# 使用 AWS CLI 的 CloudFront 示例
以下代码示例演示如何通过将 AWS Command Line Interface与 CloudFront 结合使用,来执行操作和实现常见场景。
*操作是大型程序的代码摘录*,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
每个示例都包含一个指向完整源代码的链接,您可以从中找到有关如何在上下文中设置和运行代码的说明。
**Topics**
+ [操作](#actions)
## 操作
### `associate-distribution-tenant-web-acl`
以下代码示例演示了如何使用 `associate-distribution-tenant-web-acl`。
**AWS CLI**
**将 Web ACL 与 CloudFront 分配租户关联**
以下 `associate-distribution-tenant-web-acl` 示例将 Web ACL 与具有 ETag `E13V1IB3VIYABC` 的 CloudFront 分配关联。
```
aws cloudfront associate-distribution-tenant-web-acl \
--id dt_2wjDZi3hD1ivOXf6rpZJO1AB \
--if-match E13V1IB3VIYABC \
--web-acl-arn arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f37123ABC
```
输出:
```
{
"ETag": "E1VC38T7YXBABC",
"Id": "dt_2wjDZi3hD1ivOXf6rpZJO1AB",
"WebACLArn": "arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f37123ABC"
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[使用 AWS WAF 保护功能](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AssociateDistributionTenantWebAcl](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/associate-distribution-tenant-web-acl.html)。
### `associate-distribution-web-acl`
以下代码示例演示了如何使用 `associate-distribution-web-acl`。
**AWS CLI**
**将 Web ACL 与 CloudFront 分配关联**
以下 `associate-distribution-web-acl` 示例将 Web ACL 与 CloudFront 分配关联。
```
aws cloudfront associate-distribution-web-acl \
--id E1XNX8R2GOAABC \
--if-match E2YWS1C2J3OABC \
--web-acl-arn arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f3746cABC
```
输出:
```
{
"ETag": "E3QE7ED60U0ABC",
"Id": "E1XNX8R2GOAABC",
"WebACLArn": "arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f3746cABC"
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[使用 AWS WAF 保护功能](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [AssociateDistributionWebAcl](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/associate-distribution-web-acl.html)。
### `create-cloud-front-origin-access-identity`
以下代码示例演示了如何使用 `create-cloud-front-origin-access-identity`。
**AWS CLI**
**创建 CloudFront 来源访问身份**
以下示例通过将 OAI 配置作为命令行参数来创建 CloudFront 来源访问身份(OAI):
```
aws cloudfront create-cloud-front-origin-access-identity \
--cloud-front-origin-access-identity-config \
CallerReference="cli-example",Comment="Example OAI"
```
您可以通过在 JSON 文件中提供 OAI 配置来完成同样的事情,如以下示例所示:
```
aws cloudfront create-cloud-front-origin-access-identity \
--cloud-front-origin-access-identity-config file://OAI-config.json
```
文件 `OAI-config.json` 是当前目录中包含以下内容的 JSON 文档:
```
{
"CallerReference": "cli-example",
"Comment": "Example OAI"
}
```
无论您使用命令行参数还是 JSON 文件提供 OAI 配置,输出都相同:
```
{
"Location": "https://cloudfront.amazonaws.com/2019-03-26/origin-access-identity/cloudfront/E74FTE3AEXAMPLE",
"ETag": "E2QWRUHEXAMPLE",
"CloudFrontOriginAccessIdentity": {
"Id": "E74FTE3AEXAMPLE",
"S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE",
"CloudFrontOriginAccessIdentityConfig": {
"CallerReference": "cli-example",
"Comment": "Example OAI"
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateCloudFrontOriginAccessIdentity](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-cloud-front-origin-access-identity.html)。
### `create-connection-group`
以下代码示例演示了如何使用 `create-connection-group`。
**AWS CLI**
**在 CloudFront 中创建连接组**
以下 `create-connection-group` 示例创建一个启用的连接组,指定任播静态 IP 列表,并禁用 IPv6。
```
aws cloudfront create-connection-group \
--name cg-with-anycast-ip-list \
--no-ipv6-enabled \
--enabled \
--anycast-ip-list-id aip_CCkW6gKrDiBD4n78123ABC \
--tags "Items=[{Key=abc,Value=123}]"
```
输出:
```
{
"ETag": "E23ZP02F085ABC",
"ConnectionGroup": {
"Id": "cg_2yb6uj74B4PCbfhT31WFdiSABC",
"Name": "cg-with-anycast-ip-list",
"Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2yb6uj74B4PCbfhT31WFdiSABC",
"CreatedTime": "2025-06-16T16:25:50.061000+00:00",
"LastModifiedTime": "2025-06-16T16:25:50.061000+00:00",
"Tags": {
"Items": [
{
"Key": "abc",
"Value": "123"
}
]
},
"Ipv6Enabled": false,
"RoutingEndpoint": "dj6xusxq65abc.cloudfront.net",
"AnycastIpListId": "aip_CCkW6gKrDiBD4n78123ABC",
"Status": "InProgress",
"Enabled": true,
"IsDefault": false
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[创建自定义连接组(可选)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-connection-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [CreateConnectionGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-connection-group.html)。
### `create-distribution-tenant`
以下代码示例演示了如何使用 `create-distribution-tenant`。
**AWS CLI**
**示例 1:创建使用自定义证书的 CloudFront 分配租户**
以下 `create-distribution-tenant` 示例创建一个 CloudFront 分配租户,该租户指定用于禁用 WAF、添加地理限制和使用其它 TLS 证书的自定义项。
```
aws cloudfront create-distribution-tenant \
--cli-input-json file://tenant.json
```
的内容`tenant.json`:
```
{
"DistributionId": "E1XNX8R2GOAABC",
"Domains": [
{
"Domain": "example.com"
}
],
"Parameters": [
{
"Name": "testParam",
"Value": "defaultValue"
}
],
"ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC",
"Enabled": false,
"Tags": {
"Items": [
{
"Key": "tag",
"Value": "tagValue"
}
]
},
"Name": "new-tenant-customizations",
"Customizations": {
"GeoRestrictions": {
"Locations": ["DE"],
"RestrictionType": "whitelist"
},
"WebAcl": {
"Action": "disable"
},
"Certificate": {
"Arn": "arn:aws:acm:us-east-1:123456789012:certificate/ec53f564-ea5a-4e4a-a0a2-e3c989449abc"
}
}
}
```
输出:
```
{
"ETag": "E23ZP02F085ABC",
"DistributionTenant": {
"Id": "dt_2yN5tYwVbPKr7m2IB69M1yp1AB",
"DistributionId": "E1XNX8R2GOAABC",
"Name": "new-tenant-customizations",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2yN5tYwVbPKr7m2IB69M1yp1AB",
"Domains": [
{
"Domain": "example.com",
"Status": "active"
}
],
"Tags": {
"Items": [
{
"Key": "tag",
"Value": "tagValue"
}
]
},
"Customizations": {
"WebAcl": {
"Action": "disable"
},
"Certificate": {
"Arn": "arn:aws:acm:us-east-1:123456789012:certificate/ec53f564-ea5a-4e4a-a0a2-e3c989449abc"
},
"GeoRestrictions": {
"RestrictionType": "whitelist",
"Locations": [
"DE"
]
}
},
"Parameters": [
{
"Name": "testParam",
"Value": "defaultValue"
}
],
"ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC",
"CreatedTime": "2025-06-11T17:20:06.432000+00:00",
"LastModifiedTime": "2025-06-11T17:20:06.432000+00:00",
"Enabled": false,
"Status": "InProgress"
}
}
```
**示例 2:使用继承的证书创建分配租户**
以下 `create-distribution-tenant` 示例创建一个分配租户,并指定从多租户分配继承的 TLS 证书。
```
aws cloudfront create-distribution-tenant \
--cli-input-json file://tenant.json
```
的内容`tenant.json`:
```
{
"DistributionId": "E1HVIAU7U12ABC",
"Domains": [
{
"Domain": "example.com"
}
],
"Parameters": [
{
"Name": "tenantName",
"Value": "first-tenant"
}
],
"Enabled": true,
"Name": "new-tenant-no-cert"
}
```
输出:
```
{
"ETag": "E23ZP02F0ABC",
"DistributionTenant": {
"Id": "dt_2zhRB0vBe0B72LZCVy1mgzI1AB",
"DistributionId": "E1HVIAU7U12ABC",
"Name": "new-tenant-no-cert",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2zhRB0vBe0B72LZCVy1mgzI1AB",
"Domains": [
{
"Domain": "example.com",
"Status": "active"
}
],
"Parameters": [
{
"Name": "tenantName",
"Value": "first-tenant"
}
],
"ConnectionGroupId": "cg_2yQEwpipGFN0hhA0ZemPabOABC",
"CreatedTime": "2025-07-10T20:59:38.414000+00:00",
"LastModifiedTime": "2025-07-10T20:59:38.414000+00:00",
"Enabled": true,
"Status": "InProgress"
}
}
```
**示例 3:使用 CloudFront 托管的验证令牌创建 CloudFront 分配租户**
以下 `create-distribution-tenant` 示例创建一个分配租户,并为域名使用 CloudFront 托管的验证令牌。
```
aws cloudfront create-distribution-tenant \
--cli-input-json file://tenant.json
```
的内容`tenant.json`:
```
{
"DistributionId": "E2GJ5J9QN12ABC",
"Domains": [
{
"Domain": "example.com"
}
],
"Parameters": [
{
"Name": "tenantName",
"Value": "first-tenant"
}
],
"ConnectionGroupId": "cg_2yQEwpipGFN0hhA0ZemPabOABC",
"Enabled": true,
"Name": "new-tenant-cf-hosted",
"ManagedCertificateRequest": {
"ValidationTokenHost": "cloudfront"
}
}
```
**重要:**要成功运行此命令,必须配置 CNAME DNS 记录,该记录将新域(example.com)指向与分配租户关联的连接组的路由端点。在 CloudFront 成功完成此请求之前,还必须传播此 CNAME 记录。
输出:
```
{
"ETag": "E23ZP02F0ABC",
"DistributionTenant": {
"Id": "dt_2zhStKrA524GvvTWJX92Ozl1AB",
"DistributionId": "E2GJ5J9QN12ABC",
"Name": "new-tenant-cf-hosted",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2zhStKrA524GvvTWJX92Ozl1AB",
"Domains": [
{
"Domain": "example.com",
"Status": "inactive"
}
],
"Parameters": [
{
"Name": "tenantName",
"Value": "first-tenant"
}
],
"ConnectionGroupId": "cg_2zhSaGatwwXjTjE42nneZzqABC",
"CreatedTime": "2025-07-10T21:13:46.416000+00:00",
"LastModifiedTime": "2025-07-10T21:13:46.416000+00:00",
"Enabled": true,
"Status": "InProgress"
}
}
```
**示例 4:使用自托管的验证令牌创建 CloudFront 分配租户**
以下 `create-distribution-tenant` 示例创建一个 CloudFront 分配租户并使用自托管的验证令牌。
```
aws cloudfront create-distribution-tenant \
--cli-input-json file://tenant.json
```
的内容`tenant.json`:
```
{
"DistributionId": "E2GJ5J9QN12ABC",
"Domains": [
{
"Domain": "example.com"
}
],
"Parameters": [
{
"Name": "tenantName",
"Value": "first-tenant"
}
],
"Enabled": true,
"Name": "new-tenant-self-hosted",
"ManagedCertificateRequest": {
"ValidationTokenHost": "self-hosted"
}
}
```
输出:
```
{
"ETag": "E23ZP02F0ABC",
"DistributionTenant": {
"Id": "dt_2zhTFBV93OfFJJ3YMdNM5BC1AB",
"DistributionId": "E2GJ5J9QN12ABC",
"Name": "new-tenant-self-hosted",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2zhTFBV93OfFJJ3YMdNM5BC1AB",
"Domains": [
{
"Domain": "example.com",
"Status": "inactive"
}
],
"Parameters": [
{
"Name": "tenantName",
"Value": "first-tenant"
}
],
"ConnectionGroupId": "cg_2yQEwpipGFN0hhA0ZemPabOABC",
"CreatedTime": "2025-07-10T21:16:39.828000+00:00",
"LastModifiedTime": "2025-07-10T21:16:39.828000+00:00",
"Enabled": true,
"Status": "InProgress"
}
}
```
**重要:**运行此命令后,将在不进行验证的情况下创建分配租户。要在准备好开始接收流量时验证托管式证书请求并配置 DNS,请参阅《Amazon CloudFront 开发人员指南》**中的[完成域设置](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html#complete-domain-ownership)。
有关创建分配租户的更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[创建分配](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-creating-console.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [CreateDistributionTenant](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-distribution-tenant.html)。
### `create-distribution-with-tags`
以下代码示例演示了如何使用 `create-distribution-with-tags`。
**AWS CLI**
**创建带有标签的 CloudFront 分配**
以下 `create-distribution-with-tags` 示例通过在名为 `dist-config-with-tags.json` 的 JSON 文件中提供分配配置和标签来创建带两个标签的分配。
```
aws cloudfront create-distribution-with-tags \
--distribution-config-with-tags file://dist-config-with-tags.json
```
文件 `dist-config-with-tags.json` 是当前文件夹中的 JSON 文档。请注意文件顶部的 `Tags` 对象,其中包含两个标签:
`Name = ExampleDistribution``Project = ExampleProject`
的内容`dist-config-with-tags.json`:
```
{
"Tags": {
"Items": [
{
"Key": "Name",
"Value": "ExampleDistribution"
},
{
"Key": "Project",
"Value": "ExampleProject"
}
]
},
"DistributionConfig": {
"CallerReference": "cli-example",
"Aliases": {
"Quantity": 0
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"DefaultTTL": 86400,
"MaxTTL": 31536000,
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": ""
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"PriceClass": "PriceClass_All",
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
}
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EDFDVBD6EXAMPLE",
"ETag": "E2QWRUHEXAMPLE",
"Distribution": {
"Id": "EDFDVBD6EXAMPLE",
"ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE",
"Status": "InProgress",
"LastModifiedTime": "2019-12-04T23:35:41.433Z",
"InProgressInvalidationBatches": 0,
"DomainName": "d111111abcdef8.cloudfront.net",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"DistributionConfig": {
"CallerReference": "cli-example",
"Aliases": {
"Quantity": 0
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"DefaultTTL": 86400,
"MaxTTL": 31536000,
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": ""
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"PriceClass": "PriceClass_All",
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateDistributionWithTags](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-distribution-with-tags.html)。
### `create-distribution`
以下代码示例演示了如何使用 `create-distribution`。
**AWS CLI**
**示例 1:创建 CloudFront 分配**
以下 `create-distribution` 示例使用命令行参数,为名为 `amzn-s3-demo-bucket` 的 S3 存储桶创建分配,还将 `index.html` 指定为默认根对象。
```
aws cloudfront create-distribution \
--origin-domain-name amzn-s3-demo-bucket.s3.amazonaws.com \
--default-root-object index.html
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EMLARXS9EXAMPLE",
"ETag": "E9LHASXEXAMPLE",
"Distribution": {
"Id": "EMLARXS9EXAMPLE",
"ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE",
"Status": "InProgress",
"LastModifiedTime": "2019-11-22T00:55:15.705Z",
"InProgressInvalidationBatches": 0,
"DomainName": "d111111abcdef8.cloudfront.net",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"DistributionConfig": {
"CallerReference": "cli-example",
"Aliases": {
"Quantity": 0
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"DefaultTTL": 86400,
"MaxTTL": 31536000,
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": ""
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"PriceClass": "PriceClass_All",
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
}
}
```
**示例 2:使用 JSON 文件创建 CloudFront 分配**
以下 `create-distribution` 示例使用 JSON 文件,为名为 `amzn-s3-demo-bucket` 的 S3 存储桶创建分配,还将 `index.html` 指定为默认根对象。
```
aws cloudfront create-distribution \
--distribution-config file://dist-config.json
```
的内容`dist-config.json`:
```
{
"CallerReference": "cli-example",
"Aliases": {
"Quantity": 0
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"DefaultTTL": 86400,
"MaxTTL": 31536000,
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": ""
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"PriceClass": "PriceClass_All",
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
```
有关输出示例,请参阅示例 1。
**示例 3:使用证书创建 CloudFront 多租户分配**
以下 `create-distribution` 示例创建一个支持多租户的 CloudFront 分配,并指定 TLS 证书。
```
aws cloudfront create-distribution \
--distribution-config file://dist-config.json
```
的内容`dist-config.json`:
```
{
"CallerReference": "cli-example-with-cert",
"Comment": "CLI example distribution",
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"OriginPath": "/{{tenantName}}",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC",
"ViewerProtocolPolicy": "allow-all",
"AllowedMethods": {
"Quantity": 2,
"Items": ["HEAD", "GET"],
"CachedMethods": {
"Quantity": 2,
"Items": ["HEAD", "GET"]
}
}
},
"Enabled": true,
"ViewerCertificate": {
"ACMCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/191306a1-db01-49ca-90ef-fc414ee5dabc",
"SSLSupportMethod": "sni-only"
},
"HttpVersion": "http2",
"ConnectionMode": "tenant-only",
"TenantConfig": {
"ParameterDefinitions": [
{
"Name": "tenantName",
"Definition": {
"StringSchema": {
"Comment": "tenantName parameter",
"DefaultValue": "root",
"Required": false
}
}
}
]
}
}
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/E1HVIAU7UABC",
"ETag": "E20LT7R1BABC",
"Distribution": {
"Id": "E1HVIAU7U12ABC",
"ARN": "arn:aws:cloudfront::123456789012:distribution/E1HVIAU7U12ABC",
"Status": "InProgress",
"LastModifiedTime": "2025-07-10T20:33:31.117000+00:00",
"InProgressInvalidationBatches": 0,
"DomainName": "example.com",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ActiveTrustedKeyGroups": {
"Enabled": false,
"Quantity": 0
},
"DistributionConfig": {
"CallerReference": "cli-example-with-cert",
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"OriginPath": "/{{tenantName}}",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
},
"ConnectionAttempts": 3,
"ConnectionTimeout": 10,
"OriginShield": {
"Enabled": false
},
"OriginAccessControlId": ""
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"TrustedKeyGroups": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"AllowedMethods": {
"Quantity": 2,
"Items": ["HEAD", "GET"],
"CachedMethods": {
"Quantity": 2,
"Items": ["HEAD", "GET"]
}
},
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": "",
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC",
"GrpcConfig": {
"Enabled": false
}
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "CLI example distribution",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": false,
"ACMCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/1954f095-11b6-4daf-9952-0c308a00abc",
"SSLSupportMethod": "sni-only",
"MinimumProtocolVersion": "TLSv1.2_2021",
"Certificate": "arn:aws:acm:us-east-1:123456789012:certificate/1954f095-11b6-4daf-9952-0c308a00abc",
"CertificateSource": "acm"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"TenantConfig": {
"ParameterDefinitions": [
{
"Name": "tenantName",
"Definition": {
"StringSchema": {
"Comment": "tenantName parameter",
"DefaultValue": "root",
"Required": false
}
}
}
]
},
"ConnectionMode": "tenant-only"
}
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[使用分配](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.html)。
**示例 4:创建不带证书的 CloudFront 多租户分配**
以下 `create-distribution` 示例创建一个支持多租户但没有 TLS 证书的 CloudFront 分配。
```
aws cloudfront create-distribution \
--distribution-config file://dist-config.json
```
的内容`dist-config.json`:
```
{
"CallerReference": "cli-example",
"Comment": "CLI example distribution",
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"OriginPath": "/{{tenantName}}",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC",
"ViewerProtocolPolicy": "allow-all",
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
}
},
"Enabled": true,
"HttpVersion": "http2",
"ConnectionMode": "tenant-only",
"TenantConfig": {
"ParameterDefinitions": [
{
"Name": "tenantName",
"Definition": {
"StringSchema": {
"Comment": "tenantName parameter",
"DefaultValue": "root",
"Required": false
}
}
}
]
}
}
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution/E2GJ5J9QN12ABC",
"ETag": "E37YLVVQIABC",
"Distribution": {
"Id": "E2GJ5J9QNABC",
"ARN": "arn:aws:cloudfront::123456789012:distribution/E2GJ5J9QN12ABC",
"Status": "InProgress",
"LastModifiedTime": "2025-07-10T20:35:20.565000+00:00",
"InProgressInvalidationBatches": 0,
"DomainName": "example.com",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ActiveTrustedKeyGroups": {
"Enabled": false,
"Quantity": 0
},
"DistributionConfig": {
"CallerReference": "cli-example-no-cert",
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"OriginPath": "/{{tenantName}}",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
},
"ConnectionAttempts": 3,
"ConnectionTimeout": 10,
"OriginShield": {
"Enabled": false
},
"OriginAccessControlId": ""
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"TrustedKeyGroups": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": "",
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5ABC",
"GrpcConfig": {
"Enabled": false
}
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "CLI example distribution",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"SSLSupportMethod": "sni-only",
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"TenantConfig": {
"ParameterDefinitions": [
{
"Name": "tenantName",
"Definition": {
"StringSchema": {
"Comment": "tenantName parameter",
"DefaultValue": "root",
"Required": false
}
}
}
]
},
"ConnectionMode": "tenant-only"
}
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[配置分配](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-working-with.html)。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateDistribution](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-distribution.html)。
### `create-field-level-encryption-config`
以下代码示例演示了如何使用 `create-field-level-encryption-config`。
**AWS CLI**
**创建 CloudFront 字段级加密配置**
以下示例通过在名为 `fle-config.json` 的 JSON 文件中提供配置参数来创建字段级加密配置。在创建字段级加密配置之前,必须具有字段级加密配置文件。要创建配置文件,请参阅 create-field-level-encryption-profile 命令。
有关 CloudFront 字段级加密的更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[使用字段级加密帮助保护敏感数据](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html)。
```
aws cloudfront create-field-level-encryption-config \
--field-level-encryption-config file://fle-config.json
```
文件 `fle-config.json` 是当前文件夹中包含以下内容的 JSON 文档:
```
{
"CallerReference": "cli-example",
"Comment": "Example FLE configuration",
"QueryArgProfileConfig": {
"ForwardWhenQueryArgProfileIsUnknown": true,
"QueryArgProfiles": {
"Quantity": 0
}
},
"ContentTypeProfileConfig": {
"ForwardWhenContentTypeIsUnknown": true,
"ContentTypeProfiles": {
"Quantity": 1,
"Items": [
{
"Format": "URLEncoded",
"ProfileId": "P280MFCLSYOCVU",
"ContentType": "application/x-www-form-urlencoded"
}
]
}
}
}
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2019-03-26/field-level-encryption/C3KM2WVD605UAY",
"ETag": "E2P4Z4VU7TY5SG",
"FieldLevelEncryption": {
"Id": "C3KM2WVD605UAY",
"LastModifiedTime": "2019-12-10T21:30:18.974Z",
"FieldLevelEncryptionConfig": {
"CallerReference": "cli-example",
"Comment": "Example FLE configuration",
"QueryArgProfileConfig": {
"ForwardWhenQueryArgProfileIsUnknown": true,
"QueryArgProfiles": {
"Quantity": 0,
"Items": []
}
},
"ContentTypeProfileConfig": {
"ForwardWhenContentTypeIsUnknown": true,
"ContentTypeProfiles": {
"Quantity": 1,
"Items": [
{
"Format": "URLEncoded",
"ProfileId": "P280MFCLSYOCVU",
"ContentType": "application/x-www-form-urlencoded"
}
]
}
}
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateFieldLevelEncryptionConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-field-level-encryption-config.html)。
### `create-field-level-encryption-profile`
以下代码示例演示了如何使用 `create-field-level-encryption-profile`。
**AWS CLI**
**创建 CloudFront 字段级加密配置文件**
以下示例通过在名为 `fle-profile-config.json` 的 JSON 文件中提供参数来创建字段级加密配置文件。在创建字段级加密配置文件之前,必须具有 CloudFront 公钥。要创建 CloudFront 公钥,请参阅 create-public-key 命令。
有关 CloudFront 字段级加密的更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[使用字段级加密帮助保护敏感数据](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html)。
```
aws cloudfront create-field-level-encryption-profile \
--field-level-encryption-profile-config file://fle-profile-config.json
```
文件 `fle-profile-config.json` 是当前文件夹中包含以下内容的 JSON 文档:
```
{
"Name": "ExampleFLEProfile",
"CallerReference": "cli-example",
"Comment": "FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 1,
"Items": [
"ExampleSensitiveField"
]
}
}
]
}
}
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2019-03-26/field-level-encryption-profile/PPK0UOSIF5WSV",
"ETag": "E2QWRUHEXAMPLE",
"FieldLevelEncryptionProfile": {
"Id": "PPK0UOSIF5WSV",
"LastModifiedTime": "2019-12-10T01:03:16.537Z",
"FieldLevelEncryptionProfileConfig": {
"Name": "ExampleFLEProfile",
"CallerReference": "cli-example",
"Comment": "FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 1,
"Items": [
"ExampleSensitiveField"
]
}
}
]
}
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateFieldLevelEncryptionProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-field-level-encryption-profile.html)。
### `create-invalidation-for-distribution-tenant`
以下代码示例演示了如何使用 `create-invalidation-for-distribution-tenant`。
**AWS CLI**
**为分配租户创建 CloudFront 失效**
以下 `create-invalidation-for-distribution-tenant` 示例为 CloudFront 分配租户中的所有文件创建失效。
```
aws cloudfront create-invalidation-for-distribution-tenant \
--id dt_2wjDZi3hD1ivOXf6rpZJO1AB \
--invalidation-batch '{"Paths": {"Quantity": 1, "Items": ["/*"]}, "CallerReference": "invalidation-$(date +%s)"}'
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2020-05-31/distribution-tenant/dt_2wjDZi3hD1ivOXf6rpZJO1AB/invalidation/I2JGL2F1ZAA426PGG0YLLKABC",
"Invalidation": {
"Id": "I2JGL2F1ZAA426PGG0YLLKABC",
"Status": "InProgress",
"CreateTime": "2025-05-07T16:59:25.947000+00:00",
"InvalidationBatch": {
"Paths": {
"Quantity": 1,
"Items": [
"/*"
]
},
"CallerReference": "invalidation-$(date +%s)"
}
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[使文件失效以删除内容](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [CreateInvalidationForDistributionTenant](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-invalidation-for-distribution-tenant.html)。
### `create-invalidation`
以下代码示例演示了如何使用 `create-invalidation`。
**AWS CLI**
**为 CloudFront 分配创建失效**
以下 `create-invalidation` 示例为指定 CloudFront 分配中的指定文件创建失效:
```
aws cloudfront create-invalidation \
--distribution-id EDFDVBD6EXAMPLE \
--paths "/example-path/example-file.jpg" "/example-path/example-file2.png"
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EDFDVBD6EXAMPLE/invalidation/I1JLWSDAP8FU89",
"Invalidation": {
"Id": "I1JLWSDAP8FU89",
"Status": "InProgress",
"CreateTime": "2019-12-05T18:24:51.407Z",
"InvalidationBatch": {
"Paths": {
"Quantity": 2,
"Items": [
"/example-path/example-file2.png",
"/example-path/example-file.jpg"
]
},
"CallerReference": "cli-1575570291-670203"
}
}
}
```
在前面的示例中,AWS CLI 自动生成了一个随机 `CallerReference`。要指定自己的 `CallerReference`,或者为了避免将失效参数作为命令行参数传递,可以使用 JSON 文件。以下示例通过在名为 `inv-batch.json` 的 JSON 文件中提供失效参数,为两个文件创建失效:
```
aws cloudfront create-invalidation \
--distribution-id EDFDVBD6EXAMPLE \
--invalidation-batch file://inv-batch.json
```
的内容`inv-batch.json`:
```
{
"Paths": {
"Quantity": 2,
"Items": [
"/example-path/example-file.jpg",
"/example-path/example-file2.png"
]
},
"CallerReference": "cli-example"
}
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EDFDVBD6EXAMPLE/invalidation/I2J0I21PCUYOIK",
"Invalidation": {
"Id": "I2J0I21PCUYOIK",
"Status": "InProgress",
"CreateTime": "2019-12-05T18:40:49.413Z",
"InvalidationBatch": {
"Paths": {
"Quantity": 2,
"Items": [
"/example-path/example-file.jpg",
"/example-path/example-file2.png"
]
},
"CallerReference": "cli-example"
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreateInvalidation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-invalidation.html)。
### `create-public-key`
以下代码示例演示了如何使用 `create-public-key`。
**AWS CLI**
**创建 CloudFront 公钥**
以下示例通过在名为 `pub-key-config.json` 的 JSON 文件中提供参数来创建 CloudFront 公钥。必须先拥有 PEM 编码的公钥,然后才能使用此命令。有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[创建 RSA 密钥对](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/field-level-encryption.html#field-level-encryption-setting-up-step1)。
```
aws cloudfront create-public-key \
--public-key-config file://pub-key-config.json
```
文件 `pub-key-config.json` 是当前文件夹中包含以下内容的 JSON 文档:请注意,公钥以 PEM 格式编码。
```
{
"CallerReference": "cli-example",
"Name": "ExampleKey",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n",
"Comment": "example public key"
}
```
输出:
```
{
"Location": "https://cloudfront.amazonaws.com/2019-03-26/public-key/KDFB19YGCR002",
"ETag": "E2QWRUHEXAMPLE",
"PublicKey": {
"Id": "KDFB19YGCR002",
"CreatedTime": "2019-12-05T18:51:43.781Z",
"PublicKeyConfig": {
"CallerReference": "cli-example",
"Name": "ExampleKey",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n",
"Comment": "example public key"
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [CreatePublicKey](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/create-public-key.html)。
### `delete-cloud-front-origin-access-identity`
以下代码示例演示了如何使用 `delete-cloud-front-origin-access-identity`。
**AWS CLI**
**删除 CloudFront 来源访问身份**
以下示例删除 ID 为 `E74FTE3AEXAMPLE` 的来源访问身份(OAI)。要删除 OAI,您必须拥有 OAI 的 ID 和 `ETag`。OAI ID 将在 create-cloud-front-origin-access-identity 和 list-cloud-front-origin-access-identities 命令的输出中返回。要获取 `ETag`,请使用 get-cloud-front-origin-access-identity 或 get-cloud-front-origin-access-identity-config 命令。使用 `--if-match` 选项提供 OAI 的 `ETag`。
```
aws cloudfront delete-cloud-front-origin-access-identity \
--id E74FTE3AEXAMPLE \
--if-match E2QWRUHEXAMPLE
```
成功时,此命令没有输出。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteCloudFrontOriginAccessIdentity](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/delete-cloud-front-origin-access-identity.html)。
### `delete-connection-group`
以下代码示例演示了如何使用 `delete-connection-group`。
**AWS CLI**
**删除连接组**
以下 `delete-connection-group` 示例删除连接组。必须禁用连接组,并且连接组不能与任何 CloudFront 资源相关联。
```
aws cloudfront delete-connection-group \
--id cg_2wjLpjbHkLUdhWAjHllcOeABC \
--if-match ETVPDKIKX0DABC
```
成功时,此命令没有输出。
有关管理连接组的更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[创建自定义连接组(可选)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-connection-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DeleteConnectionGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/delete-connection-group.html)。
### `delete-distribution-tenant`
以下代码示例演示了如何使用 `delete-distribution-tenant`。
**AWS CLI**
**删除分配租户**
以下 `delete-distribution-tenant` 示例删除带有 ETag `ETVPDKIKX0DABC` 的分配租户。必须禁用分配租户,并且分配租户不能与任何 CloudFront 资源相关联。
```
aws cloudfront delete-distribution-tenant \
--id dt_2wjMUbg3NHZEQ7OfoalP5zi1AB \
--if-match ETVPDKIKX0DABC
```
成功时,此命令没有输出。
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[删除分配](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/HowToDeleteDistribution.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DeleteDistributionTenant](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/delete-distribution-tenant.html)。
### `delete-distribution`
以下代码示例演示了如何使用 `delete-distribution`。
**AWS CLI**
**删除 CloudFront 分配**
以下示例删除 ID 为 `EDFDVBD6EXAMPLE` 的 CloudFront 分配。删除分配之前,必须先禁用它。要禁用分配,请使用 update-distribution 命令。有关更多信息,请参阅 update-distribution 示例。
分配已禁用,您可以将其删除。要删除分配,您必须使用 `--if-match` 选项来提供分配的 `ETag`。要获取 `ETag`,请使用 get-distribution 或 get-distribution-config 命令。
```
aws cloudfront delete-distribution \
--id EDFDVBD6EXAMPLE \
--if-match E2QWRUHEXAMPLE
```
成功时,此命令没有输出。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteDistribution](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/delete-distribution.html)。
### `delete-field-level-encryption-config`
以下代码示例演示了如何使用 `delete-field-level-encryption-config`。
**AWS CLI**
**删除 CloudFront 字段级加密配置**
以下示例删除 ID 为 `C3KM2WVD605UAY` 的 CloudFront 字段级加密配置。要删除字段级加密配置,必须提供其 ID 和 `ETag`。该 ID 将在 create-field-level-encryption-config 和 list-field-level-encryption-configs 命令的输出中返回。要获取 `ETag`,请使用 get-field-level-encryption 或 get-field-level-encryption-config 命令。使用 `--if-match` 选项提供配置的 `ETag`。
```
aws cloudfront delete-field-level-encryption-config \
--id C3KM2WVD605UAY \
--if-match E26M4BIAV81ZF6
```
成功时,此命令没有输出。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteFieldLevelEncryptionConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/delete-field-level-encryption-config.html)。
### `delete-field-level-encryption-profile`
以下代码示例演示了如何使用 `delete-field-level-encryption-profile`。
**AWS CLI**
**删除 CloudFront 字段级加密配置文件**
以下示例删除 ID 为 `PPK0UOSIF5WSV` 的 CloudFront 字段级加密配置文件。要删除字段级加密配置文件,必须提供其 ID 和 `ETag`。该 ID 将在 create-field-level-encryption-profile 和 list-field-level-encryption-profiles 命令的输出中返回。要获取 `ETag`,请使用 get-field-level-encryption-profile 或 get-field-level-encryption-profile-config 命令。使用 `--if-match` 选项提供配置文件的 `ETag`。
```
aws cloudfront delete-field-level-encryption-profile \
--id PPK0UOSIF5WSV \
--if-match EJETYFJ9CL66D
```
成功时,此命令没有输出。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeleteFieldLevelEncryptionProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/delete-field-level-encryption-profile.html)。
### `delete-public-key`
以下代码示例演示了如何使用 `delete-public-key`。
**AWS CLI**
**删除 CloudFront 公钥**
以下示例删除 ID 为 `KDFB19YGCR002` 的 CloudFront 公钥。要删除公钥,必须提供其 ID 和 `ETag`。该 ID 将在 create-public-key 和 list-public-keys 命令的输出中返回。要获取 `ETag`,请使用 get-public-key 或 get-public-key-config 命令。使用 `--if-match` 选项提供公钥的 `ETag`。
```
aws cloudfront delete-public-key \
--id KDFB19YGCR002 \
--if-match E2QWRUHEXAMPLE
```
成功时,此命令没有输出。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [DeletePublicKey](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/delete-public-key.html)。
### `disassociate-distribution-tenant-web-acl`
以下代码示例演示了如何使用 `disassociate-distribution-tenant-web-acl`。
**AWS CLI**
**将 Web ACL 与分配租户取消关联**
以下 `disassociate-distribution-tenant-web-acl` 示例将 Web ACL 与具有 ETag `E1PA6795UKMABC` 的分配租户取消关联。
```
aws cloudfront disassociate-distribution-tenant-web-acl \
--id dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB \
--if-match E1PA6795UKMABC
```
输出:
```
{
"ETag": "E13V1IB3VIYABC",
"Id": "dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB"
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[禁用 AWS WAF 安全保护功能](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/disable-waf.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DisassociateDistributionTenantWebAcl](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/disassociate-distribution-tenant-web-acl.html)。
### `disassociate-distribution-web-acl`
以下代码示例演示了如何使用 `disassociate-distribution-web-acl`。
**AWS CLI**
**将 Web ACL 与 CloudFront 分配取消关联**
以下 `disassociate-distribution-web-acl` 示例取消 Web ACL 与具有 ETag `E13V1IB3VIYABC` 的 CloudFront 分配之间的关联。
```
aws cloudfront disassociate-distribution-web-acl \
--id E1XNX8R2GOAABC \
--if-match EEZQ9Z24VM1ABC
```
输出:
```
{
"ETag": "E2YWS1C2J3OABC",
"Id": "E1XNX8R2GOAABC"
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[禁用 AWS WAF 安全保护功能](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/disable-waf.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [DisassociateDistributionWebAcl](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/disassociate-distribution-web-acl.html)。
### `get-cloud-front-origin-access-identity-config`
以下代码示例演示了如何使用 `get-cloud-front-origin-access-identity-config`。
**AWS CLI**
**获取 CloudFront 来源访问身份配置**
以下示例获取有关 ID 为 `E74FTE3AEXAMPLE` 的 CloudFront 来源访问身份(OAI)的元数据,包括其 `ETag`。OAI ID 将在 create-cloud-front-origin-access-identity 和 list-cloud-front-origin-access-identities 命令的输出中返回。
```
aws cloudfront get-cloud-front-origin-access-identity-config --id E74FTE3AEXAMPLE
```
输出:
```
{
"ETag": "E2QWRUHEXAMPLE",
"CloudFrontOriginAccessIdentityConfig": {
"CallerReference": "cli-example",
"Comment": "Example OAI"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetCloudFrontOriginAccessIdentityConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-cloud-front-origin-access-identity-config.html)。
### `get-cloud-front-origin-access-identity`
以下代码示例演示了如何使用 `get-cloud-front-origin-access-identity`。
**AWS CLI**
**获取 CloudFront 来源访问身份**
以下示例获取 ID 为 `E74FTE3AEXAMPLE` 的 CloudFront 来源访问身份(OAI),包括其 `ETag` 和关联的 S3 规范 ID。OAI ID 将在 create-cloud-front-origin-access-identity 和 list-cloud-front-origin-access-identities 命令的输出中返回。
```
aws cloudfront get-cloud-front-origin-access-identity --id E74FTE3AEXAMPLE
```
输出:
```
{
"ETag": "E2QWRUHEXAMPLE",
"CloudFrontOriginAccessIdentity": {
"Id": "E74FTE3AEXAMPLE",
"S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE",
"CloudFrontOriginAccessIdentityConfig": {
"CallerReference": "cli-example",
"Comment": "Example OAI"
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetCloudFrontOriginAccessIdentity](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-cloud-front-origin-access-identity.html)。
### `get-connection-group-by-routing-endpoint`
以下代码示例演示了如何使用 `get-connection-group-by-routing-endpoint`。
**AWS CLI**
**通过路由端点获取连接组**
以下 `get-connection-group-by-routing-endpoint` 示例使用连接组的路由端点检索有关该连接组的信息。
```
aws cloudfront get-connection-group-by-routing-endpoint \
--routing-endpoint dvdg9gprgabc.cloudfront.net
```
输出:
```
{
"ETag": "E23ZP02F085ABC",
"ConnectionGroup": {
"Id": "cg_2wjDWTBKTlRB87cAaUQFaakABC",
"Name": "connection-group-2",
"Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2wjDWTBKTlRB87cAaUQFaakABC",
"CreatedTime": "2025-05-06T15:42:00.790000+00:00",
"LastModifiedTime": "2025-05-06T15:42:00.790000+00:00",
"Ipv6Enabled": true,
"RoutingEndpoint": "dvdg9gprgabc.cloudfront.net",
"Status": "Deployed",
"Enabled": true,
"IsDefault": false
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[创建自定义连接组(可选)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-connection-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetConnectionGroupByRoutingEndpoint](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-connection-group-by-routing-endpoint.html)。
### `get-connection-group`
以下代码示例演示了如何使用 `get-connection-group`。
**AWS CLI**
**获取 CloudFront 连接组**
以下 `get-connection-group` 示例检索有关 CloudFront 连接组的信息。
```
aws cloudfront get-connection-group \
--identifier cg_2wjDWTBKTlRB87cAaUQFaakABC
```
输出:
```
{
"ETag": "E23ZP02F085ABC",
"ConnectionGroup": {
"Id": "cg_2wjDWTBKTlRB87cAaUQFaakABC",
"Name": "connection-group-2",
"Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2wjDWTBKTlRB87cAaUQFaakABC",
"CreatedTime": "2025-05-06T15:42:00.790000+00:00",
"LastModifiedTime": "2025-05-06T15:42:00.790000+00:00",
"Ipv6Enabled": true,
"RoutingEndpoint": "dvdg9gprgabc.cloudfront.net",
"Status": "Deployed",
"Enabled": true,
"IsDefault": false
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[创建自定义连接组(可选)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-connection-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetConnectionGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-connection-group.html)。
### `get-distribution-config`
以下代码示例演示了如何使用 `get-distribution-config`。
**AWS CLI**
**获取 CloudFront 分配配置**
以下示例获取有关 ID 为 `EDFDVBD6EXAMPLE` 的 CloudFront 分配的元数据,包括其 `ETag`。分配 ID 将在 create-distribution 和 list-distributions 命令中返回。
```
aws cloudfront get-distribution-config \
--id EDFDVBD6EXAMPLE
```
输出:
```
{
"ETag": "E2QWRUHEXAMPLE",
"DistributionConfig": {
"CallerReference": "cli-example",
"Aliases": {
"Quantity": 0
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"DefaultTTL": 86400,
"MaxTTL": 31536000,
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": ""
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"PriceClass": "PriceClass_All",
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetDistributionConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-distribution-config.html)。
### `get-distribution-tenant-by-domain`
以下代码示例演示了如何使用 `get-distribution-tenant-by-domain`。
**AWS CLI**
**按域获取分配租户信息**
以下 `get-distribution-tenant-by-domain` 示例使用指定的域检索有关分配租户的信息。
```
aws cloudfront get-distribution-tenant-by-domain \
--domain example.com
```
输出:
```
{
"ETag": "E23ZP02F085ABC",
"DistributionTenant": {
"Id": "dt_2xVInRKCfUzQHgxosDs9hiLk1AB",
"DistributionId": "E1XNX8R2GOAABC",
"Name": "example-tenant-4",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2xVInRKCfUzQHgxosDs9hiLk1AB",
"Domains": [
{
"Domain": "example.com",
"Status": "active"
}
],
"Parameters": [
{
"Name": "testParam",
"Value": "defaultValue"
}
],
"ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC",
"CreatedTime": "2025-05-23T16:16:20.871000+00:00",
"LastModifiedTime": "2025-05-23T16:16:20.871000+00:00",
"Enabled": false,
"Status": "Deployed"
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[了解多租户分配的工作原理](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetDistributionTenantByDomain](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-distribution-tenant-by-domain.html)。
### `get-distribution-tenant`
以下代码示例演示了如何使用 `get-distribution-tenant`。
**AWS CLI**
**获取有关 CloudFront 分配租户的详细信息**
以下 `get-distribution-tenant` 示例检索有关 CloudFront 分配租户的信息。
```
aws cloudfront get-distribution-tenant \
--id dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB
```
输出:
```
{
"ETag": "E23ZP02F085ABC",
"DistributionTenant": {
"Id": "dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB",
"DistributionId": "E1XNX8R2GOAABC",
"Name": "example-tenant-2",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB",
"Domains": [
{
"Domain": "example.com",
"Status": "inactive"
}
],
"ConnectionGroupId": "cg_2wjDWTBKTlRB87cAaUQFaakABC",
"CreatedTime": "2025-05-06T15:42:28.542000+00:00",
"LastModifiedTime": "2025-05-06T15:42:37.724000+00:00",
"Enabled": true,
"Status": "InProgress"
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[了解多租户分配的工作原理](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetDistributionTenant](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-distribution-tenant.html)。
### `get-distribution`
以下代码示例演示了如何使用 `get-distribution`。
**AWS CLI**
**获取 CloudFront 分配**
以下 `get-distribution` 示例获取 ID 为 `EDFDVBD6EXAMPLE` 的 CloudFront 分配,包括其 `ETag`。分配 ID 将在 create-distribution 和 list-distributions 命令中返回。
```
aws cloudfront get-distribution \
--id EDFDVBD6EXAMPLE
```
输出:
```
{
"ETag": "E2QWRUHEXAMPLE",
"Distribution": {
"Id": "EDFDVBD6EXAMPLE",
"ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE",
"Status": "Deployed",
"LastModifiedTime": "2019-12-04T23:35:41.433Z",
"InProgressInvalidationBatches": 0,
"DomainName": "d111111abcdef8.cloudfront.net",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"DistributionConfig": {
"CallerReference": "cli-example",
"Aliases": {
"Quantity": 0
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-cli-example",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"DefaultTTL": 86400,
"MaxTTL": 31536000,
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": ""
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"PriceClass": "PriceClass_All",
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetDistribution](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-distribution.html)。
### `get-field-level-encryption-config`
以下代码示例演示了如何使用 `get-field-level-encryption-config`。
**AWS CLI**
**获取有关 CloudFront 字段级加密配置的元数据**
以下示例获取 ID 为 `C3KM2WVD605UAY` 的 CloudFront 字段级加密配置的元数据,包括其 `ETag`:
```
aws cloudfront get-field-level-encryption-config --id C3KM2WVD605UAY
```
输出:
```
{
"ETag": "E2P4Z4VU7TY5SG",
"FieldLevelEncryptionConfig": {
"CallerReference": "cli-example",
"Comment": "Example FLE configuration",
"QueryArgProfileConfig": {
"ForwardWhenQueryArgProfileIsUnknown": true,
"QueryArgProfiles": {
"Quantity": 0,
"Items": []
}
},
"ContentTypeProfileConfig": {
"ForwardWhenContentTypeIsUnknown": true,
"ContentTypeProfiles": {
"Quantity": 1,
"Items": [
{
"Format": "URLEncoded",
"ProfileId": "P280MFCLSYOCVU",
"ContentType": "application/x-www-form-urlencoded"
}
]
}
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetFieldLevelEncryptionConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-field-level-encryption-config.html)。
### `get-field-level-encryption-profile-config`
以下代码示例演示了如何使用 `get-field-level-encryption-profile-config`。
**AWS CLI**
**获取 CloudFront 字段级加密配置文件配置**
以下示例获取 ID 为 `PPK0UOSIF5WSV` 的 CloudFront 字段级加密配置文件的元数据,包括其 `ETag`:
```
aws cloudfront get-field-level-encryption-profile-config --id PPK0UOSIF5WSV
```
输出:
```
{
"ETag": "E1QQG65FS2L2GC",
"FieldLevelEncryptionProfileConfig": {
"Name": "ExampleFLEProfile",
"CallerReference": "cli-example",
"Comment": "FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 1,
"Items": [
"ExampleSensitiveField"
]
}
}
]
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetFieldLevelEncryptionProfileConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-field-level-encryption-profile-config.html)。
### `get-field-level-encryption-profile`
以下代码示例演示了如何使用 `get-field-level-encryption-profile`。
**AWS CLI**
**获取 CloudFront 字段级加密配置文件**
以下示例获取 ID 为 `PPK0UOSIF5WSV` 的 CloudFront 字段级加密配置文件,包括其 `ETag`:
```
aws cloudfront get-field-level-encryption-profile --id PPK0UOSIF5WSV
```
输出:
```
{
"ETag": "E1QQG65FS2L2GC",
"FieldLevelEncryptionProfile": {
"Id": "PPK0UOSIF5WSV",
"LastModifiedTime": "2019-12-10T01:03:16.537Z",
"FieldLevelEncryptionProfileConfig": {
"Name": "ExampleFLEProfile",
"CallerReference": "cli-example",
"Comment": "FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 1,
"Items": [
"ExampleSensitiveField"
]
}
}
]
}
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetFieldLevelEncryptionProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-field-level-encryption-profile.html)。
### `get-field-level-encryption`
以下代码示例演示了如何使用 `get-field-level-encryption`。
**AWS CLI**
**获取 CloudFront 字段级加密配置**
以下示例获取 ID 为 `C3KM2WVD605UAY` 的 CloudFront 字段级加密配置,包括其 `ETag`:
```
aws cloudfront get-field-level-encryption --id C3KM2WVD605UAY
```
输出:
```
{
"ETag": "E2P4Z4VU7TY5SG",
"FieldLevelEncryption": {
"Id": "C3KM2WVD605UAY",
"LastModifiedTime": "2019-12-10T21:30:18.974Z",
"FieldLevelEncryptionConfig": {
"CallerReference": "cli-example",
"Comment": "Example FLE configuration",
"QueryArgProfileConfig": {
"ForwardWhenQueryArgProfileIsUnknown": true,
"QueryArgProfiles": {
"Quantity": 0,
"Items": []
}
},
"ContentTypeProfileConfig": {
"ForwardWhenContentTypeIsUnknown": true,
"ContentTypeProfiles": {
"Quantity": 1,
"Items": [
{
"Format": "URLEncoded",
"ProfileId": "P280MFCLSYOCVU",
"ContentType": "application/x-www-form-urlencoded"
}
]
}
}
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetFieldLevelEncryption](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-field-level-encryption.html)。
### `get-invalidation-for-distribution-tenant`
以下代码示例演示了如何使用 `get-invalidation-for-distribution-tenant`。
**AWS CLI**
**为分配租户获取失效**
以下 `get-invalidation-for-distribution-tenant` 示例获取有关分配租户的失效的信息。
```
aws cloudfront get-invalidation-for-distribution-tenant \
--distribution-tenant-id dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB \
--id I4CU23QAPKMUDUU06F9OFGFABC
```
输出:
```
{
"Invalidation": {
"Id": "I4CU23QAPKMUDUU06F9OFGFABC",
"Status": "Completed",
"CreateTime": "2025-05-06T15:46:12.824000+00:00",
"InvalidationBatch": {
"Paths": {
"Quantity": 2,
"Items": [
"/example/invalidation",
"/more/invalidations"
]
},
"CallerReference": "007ee5a6-d0a0-42be-bb61-e7b915969b48"
}
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[使文件失效以删除内容](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetInvalidationForDistributionTenant](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-invalidation-for-distribution-tenant.html)。
### `get-invalidation`
以下代码示例演示了如何使用 `get-invalidation`。
**AWS CLI**
**获取 CloudFront 失效**
以下示例获取 ID 为 `I2J0I21PCUYOIK` 的 CloudFront 分配的失效,其 ID 为 `EDFDVBD6EXAMPLE`:
```
aws cloudfront get-invalidation --id I2J0I21PCUYOIK --distribution-id EDFDVBD6EXAMPLE
```
输出:
```
{
"Invalidation": {
"Status": "Completed",
"InvalidationBatch": {
"Paths": {
"Items": [
"/example-path/example-file.jpg",
"/example-path/example-file-2.jpg"
],
"Quantity": 2
},
"CallerReference": "cli-example"
},
"Id": "I2J0I21PCUYOIK",
"CreateTime": "2019-12-05T18:40:49.413Z"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetInvalidation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-invalidation.html)。
### `get-managed-certificate-details`
以下代码示例演示了如何使用 `get-managed-certificate-details`。
**AWS CLI**
**获取托管式证书详细信息**
以下 `get-managed-certificate-details` 示例检索 CloudFront 托管式 ACM 证书的详细信息。
```
aws cloudfront get-managed-certificate-details \
--identifier dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB
```
输出:
```
{
"ManagedCertificateDetails": {
"CertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/655dc1fe-6d37-451d-a013-c2db3a034abc",
"CertificateStatus": "pending-validation",
"ValidationTokenHost": "self-hosted",
"ValidationTokenDetails": [
{
"Domain": "example.com",
"RedirectTo": "validation.us-east-1.acm-validations.aws/123456789012/.well-known/pki-validation/b315c9ae21284e7918bb9f3f422ab1c7.txt",
"RedirectFrom": "example.com/.well-known/pki-validation/b315c9ae21284e7918bb9f3f422ac3c7.txt"
}
]
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[为 CloudFront 分配租户申请证书](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [GetManagedCertificateDetails](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-managed-certificate-details.html)。
### `get-public-key-config`
以下代码示例演示了如何使用 `get-public-key-config`。
**AWS CLI**
**获取 CloudFront 公钥配置**
以下示例获取 ID 为 `KDFB19YGCR002` 的 CloudFront 公钥的元数据,包括其 `ETag`。该公钥 ID 将在 create-public-key 和 list-public-keys 命令中返回。
```
aws cloudfront get-public-key-config --id KDFB19YGCR002
```
输出:
```
{
"ETag": "E2QWRUHEXAMPLE",
"PublicKeyConfig": {
"CallerReference": "cli-example",
"Name": "ExampleKey",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n",
"Comment": "example public key"
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetPublicKeyConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-public-key-config.html)。
### `get-public-key`
以下代码示例演示了如何使用 `get-public-key`。
**AWS CLI**
**获取 CloudFront 公钥**
以下示例获取 ID 为 `KDFB19YGCR002` 的 CloudFront 公钥,包括其 `ETag`。该公钥 ID 将在 create-public-key 和 list-public-keys 命令中返回。
```
aws cloudfront get-public-key --id KDFB19YGCR002
```
输出:
```
{
"ETag": "E2QWRUHEXAMPLE",
"PublicKey": {
"Id": "KDFB19YGCR002",
"CreatedTime": "2019-12-05T18:51:43.781Z",
"PublicKeyConfig": {
"CallerReference": "cli-example",
"Name": "ExampleKey",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n",
"Comment": "example public key"
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [GetPublicKey](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/get-public-key.html)。
### `list-cloud-front-origin-access-identities`
以下代码示例演示了如何使用 `list-cloud-front-origin-access-identities`。
**AWS CLI**
**列出 CloudFront 来源访问身份**
以下示例获取您 AWS 账户中的 CloudFront 来源访问身份(OAI)列表:
```
aws cloudfront list-cloud-front-origin-access-identities
```
输出:
```
{
"CloudFrontOriginAccessIdentityList": {
"Items": [
{
"Id": "E74FTE3AEXAMPLE",
"S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE",
"Comment": "Example OAI"
},
{
"Id": "EH1HDMBEXAMPLE",
"S3CanonicalUserId": "1489f6f2e6faacaae7ff64c4c3e6956c24f78788abfc1718c3527c263bf7a17EXAMPLE",
"Comment": "Test OAI"
},
{
"Id": "E2X2C9TEXAMPLE",
"S3CanonicalUserId": "cbfeebb915a64749f9be546a45b3fcfd3a31c779673c13c4dd460911ae402c2EXAMPLE",
"Comment": "Example OAI #2"
}
]
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListCloudFrontOriginAccessIdentities](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-cloud-front-origin-access-identities.html)。
### `list-connection-groups`
以下代码示例演示了如何使用 `list-connection-groups`。
**AWS CLI**
**列出连接组**
以下 `list-connection-groups` 示例列出您的 AWS 账户中的可用连接组。
```
aws cloudfront list-connection-groups
```
输出:
```
{
"ConnectionGroups": [
{
"Id": "cg_2whCJoXMYCjHcxaLGrkllvyABC",
"Name": "CreatedByCloudFront-cg_2whCJoXMYCjHcxaLGrkllvyABC",
"Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2whCJoXMYCjHcxaLGrkllvyABC",
"RoutingEndpoint": "d3sx0pso7m5abc.cloudfront.net",
"CreatedTime": "2025-05-05T22:32:29.630000+00:00",
"LastModifiedTime": "2025-05-05T22:32:29.630000+00:00",
"ETag": "E23ZP02F085ABC",
"Enabled": true,
"Status": "Deployed",
"IsDefault": true
},
{
"Id": "cg_2wjDWTBKTlRB87cAaUQFaakABC",
"Name": "connection-group-2",
"Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2wjDWTBKTlRB87cAaUQFaakABC",
"RoutingEndpoint": "dvdg9gprgabc.cloudfront.net",
"CreatedTime": "2025-05-06T15:42:00.790000+00:00",
"LastModifiedTime": "2025-05-06T15:42:00.790000+00:00",
"ETag": "E23ZP02F085ABC",
"Enabled": true,
"Status": "Deployed",
"IsDefault": false
}
]
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[创建自定义连接组(可选)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-connection-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListConnectionGroups](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-connection-groups.html)。
### `list-distribution-tenants-by-customization`
以下代码示例演示了如何使用 `list-distribution-tenants-by-customization`。
**AWS CLI**
**通过自定义项列出分配租户**
以下 `list-distribution-tenants-by-customization` 示例列出使用指定的 Web ACL 的分配租户。
```
aws cloudfront list-distribution-tenants-by-customization \
--web-acl-arn arn:aws:wafv2:us-east-1:123456789012:global/webacl/CreatedByCloudFront-0273cd2f/a3c19bce-42b5-48a1-a8d4-b2bb2f28eabc
```
输出:
```
{
"DistributionTenantList": [
{
"Id": "dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB",
"DistributionId": "E1XNX8R2GOAABC",
"Name": "example-tenant-2",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB",
"Domains": [
{
"Domain": "example.com",
"Status": "inactive"
}
],
"ConnectionGroupId": "cg_2wjDWTBKTlRB87cAaUQFaakABC",
"Customizations": {
"WebAcl": {
"Action": "override",
"Arn": "arn:aws:wafv2:us-east-1:123456789012:global/webacl/CreatedByCloudFront-0273cd2f/a3c19bce-42b5-48a1-a8d4-b2bb2f28eabc"
},
"GeoRestrictions": {
"RestrictionType": "whitelist",
"Locations": [
"AL"
]
}
},
"CreatedTime": "2025-05-06T15:42:28.542000+00:00",
"LastModifiedTime": "2025-05-06T16:14:08.710000+00:00",
"ETag": "E1F83G8C2ARABC",
"Enabled": true,
"Status": "Deployed"
}
]
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[分配租户自定义](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/tenant-customization.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListDistributionTenantsByCustomization](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-distribution-tenants-by-customization.html)。
### `list-distribution-tenants`
以下代码示例演示了如何使用 `list-distribution-tenants`。
**AWS CLI**
**列出 CloudFront 分配租户**
以下 `list-distribution-tenants` 示例按关联的连接组列出您 AWS 账户中的 3 个 CloudFront 分配租户。
```
aws cloudfront list-distribution-tenants \
--association-filter ConnectionGroupId=cg_2whCJoXMYCjHcxaLGrkllvyABC \
--max-items 3
```
输出:
```
{
"DistributionTenantList": [
{
"Id": "dt_2yMvQgam3QkJo2z54FDl91dk1AB",
"DistributionId": "E1XNX8R2GOAABC",
"Name": "new-tenant-customizations",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2yMvQgam3QkJo2z54FDl91dk1AB",
"Domains": [
{
"Domain": "example.com",
"Status": "active"
}
],
"ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC",
"Customizations": {
"WebAcl": {
"Action": "disable"
},
"GeoRestrictions": {
"RestrictionType": "whitelist",
"Locations": [
"DE"
]
}
},
"CreatedTime": "2025-06-11T15:54:02.142000+00:00",
"LastModifiedTime": "2025-06-11T15:54:02.142000+00:00",
"ETag": "E23ZP02F085ABC",
"Enabled": false,
"Status": "Deployed"
},
{
"Id": "dt_2yMuV7NJuBcAB0cwwxMCBZQ1AB",
"DistributionId": "E1XNX8R2GOAABC",
"Name": "new-tenant",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2yMuV7NJuBcAB0cwwxMCBZQ1AB",
"Domains": [
{
"Domain": "1.example.com",
"Status": "active"
}
],
"ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC",
"Customizations": {
"GeoRestrictions": {
"RestrictionType": "whitelist",
"Locations": [
"DE"
]
}
},
"CreatedTime": "2025-06-11T15:46:23.466000+00:00",
"LastModifiedTime": "2025-06-11T15:46:23.466000+00:00",
"ETag": "E23ZP02F085ABC",
"Enabled": false,
"Status": "Deployed"
},
{
"Id": "dt_2xVInRKCfUzQHgxosDs9hiLk1AB",
"DistributionId": "E1XNX8R2GOAABC",
"Name": "new-tenant-2",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2xVInRKCfUzQHgxosDs9hiLk1AB",
"Domains": [
{
"Domain": "2.example.com",
"Status": "active"
}
],
"ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC",
"CreatedTime": "2025-05-23T16:16:20.871000+00:00",
"LastModifiedTime": "2025-05-23T16:16:20.871000+00:00",
"ETag": "E23ZP02F085ABC",
"Enabled": false,
"Status": "Deployed"
}
],
"NextToken": "eyJNYXJrZXIiOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAzfQ=="
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[了解多租户分配的工作原理](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListDistributionTenants](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-distribution-tenants.html)。
### `list-distributions-by-connection-mode`
以下代码示例演示了如何使用 `list-distributions-by-connection-mode`。
**AWS CLI**
**按连接模式列出 CloudFront 分配**
以下 `list-distributions-by-connection-mode` 示例列出具有指定的连接模式的 CloudFront 分配。
```
aws cloudfront list-distributions-by-connection-mode \
--connection-mode tenant-only
```
输出:
```
{
"DistributionList": {
"Items": [
{
"Id": "E1XNX8R2GOAABC",
"ARN": "arn:aws:cloudfront::123456789012:distribution/E1XNX8R2GOAABC",
"ETag": "EPT4JPJQDY1ABC",
"Status": "Deployed",
"LastModifiedTime": "2025-05-23T16:16:15.691000+00:00",
"DomainName": "-",
"Aliases": {
"Quantity": 0
},
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "example-cfn-simple-distribution123",
"DomainName": "example.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
},
"ConnectionAttempts": 3,
"ConnectionTimeout": 10,
"OriginShield": {
"Enabled": false
},
"OriginAccessControlId": "E2CJRMB5LKEABC"
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "example-cfn-simple-distribution123",
"TrustedKeyGroups": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"Compress": true,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": "",
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e5abc",
"GrpcConfig": {
"Enabled": false
}
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"PriceClass": "PriceClass_All",
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": false,
"ACMCertificateArn": "arn:aws:acm:us-east-1:123456789012:certificate/ec53f564-ea5a-4e4a-a0a2-e3c989449abc",
"SSLSupportMethod": "sni-only",
"MinimumProtocolVersion": "TLSv1.2_2021",
"Certificate": "arn:aws:acm:us-east-1:123456789012:certificate/ec53f564-ea5a-4e4a-a0a2-e3c989449abc",
"CertificateSource": "acm"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "arn:aws:wafv2:us-east-1:123456789012:global/webacl/web-global-example/626900da-5f64-418b-ba9b-743f3746cabc",
"HttpVersion": "http2",
"IsIPV6Enabled": false,
"Staging": false,
"ConnectionMode": "tenant-only"
}
]
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[创建自定义连接组(可选)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-connection-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListDistributionsByConnectionMode](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-distributions-by-connection-mode.html)。
### `list-distributions`
以下代码示例演示了如何使用 `list-distributions`。
**AWS CLI**
**列出 CloudFront 分配**
以下示例获取您的 AWS 账户中的 CloudFront 分配列表。
```
aws cloudfront list-distributions
```
输出:
```
{
"DistributionList": {
"Items": [
{
"Id": "E23YS8OEXAMPLE",
"ARN": "arn:aws:cloudfront::123456789012:distribution/E23YS8OEXAMPLE",
"Status": "Deployed",
"LastModifiedTime": "2024-08-05T18:23:40.375000+00:00",
"DomainName": "abcdefgh12ijk.cloudfront.net",
"Aliases": {
"Quantity": 0
},
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
},
"ConnectionAttempts": 3,
"ConnectionTimeout": 10,
"OriginShield": {
"Enabled": false
},
"OriginAccessControlId": "EIAP8PEXAMPLE"
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com",
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"TrustedKeyGroups": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"Compress": true,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": "",
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e886EXAMPLE"
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"PriceClass": "PriceClass_All",
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"SSLSupportMethod": "vip",
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "HTTP2",
"IsIPV6Enabled": true,
"Staging": false
}
]
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListDistributions](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-distributions.html)。
### `list-domain-conflicts`
以下代码示例演示了如何使用 `list-domain-conflicts`。
**AWS CLI**
**列出 CloudFront 分配的域冲突**
以下 `list-domain-conflicts` 示例列出 CloudFront 分配的域冲突。
```
aws cloudfront list-domain-conflicts \
--domain example.com \
--domain-control-validation-resource "DistributionTenantId=dt_2x9GhoK0TZRsohWzv1b9It8J1AB"
```
输出:
```
{
"DomainConflicts": [
{
"Domain": "example.com",
"ResourceType": "distribution-tenant",
"ResourceId": "***************ohWzv1b9It8J1AB",
"AccountId": "123456789012"
}
]
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[将备用域名移动到其他分配](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/alternate-domain-names-move.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListDomainConflicts](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-domain-conflicts.html)。
### `list-field-level-encryption-configs`
以下代码示例演示了如何使用 `list-field-level-encryption-configs`。
**AWS CLI**
**列出 CloudFront 字段级加密配置**
以下示例获取您 AWS 账户中的 CloudFront 字段级加密配置列表:
```
aws cloudfront list-field-level-encryption-configs
```
输出:
```
{
"FieldLevelEncryptionList": {
"MaxItems": 100,
"Quantity": 1,
"Items": [
{
"Id": "C3KM2WVD605UAY",
"LastModifiedTime": "2019-12-10T21:30:18.974Z",
"Comment": "Example FLE configuration",
"QueryArgProfileConfig": {
"ForwardWhenQueryArgProfileIsUnknown": true,
"QueryArgProfiles": {
"Quantity": 0,
"Items": []
}
},
"ContentTypeProfileConfig": {
"ForwardWhenContentTypeIsUnknown": true,
"ContentTypeProfiles": {
"Quantity": 1,
"Items": [
{
"Format": "URLEncoded",
"ProfileId": "P280MFCLSYOCVU",
"ContentType": "application/x-www-form-urlencoded"
}
]
}
}
}
]
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListFieldLevelEncryptionConfigs](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-field-level-encryption-configs.html)。
### `list-field-level-encryption-profiles`
以下代码示例演示了如何使用 `list-field-level-encryption-profiles`。
**AWS CLI**
**列出 CloudFront 字段级加密配置文件**
以下示例获取您 AWS 账户中的 CloudFront 字段级加密配置文件列表:
```
aws cloudfront list-field-level-encryption-profiles
```
输出:
```
{
"FieldLevelEncryptionProfileList": {
"MaxItems": 100,
"Quantity": 2,
"Items": [
{
"Id": "P280MFCLSYOCVU",
"LastModifiedTime": "2019-12-05T01:05:39.896Z",
"Name": "ExampleFLEProfile",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 1,
"Items": [
"ExampleSensitiveField"
]
}
}
]
},
"Comment": "FLE profile for AWS CLI example"
},
{
"Id": "PPK0UOSIF5WSV",
"LastModifiedTime": "2019-12-10T01:03:16.537Z",
"Name": "ExampleFLEProfile2",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2ABC10EXAMPLE",
"ProviderId": "ExampleFLEProvider2",
"FieldPatterns": {
"Quantity": 1,
"Items": [
"ExampleSensitiveField2"
]
}
}
]
},
"Comment": "FLE profile #2 for AWS CLI example"
}
]
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListFieldLevelEncryptionProfiles](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-field-level-encryption-profiles.html)。
### `list-invalidations-for-distribution-tenant`
以下代码示例演示了如何使用 `list-invalidations-for-distribution-tenant`。
**AWS CLI**
**列出 CloudFront 分配租户的失效**
以下 `list-invalidations-for-distribution-tenant` 示例列出 CloudFront 分配租户的失效。
```
aws cloudfront list-invalidations-for-distribution-tenant \
--id dt_2wjDZi3hD1ivOXf6rpZJOSNE1AB
```
输出:
```
{
"InvalidationList": {
"Items": [
{
"Id": "I4CU23QAPKMUDUU06F9OFGFABC",
"CreateTime": "2025-05-06T15:46:12.824000+00:00",
"Status": "Completed"
}
]
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[使文件失效以删除内容](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [ListInvalidationsForDistributionTenant](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-invalidations-for-distribution-tenant.html)。
### `list-invalidations`
以下代码示例演示了如何使用 `list-invalidations`。
**AWS CLI**
**列出 CloudFront 失效**
以下示例获取 ID 为 `EDFDVBD6EXAMPLE` 的 CloudFront 分配的失效列表:
```
aws cloudfront list-invalidations --distribution-id EDFDVBD6EXAMPLE
```
输出:
```
{
"InvalidationList": {
"Marker": "",
"Items": [
{
"Status": "Completed",
"Id": "YNY2LI2BVJ4NJU",
"CreateTime": "2019-08-31T21:15:52.042Z"
}
],
"IsTruncated": false,
"MaxItems": 100,
"Quantity": 1
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListInvalidations](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-invalidations.html)。
### `list-public-keys`
以下代码示例演示了如何使用 `list-public-keys`。
**AWS CLI**
**列出 CloudFront 公钥**
以下示例获取您 AWS 账户中的 CloudFront 公钥列表:
```
aws cloudfront list-public-keys
```
输出:
```
{
"PublicKeyList": {
"MaxItems": 100,
"Quantity": 2,
"Items": [
{
"Id": "K2K8NC4HVFE3M0",
"Name": "ExampleKey",
"CreatedTime": "2019-12-05T01:04:28.818Z",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPMbCA2Ks0lnd7IR+3pw\nwd3H/7jPGwj8bLUmore7bX+oeGpZ6QmLAe/1UOWcmZX2u70dYcSIzB1ofZtcn4cJ\nenHBAzO3ohBY/L1tQGJfS2A+omnN6H16VZE1JCK8XSJyfze7MDLcUyHZETdxuvRb\nA9X343/vMAuQPnhinFJ8Wdy8YBXSPpy7r95ylUQd9LfYTBzVZYG2tSesplcOkjM3\n2Uu+oMWxQAw1NINnSLPinMVsutJy6ZqlV3McWNWe4T+STGtWhrPNqJEn45sIcCx4\nq+kGZ2NQ0FyIyT2eiLKOX5Rgb/a36E/aMk4VoDsaenBQgG7WLTnstb9sr7MIhS6A\nrwIDAQAB\n-----END PUBLIC KEY-----\n",
"Comment": "example public key"
},
{
"Id": "K1S0LWQ2L5HTBU",
"Name": "ExampleKey2",
"CreatedTime": "2019-12-09T23:28:11.110Z",
"EncodedKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOCAg88A8+f4dujn9Izt\n26LxtgAkn2opGgo/NKpMiaisyw5qlg3f1gol7FV6pYNl78iJg3EO8JBbwtlH+cR9\nLGSf60NDeVhm76Oc39Np/vWgOdsGQcRbi9WmKZeSODqjQGzVZWqPmito3FzWVk6b\nfVY5N36U/RdbVAJm95Km+qaMYlbIdF40t72bi3IkKYV5hlB2XoDjlQ9F6ajQKyTB\nMHa3SN8q+3ZjQ4sJJ7D1V6r4wR8jDcFVD5NckWJmmgIVnkOQM37NYeoDnkaOuTpu\nha/+3b8tOb2z3LBVHPkp85zJRAOXacSwf5rZtPYKBNFsixTa2n55k2r218mOkMC4\nUwIDAQAB\n-----END PUBLIC KEY-----",
"Comment": "example public key #2"
}
]
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListPublicKeys](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-public-keys.html)。
### `list-tags-for-resource`
以下代码示例演示了如何使用 `list-tags-for-resource`。
**AWS CLI**
**列出 CloudFront 分配的标签**
以下示例获取 CloudFront 分配的标签列表:
```
aws cloudfront list-tags-for-resource \
--resource arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE
```
输出:
```
{
"Tags": {
"Items": [
{
"Key": "DateCreated",
"Value": "2019-12-04"
},
{
"Key": "Name",
"Value": "Example name"
},
{
"Key": "Project",
"Value": "Example project"
}
]
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [ListTagsForResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/list-tags-for-resource.html)。
### `sign`
以下代码示例演示了如何使用 `sign`。
**AWS CLI**
**签署 CloudFront 网址**
以下示例签署一个 CloudFront 网址。要签署网址,您需要密钥对 ID(在 AWS 管理控制台中称为**访问密钥 ID**)和可信签署人的 CloudFront 密钥对的私钥。有关签署网址的更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[使用已签署网址和已签署 Cookie 提供私有内容](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html)。
```
aws cloudfront sign \
--url https://d111111abcdef8.cloudfront.net/private-content/private-file.html \
--key-pair-id APKAEIBAERJR2EXAMPLE \
--private-key file://cf-signer-priv-key.pem \
--date-less-than 2020-01-01
```
输出:
```
https://d111111abcdef8.cloudfront.net/private-content/private-file.html?Expires=1577836800&Signature=nEXK7Kby47XKeZQKVc6pwkif6oZc-JWSpDkH0UH7EBGGqvgurkecCbgL5VfUAXyLQuJxFwRQWscz-owcq9KpmewCXrXQbPaJZNi9XSNwf4YKurPDQYaRQawKoeenH0GFteRf9ELK-Bs3nljTLjtbgzIUt7QJNKXcWr8AuUYikzGdJ4-qzx6WnxXfH~fxg4-GGl6l2kgCpXUB6Jx6K~Y3kpVOdzUPOIqFLHAnJojbhxqrVejomZZ2XrquDvNUCCIbePGnR3d24UPaLXG4FKOqNEaWDIBXu7jUUPwOyQCvpt-GNvjRJxqWf93uMobeMOiVYahb-e0KItiQewGcm0eLZQ__&Key-Pair-Id=APKAEIBAERJR2EXAMPLE
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [Sign](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/sign.html)。
### `tag-resource`
以下代码示例演示了如何使用 `tag-resource`。
**AWS CLI**
**标记 CloudFront 分配**
以下 `tag-resource` 示例为指定的 CloudFront 分配添加两个标签。
```
aws cloudfront tag-resource \
--resource arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE \
--tags 'Items=[{Key=Name,Value="Example name"},{Key=Project,Value="Example project"}]'
```
您可以在 JSON 文件中提供标签,而不必使用命令行参数,如以下示例所示:
```
aws cloudfront tag-resource \
--resource arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE \
--tags file://tags.json
```
的内容`tags.json`:
```
{
"Items": [
{
"Key": "Name",
"Value": "Example name"
},
{
"Key": "Project",
"Value": "Example project"
}
]
}
```
此命令不生成任何输出。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [TagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/tag-resource.html)。
### `untag-resource`
以下代码示例演示了如何使用 `untag-resource`。
**AWS CLI**
**从 CloudFront 分配中移除标签**
以下示例使用命令行参数从 CloudFront 分配中移除两个标签:
```
aws cloudfront untag-resource \
--resource arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE \
--tag-keys Items=Name,Project
```
您可以在 JSON 文件中提供标签密钥,而不必使用命令行参数,如以下示例所示:
```
aws cloudfront untag-resource \
--resource arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE \
--tag-keys file://tag-keys.json
```
文件 `tag-keys.json` 是当前文件夹中包含以下内容的 JSON 文档:
```
{
"Items": [
"Name",
"Project"
]
}
```
成功时,此命令没有输出。
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UntagResource](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/untag-resource.html)。
### `update-cloud-front-origin-access-identity`
以下代码示例演示了如何使用 `update-cloud-front-origin-access-identity`。
**AWS CLI**
**更新 CloudFront 来源访问身份**
以下示例更新 ID 为 `E74FTE3AEXAMPLE` 的来源访问身份(OAI)。您可以更新的唯一字段是 OAI 的 `Comment`。
要更新 OAI,您必须拥有 OAI 的 ID 和 `ETag`。OAI ID 将在 create-cloud-front-origin-access-identity 和 list-cloud-front-origin-access-identities 命令的输出中返回。要获取 `ETag`,请使用 get-cloud-front-origin-access-identity 或 get-cloud-front-origin-access-identity-config 命令。使用 `--if-match` 选项提供 OAI 的 `ETag`。
```
aws cloudfront update-cloud-front-origin-access-identity \
--id E74FTE3AEXAMPLE \
--if-match E2QWRUHEXAMPLE \
--cloud-front-origin-access-identity-config \
CallerReference=cli-example,Comment="Example OAI Updated"
```
您可以通过在 JSON 文件中提供 OAI 配置来完成同样的事情,如以下示例所示:
```
aws cloudfront update-cloud-front-origin-access-identity \
--id E74FTE3AEXAMPLE \
--if-match E2QWRUHEXAMPLE \
--cloud-front-origin-access-identity-config file://OAI-config.json
```
文件 `OAI-config.json` 是当前目录中包含以下内容的 JSON 文档:
```
{
"CallerReference": "cli-example",
"Comment": "Example OAI Updated"
}
```
无论您使用命令行参数还是 JSON 文件提供 OAI 配置,输出都相同:
```
{
"ETag": "E9LHASXEXAMPLE",
"CloudFrontOriginAccessIdentity": {
"Id": "E74FTE3AEXAMPLE",
"S3CanonicalUserId": "cd13868f797c227fbea2830611a26fe0a21ba1b826ab4bed9b7771c9aEXAMPLE",
"CloudFrontOriginAccessIdentityConfig": {
"CallerReference": "cli-example",
"Comment": "Example OAI Updated"
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateCloudFrontOriginAccessIdentity](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/update-cloud-front-origin-access-identity.html)。
### `update-connection-group`
以下代码示例演示了如何使用 `update-connection-group`。
**AWS CLI**
**更新 CloudFront 连接组**
以下 `update-connection-group` 示例禁用 CloudFront 连接组并禁用 IPv6。
```
aws cloudfront update-connection-group \
--id cg_2yHsDkcPKeUlVkk3aEgLKcjABC \
--no-ipv6-enabled \
--no-enabled \
--if-match E3UN6WX5RRO2ABC
```
输出:
```
{
"ETag": "E1F83G8C2ARABC",
"ConnectionGroup": {
"Id": "cg_2yHsDkcPKeUlVkk3aEgLKcjABC",
"Name": "cg-example",
"Arn": "arn:aws:cloudfront::123456789012:connection-group/cg_2yHsDkcPKeUlVkk3aEgLKcjABC",
"CreatedTime": "2025-06-09T20:58:35.481000+00:00",
"LastModifiedTime": "2025-06-11T16:25:54.280000+00:00",
"Ipv6Enabled": false,
"RoutingEndpoint": "du9xp1elo1abc.cloudfront.net",
"Status": "InProgress",
"Enabled": false,
"IsDefault": false
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[创建自定义连接组(可选)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/custom-connection-group.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [UpdateConnectionGroup](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/update-connection-group.html)。
### `update-distribution-tenant`
以下代码示例演示了如何使用 `update-distribution-tenant`。
**AWS CLI**
**更新 CloudFront 分配租户**
以下 `update-distribution-tenant` 示例使用新的参数值更新 CloudFront 分配租户,并在地理限制中添加一个国家/地区。
```
aws cloudfront update-distribution-tenant \
--cli-input-json file://update-tenant.json
```
的内容`update-tenant.json`:
```
{
"Id": "dt_2yMvQgam3QkJo2z54FDl91dk1AB",
"IfMatch": "E1F83G8C2ARABC",
"Parameters": [
{
"Name": "testParam",
"Value": "newParameterValue"
}
],
"Customizations": {
"WebAcl": {
"Action": "disable"
},
"GeoRestrictions": {
"RestrictionType": "whitelist",
"Locations": [
"DE",
"GB",
"ES"
]
}
}
}
```
输出:
```
{
"ETag": "E1PA6795UKMABC",
"DistributionTenant": {
"Id": "dt_2yMvQgam3QkJo2z54FDl91dk1AB",
"DistributionId": "E1XNX8R2GOAABC",
"Name": "new-tenant-customizations",
"Arn": "arn:aws:cloudfront::123456789012:distribution-tenant/dt_2yMvQgam3QkJo2z54FDl91dk1AB",
"Domains": [
{
"Domain": "example.com",
"Status": "active"
}
],
"Customizations": {
"WebAcl": {
"Action": "disable"
},
"GeoRestrictions": {
"RestrictionType": "whitelist",
"Locations": [
"DE",
"ES",
"GB"
]
}
},
"Parameters": [
{
"Name": "testParam",
"Value": "newParameterValue"
}
],
"ConnectionGroupId": "cg_2whCJoXMYCjHcxaLGrkllvyABC",
"CreatedTime": "2025-06-11T15:54:02.142000+00:00",
"LastModifiedTime": "2025-06-11T16:42:45.531000+00:00",
"Enabled": false,
"Status": "InProgress"
}
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[分配租户自定义](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/tenant-customization.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [UpdateDistributionTenant](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/update-distribution-tenant.html)。
### `update-distribution`
以下代码示例演示了如何使用 `update-distribution`。
**AWS CLI**
**示例 1:更新 CloudFront 分配的默认根对象**
以下示例针对 ID 为 `EDFDVBD6EXAMPLE` 的 CloudFront 分配,将其默认根对象更新为 `index.html`。
```
aws cloudfront update-distribution \
--id EDFDVBD6EXAMPLE \
--default-root-object index.html
```
输出:
```
{
"ETag": "E2QWRUHEXAMPLE",
"Distribution": {
"Id": "EDFDVBD6EXAMPLE",
"ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE",
"Status": "InProgress",
"LastModifiedTime": "2019-12-06T18:55:39.870Z",
"InProgressInvalidationBatches": 0,
"DomainName": "d111111abcdef8.cloudfront.net",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"DistributionConfig": {
"CallerReference": "6b10378d-49be-4c4b-a642-419ccaf8f3b5",
"Aliases": {
"Quantity": 0
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "example-website",
"DomainName": "www.example.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"CustomOriginConfig": {
"HTTPPort": 80,
"HTTPSPort": 443,
"OriginProtocolPolicy": "match-viewer",
"OriginSslProtocols": {
"Quantity": 2,
"Items": [
"SSLv3",
"TLSv1"
]
},
"OriginReadTimeout": 30,
"OriginKeepaliveTimeout": 5
}
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "example-website",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 1,
"Items": [
"*"
]
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"DefaultTTL": 86400,
"MaxTTL": 31536000,
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": ""
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"PriceClass": "PriceClass_All",
"Enabled": true,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http1.1",
"IsIPV6Enabled": true
}
}
}
```
**示例 2:更新 CloudFront 分配**
以下示例通过在名为 `dist-config-disable.json` 的 JSON 文件中提供分配配置来禁用 ID 为 `EMLARXS9EXAMPLE` 的 CloudFront 分配。要更新分配,您必须使用 `--if-match` 选项来提供分配的 `ETag`。要获取 `ETag`,请使用 get-distribution 或 get-distribution-config 命令。请注意,在 JSON 文件中,`Enabled` 字段设置为 `false`。
使用以下示例禁用分配后,您可以使用 delete-distribute 命令将其删除。
```
aws cloudfront update-distribution \
--id EMLARXS9EXAMPLE \
--if-match E2QWRUHEXAMPLE \
--distribution-config file://dist-config-disable.json
```
的内容`dist-config-disable.json`:
```
{
"CallerReference": "cli-1574382155-496510",
"Aliases": {
"Quantity": 0
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939",
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"DefaultTTL": 86400,
"MaxTTL": 31536000,
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": ""
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"PriceClass": "PriceClass_All",
"Enabled": false,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
```
输出:
```
{
"ETag": "E9LHASXEXAMPLE",
"Distribution": {
"Id": "EMLARXS9EXAMPLE",
"ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE",
"Status": "InProgress",
"LastModifiedTime": "2019-12-06T18:32:35.553Z",
"InProgressInvalidationBatches": 0,
"DomainName": "d111111abcdef8.cloudfront.net",
"ActiveTrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"DistributionConfig": {
"CallerReference": "cli-1574382155-496510",
"Aliases": {
"Quantity": 0
},
"DefaultRootObject": "index.html",
"Origins": {
"Quantity": 1,
"Items": [
{
"Id": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939",
"DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com",
"OriginPath": "",
"CustomHeaders": {
"Quantity": 0
},
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
},
"OriginGroups": {
"Quantity": 0
},
"DefaultCacheBehavior": {
"TargetOriginId": "amzn-s3-demo-bucket---s3.amazonaws.com.rproxy.goskope.com-1574382155-273939",
"ForwardedValues": {
"QueryString": false,
"Cookies": {
"Forward": "none"
},
"Headers": {
"Quantity": 0
},
"QueryStringCacheKeys": {
"Quantity": 0
}
},
"TrustedSigners": {
"Enabled": false,
"Quantity": 0
},
"ViewerProtocolPolicy": "allow-all",
"MinTTL": 0,
"AllowedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
],
"CachedMethods": {
"Quantity": 2,
"Items": [
"HEAD",
"GET"
]
}
},
"SmoothStreaming": false,
"DefaultTTL": 86400,
"MaxTTL": 31536000,
"Compress": false,
"LambdaFunctionAssociations": {
"Quantity": 0
},
"FieldLevelEncryptionId": ""
},
"CacheBehaviors": {
"Quantity": 0
},
"CustomErrorResponses": {
"Quantity": 0
},
"Comment": "",
"Logging": {
"Enabled": false,
"IncludeCookies": false,
"Bucket": "",
"Prefix": ""
},
"PriceClass": "PriceClass_All",
"Enabled": false,
"ViewerCertificate": {
"CloudFrontDefaultCertificate": true,
"MinimumProtocolVersion": "TLSv1",
"CertificateSource": "cloudfront"
},
"Restrictions": {
"GeoRestriction": {
"RestrictionType": "none",
"Quantity": 0
}
},
"WebACLId": "",
"HttpVersion": "http2",
"IsIPV6Enabled": true
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateDistribution](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/update-distribution.html)。
### `update-domain-association`
以下代码示例演示了如何使用 `update-domain-association`。
**AWS CLI**
**更新域关联**
以下 `update-domain-association` 示例更新具有 ETag `E23ZP02F085ABC` 的分配租户的域关联。
```
aws cloudfront update-domain-association \
--domain example.com \
--target-resource DistributionTenantId=dt_2x9GhoK0TZRsohWzv1b9It8J1AB \
--if-match E23ZP02F085ABC
```
输出:
```
{
"ETag": "ETVPDKIKX0ABC",
"Domain": "example.com",
"ResourceId": "dt_2x9GhoK0TZRsohWzv1b9It8J1AB"
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[将备用域名移动到其他分配](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/alternate-domain-names-move.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [UpdateDomainAssociation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/update-domain-association.html)。
### `update-field-level-encryption-config`
以下代码示例演示了如何使用 `update-field-level-encryption-config`。
**AWS CLI**
**更新 CloudFront 字段级加密配置**
以下示例通过在 JSON 文件中提供参数,使用 ID `C3KM2WVD605UAY` 更新字段级加密配置的 `Comment` 字段。
要更新字段级加密配置,您必须拥有该配置的 ID 和 `ETag`。该 ID 将在 create-field-level-encryption-config 和 list-field-level-encryption-configs 命令的输出中返回。要获取 `ETag`,请使用 get-field-level-encryption 或 get-field-level-encryption-config 命令。使用 `--if-match` 选项提供配置的 `ETag`。
```
aws cloudfront update-field-level-encryption-config \
--id C3KM2WVD605UAY \
--if-match E2P4Z4VU7TY5SG \
--field-level-encryption-config file://fle-config.json
```
文件 `fle-config.json` 是当前目录中包含以下内容的 JSON 文档:
```
{
"CallerReference": "cli-example",
"Comment": "Updated example FLE configuration",
"QueryArgProfileConfig": {
"ForwardWhenQueryArgProfileIsUnknown": true,
"QueryArgProfiles": {
"Quantity": 0
}
},
"ContentTypeProfileConfig": {
"ForwardWhenContentTypeIsUnknown": true,
"ContentTypeProfiles": {
"Quantity": 1,
"Items": [
{
"Format": "URLEncoded",
"ProfileId": "P280MFCLSYOCVU",
"ContentType": "application/x-www-form-urlencoded"
}
]
}
}
}
```
输出:
```
{
"ETag": "E26M4BIAV81ZF6",
"FieldLevelEncryption": {
"Id": "C3KM2WVD605UAY",
"LastModifiedTime": "2019-12-10T22:26:26.170Z",
"FieldLevelEncryptionConfig": {
"CallerReference": "cli-example",
"Comment": "Updated example FLE configuration",
"QueryArgProfileConfig": {
"ForwardWhenQueryArgProfileIsUnknown": true,
"QueryArgProfiles": {
"Quantity": 0,
"Items": []
}
},
"ContentTypeProfileConfig": {
"ForwardWhenContentTypeIsUnknown": true,
"ContentTypeProfiles": {
"Quantity": 1,
"Items": [
{
"Format": "URLEncoded",
"ProfileId": "P280MFCLSYOCVU",
"ContentType": "application/x-www-form-urlencoded"
}
]
}
}
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateFieldLevelEncryptionConfig](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/update-field-level-encryption-config.html)。
### `update-field-level-encryption-profile`
以下代码示例演示了如何使用 `update-field-level-encryption-profile`。
**AWS CLI**
**更新 CloudFront 字段级加密配置文件**
以下示例更新 ID 为 `PPK0UOSIF5WSV` 的字段级加密配置文件。此示例通过在 JSON 文件中提供参数,更新配置文件的 `Name` 和 `Comment`,并添加第二个 `FieldPatterns` 项目。
要更新字段级加密配置文件,必须提供配置文件的 ID 和 `ETag`。该 ID 将在 create-field-level-encryption-profile 和 list-field-level-encryption-profiles 命令的输出中返回。要获取 `ETag`,请使用 get-field-level-encryption-profile 或 get-field-level-encryption-profile-config 命令。使用 `--if-match` 选项提供配置文件的 `ETag`。
```
aws cloudfront update-field-level-encryption-profile \
--id PPK0UOSIF5WSV \
--if-match E1QQG65FS2L2GC \
--field-level-encryption-profile-config file://fle-profile-config.json
```
文件 `fle-profile-config.json` 是当前目录中包含以下内容的 JSON 文档:
```
{
"Name": "ExampleFLEProfileUpdated",
"CallerReference": "cli-example",
"Comment": "Updated FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 2,
"Items": [
"ExampleSensitiveField",
"SecondExampleSensitiveField"
]
}
}
]
}
}
```
输出:
```
{
"ETag": "EJETYFJ9CL66D",
"FieldLevelEncryptionProfile": {
"Id": "PPK0UOSIF5WSV",
"LastModifiedTime": "2019-12-10T19:05:58.296Z",
"FieldLevelEncryptionProfileConfig": {
"Name": "ExampleFLEProfileUpdated",
"CallerReference": "cli-example",
"Comment": "Updated FLE profile for AWS CLI example",
"EncryptionEntities": {
"Quantity": 1,
"Items": [
{
"PublicKeyId": "K2K8NC4HVFE3M0",
"ProviderId": "ExampleFLEProvider",
"FieldPatterns": {
"Quantity": 2,
"Items": [
"ExampleSensitiveField",
"SecondExampleSensitiveField"
]
}
}
]
}
}
}
}
```
+ 有关 API 详细信息,请参阅《AWS CLI 命令参考》**中的 [UpdateFieldLevelEncryptionProfile](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/update-field-level-encryption-profile.html)。
### `verify-dns-configuration`
以下代码示例演示了如何使用 `verify-dns-configuration`。
**AWS CLI**
**验证域的 DNS 配置**
以下 `verify-dns-configuration` 示例验证域的 DNS 配置。
```
aws cloudfront verify-dns-configuration \
--domain example.com \
--identifier dt_2x9GhoK0TZRsohWzv1b9It8J1AB
```
输出:
```
{
"DnsConfigurationList": [
{
"Domain": "example.com",
"Status": "valid-configuration"
}
]
}
```
有关更多信息,请参阅《Amazon CloudFront 开发人员指南》**中的[将备用域名移动到其他分配](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/alternate-domain-names-move.html)。
+ 有关 API 详细信息,请参阅《AWS CLI Command Reference》**中的 [VerifyDnsConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudfront/verify-dns-configuration.html)。