AWS CloudFront Key Group
This page shows how to write Terraform and CloudFormation for CloudFront Key Group and write them securely.
aws_cloudfront_key_group (Terraform)
The Key Group in CloudFront can be configured in Terraform with the resource name aws_cloudfront_key_group
. The following sections describe 1 example of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_cloudfront_key_group" "public-keys-group" {
items = [aws_cloudfront_public_key.movies-on-demand-api-key.id]
name = "public-keys-group"
}
resource "aws_cloudfront_origin_access_identity" "movies" {
Parameters
-
comment
optional - string -
etag
optional computed - string -
id
optional computed - string -
items
required - set of string -
name
required - string
Explanation in Terraform Registry
Tips: Best Practices for The Other AWS CloudFront Resources
In addition to the aws_cloudfront_distribution, AWS CloudFront has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_cloudfront_distribution
Ensure to enable access logging of CloudFront distribution
To avoid attacks, it is better to configure access logging of a CloudFront distribution. The logs are important for the early-stage detection of attacks and incident responses. It is better to enable the feature while being careful of handling cookies.
AWS::CloudFront::KeyGroup (CloudFormation)
The KeyGroup in CloudFront can be configured in CloudFormation with the resource name AWS::CloudFront::KeyGroup
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
KeyGroupConfig
required - KeyGroupConfig
Explanation in CloudFormation Registry
A key group.
A key group contains a list of public keys that you can use with CloudFront signed URLs and signed cookies.
Frequently asked questions
What is AWS CloudFront Key Group?
AWS CloudFront Key Group is a resource for CloudFront of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS CloudFront Key Group?
For Terraform, the nikitaKunevich/yandex_prakt_graduate_work source code example is useful. See the Terraform Example section for further details.