Creates an Amazon CloudFront web distribution.

For information about CloudFront distributions, see the Amazon CloudFront Developer Guide. For specific information about creating CloudFront web distributions, see the POST Distribution page in the Amazon CloudFront API Reference.

~> NOTE: CloudFront distributions take about 15 minutes to a deployed state after creation or modification. During this time, deletes to resources will be blocked. If you need to delete a distribution that is enabled and you do not want to wait, you need to use the retain_on_delete flag.

Example Usage

The following example below creates a CloudFront distribution with an S3 origin.

resource "aws_cloudfront_distribution" "s3_distribution" {
  origin {
    domain_name = "mybucket.s3.amazonaws.com"
    origin_id   = "myS3Origin"

    s3_origin_config {
      origin_access_identity = "origin-access-identity/cloudfront/ABCDEFG1234567"

  enabled             = true
  comment             = "Some comment"
  default_root_object = "index.html"

  logging_config {
    include_cookies = false
    bucket          = "mylogs.s3.amazonaws.com"
    prefix          = "myprefix"

  aliases = ["mysite.example.com", "yoursite.example.com"]

  default_cache_behavior {
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "myS3Origin"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"

    viewer_protocol_policy = "allow-all"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400

  price_class = "PriceClass_200"

  restrictions {
    geo_restriction {
      restriction_type = "whitelist"
      locations        = ["US", "CA", "GB", "DE"]

  viewer_certificate {
    cloudfront_default_certificate = true

Argument Reference

The CloudFront distribution argument layout is a complex structure composed of several sub-resources - these resources are laid out below.

Top-Level Arguments

Cache Behavior Arguments

Forwarded Values Arguments
Cookies Arguments

Custom Error Response Arguments

Default Cache Behavior Arguments

The arguments for default_cache_behavior are the same as for cache_behavior, except for the path_pattern argument is not required.

Logging Config Arguments

Origin Arguments

Custom Origin Config Arguments
S3 Origin Config Arguments

Restrictions Arguments

The restrictions sub-resource takes another single sub-resource named geo_restriction (see the example for usage).

The arguments of geo_restriction are:

Viewer Certificate Arguments

Attribute Reference

The following attributes are exported:


Cloudfront Distributions can be imported using the id, e.g.

$ terraform import aws_cloudfront_distribution.distribution E74FTE3EXAMPLE

See the source of this document at Terraform.io