AWS CloudFront Cache Policy
This page shows how to write Terraform and CloudFormation for CloudFront Cache Policy and write them securely.
aws_cloudfront_cache_policy (Terraform)
The Cache Policy in CloudFront can be configured in Terraform with the resource name aws_cloudfront_cache_policy
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_cloudfront_cache_policy" "cf_dynamic_cp" {
name = "COP26-Dynamic-CachePolicy"
comment = "Dynamic cache policy for the COP26 WordPress site"
default_ttl = 300
max_ttl = 600
min_ttl = 1
resource "aws_cloudfront_cache_policy" "cloudfront_cache_policy" {
name = "Managed-CachingOptimized"
comment = "Default policy when CF compression is enabled"
default_ttl = 86400
max_ttl = 31536000
min_ttl = 1
resource "aws_cloudfront_cache_policy" "one_year_cache_policy" {
name = "one-year-cache-policy"
default_ttl = 31536000
max_ttl = 31536000
min_ttl = 31536000
resource "aws_cloudfront_cache_policy" "policy" {
name = var.name
comment = var.description
default_ttl = var.default_ttl
max_ttl = var.max_ttl
min_ttl = var.min_ttl
Parameters
-
comment
optional - string -
default_ttl
optional - number -
etag
optional computed - string -
id
optional computed - string -
max_ttl
optional - number -
min_ttl
optional - number -
name
required - string -
parameters_in_cache_key_and_forwarded_to_origin
list block-
enable_accept_encoding_brotli
optional - bool -
enable_accept_encoding_gzip
optional - bool -
cookies_config
list block-
cookie_behavior
required - string -
cookies
list block-
items
optional - set of string
-
-
-
headers_config
list block-
header_behavior
optional - string -
headers
list block-
items
optional - set of string
-
-
-
query_strings_config
list block-
query_string_behavior
required - string -
query_strings
list block-
items
optional - set of string
-
-
-
Explanation in Terraform Registry
Tips: Best Practices for The Other AWS CloudFront Resources
In addition to the aws_cloudfront_distribution, AWS CloudFront has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_cloudfront_distribution
Ensure to enable access logging of CloudFront distribution
To avoid attacks, it is better to configure access logging of a CloudFront distribution. The logs are important for the early-stage detection of attacks and incident responses. It is better to enable the feature while being careful of handling cookies.
AWS::CloudFront::CachePolicy (CloudFormation)
The CachePolicy in CloudFront can be configured in CloudFormation with the resource name AWS::CloudFront::CachePolicy
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
CachePolicyConfig
required - CachePolicyConfig
Explanation in CloudFormation Registry
A cache policy.
When it’s attached to a cache behavior, the cache policy determines the following:+ The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer.
- The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache.
The headers, cookies, and query strings that are included in the cache key are automatically included in requests that CloudFront sends to the origin. CloudFront sends a request when it can’t find a valid object in its cache that matches the request’s cache key. If you want to send values to the origin but not include them in the cache key, use
OriginRequestPolicy
.
Frequently asked questions
What is AWS CloudFront Cache Policy?
AWS CloudFront Cache Policy is a resource for CloudFront of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS CloudFront Cache Policy?
For Terraform, the cabinetoffice/cop26-edge, mudmuseum/terraform-modules and Lubycon/lubycon-terraform source code examples are useful. See the Terraform Example section for further details.