Top / Amazon Web Service / AWS CloudFront / Key Group

AWS CloudFront Key Group

This page shows how to write Terraform and CloudFormation for CloudFront Key Group and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_cloudfront_key_group (Terraform)

The Key Group in CloudFront can be configured in Terraform with the resource name aws_cloudfront_key_group. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

cloudfront.tf#L11
resource "aws_cloudfront_key_group" "public-keys-group" {
  items = [aws_cloudfront_public_key.movies-on-demand-api-key.id]
  name  = "public-keys-group"
}

resource "aws_cloudfront_origin_access_identity" "movies" {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

  • comment optional - string
  • etag optional computed - string
  • id optional computed - string
  • items required - set of string
  • name required - string

>> from Terraform Registry

Explanation in Terraform Registry

>> from Terraform Registry

Tips: Best Practices for The Other AWS CloudFront Resources

In addition to the aws_cloudfront_distribution, AWS CloudFront has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

risk-label

aws_cloudfront_distribution

Ensure to enable access logging of CloudFront distribution

To avoid attacks, it is better to configure access logging of a CloudFront distribution. The logs are important for the early-stage detection of attacks and incident responses. It is better to enable the feature while being careful of handling cookies.

Review your AWS CloudFront settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

AWS::CloudFront::KeyGroup (CloudFormation)

The KeyGroup in CloudFront can be configured in CloudFormation with the resource name AWS::CloudFront::KeyGroup. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

A key group.

A key group contains a list of public keys that you can use with CloudFront signed URLs and signed cookies.

>> from AWS CloudFormation Documentation

The Other Related AWS CloudFront Resources

Frequently asked questions

What is AWS CloudFront Key Group?

AWS CloudFront Key Group is a resource for CloudFront of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS CloudFront Key Group?

For Terraform, the nikitaKunevich/yandex_prakt_graduate_work source code example is useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents