# Amazon CloudFront 模板代码段
在 CloudFormation 中,可以将这些示例模板代码段用于 Amazon CloudFront 分发资源。有关更多信息,请参阅 [Amazon CloudFront resource type reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/AWS_CloudFront.html)。
**Topics**
+ [具有 Amazon S3 源的 Amazon CloudFront 分布资源](#scenario-cloudfront-s3origin)
+ [带自定义源的 Amazon CloudFront 分配资源](#scenario-cloudfront-customorigin)
+ [具有多源支持的 Amazon CloudFront 分配](#scenario-cloudfront-multiorigin)
+ [以 Lambda 函数为源的 Amazon CloudFront 分发](#scenario-cloudfront-lambda-origin)
+ [另请参阅](#w2aac11c41c27c15)
## 具有 Amazon S3 源的 Amazon CloudFront 分布资源
以下示例模板显示使用 [S3Origin](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-s3originconfig.html) 的 Amazon CloudFront [分发](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-distribution.html)和旧式来源访问身份(OAI)。有关改用来源访问控制(OAC)的信息,请参阅《Amazon CloudFront 开发人员指南**》中的[限制对 Amazon Simple Storage Service 源的访问](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html)。
### JSON
```
1. {
2. "AWSTemplateFormatVersion" : "2010-09-09",
3. "Resources" : {
4. "myDistribution" : {
5. "Type" : "AWS::CloudFront::Distribution",
6. "Properties" : {
7. "DistributionConfig" : {
8. "Origins" : [ {
9. "DomainName" : "amzn-s3-demo-bucket.s3.amazonaws.com",
10. "Id" : "myS3Origin",
11. "S3OriginConfig" : {
12. "OriginAccessIdentity" : "origin-access-identity/cloudfront/E127EXAMPLE51Z"
13. }
14. }],
15. "Enabled" : "true",
16. "Comment" : "Some comment",
17. "DefaultRootObject" : "index.html",
18. "Logging" : {
19. "IncludeCookies" : "false",
20. "Bucket" : "amzn-s3-demo-logging-bucket.s3.amazonaws.com",
21. "Prefix" : "myprefix"
22. },
23. "Aliases" : [ "mysite.example.com", "yoursite.example.com" ],
24. "DefaultCacheBehavior" : {
25. "AllowedMethods" : [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ],
26. "TargetOriginId" : "myS3Origin",
27. "ForwardedValues" : {
28. "QueryString" : "false",
29. "Cookies" : { "Forward" : "none" }
30. },
31. "TrustedSigners" : [ "1234567890EX", "1234567891EX" ],
32. "ViewerProtocolPolicy" : "allow-all"
33. },
34. "PriceClass" : "PriceClass_200",
35. "Restrictions" : {
36. "GeoRestriction" : {
37. "RestrictionType" : "whitelist",
38. "Locations" : [ "AQ", "CV" ]
39. }
40. },
41. "ViewerCertificate" : { "CloudFrontDefaultCertificate" : "true" }
42. }
43. }
44. }
45. }
46. }
```
### YAML
```
1. AWSTemplateFormatVersion: '2010-09-09'
2. Resources:
3. myDistribution:
4. Type: AWS::CloudFront::Distribution
5. Properties:
6. DistributionConfig:
7. Origins:
8. - DomainName: amzn-s3-demo-bucket.s3.amazonaws.com
9. Id: myS3Origin
10. S3OriginConfig:
11. OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z
12. Enabled: 'true'
13. Comment: Some comment
14. DefaultRootObject: index.html
15. Logging:
16. IncludeCookies: 'false'
17. Bucket: amzn-s3-demo-logging-bucket.s3.amazonaws.com
18. Prefix: myprefix
19. Aliases:
20. - mysite.example.com
21. - yoursite.example.com
22. DefaultCacheBehavior:
23. AllowedMethods:
24. - DELETE
25. - GET
26. - HEAD
27. - OPTIONS
28. - PATCH
29. - POST
30. - PUT
31. TargetOriginId: myS3Origin
32. ForwardedValues:
33. QueryString: 'false'
34. Cookies:
35. Forward: none
36. TrustedSigners:
37. - 1234567890EX
38. - 1234567891EX
39. ViewerProtocolPolicy: allow-all
40. PriceClass: PriceClass_200
41. Restrictions:
42. GeoRestriction:
43. RestrictionType: whitelist
44. Locations:
45. - AQ
46. - CV
47. ViewerCertificate:
48. CloudFrontDefaultCertificate: 'true'
```
## 带自定义源的 Amazon CloudFront 分配资源
以下示例模板显示使用 [CustomOrigin](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-customoriginconfig.html) 的 Amazon CloudFront [分发](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-distribution.html)。
### JSON
```
1. {
2. "AWSTemplateFormatVersion" : "2010-09-09",
3. "Resources" : {
4. "myDistribution" : {
5. "Type" : "AWS::CloudFront::Distribution",
6. "Properties" : {
7. "DistributionConfig" : {
8. "Origins" : [ {
9. "DomainName" : "www.example.com",
10. "Id" : "myCustomOrigin",
11. "CustomOriginConfig" : {
12. "HTTPPort" : "80",
13. "HTTPSPort" : "443",
14. "OriginProtocolPolicy" : "http-only"
15. }
16. } ],
17. "Enabled" : "true",
18. "Comment" : "Somecomment",
19. "DefaultRootObject" : "index.html",
20. "Logging" : {
21. "IncludeCookies" : "true",
22. "Bucket" : "amzn-s3-demo-logging-bucket.s3.amazonaws.com",
23. "Prefix": "myprefix"
24. },
25. "Aliases" : [
26. "mysite.example.com",
27. "*.yoursite.example.com"
28. ],
29. "DefaultCacheBehavior" : {
30. "TargetOriginId" : "myCustomOrigin",
31. "SmoothStreaming" : "false",
32. "ForwardedValues" : {
33. "QueryString" : "false",
34. "Cookies" : { "Forward" : "all" }
35. },
36. "TrustedSigners" : [
37. "1234567890EX",
38. "1234567891EX"
39. ],
40. "ViewerProtocolPolicy" : "allow-all"
41. },
42. "CustomErrorResponses" : [ {
43. "ErrorCode" : "404",
44. "ResponsePagePath" : "/error-pages/404.html",
45. "ResponseCode" : "200",
46. "ErrorCachingMinTTL" : "30"
47. } ],
48. "PriceClass" : "PriceClass_200",
49. "Restrictions" : {
50. "GeoRestriction" : {
51. "RestrictionType" : "whitelist",
52. "Locations" : [ "AQ", "CV" ]
53. }
54. },
55. "ViewerCertificate": { "CloudFrontDefaultCertificate" : "true" }
56. }
57. }
58. }
59. }
60. }
```
### YAML
```
1. AWSTemplateFormatVersion: '2010-09-09'
2. Resources:
3. myDistribution:
4. Type: AWS::CloudFront::Distribution
5. Properties:
6. DistributionConfig:
7. Origins:
8. - DomainName: www.example.com
9. Id: myCustomOrigin
10. CustomOriginConfig:
11. HTTPPort: '80'
12. HTTPSPort: '443'
13. OriginProtocolPolicy: http-only
14. Enabled: 'true'
15. Comment: Somecomment
16. DefaultRootObject: index.html
17. Logging:
18. IncludeCookies: 'true'
19. Bucket: amzn-s3-demo-logging-bucket.s3.amazonaws.com
20. Prefix: myprefix
21. Aliases:
22. - mysite.example.com
23. - "*.yoursite.example.com"
24. DefaultCacheBehavior:
25. TargetOriginId: myCustomOrigin
26. SmoothStreaming: 'false'
27. ForwardedValues:
28. QueryString: 'false'
29. Cookies:
30. Forward: all
31. TrustedSigners:
32. - 1234567890EX
33. - 1234567891EX
34. ViewerProtocolPolicy: allow-all
35. CustomErrorResponses:
36. - ErrorCode: '404'
37. ResponsePagePath: "/error-pages/404.html"
38. ResponseCode: '200'
39. ErrorCachingMinTTL: '30'
40. PriceClass: PriceClass_200
41. Restrictions:
42. GeoRestriction:
43. RestrictionType: whitelist
44. Locations:
45. - AQ
46. - CV
47. ViewerCertificate:
48. CloudFrontDefaultCertificate: 'true'
```
## 具有多源支持的 Amazon CloudFront 分配
以下示例模板演示如何声明带多源支持的 CloudFront [分配](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-cloudfront-distribution.html)。在 [DistributionConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-distributionconfig.html) 中,提供了源列表,并且设置了 [DefaultCacheBehavior](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-properties-cloudfront-distribution-defaultcachebehavior.html)。
### JSON
```
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Resources" : {
"myDistribution" : {
"Type" : "AWS::CloudFront::Distribution",
"Properties" : {
"DistributionConfig" : {
"Origins" : [ {
"Id" : "myS3Origin",
"DomainName" : "amzn-s3-demo-bucket.s3.amazonaws.com",
"S3OriginConfig" : {
"OriginAccessIdentity" : "origin-access-identity/cloudfront/E127EXAMPLE51Z"
}
},
{
"Id" : "myCustomOrigin",
"DomainName" : "www.example.com",
"CustomOriginConfig" : {
"HTTPPort" : "80",
"HTTPSPort" : "443",
"OriginProtocolPolicy" : "http-only"
}
}
],
"Enabled" : "true",
"Comment" : "Some comment",
"DefaultRootObject" : "index.html",
"Logging" : {
"IncludeCookies" : "true",
"Bucket" : "amzn-s3-demo-logging-bucket.s3.amazonaws.com",
"Prefix" : "myprefix"
},
"Aliases" : [ "mysite.example.com", "yoursite.example.com" ],
"DefaultCacheBehavior" : {
"TargetOriginId" : "myS3Origin",
"ForwardedValues" : {
"QueryString" : "false",
"Cookies" : { "Forward" : "all" }
},
"TrustedSigners" : [ "1234567890EX", "1234567891EX" ],
"ViewerProtocolPolicy" : "allow-all",
"MinTTL" : "100",
"SmoothStreaming" : "true"
},
"CacheBehaviors" : [ {
"AllowedMethods" : [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ],
"TargetOriginId" : "myS3Origin",
"ForwardedValues" : {
"QueryString" : "true",
"Cookies" : { "Forward" : "none" }
},
"TrustedSigners" : [ "1234567890EX", "1234567891EX" ],
"ViewerProtocolPolicy" : "allow-all",
"MinTTL" : "50",
"PathPattern" : "images1/*.jpg"
},
{
"AllowedMethods" : [ "DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT" ],
"TargetOriginId" : "myCustomOrigin",
"ForwardedValues" : {
"QueryString" : "true",
"Cookies" : { "Forward" : "none" }
},
"TrustedSigners" : [ "1234567890EX", "1234567891EX" ],
"ViewerProtocolPolicy" : "allow-all",
"MinTTL" : "50",
"PathPattern" : "images2/*.jpg"
}
],
"CustomErrorResponses" : [ {
"ErrorCode" : "404",
"ResponsePagePath" : "/error-pages/404.html",
"ResponseCode" : "200",
"ErrorCachingMinTTL" : "30"
} ],
"PriceClass" : "PriceClass_All",
"ViewerCertificate" : { "CloudFrontDefaultCertificate" : "true" }
}
}
}
}
}
```
### YAML
```
AWSTemplateFormatVersion: '2010-09-09'
Resources:
myDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
Origins:
- Id: myS3Origin
DomainName: amzn-s3-demo-bucket.s3.amazonaws.com
S3OriginConfig:
OriginAccessIdentity: origin-access-identity/cloudfront/E127EXAMPLE51Z
- Id: myCustomOrigin
DomainName: www.example.com
CustomOriginConfig:
HTTPPort: '80'
HTTPSPort: '443'
OriginProtocolPolicy: http-only
Enabled: 'true'
Comment: Some comment
DefaultRootObject: index.html
Logging:
IncludeCookies: 'true'
Bucket: amzn-s3-demo-logging-bucket.s3.amazonaws.com
Prefix: myprefix
Aliases:
- mysite.example.com
- yoursite.example.com
DefaultCacheBehavior:
TargetOriginId: myS3Origin
ForwardedValues:
QueryString: 'false'
Cookies:
Forward: all
TrustedSigners:
- 1234567890EX
- 1234567891EX
ViewerProtocolPolicy: allow-all
MinTTL: '100'
SmoothStreaming: 'true'
CacheBehaviors:
- AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
TargetOriginId: myS3Origin
ForwardedValues:
QueryString: 'true'
Cookies:
Forward: none
TrustedSigners:
- 1234567890EX
- 1234567891EX
ViewerProtocolPolicy: allow-all
MinTTL: '50'
PathPattern: images1/*.jpg
- AllowedMethods:
- DELETE
- GET
- HEAD
- OPTIONS
- PATCH
- POST
- PUT
TargetOriginId: myCustomOrigin
ForwardedValues:
QueryString: 'true'
Cookies:
Forward: none
TrustedSigners:
- 1234567890EX
- 1234567891EX
ViewerProtocolPolicy: allow-all
MinTTL: '50'
PathPattern: images2/*.jpg
CustomErrorResponses:
- ErrorCode: '404'
ResponsePagePath: "/error-pages/404.html"
ResponseCode: '200'
ErrorCachingMinTTL: '30'
PriceClass: PriceClass_All
ViewerCertificate:
CloudFrontDefaultCertificate: 'true'
```
## 以 Lambda 函数为源的 Amazon CloudFront 分发
以下示例创建了一个前端为指定的 Lambda 函数 URL(作为参数提供)的 CloudFront 分发,启用了仅限 HTTPS 访问、缓存、压缩和全球交付。此示例将 Lambda URL 配置为自定义 HTTPS 来源,并且应用标准 AWS 缓存策略。该分发针对性能进行了优化,支持 HTTP/2 和 IPv6,输出 CloudFront 域名,允许用户通过 CDN 支持的安全端点访问 Lambda 函数。有关更多信息,请参阅 AWS 博客上的 [Using Amazon CloudFront with AWS Lambda as origin to accelerate your web applications](https://aws.amazon.com/blogs/networking-and-content-delivery/using-amazon-cloudfront-with-aws-lambda-as-origin-to-accelerate-your-web-applications/)。
### JSON
```
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"LambdaEndpoint": {
"Type": "String",
"Description": "The Lambda function URL endpoint without the 'https://'"
}
},
"Resources": {
"MyDistribution": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"PriceClass": "PriceClass_All",
"HttpVersion": "http2",
"IPV6Enabled": true,
"Origins": [
{
"DomainName": {
"Ref": "LambdaEndpoint"
},
"Id": "LambdaOrigin",
"CustomOriginConfig": {
"HTTPSPort": 443,
"OriginProtocolPolicy": "https-only"
}
}
],
"Enabled": "true",
"DefaultCacheBehavior": {
"TargetOriginId": "LambdaOrigin",
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"ViewerProtocolPolicy": "redirect-to-https",
"SmoothStreaming": "false",
"Compress": "true"
}
}
}
}
},
"Outputs": {
"CloudFrontDomain": {
"Description": "CloudFront default domain name configured",
"Value": {
"Fn::Sub": "https://${MyDistribution.DomainName}/"
}
}
}
}
```
### YAML
```
AWSTemplateFormatVersion: 2010-09-09
Parameters:
LambdaEndpoint:
Type: String
Description: The Lambda function URL endpoint without the 'https://'
Resources:
MyDistribution:
Type: AWS::CloudFront::Distribution
Properties:
DistributionConfig:
PriceClass: PriceClass_All
HttpVersion: http2
IPV6Enabled: true
Origins:
- DomainName: !Ref LambdaEndpoint
Id: LambdaOrigin
CustomOriginConfig:
HTTPSPort: 443
OriginProtocolPolicy: https-only
Enabled: 'true'
DefaultCacheBehavior:
TargetOriginId: LambdaOrigin
CachePolicyId: '658327ea-f89d-4fab-a63d-7e88639e58f6'
ViewerProtocolPolicy: redirect-to-https
SmoothStreaming: 'false'
Compress: 'true'
Outputs:
CloudFrontDomain:
Description: CloudFront default domain name configured
Value: !Sub https://${MyDistribution.DomainName}/
```
## 另请参阅
有关向 Route 53 记录添加自定义别名以便更好地为 CloudFront 分发命名的示例,请参阅 [CloudFront 分配的别名资源记录集](quickref-route53.md#scenario-user-friendly-url-for-cloudfront-distribution)。