Skip to content

Resource: awsCloudfrontFieldLevelEncryptionConfig

Provides a CloudFront Field-level Encryption Config resource.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.cloudfrontFieldLevelEncryptionConfig.CloudfrontFieldLevelEncryptionConfig(
  this,
  "test",
  {
    comment: "test comment",
    contentTypeProfileConfig: {
      contentTypeProfiles: {
        items: [
          {
            contentType: "application/x-www-form-urlencoded",
            format: "URLEncoded",
          },
        ],
      },
      forwardWhenContentTypeIsUnknown: true,
    },
    queryArgProfileConfig: {
      forwardWhenQueryArgProfileIsUnknown: true,
      queryArgProfiles: {
        items: [
          {
            profileId:
              "${aws_cloudfront_field_level_encryption_profile.test.id}",
            queryArg: "Arg1",
          },
        ],
      },
    },
  }
);

Argument Reference

The following arguments are supported:

  • comment - (Optional) An optional comment about the Field Level Encryption Config.
  • contentTypeProfileConfig - (Required) Content Type Profile Config specifies when to forward content if a content type isn't recognized and profiles to use as by default in a request if a query argument doesn't specify a profile to use.
  • queryArgProfileConfig - (Required) Query Arg Profile Config that specifies when to forward content if a profile isn't found and the profile that can be provided as a query argument in a request.

Content Type Profile Config

  • forwardWhenContentTypeIsUnknown - (Required) specifies what to do when an unknown content type is provided for the profile. If true, content is forwarded without being encrypted when the content type is unknown. If false (the default), an error is returned when the content type is unknown.
  • contentTypeProfiles - (Required) Object that contains an attribute items that contains the list of configurations for a field-level encryption content type-profile. See Content Type Profile.

Content Type Profile

  • contentType - (Required) he content type for a field-level encryption content type-profile mapping. Valid value is application/xWwwFormUrlencoded.
  • format - (Required) The format for a field-level encryption content type-profile mapping. Valid value is urlEncoded.
  • profileId - (Optional) The profile ID for a field-level encryption content type-profile mapping.

Query Arg Profile Config

  • forwardWhenQueryArgProfileIsUnknown - (Required) Flag to set if you want a request to be forwarded to the origin even if the profile specified by the field-level encryption query argument, fle-profile, is unknown.
  • queryArgProfiles - (Optional) Object that contains an attribute items that contains the list ofrofiles specified for query argument-profile mapping for field-level encryption. see Query Arg Profile.

Query Arg Profile

  • profileId - (Required) ID of profile to use for field-level encryption query argument-profile mapping
  • queryArg - (Required) Query argument for field-level encryption query argument-profile mapping.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • callerReference - Internal value used by CloudFront to allow future updates to the Field Level Encryption Config.
  • etag - The current version of the Field Level Encryption Config. For example: e2Qwruhapomqzl.
  • id - The identifier for the Field Level Encryption Config. For example: k3D5Eweudccxon.

Import

Cloudfront Field Level Encryption Config can be imported using the id, e.g.

$ terraform import aws_cloudfront_field_level_encryption_config.config E74FTE3AEXAMPLE