File Coverage

blib/lib/Paws/CloudFront/ViewerCertificate.pm
Criterion Covered Total %
statement 3 3 100.0
branch n/a
condition n/a
subroutine 1 1 100.0
pod n/a
total 4 4 100.0


line stmt bran cond sub pod time code
1             package Paws::CloudFront::ViewerCertificate;
2 1     1   564 use Moose;
  1         4  
  1         12  
3             has ACMCertificateArn => (is => 'ro', isa => 'Str');
4             has Certificate => (is => 'ro', isa => 'Str');
5             has CertificateSource => (is => 'ro', isa => 'Str');
6             has CloudFrontDefaultCertificate => (is => 'ro', isa => 'Bool');
7             has IAMCertificateId => (is => 'ro', isa => 'Str');
8             has MinimumProtocolVersion => (is => 'ro', isa => 'Str');
9             has SSLSupportMethod => (is => 'ro', isa => 'Str');
10             1;
11              
12             ### main pod documentation begin ###
13              
14             =head1 NAME
15              
16             Paws::CloudFront::ViewerCertificate
17              
18             =head1 USAGE
19              
20             This class represents one of two things:
21              
22             =head3 Arguments in a call to a service
23              
24             Use the attributes of this class as arguments to methods. You shouldn't make instances of this class.
25             Each attribute should be used as a named argument in the calls that expect this type of object.
26              
27             As an example, if Att1 is expected to be a Paws::CloudFront::ViewerCertificate object:
28              
29             $service_obj->Method(Att1 => { ACMCertificateArn => $value, ..., SSLSupportMethod => $value });
30              
31             =head3 Results returned from an API call
32              
33             Use accessors for each attribute. If Att1 is expected to be an Paws::CloudFront::ViewerCertificate object:
34              
35             $result = $service_obj->Method(...);
36             $result->Att1->ACMCertificateArn
37              
38             =head1 DESCRIPTION
39              
40             A complex type that specifies the following:
41              
42             =over
43              
44             =item *
45              
46             Which SSL/TLS certificate to use when viewers request objects using
47             HTTPS
48              
49             =item *
50              
51             Whether you want CloudFront to use dedicated IP addresses or SNI when
52             you're using alternate domain names in your object names
53              
54             =item *
55              
56             The minimum protocol version that you want CloudFront to use when
57             communicating with viewers
58              
59             =back
60              
61             For more information, see Using an HTTPS Connection to Access Your
62             Objects in the I<Amazon Amazon CloudFront Developer Guide>.
63              
64             =head1 ATTRIBUTES
65              
66              
67             =head2 ACMCertificateArn => Str
68              
69            
70              
71              
72             =head2 Certificate => Str
73              
74             Include one of these values to specify the following:
75              
76             =over
77              
78             =item *
79              
80             Whether you want viewers to use HTTP or HTTPS to request your objects.
81              
82             =item *
83              
84             If you want viewers to use HTTPS, whether you're using an alternate
85             domain name such as example.com or the CloudFront domain name for your
86             distribution, such as C<d111111abcdef8.cloudfront.net>.
87              
88             =item *
89              
90             If you're using an alternate domain name, whether AWS Certificate
91             Manager (ACM) provided the certificate, or you purchased a certificate
92             from a third-party certificate authority and imported it into ACM or
93             uploaded it to the IAM certificate store.
94              
95             =back
96              
97             You must specify one (and only one) of the three values. Do not specify
98             C<false> for C<CloudFrontDefaultCertificate>.
99              
100             B<If you want viewers to use HTTP to request your objects>: Specify the
101             following value:
102              
103             C<E<lt>CloudFrontDefaultCertificateE<gt>trueE<lt>CloudFrontDefaultCertificateE<gt>>
104              
105             In addition, specify C<allow-all> for C<ViewerProtocolPolicy> for all
106             of your cache behaviors.
107              
108             B<If you want viewers to use HTTPS to request your objects>: Choose the
109             type of certificate that you want to use based on whether you're using
110             an alternate domain name for your objects or the CloudFront domain
111             name:
112              
113             =over
114              
115             =item *
116              
117             B<If you're using an alternate domain name, such as example.com>:
118             Specify one of the following values, depending on whether ACM provided
119             your certificate or you purchased your certificate from third-party
120             certificate authority:
121              
122             =over
123              
124             =item *
125              
126             C<E<lt>ACMCertificateArnE<gt>ARN for ACM SSL/TLS
127             certificateE<lt>ACMCertificateArnE<gt>> where ARN for ACM SSL/TLS
128             certificate is the ARN for the ACM SSL/TLS certificate that you want to
129             use for this distribution.
130              
131             =item *
132              
133             C<E<lt>IAMCertificateIdE<gt>IAM certificate
134             IDE<lt>IAMCertificateIdE<gt>> where IAM certificate ID is the ID that
135             IAM returned when you added the certificate to the IAM certificate
136             store.
137              
138             =back
139              
140             If you specify C<ACMCertificateArn> or C<IAMCertificateId>, you must
141             also specify a value for C<SSLSupportMethod>.
142              
143             If you choose to use an ACM certificate or a certificate in the IAM
144             certificate store, we recommend that you use only an alternate domain
145             name in your object URLs (C<https://example.com/logo.jpg>). If you use
146             the domain name that is associated with your CloudFront distribution
147             (C<https://d111111abcdef8.cloudfront.net/logo.jpg>) and the viewer
148             supports C<SNI>, then CloudFront behaves normally. However, if the
149             browser does not support SNI, the user's experience depends on the
150             value that you choose for C<SSLSupportMethod>:
151              
152             =over
153              
154             =item *
155              
156             C<vip>: The viewer displays a warning because there is a mismatch
157             between the CloudFront domain name and the domain name in your SSL/TLS
158             certificate.
159              
160             =item *
161              
162             C<sni-only>: CloudFront drops the connection with the browser without
163             returning the object.
164              
165             =back
166              
167             =item *
168              
169             B<If you're using the CloudFront domain name for your distribution,
170             such as C<d111111abcdef8.cloudfront.net> >: Specify the following
171             value:
172              
173             C<E<lt>CloudFrontDefaultCertificateE<gt>trueE<lt>CloudFrontDefaultCertificateE<gt>>
174              
175             If you want viewers to use HTTPS, you must also specify one of the
176             following values in your cache behaviors:
177              
178             =over
179              
180             =item *
181              
182             C<E<lt>ViewerProtocolPolicyE<gt>https-onlyE<lt>ViewerProtocolPolicyE<gt>>
183              
184             =item *
185              
186             C<E<lt>ViewerProtocolPolicyE<gt>redirect-to-httpsE<lt>ViewerProtocolPolicyE<gt>>
187              
188             =back
189              
190             You can also optionally require that CloudFront use HTTPS to
191             communicate with your origin by specifying one of the following values
192             for the applicable origins:
193              
194             =over
195              
196             =item *
197              
198             C<E<lt>OriginProtocolPolicyE<gt>https-onlyE<lt>OriginProtocolPolicyE<gt>>
199              
200             =item *
201              
202             C<E<lt>OriginProtocolPolicyE<gt>match-viewerE<lt>OriginProtocolPolicyE<gt>>
203              
204             =back
205              
206             For more information, see Using Alternate Domain Names and HTTPS in the
207             I<Amazon CloudFront Developer Guide>.
208              
209             =back
210              
211              
212              
213             =head2 CertificateSource => Str
214              
215             This field is deprecated. You can use one of the following:
216             C<[ACMCertificateArn>, C<IAMCertificateId>, or
217             C<CloudFrontDefaultCertificate]>.
218              
219              
220             =head2 CloudFrontDefaultCertificate => Bool
221              
222            
223              
224              
225             =head2 IAMCertificateId => Str
226              
227            
228              
229              
230             =head2 MinimumProtocolVersion => Str
231              
232             Specify the minimum version of the SSL/TLS protocol that you want
233             CloudFront to use for HTTPS connections between viewers and CloudFront:
234             C<SSLv3> or C<TLSv1>. CloudFront serves your objects only to viewers
235             that support SSL/TLS version that you specify and later versions. The
236             C<TLSv1> protocol is more secure, so we recommend that you specify
237             C<SSLv3> only if your users are using browsers or devices that don't
238             support C<TLSv1>. Note the following:
239              
240             =over
241              
242             =item *
243              
244             If you specify
245             E<lt>CloudFrontDefaultCertificateE<gt>trueE<lt>CloudFrontDefaultCertificateE<gt>,
246             the minimum SSL protocol version is C<TLSv1> and can't be changed.
247              
248             =item *
249              
250             If you're using a custom certificate (if you specify a value for
251             C<ACMCertificateArn> or for C<IAMCertificateId>) and if you're using
252             SNI (if you specify C<sni-only> for C<SSLSupportMethod>), you must
253             specify C<TLSv1> for C<MinimumProtocolVersion>.
254              
255             =back
256              
257              
258              
259             =head2 SSLSupportMethod => Str
260              
261             If you specify a value for C<ACMCertificateArn> or for
262             C<IAMCertificateId>, you must also specify how you want CloudFront to
263             serve HTTPS requests: using a method that works for all clients or one
264             that works for most clients:
265              
266             =over
267              
268             =item *
269              
270             C<vip>: CloudFront uses dedicated IP addresses for your content and can
271             respond to HTTPS requests from any viewer. However, you will incur
272             additional monthly charges.
273              
274             =item *
275              
276             C<sni-only>: CloudFront can respond to HTTPS requests from viewers that
277             support Server Name Indication (SNI). All modern browsers support SNI,
278             but some browsers still in use don't support SNI. If some of your
279             users' browsers don't support SNI, we recommend that you do one of the
280             following:
281              
282             =over
283              
284             =item *
285              
286             Use the C<vip> option (dedicated IP addresses) instead of C<sni-only>.
287              
288             =item *
289              
290             Use the CloudFront SSL/TLS certificate instead of a custom certificate.
291             This requires that you use the CloudFront domain name of your
292             distribution in the URLs for your objects, for example,
293             C<https://d111111abcdef8.cloudfront.net/logo.png>.
294              
295             =item *
296              
297             If you can control which browser your users use, upgrade the browser to
298             one that supports SNI.
299              
300             =item *
301              
302             Use HTTP instead of HTTPS.
303              
304             =back
305              
306             =back
307              
308             Do not specify a value for C<SSLSupportMethod> if you specified
309             C<E<lt>CloudFrontDefaultCertificateE<gt>trueE<lt>CloudFrontDefaultCertificateE<gt>>.
310              
311             For more information, see Using Alternate Domain Names and HTTPS in the
312             I<Amazon CloudFront Developer Guide>.
313              
314              
315              
316             =head1 SEE ALSO
317              
318             This class forms part of L<Paws>, describing an object used in L<Paws::CloudFront>
319              
320             =head1 BUGS and CONTRIBUTIONS
321              
322             The source code is located here: https://github.com/pplu/aws-sdk-perl
323              
324             Please report bugs to: https://github.com/pplu/aws-sdk-perl/issues
325              
326             =cut
327