY5SG", "FieldLevelEncryptionConfig": { "CallerReference": "cli-example", "Comment": "Example FLE configuration", "QueryArgProfileConfig": { "ForwardWhenQueryArgProfileIsUnknown": true, "QueryArgProfiles": { "Quantity": 0, "Items": [] } }, "ContentTypeProfileConfig": { "ForwardWhenContentTypeIsUnknown": true, "ContentTypeProfiles": { "Quantity": 1, "Items": [ { "Format": "URLEncoded", "ProfileId": "P280MFCLSYOCVU", "ContentType": "application/x-www-form-urlencoded" } ] } } } }-
For API details, see GetFieldLevelEncryptionConfig
in AWS CLI Command Reference.
-
The following code example shows how to use get-field-level-encryption-profile-config.
- AWS CLI
-
To get a CloudFront field-level encryption profile configuration
The following example gets metadata about the CloudFront field-level encryption profile with ID
PPK0UOSIF5WSV, including itsETag:aws cloudfront get-field-level-encryption-profile-config --idPPK0UOSIF5WSVOutput:
{ "ETag": "E1QQG65FS2L2GC", "FieldLevelEncryptionProfileConfig": { "Name": "ExampleFLEProfile", "CallerReference": "cli-example", "Comment": "FLE profile for AWS CLI example", "EncryptionEntities": { "Quantity": 1, "Items": [ { "PublicKeyId": "K2K8NC4HVFE3M0", "ProviderId": "ExampleFLEProvider", "FieldPatterns": { "Quantity": 1, "Items": [ "ExampleSensitiveField" ] } } ] } } }-
For API details, see GetFieldLevelEncryptionProfileConfig
in AWS CLI Command Reference.
-
The following code example shows how to use get-field-level-encryption-profile.
- AWS CLI
-
To get a CloudFront field-level encryption profile
The following example gets the CloudFront field-level encryption profile with ID
PPK0UOSIF5WSV, including itsETag:aws cloudfront get-field-level-encryption-profile --idPPK0UOSIF5WSVOutput:
{ "ETag": "E1QQG65FS2L2GC", "FieldLevelEncryptionProfile": { "Id": "PPK0UOSIF5WSV", "LastModifiedTime": "2019-12-10T01:03:16.537Z", "FieldLevelEncryptionProfileConfig": { "Name": "ExampleFLEProfile", "CallerReference": "cli-example", "Comment": "FLE profile for AWS CLI example", "EncryptionEntities": { "Quantity": 1, "Items": [ { "PublicKeyId": "K2K8NC4HVFE3M0", "ProviderId": "ExampleFLEProvider", "FieldPatterns": { "Quantity": 1, "Items": [ "ExampleSensitiveField" ] } } ] } } } }-
For API details, see GetFieldLevelEncryptionProfile
in AWS CLI Command Reference.
-
The following code example shows how to use get-field-level-encryption.
- AWS CLI
-
To get a CloudFront field-level encryption configuration
The following example gets the CloudFront field-level encryption configuration with the ID
C3KM2WVD605UAY, including itsETag:aws cloudfront get-field-level-encryption --idC3KM2WVD605UAYOutput:
{ "ETag": "E2P4Z4VU7TY5SG", "FieldLevelEncryption": { "Id": "C3KM2WVD605UAY", "LastModifiedTime": "2019-12-10T21:30:18.974Z", "FieldLevelEncryptionConfig": { "CallerReference": "cli-example", "Comment": "Example FLE configuration", "QueryArgProfileConfig": { "ForwardWhenQueryArgProfileIsUnknown": true, "QueryArgProfiles": { "Quantity": 0, "Items": [] } }, "ContentTypeProfileConfig": { "ForwardWhenContentTypeIsUnknown": true, "ContentTypeProfiles": { "Quantity": 1, "Items": [ { "Format": "URLEncoded", "ProfileId": "P280MFCLSYOCVU", "ContentType": "application/x-www-form-urlencoded" } ] } } } } }-
For API details, see GetFieldLevelEncryption
in AWS CLI Command Reference.
-
The following code example shows how to use get-invalidation.
- AWS CLI
-
To get a CloudFront invalidation
The following example gets the invalidation with the ID
I2J0I21PCUYOIKfor the CloudFront distribution with the IDEDFDVBD6EXAMPLE:aws cloudfront get-invalidation --idI2J0I21PCUYOIK--distribution-idEDFDVBD6EXAMPLEOutput:
{ "Invalidation": { "Status": "Completed", "InvalidationBatch": { "Paths": { "Items": [ "/example-path/example-file.jpg", "/example-path/example-file-2.jpg" ], "Quantity": 2 }, "CallerReference": "cli-example" }, "Id": "I2J0I21PCUYOIK", "CreateTime": "2019-12-05T18:40:49.413Z" } }-
For API details, see GetInvalidation
in AWS CLI Command Reference.
-
The following code example shows how to use get-public-key-config.
- AWS CLI
-
To get a CloudFront public key configuration
The following example gets metadata about the CloudFront public key with the ID
KDFB19YGCR002, including itsETag. The public key ID is returned in the create-public-key and list-public-keys commands.aws cloudfront get-public-key-config --idKDFB19YGCR002Output:
{ "ETag": "E2QWRUHEXAMPLE", "PublicKeyConfig": { "CallerReference": "cli-example", "Name": "ExampleKey", "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n", "Comment": "example public key" } }-
For API details, see GetPublicKeyConfig
in AWS CLI Command Reference.
-
The following code example shows how to use get-public-key.
- AWS CLI
-
To get a CloudFront public key
The following example gets the CloudFront public key with the ID
KDFB19YGCR002, including itsETag. The public key ID is returned in the create-public-key and list-public-keys commands.aws cloudfront get-public-key --idKDFB19YGCR002Output:
{ "ETag": "E2QWRUHEXAMPLE", "PublicKey": { "Id": "KDFB19YGCR002", "CreatedTime": "2019-12-05T18:51:43.781Z", "PublicKeyConfig": { "CallerReference": "cli-example", "Name": "ExampleKey", "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n", "Comment": "example public key" } } }-
For API details, see GetPublicKey
in AWS CLI Command Reference.
-
The following code example shows how to use list-cloud-front-origin-access-identities.
- AWS CLI
-
To list CloudFront origin access identities
The following example gets a list of the CloudFront origin access identities (OAIs) in your AWS account:
aws cloudfront list-cloud-front-origin-access-identitiesOutput:
{ "CloudFrontOriginAccessIdentityList": { "Items": [ { "Id": "E74FTE3AEXAMPLE", "S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE", "Comment": "Example OAI" }, { "Id": "EH1HDMBEXAMPLE", "S3CanonicalUserId": "1489f6f2e6faacaae7ff64c4c3e6956c24f78788abfc1718c3527c263bf7a17EXAMPLE", "Comment": "Test OAI" }, { "Id": "E2X2C9TEXAMPLE", "S3CanonicalUserId": "cbfeebb915a64749f9be546a45b3fcfd3a31c779673c13c4dd460911ae402c2EXAMPLE", "Comment": "Example OAI #2" } ] } }-
For API details, see ListCloudFrontOriginAccessIdentities
in AWS CLI Command Reference.
-
The following code example shows how to use list-distributions.
- AWS CLI
-
To list CloudFront distributions
The following example gets a list of the CloudFront distributions in your AWS account:
aws cloudfront list-distributionsOutput:
{ "DistributionList": { "Items": [ { "Id": "EMLARXS9EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE", "Status": "InProgress", "LastModifiedTime": "2019-11-22T00:55:15.705Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "awsexamplebucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } }, { "Id": "EDFDVBD6EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE", "Status": "InProgress", "LastModifiedTime": "2019-12-04T23:35:41.433Z", "InProgressInvalidationBatches": 0, "DomainName": "d930174dauwrn8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-example", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket1---s3.amazonaws.com.rproxy.goskope.com-cli-example", "DomainName": "awsexamplebucket1.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket1---s3.amazonaws.com.rproxy.goskope.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } }, { "Id": "E1X5IZQEXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/E1X5IZQEXAMPLE", "Status": "Deployed", "LastModifiedTime": "2019-11-06T21:31:48.864Z", "DomainName": "d2e04y12345678.cloudfront.net", "Aliases": { "Quantity": 0 }, "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket2", "DomainName": "awsexamplebucket2.s3.us-west-2.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket2", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "HTTP1_1", "IsIPV6Enabled": true } ] } }-
For API details, see ListDistributions
in AWS CLI Command Reference.
-
The following code example shows how to use list-field-level-encryption-configs.
- AWS CLI
-
To list CloudFront field-level encryption configurations
The following example gets a list of the CloudFront field-level encryption configurations in your AWS account:
aws cloudfront list-field-level-encryption-configsOutput:
{ "FieldLevelEncryptionList": { "MaxItems": 100, "Quantity": 1, "Items": [ { "Id": "C3KM2WVD605UAY", "LastModifiedTime": "2019-12-10T21:30:18.974Z", "Comment": "Example FLE configuration", "QueryArgProfileConfig": { "ForwardWhenQueryArgProfileIsUnknown": true, "QueryArgProfiles": { "Quantity": 0, "Items": [] } }, "ContentTypeProfileConfig": { "ForwardWhenContentTypeIsUnknown": true, "ContentTypeProfiles": { "Quantity": 1, "Items": [ { "Format": "URLEncoded", "ProfileId": "P280MFCLSYOCVU", "ContentType": "application/x-www-form-urlencoded" } ] } } } ] } }-
For API details, see ListFieldLevelEncryptionConfigs
in AWS CLI Command Reference.
-
The following code example shows how to use list-field-level-encryption-profiles.
- AWS CLI
-
To list CloudFront field-level encryption profiles
The following example gets a list of the CloudFront field-level encryption profiles in your AWS account:
aws cloudfront list-field-level-encryption-profilesOutput:
{ "FieldLevelEncryptionProfileList": { "MaxItems": 100, "Quantity": 2, "Items": [ { "Id": "P280MFCLSYOCVU", "LastModifiedTime": "2019-12-05T01:05:39.896Z", "Name": "ExampleFLEProfile", "EncryptionEntities": { "Quantity": 1, "Items": [ { "PublicKeyId": "K2K8NC4HVFE3M0", "ProviderId": "ExampleFLEProvider", "FieldPatterns": { "Quantity": 1, "Items": [ "ExampleSensitiveField" ] } } ] }, "Comment": "FLE profile for AWS CLI example" }, { "Id": "PPK0UOSIF5WSV", "LastModifiedTime": "2019-12-10T01:03:16.537Z", "Name": "ExampleFLEProfile2", "EncryptionEntities": { "Quantity": 1, "Items": [ { "PublicKeyId": "K2ABC10EXAMPLE", "ProviderId": "ExampleFLEProvider2", "FieldPatterns": { "Quantity": 1, "Items": [ "ExampleSensitiveField2" ] } } ] }, "Comment": "FLE profile #2 for AWS CLI example" } ] } }-
For API details, see ListFieldLevelEncryptionProfiles
in AWS CLI Command Reference.
-
The following code example shows how to use list-invalidations.
- AWS CLI
-
To list CloudFront invalidations
The following example gets a list of the invalidations for the CloudFront distribution with the ID
EDFDVBD6EXAMPLE:aws cloudfront list-invalidations --distribution-idEDFDVBD6EXAMPLEOutput:
{ "InvalidationList": { "Marker": "", "Items": [ { "Status": "Completed", "Id": "YNY2LI2BVJ4NJU", "CreateTime": "2019-08-31T21:15:52.042Z" } ], "IsTruncated": false, "MaxItems": 100, "Quantity": 1 } }-
For API details, see ListInvalidations
in AWS CLI Command Reference.
-
The following code example shows how to use list-public-keys.
- AWS CLI
-
To list CloudFront public keys
The following example gets a list of the CloudFront public keys in your AWS account:
aws cloudfront list-public-keysOutput:
{ "PublicKeyList": { "MaxItems": 100, "Quantity": 2, "Items": [ { "Id": "K2K8NC4HVFE3M0", "Name": "ExampleKey", "CreatedTime": "2019-12-05T01:04:28.818Z", "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n", "Comment": "example public key" }, { "Id": "K1S0LWQ2L5HTBU", "Name": "ExampleKey2", "CreatedTime": "2019-12-09T23:28:11.110Z", "EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOCAg88A8+f4dujn9Izt\n26LxtgAkn2opGgo/NKpMiaisyw5qlg3f1gol7FV6pYNl78iJg3EO8JBbwtlH+cR9\nLGSf60NDeVhm76Oc39Np/vWgOdsGQcRbi9WmKZeSODqjQGzVZWqPmito3FzWVk6b\nfVY5N36U/RdbVAJm95Km+qaMYlbIdF40t72bi3IkKYV5hlB2XoDjlQ9F6ajQKyTB\nMHa3SN8q+3ZjQ4sJJ7D1V6r4wR8jDcFVD5NckWJmmgIVnkOQM37NYeoDnkaOuTpu\nha/+3b8tOb2z3LBVHPkp85zJRAOXacSwf5rZtPYKBNFsixTa2n55k2r218mOkMC4\nUwIDAQAB\n-----END PUBLIC KEY-----", "Comment": "example public key #2" } ] } }-
For API details, see ListPublicKeys
in AWS CLI Command Reference.
-
The following code example shows how to use list-tags-for-resource.
- AWS CLI
-
To list tags for a CloudFront distribution
The following example gets a list of the tags for a CloudFront distribution:
aws cloudfront list-tags-for-resource \ --resourcearn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLEOutput:
{ "Tags": { "Items": [ { "Key": "DateCreated", "Value": "2019-12-04" }, { "Key": "Name", "Value": "Example name" }, { "Key": "Project", "Value": "Example project" } ] } }-
For API details, see ListTagsForResource
in AWS CLI Command Reference.
-
The following code example shows how to use sign.
- AWS CLI
-
To sign a CloudFront URL
The following example signs a CloudFront URL. To sign a URL, you need the key pair ID (called the Access Key ID in the AWS Management Console) and the private key of the trusted signer's CloudFront key pair. For more information about signed URLs, see Serving Private Content with Signed URLs and Signed Cookies in the Amazon CloudFront Developer Guide.
aws cloudfront sign \ --urlhttps://d111111abcdef8.cloudfront.net/private-content/private-file.html\ --key-pair-idAPKAEIBAERJR2EXAMPLE\ --private-keyfile://cf-signer-priv-key.pem\ --date-less-than2020-01-01Output:
https://d111111abcdef8.cloudfront.net/private-content/private-file.html?Expires=1577836800&Signature=nEXK7Kby47XKeZQKVc6pwkif6oZc-JWSpDkH0UH7EBGGqvgurkecCbgL5VfUAXyLQuJxFwRQWscz-owcq9KpmewCXrXQbPaJZNi9XSNwf4YKurPDQYaRQawKoeenH0GFteRf9ELK-Bs3nljTLjtbgzIUt7QJNKXcWr8AuUYikzGdJ4-qzx6WnxXfH~fxg4-GGl6l2kgCpXUB6Jx6K~Y3kpVOdzUPOIqFLHAnJojbhxqrVejomZZ2XrquDvNUCCIbePGnR3d24UPaLXG4FKOqNEaWDIBXu7jUUPwOyQCvpt-GNvjRJxqWf93uMobeMOiVYahb-e0KItiQewGcm0eLZQ__&Key-Pair-Id=APKAEIBAERJR2EXAMPLE-
For API details, see Sign
in AWS CLI Command Reference.
-
The following code example shows how to use tag-resource.
- AWS CLI
-
To tag a CloudFront distribution
The following
tag-resourceexample adds two tags to the specified CloudFront distribution.aws cloudfront tag-resource \ --resourcearn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE\ --tags 'Items=[{Key=Name,Value="Example name"},{Key=Project,Value="Example project"}]'Instead of using command line arguments, you can provide the tags in a JSON file, as shown in the following example:
aws cloudfront tag-resource \ --resourcearn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE\ --tagsfile://tags.jsonContents of
tags.json:{ "Items": [ { "Key": "Name", "Value": "Example name" }, { "Key": "Project", "Value": "Example project" } ] }This command produces no output.
-
For API details, see TagResource
in AWS CLI Command Reference.
-
The following code example shows how to use untag-resource.
- AWS CLI
-
To remove tags from a CloudFront distribution
The following example removes two tags from a CloudFront distribution by using command line arguments:
aws cloudfront untag-resource \ --resourcearn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE\ --tag-keysItems=Name,ProjectInstead of using command line arguments, you can provide the tag keys in a JSON file, as shown in the following example:
aws cloudfront untag-resource \ --resourcearn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE\ --tag-keysfile://tag-keys.jsonThe file
tag-keys.jsonis a JSON document in the current folder that contains the following:{ "Items": [ "Name", "Project" ] }When successful, this command has no output.
-
For API details, see UntagResource
in AWS CLI Command Reference.
-
The following code example shows how to use update-cloud-front-origin-access-identity.
- AWS CLI
-
To update a CloudFront origin access identity
The following example updates the origin access identity (OAI) with the ID
E74FTE3AEXAMPLE. The only field that you can update is the OAI'sComment.To update an OAI, you must have the OAI's ID and
ETag. The OAI ID is returned in the output of the create-cloud-front-origin-access-identity and list-cloud-front-origin-access-identities commands. To get theETag, use the get-cloud-front-origin-access-identity or get-cloud-front-origin-access-identity-config command. Use the--if-matchoption to provide the OAI'sETag.aws cloudfront update-cloud-front-origin-access-identity \ --idE74FTE3AEXAMPLE\ --if-matchE2QWRUHEXAMPLE\ --cloud-front-origin-access-identity-config \ CallerReference=cli-example,Comment="Example OAI Updated"You can accomplish the same thing by providing the OAI configuration in a JSON file, as shown in the following example:
aws cloudfront update-cloud-front-origin-access-identity \ --idE74FTE3AEXAMPLE\ --if-matchE2QWRUHEXAMPLE\ --cloud-front-origin-access-identity-configfile://OAI-config.jsonThe file
OAI-config.jsonis a JSON document in the current directory that contains the following:{ "CallerReference": "cli-example", "Comment": "Example OAI Updated" }Whether you provide the OAI configuration with a command line argument or a JSON file, the output is the same:
{ "ETag": "E9LHASXEXAMPLE", "CloudFrontOriginAccessIdentity": { "Id": "E74FTE3AEXAMPLE", "S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE", "CloudFrontOriginAccessIdentityConfig": { "CallerReference": "cli-example", "Comment": "Example OAI Updated" } } }-
For API details, see UpdateCloudFrontOriginAccessIdentity
in AWS CLI Command Reference.
-
The following code example shows how to use update-distribution.
- AWS CLI
-
To update a CloudFront distribution's default root object
The following example updates the default root object to
index.htmlfor the CloudFront distribution with the IDEDFDVBD6EXAMPLE:aws cloudfront update-distribution --idEDFDVBD6EXAMPLE\ --default-root-objectindex.htmlOutput:
{ "ETag": "E2QWRUHEXAMPLE", "Distribution": { "Id": "EDFDVBD6EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE", "Status": "InProgress", "LastModifiedTime": "2019-12-06T18:55:39.870Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "6b10378d-49be-4c4b-a642-419ccaf8f3b5", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "example-website", "DomainName": "www.example.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "CustomOriginConfig": { "HTTPPort": 80, "HTTPSPort": 443, "OriginProtocolPolicy": "match-viewer", "OriginSslProtocols": { "Quantity": 2, "Items": [ "SSLv3", "TLSv1" ] }, "OriginReadTimeout": 30, "OriginKeepaliveTimeout": 5 } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "example-website", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 1, "Items": [ "*" ] }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http1.1", "IsIPV6Enabled": true } } }To update a CloudFront distribution
The following example disables the CloudFront distribution with the ID
EMLARXS9EXAMPLEby providing the distribution configuration in a JSON file nameddist-config-disable.json. To update a distribution, you must use the--if-matchoption to provide the distribution'sETag. To get theETag, use the get-distribution or get-distribution-config command.After you use the following example to disable a distribution, you can use the delete-distribution command to delete it.
aws cloudfront update-distribution \ --idEMLARXS9EXAMPLE\ --if-matchE2QWRUHEXAMPLE\ --distribution-configfile://dist-config-disable.jsonThe file
dist-config-disable.jsonis a JSON document in the current folder that contains the following. Note that theEnabledfield is set tofalse:{ "CallerReference": "cli-1574382155-496510", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939", "DomainName": "awsexamplebucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": false, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true }Output:
{ "ETag": "E9LHASXEXAMPLE", "Distribution": { "Id": "EMLARXS9EXAMPLE", "ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE", "Status": "InProgress", "LastModifiedTime": "2019-12-06T18:32:35.553Z", "InProgressInvalidationBatches": 0, "DomainName": "d111111abcdef8.cloudfront.net", "ActiveTrustedSigners": { "Enabled": false, "Quantity": 0 }, "DistributionConfig": { "CallerReference": "cli-1574382155-496510", "Aliases": { "Quantity": 0 }, "DefaultRootObject": "index.html", "Origins": { "Quantity": 1, "Items": [ { "Id": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939", "DomainName": "awsexamplebucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] }, "OriginGroups": { "Quantity": 0 }, "DefaultCacheBehavior": { "TargetOriginId": "awsexamplebucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939", "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" }, "Headers": { "Quantity": 0 }, "QueryStringCacheKeys": { "Quantity": 0 } }, "TrustedSigners": { "Enabled": false, "Quantity": 0 }, "ViewerProtocolPolicy": "allow-all", "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ], "CachedMethods": { "Quantity": 2, "Items": [ "HEAD", "GET" ] } }, "SmoothStreaming": false, "DefaultTTL": 86400, "MaxTTL": 31536000, "Compress": false, "LambdaFunctionAssociations": { "Quantity": 0 }, "FieldLevelEncryptionId": "" }, "CacheBehaviors": { "Quantity": 0 }, "CustomErrorResponses": { "Quantity": 0 }, "Comment": "", "Logging": { "Enabled": false, "IncludeCookies": false, "Bucket": "", "Prefix": "" }, "PriceClass": "PriceClass_All", "Enabled": false, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, "Restrictions": { "GeoRestriction": { "RestrictionType": "none", "Quantity": 0 } }, "WebACLId": "", "HttpVersion": "http2", "IsIPV6Enabled": true } } }-
For API details, see UpdateDistribution
in AWS CLI Command Reference.
-
The following code example shows how to use update-field-level-encryption-config.
- AWS CLI
-
To update a CloudFront field-level encryption configuration
The following example updates the
Commentfield of the field-level encryption configuration with the IDC3KM2WVD605UAYby providing the parameters in a JSON file.To update a field-level encryption configuration, you must have the configuration's ID and
ETag. The ID is returned in the output of the create-field-level-encryption-config and list-field-level-encryption-configs commands. To get theETag, use the get-field-level-encryption or get-field-level-encryption-config command. Use the--if-matchoption to provide the configuration'sETag.aws cloudfront update-field-level-encryption-config \ --idC3KM2WVD605UAY\ --if-matchE2P4Z4VU7TY5SG\ --field-level-encryption-configfile://fle-config.jsonThe file
fle-config.jsonis a JSON document in the current directory that contains the following:{ "CallerReference": "cli-example", "Comment": "Updated example FLE configuration", "QueryArgProfileConfig": { "ForwardWhenQueryArgProfileIsUnknown": true, "QueryArgProfiles": { "Quantity": 0 } }, "ContentTypeProfileConfig": { "ForwardWhenContentTypeIsUnknown": true, "ContentTypeProfiles": { "Quantity": 1, "Items": [ { "Format": "URLEncoded", "ProfileId": "P280MFCLSYOCVU", "ContentType": "application/x-www-form-urlencoded" } ] } } }Output:
{ "ETag": "E26M4BIAV81ZF6", "FieldLevelEncryption": { "Id": "C3KM2WVD605UAY", "LastModifiedTime": "2019-12-10T22:26:26.170Z", "FieldLevelEncryptionConfig": { "CallerReference": "cli-example", "Comment": "Updated example FLE configuration", "QueryArgProfileConfig": { "ForwardWhenQueryArgProfileIsUnknown": true, "QueryArgProfiles": { "Quantity": 0, "Items": [] } }, "ContentTypeProfileConfig": { "ForwardWhenContentTypeIsUnknown": true, "ContentTypeProfiles": { "Quantity": 1, "Items": [ { "Format": "URLEncoded", "ProfileId": "P280MFCLSYOCVU", "ContentType": "application/x-www-form-urlencoded" } ] } } } } }-
For API details, see UpdateFieldLevelEncryptionConfig
in AWS CLI Command Reference.
-
The following code example shows how to use update-field-level-encryption-profile.
- AWS CLI
-
To update a CloudFront field-level encryption profile
The following example updates the field-level encryption profile with the ID
PPK0UOSIF5WSV. This example updates the profile'sNameandComment, and adds a secondFieldPatternsitem, by providing the parameters in a JSON file.To update a field-level encryption profile, you must have the profile's ID and
ETag. The ID is returned in the output of the create-field-level-encryption-profile and list-field-level-encryption-profiles commands. To get theETag, use the get-field-level-encryption-profile or get-field-level-encryption-profile-config command. Use the--if-matchoption to provide the profile'sETag.aws cloudfront update-field-level-encryption-profile \ --idPPK0UOSIF5WSV\ --if-matchE1QQG65FS2L2GC\ --field-level-encryption-profile-configfile://fle-profile-config.jsonThe file
fle-profile-config.jsonis a JSON document in the current directory that contains the following:{ "Name": "ExampleFLEProfileUpdated", "CallerReference": "cli-example", "Comment": "Updated FLE profile for AWS CLI example", "EncryptionEntities": { "Quantity": 1, "Items": [ { "PublicKeyId": "K2K8NC4HVFE3M0", "ProviderId": "ExampleFLEProvider", "FieldPatterns": { "Quantity": 2, "Items": [ "ExampleSensitiveField", "SecondExampleSensitiveField" ] } } ] } }Output:
{ "ETag": "EJETYFJ9CL66D", "FieldLevelEncryptionProfile": { "Id": "PPK0UOSIF5WSV", "LastModifiedTime": "2019-12-10T19:05:58.296Z", "FieldLevelEncryptionProfileConfig": { "Name": "ExampleFLEProfileUpdated", "CallerReference": "cli-example", "Comment": "Updated FLE profile for AWS CLI example", "EncryptionEntities": { "Quantity": 1, "Items": [ { "PublicKeyId": "K2K8NC4HVFE3M0", "ProviderId": "ExampleFLEProvider", "FieldPatterns": { "Quantity": 2, "Items": [ "ExampleSensitiveField", "SecondExampleSensitiveField" ] } } ] } } } }-
For API details, see UpdateFieldLevelEncryptionProfile
in AWS CLI Command Reference.
-
