CloudFront#
Client#
- class CloudFront.Client#
A low-level client representing Amazon CloudFront
This is the Amazon CloudFront API Reference. This guide is for developers who need detailed information about CloudFront API actions, data types, and errors. For detailed information about CloudFront features, see the Amazon CloudFront Developer Guide.
import boto3 client = boto3.client('cloudfront')
These are the available methods:
- associate_alias
- can_paginate
- close
- copy_distribution
- create_anycast_ip_list
- create_cache_policy
- create_cloud_front_origin_access_identity
- create_continuous_deployment_policy
- create_distribution
- create_distribution_with_tags
- create_field_level_encryption_config
- create_field_level_encryption_profile
- create_function
- create_invalidation
- create_key_group
- create_key_value_store
- create_monitoring_subscription
- create_origin_access_control
- create_origin_request_policy
- create_public_key
- create_realtime_log_config
- create_response_headers_policy
- create_streaming_distribution
- create_streaming_distribution_with_tags
- create_vpc_origin
- delete_anycast_ip_list
- delete_cache_policy
- delete_cloud_front_origin_access_identity
- delete_continuous_deployment_policy
- delete_distribution
- delete_field_level_encryption_config
- delete_field_level_encryption_profile
- delete_function
- delete_key_group
- delete_key_value_store
- delete_monitoring_subscription
- delete_origin_access_control
- delete_origin_request_policy
- delete_public_key
- delete_realtime_log_config
- delete_response_headers_policy
- delete_streaming_distribution
- delete_vpc_origin
- describe_function
- describe_key_value_store
- get_anycast_ip_list
- get_cache_policy
- get_cache_policy_config
- get_cloud_front_origin_access_identity
- get_cloud_front_origin_access_identity_config
- get_continuous_deployment_policy
- get_continuous_deployment_policy_config
- get_distribution
- get_distribution_config
- get_field_level_encryption
- get_field_level_encryption_config
- get_field_level_encryption_profile
- get_field_level_encryption_profile_config
- get_function
- get_invalidation
- get_key_group
- get_key_group_config
- get_monitoring_subscription
- get_origin_access_control
- get_origin_access_control_config
- get_origin_request_policy
- get_origin_request_policy_config
- get_paginator
- get_public_key
- get_public_key_config
- get_realtime_log_config
- get_response_headers_policy
- get_response_headers_policy_config
- get_streaming_distribution
- get_streaming_distribution_config
- get_vpc_origin
- get_waiter
- list_anycast_ip_lists
- list_cache_policies
- list_cloud_front_origin_access_identities
- list_conflicting_aliases
- list_continuous_deployment_policies
- list_distributions
- list_distributions_by_anycast_ip_list_id
- list_distributions_by_cache_policy_id
- list_distributions_by_key_group
- list_distributions_by_origin_request_policy_id
- list_distributions_by_realtime_log_config
- list_distributions_by_response_headers_policy_id
- list_distributions_by_vpc_origin_id
- list_distributions_by_web_acl_id
- list_field_level_encryption_configs
- list_field_level_encryption_profiles
- list_functions
- list_invalidations
- list_key_groups
- list_key_value_stores
- list_origin_access_controls
- list_origin_request_policies
- list_public_keys
- list_realtime_log_configs
- list_response_headers_policies
- list_streaming_distributions
- list_tags_for_resource
- list_vpc_origins
- publish_function
- tag_resource
- test_function
- untag_resource
- update_cache_policy
- update_cloud_front_origin_access_identity
- update_continuous_deployment_policy
- update_distribution
- update_distribution_with_staging_config
- update_field_level_encryption_config
- update_field_level_encryption_profile
- update_function
- update_key_group
- update_key_value_store
- update_origin_access_control
- update_origin_request_policy
- update_public_key
- update_realtime_log_config
- update_response_headers_policy
- update_streaming_distribution
- update_vpc_origin
Client Exceptions#
Client exceptions are available on a client instance via the exceptions
property. For more detailed instructions and examples on the exact usage of client exceptions, see the error handling user guide.
The available client exceptions are:
- AccessDenied
- BatchTooLarge
- CNAMEAlreadyExists
- CachePolicyAlreadyExists
- CachePolicyInUse
- CannotChangeImmutablePublicKeyFields
- CannotDeleteEntityWhileInUse
- CannotUpdateEntityWhileInUse
- CloudFrontOriginAccessIdentityAlreadyExists
- CloudFrontOriginAccessIdentityInUse
- ContinuousDeploymentPolicyAlreadyExists
- ContinuousDeploymentPolicyInUse
- DistributionAlreadyExists
- DistributionNotDisabled
- EntityAlreadyExists
- EntityLimitExceeded
- EntityNotFound
- EntitySizeLimitExceeded
- FieldLevelEncryptionConfigAlreadyExists
- FieldLevelEncryptionConfigInUse
- FieldLevelEncryptionProfileAlreadyExists
- FieldLevelEncryptionProfileInUse
- FieldLevelEncryptionProfileSizeExceeded
- FunctionAlreadyExists
- FunctionInUse
- FunctionSizeLimitExceeded
- IllegalDelete
- IllegalFieldLevelEncryptionConfigAssociationWithCacheBehavior
- IllegalOriginAccessConfiguration
- IllegalUpdate
- InconsistentQuantities
- InvalidArgument
- InvalidDefaultRootObject
- InvalidDomainNameForOriginAccessControl
- InvalidErrorCode
- InvalidForwardCookies
- InvalidFunctionAssociation
- InvalidGeoRestrictionParameter
- InvalidHeadersForS3Origin
- InvalidIfMatchVersion
- InvalidLambdaFunctionAssociation
- InvalidLocationCode
- InvalidMinimumProtocolVersion
- InvalidOrigin
- InvalidOriginAccessControl
- InvalidOriginAccessIdentity
- InvalidOriginKeepaliveTimeout
- InvalidOriginReadTimeout
- InvalidProtocolSettings
- InvalidQueryStringParameters
- InvalidRelativePath
- InvalidRequiredProtocol
- InvalidResponseCode
- InvalidTTLOrder
- InvalidTagging
- InvalidViewerCertificate
- InvalidWebACLId
- KeyGroupAlreadyExists
- MissingBody
- MonitoringSubscriptionAlreadyExists
- NoSuchCachePolicy
- NoSuchCloudFrontOriginAccessIdentity
- NoSuchContinuousDeploymentPolicy
- NoSuchDistribution
- NoSuchFieldLevelEncryptionConfig
- NoSuchFieldLevelEncryptionProfile
- NoSuchFunctionExists
- NoSuchInvalidation
- NoSuchMonitoringSubscription
- NoSuchOrigin
- NoSuchOriginAccessControl
- NoSuchOriginRequestPolicy
- NoSuchPublicKey
- NoSuchRealtimeLogConfig
- NoSuchResource
- NoSuchResponseHeadersPolicy
- NoSuchStreamingDistribution
- OriginAccessControlAlreadyExists
- OriginAccessControlInUse
- OriginRequestPolicyAlreadyExists
- OriginRequestPolicyInUse
- PreconditionFailed
- PublicKeyAlreadyExists
- PublicKeyInUse
- QueryArgProfileEmpty
- RealtimeLogConfigAlreadyExists
- RealtimeLogConfigInUse
- RealtimeLogConfigOwnerMismatch
- ResourceInUse
- ResponseHeadersPolicyAlreadyExists
- ResponseHeadersPolicyInUse
- StagingDistributionInUse
- StreamingDistributionAlreadyExists
- StreamingDistributionNotDisabled
- TestFunctionFailed
- TooLongCSPInResponseHeadersPolicy
- TooManyCacheBehaviors
- TooManyCachePolicies
- TooManyCertificates
- TooManyCloudFrontOriginAccessIdentities
- TooManyContinuousDeploymentPolicies
- TooManyCookieNamesInWhiteList
- TooManyCookiesInCachePolicy
- TooManyCookiesInOriginRequestPolicy
- TooManyCustomHeadersInResponseHeadersPolicy
- TooManyDistributionCNAMEs
- TooManyDistributions
- TooManyDistributionsAssociatedToCachePolicy
- TooManyDistributionsAssociatedToFieldLevelEncryptionConfig
- TooManyDistributionsAssociatedToKeyGroup
- TooManyDistributionsAssociatedToOriginAccessControl
- TooManyDistributionsAssociatedToOriginRequestPolicy
- TooManyDistributionsAssociatedToResponseHeadersPolicy
- TooManyDistributionsWithFunctionAssociations
- TooManyDistributionsWithLambdaAssociations
- TooManyDistributionsWithSingleFunctionARN
- TooManyFieldLevelEncryptionConfigs
- TooManyFieldLevelEncryptionContentTypeProfiles
- TooManyFieldLevelEncryptionEncryptionEntities
- TooManyFieldLevelEncryptionFieldPatterns
- TooManyFieldLevelEncryptionProfiles
- TooManyFieldLevelEncryptionQueryArgProfiles
- TooManyFunctionAssociations
- TooManyFunctions
- TooManyHeadersInCachePolicy
- TooManyHeadersInForwardedValues
- TooManyHeadersInOriginRequestPolicy
- TooManyInvalidationsInProgress
- TooManyKeyGroups
- TooManyKeyGroupsAssociatedToDistribution
- TooManyLambdaFunctionAssociations
- TooManyOriginAccessControls
- TooManyOriginCustomHeaders
- TooManyOriginGroupsPerDistribution
- TooManyOriginRequestPolicies
- TooManyOrigins
- TooManyPublicKeys
- TooManyPublicKeysInKeyGroup
- TooManyQueryStringParameters
- TooManyQueryStringsInCachePolicy
- TooManyQueryStringsInOriginRequestPolicy
- TooManyRealtimeLogConfigs
- TooManyRemoveHeadersInResponseHeadersPolicy
- TooManyResponseHeadersPolicies
- TooManyStreamingDistributionCNAMEs
- TooManyStreamingDistributions
- TooManyTrustedSigners
- TrustedKeyGroupDoesNotExist
- TrustedSignerDoesNotExist
- UnsupportedOperation
Paginators#
Paginators are available on a client instance via the get_paginator
method. For more detailed instructions and examples on the usage of paginators, see the paginators user guide.
The available paginators are:
Waiters#
Waiters are available on a client instance via the get_waiter
method. For more detailed instructions and examples on the usage or waiters, see the waiters user guide.
The available waiters are:
Examples#
Generate a signed URL for Amazon CloudFront#
The following example shows how to generate a signed URL for Amazon CloudFront.
Note that you will need the cryptography
library to follow this example:
import datetime
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from botocore.signers import CloudFrontSigner
def rsa_signer(message):
with open('path/to/key.pem', 'rb') as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password=None,
backend=default_backend()
)
return private_key.sign(message, padding.PKCS1v15(), hashes.SHA1())
key_id = 'AKIAIOSFODNN7EXAMPLE'
url = 'http://d2949o5mkkp72v.cloudfront.net/hello.txt'
expire_date = datetime.datetime(2017, 1, 1)
cloudfront_signer = CloudFrontSigner(key_id, rsa_signer)
# Create a signed url that will be valid until the specific expiry date
# provided using a canned policy.
signed_url = cloudfront_signer.generate_presigned_url(
url, date_less_than=expire_date)
print(signed_url)