AWS CloudFront Public Key
This page shows how to write Terraform and CloudFormation for CloudFront Public Key and write them securely.
aws_cloudfront_public_key (Terraform)
The Public Key in CloudFront can be configured in Terraform with the resource name aws_cloudfront_public_key. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_cloudfront_public_key" "example" {
comment = "test public key"
encoded_key = file("public.pem")
name = "test_key"
resource "aws_cloudfront_public_key" "cloudfront_public_key" {
count = length(var.cloudfront_public_key)
encoded_key = file(join(".", [join("/", [path.cwd, "key", lookup(var.cloudfront_public_key[count.index], "encoded_key")]), "pem"]))
name = lookup(var.cloudfront_public_key[count.index], "name", null)
comment = lookup(var.cloudfront_public_key[count.index], "comment", null)
resource "aws_cloudfront_public_key" "cloudfront_public_key" {
count = var.enable_cloudfront_public_key ? 1 : 0
encoded_key = var.cloudfront_public_key_encoded_key
comment = var.cloudfront_public_key_comment
resource "aws_cloudfront_public_key" "cloudfront_public_key" {
count = var.enable_cloudfront_public_key ? 1 : 0
encoded_key = var.cloudfront_public_key_encoded_key
comment = var.cloudfront_public_key_comment
resource "aws_cloudfront_public_key" "this" {
comment = var.comment
encoded_key = var.encoded_key
name = var.name
name_prefix = var.name_prefix
}
Parameters
-
caller_referenceoptional computed - string -
commentoptional - string -
encoded_keyrequired - string -
etagoptional computed - string -
idoptional computed - string -
nameoptional computed - string -
name_prefixoptional computed - string
Explanation in Terraform Registry
Tips: Best Practices for The Other AWS CloudFront Resources
In addition to the aws_cloudfront_distribution, AWS CloudFront has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_cloudfront_distribution
Ensure to enable access logging of CloudFront distribution
To avoid attacks, it is better to configure access logging of a CloudFront distribution. The logs are important for the early-stage detection of attacks and incident responses. It is better to enable the feature while being careful of handling cookies.
AWS::CloudFront::PublicKey (CloudFormation)
The PublicKey in CloudFront can be configured in CloudFormation with the resource name AWS::CloudFront::PublicKey. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
PublicKeyConfigrequired - PublicKeyConfig
Explanation in CloudFormation Registry
A public key that you can use with signed URLs and signed cookies, or with field-level encryption.
Frequently asked questions
What is AWS CloudFront Public Key?
AWS CloudFront Public Key is a resource for CloudFront of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS CloudFront Public Key?
For Terraform, the chimbs86/Security-And-Microservices-On-AWS, mikamakusa/terraform and SebastianUA/terraform-aws-cloudfront source code examples are useful. See the Terraform Example section for further details.
