aws-cdk-lib.aws_cloudfront.SSLMethod

enum SSLMethod

LanguageType name
.NETAmazon.CDK.AWS.CloudFront.SSLMethod
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscloudfront#SSLMethod
Javasoftware.amazon.awscdk.services.cloudfront.SSLMethod
Pythonaws_cdk.aws_cloudfront.SSLMethod
TypeScript (source)aws-cdk-lib » aws_cloudfront » SSLMethod

The SSL method CloudFront will use for your distribution.

Server Name Indication (SNI) - is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate.

CloudFront can use SNI to host multiple distributions on the same IP - which a large majority of clients will support.

If your clients cannot support SNI however - CloudFront can use dedicated IPs for your distribution - but there is a prorated monthly charge for using this feature. By default, we use SNI - but you can optionally enable dedicated IPs (VIP).

See the CloudFront SSL for more details about pricing : https://aws.amazon.com/cloudfront/custom-ssl-domains/

Example

    const s3BucketSource = new s3.Bucket(this, 'Bucket');

    const distribution = new cloudfront.CloudFrontWebDistribution(this, 'AnAmazingWebsiteProbably', {
      originConfigs: [{
        s3OriginSource: { s3BucketSource },
        behaviors: [{ isDefaultBehavior: true }],
      }],
      viewerCertificate: cloudfront.ViewerCertificate.fromIamCertificate(
        'certificateId',
        {
          aliases: ['example.com'],
          securityPolicy: cloudfront.SecurityPolicyProtocol.SSL_V3, // default
          sslMethod: cloudfront.SSLMethod.SNI, // default
        },
      ),
    });

Members

NameDescription
SNI
VIP

SNI


VIP