File Coverage

blib/lib/Paws/CloudFront/ViewerCertificate.pm

Criterion	Covered	Total	%
statement	3	3	100.0
branch			n/a
condition			n/a
subroutine	1	1	100.0
pod			n/a
total	4	4	100.0

line	stmt	sub	time	code
1				package Paws::CloudFront::ViewerCertificate;
2	1	1	710	use Moose;
	1		4
	1		10
3				has ACMCertificateArn => (is => 'ro', isa => 'Str');
4				has Certificate => (is => 'ro', isa => 'Str');
5				has CertificateSource => (is => 'ro', isa => 'Str');
6				has CloudFrontDefaultCertificate => (is => 'ro', isa => 'Bool');
7				has IAMCertificateId => (is => 'ro', isa => 'Str');
8				has MinimumProtocolVersion => (is => 'ro', isa => 'Str');
9				has SSLSupportMethod => (is => 'ro', isa => 'Str');
10				1;
11
12				### main pod documentation begin ###
13
14				=head1 NAME
15
16				Paws::CloudFront::ViewerCertificate
17
18				=head1 USAGE
19
20				This class represents one of two things:
21
22				=head3 Arguments in a call to a service
23
24				Use the attributes of this class as arguments to methods. You shouldn't make instances of this class.
25				Each attribute should be used as a named argument in the calls that expect this type of object.
26
27				As an example, if Att1 is expected to be a Paws::CloudFront::ViewerCertificate object:
28
29				$service_obj->Method(Att1 => { ACMCertificateArn => $value, ..., SSLSupportMethod => $value });
30
31				=head3 Results returned from an API call
32
33				Use accessors for each attribute. If Att1 is expected to be an Paws::CloudFront::ViewerCertificate object:
34
35				$result = $service_obj->Method(...);
36				$result->Att1->ACMCertificateArn
37
38				=head1 DESCRIPTION
39
40				A complex type that specifies the following:
41
42				=over
43
44				=item *
45
46				Which SSL/TLS certificate to use when viewers request objects using
47				HTTPS
48
49				=item *
50
51				Whether you want CloudFront to use dedicated IP addresses or SNI when
52				you're using alternate domain names in your object names
53
54				=item *
55
56				The minimum protocol version that you want CloudFront to use when
57				communicating with viewers
58
59				=back
60
61				For more information, see Using an HTTPS Connection to Access Your
62				Objects in the I<Amazon Amazon CloudFront Developer Guide>.
63
64				=head1 ATTRIBUTES
65
66
67				=head2 ACMCertificateArn => Str
68
69
70
71
72				=head2 Certificate => Str
73
74				Include one of these values to specify the following:
75
76				=over
77
78				=item *
79
80				Whether you want viewers to use HTTP or HTTPS to request your objects.
81
82				=item *
83
84				If you want viewers to use HTTPS, whether you're using an alternate
85				domain name such as example.com or the CloudFront domain name for your
86				distribution, such as C<d111111abcdef8.cloudfront.net>.
87
88				=item *
89
90				If you're using an alternate domain name, whether AWS Certificate
91				Manager (ACM) provided the certificate, or you purchased a certificate
92				from a third-party certificate authority and imported it into ACM or
93				uploaded it to the IAM certificate store.
94
95				=back
96
97				You must specify one (and only one) of the three values. Do not specify
98				C<false> for C<CloudFrontDefaultCertificate>.
99
100				B<If you want viewers to use HTTP to request your objects>: Specify the
101				following value:
102
103				C<E<lt>CloudFrontDefaultCertificateE<gt>trueE<lt>CloudFrontDefaultCertificateE<gt>>
104
105				In addition, specify C<allow-all> for C<ViewerProtocolPolicy> for all
106				of your cache behaviors.
107
108				B<If you want viewers to use HTTPS to request your objects>: Choose the
109				type of certificate that you want to use based on whether you're using
110				an alternate domain name for your objects or the CloudFront domain
111				name:
112
113				=over
114
115				=item *
116
117				B<If you're using an alternate domain name, such as example.com>:
118				Specify one of the following values, depending on whether ACM provided
119				your certificate or you purchased your certificate from third-party
120				certificate authority:
121
122				=over
123
124				=item *
125
126				C<E<lt>ACMCertificateArnE<gt>ARN for ACM SSL/TLS
127				certificateE<lt>ACMCertificateArnE<gt>> where ARN for ACM SSL/TLS
128				certificate is the ARN for the ACM SSL/TLS certificate that you want to
129				use for this distribution.
130
131				=item *
132
133				C<E<lt>IAMCertificateIdE<gt>IAM certificate
134				IDE<lt>IAMCertificateIdE<gt>> where IAM certificate ID is the ID that
135				IAM returned when you added the certificate to the IAM certificate
136				store.
137
138				=back
139
140				If you specify C<ACMCertificateArn> or C<IAMCertificateId>, you must
141				also specify a value for C<SSLSupportMethod>.
142
143				If you choose to use an ACM certificate or a certificate in the IAM
144				certificate store, we recommend that you use only an alternate domain
145				name in your object URLs (C<https://example.com/logo.jpg>). If you use
146				the domain name that is associated with your CloudFront distribution
147				(C<https://d111111abcdef8.cloudfront.net/logo.jpg>) and the viewer
148				supports C<SNI>, then CloudFront behaves normally. However, if the
149				browser does not support SNI, the user's experience depends on the
150				value that you choose for C<SSLSupportMethod>:
151
152				=over
153
154				=item *
155
156				C<vip>: The viewer displays a warning because there is a mismatch
157				between the CloudFront domain name and the domain name in your SSL/TLS
158				certificate.
159
160				=item *
161
162				C<sni-only>: CloudFront drops the connection with the browser without
163				returning the object.
164
165				=back
166
167				=item *
168
169				B<If you're using the CloudFront domain name for your distribution,
170				such as C<d111111abcdef8.cloudfront.net> >: Specify the following
171				value:
172
173				C<E<lt>CloudFrontDefaultCertificateE<gt>trueE<lt>CloudFrontDefaultCertificateE<gt>>
174
175				If you want viewers to use HTTPS, you must also specify one of the
176				following values in your cache behaviors:
177
178				=over
179
180				=item *
181
182				C<E<lt>ViewerProtocolPolicyE<gt>https-onlyE<lt>ViewerProtocolPolicyE<gt>>
183
184				=item *
185
186				C<E<lt>ViewerProtocolPolicyE<gt>redirect-to-httpsE<lt>ViewerProtocolPolicyE<gt>>
187
188				=back
189
190				You can also optionally require that CloudFront use HTTPS to
191				communicate with your origin by specifying one of the following values
192				for the applicable origins:
193
194				=over
195
196				=item *
197
198				C<E<lt>OriginProtocolPolicyE<gt>https-onlyE<lt>OriginProtocolPolicyE<gt>>
199
200				=item *
201
202				C<E<lt>OriginProtocolPolicyE<gt>match-viewerE<lt>OriginProtocolPolicyE<gt>>
203
204				=back
205
206				For more information, see Using Alternate Domain Names and HTTPS in the
207				I<Amazon CloudFront Developer Guide>.
208
209				=back
210
211
212
213				=head2 CertificateSource => Str
214
215				This field is deprecated. You can use one of the following:
216				C<[ACMCertificateArn>, C<IAMCertificateId>, or
217				C<CloudFrontDefaultCertificate]>.
218
219
220				=head2 CloudFrontDefaultCertificate => Bool
221
222
223
224
225				=head2 IAMCertificateId => Str
226
227
228
229
230				=head2 MinimumProtocolVersion => Str
231
232				Specify the minimum version of the SSL/TLS protocol that you want
233				CloudFront to use for HTTPS connections between viewers and CloudFront:
234				C<SSLv3> or C<TLSv1>. CloudFront serves your objects only to viewers
235				that support SSL/TLS version that you specify and later versions. The
236				C<TLSv1> protocol is more secure, so we recommend that you specify
237				C<SSLv3> only if your users are using browsers or devices that don't
238				support C<TLSv1>. Note the following:
239
240				=over
241
242				=item *
243
244				If you specify
245				E<lt>CloudFrontDefaultCertificateE<gt>trueE<lt>CloudFrontDefaultCertificateE<gt>,
246				the minimum SSL protocol version is C<TLSv1> and can't be changed.
247
248				=item *
249
250				If you're using a custom certificate (if you specify a value for
251				C<ACMCertificateArn> or for C<IAMCertificateId>) and if you're using
252				SNI (if you specify C<sni-only> for C<SSLSupportMethod>), you must
253				specify C<TLSv1> for C<MinimumProtocolVersion>.
254
255				=back
256
257
258
259				=head2 SSLSupportMethod => Str
260
261				If you specify a value for C<ACMCertificateArn> or for
262				C<IAMCertificateId>, you must also specify how you want CloudFront to
263				serve HTTPS requests: using a method that works for all clients or one
264				that works for most clients:
265
266				=over
267
268				=item *
269
270				C<vip>: CloudFront uses dedicated IP addresses for your content and can
271				respond to HTTPS requests from any viewer. However, you will incur
272				additional monthly charges.
273
274				=item *
275
276				C<sni-only>: CloudFront can respond to HTTPS requests from viewers that
277				support Server Name Indication (SNI). All modern browsers support SNI,
278				but some browsers still in use don't support SNI. If some of your
279				users' browsers don't support SNI, we recommend that you do one of the
280				following:
281
282				=over
283
284				=item *
285
286				Use the C<vip> option (dedicated IP addresses) instead of C<sni-only>.
287
288				=item *
289
290				Use the CloudFront SSL/TLS certificate instead of a custom certificate.
291				This requires that you use the CloudFront domain name of your
292				distribution in the URLs for your objects, for example,
293				C<https://d111111abcdef8.cloudfront.net/logo.png>.
294
295				=item *
296
297				If you can control which browser your users use, upgrade the browser to
298				one that supports SNI.
299
300				=item *
301
302				Use HTTP instead of HTTPS.
303
304				=back
305
306				=back
307
308				Do not specify a value for C<SSLSupportMethod> if you specified
309				C<E<lt>CloudFrontDefaultCertificateE<gt>trueE<lt>CloudFrontDefaultCertificateE<gt>>.
310
311				For more information, see Using Alternate Domain Names and HTTPS in the
312				I<Amazon CloudFront Developer Guide>.
313
314
315
316				=head1 SEE ALSO
317
318				This class forms part of L<Paws>, describing an object used in L<Paws::CloudFront>
319
320				=head1 BUGS and CONTRIBUTIONS
321
322				The source code is located here: https://github.com/pplu/aws-sdk-perl
323
324				Please report bugs to: https://github.com/pplu/aws-sdk-perl/issues
325
326				=cut
327