Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Track configuration changes with Amazon Config
You can use Amazon Config to record configuration changes to your CloudFront distribution settings.
You can capture changes to distribution states, price classes, origins, geographic
restriction settings, and Lambda@Edge configurations.
Amazon Config does not record key–value tags for CloudFront streaming distributions.
Set up Amazon Config with CloudFront
When you set up Amazon Config, you can choose to record all supported Amazon resources or
record only some specified resources, such as recording changes for CloudFront only. For a
list of supported CloudFront resources, see the Amazon CloudFront section of the Supported Resource Types topic in the
Amazon Config Developer Guide.
-
To track configuration changes to your CloudFront distribution, you must
sign in to the CloudFront console in the US East (N. Virginia)
Amazon Web Services Region.
-
There might be a delay in recording resources with Amazon Config. Amazon Config records
resources only after it discovers the resources.
- Console
-
To set up Amazon Config with
CloudFront
Sign in to the Amazon Web Services Management Console and open the Amazon Config console at
https://console.amazonaws.cn/config/.
-
Choose Get Started Now.
-
On the Settings page, for
Resource types to record, specify the
Amazon resource types that you want Amazon Config to record. If you want
to record only CloudFront changes, choose Specific
types, and then, under CloudFront,
choose the distribution or streaming distribution that you want
to track changes for.
To add or change which distributions to track, choose
Settings on the left, after completing
your initial setup.
-
Specify additional required options for Amazon Config: set up a
notification, specify a location for the configuration
information, and add rules for evaluating resource types.
For more information, see Setting up Amazon Config with the Console in the
Amazon Config Developer Guide.
- Amazon CLI
-
To set up Amazon Config with CloudFront using the Amazon CLI, see Setting up Amazon Config with the Amazon CLI in the
Amazon Config Developer Guide.
- Amazon Config API
-
To set up Amazon Config with CloudFront using the Amazon Config API, see the StartConfigurationRecorder API
operation in the Amazon Config API Reference.
View CloudFront configuration history
After Amazon Config starts recording configuration changes to your distributions, you can
get the configuration history of any distribution that you have configured for
CloudFront.
You can view configuration histories in the following ways.
- Console
-
For each recorded resource, you can view a timeline page that provides
a history of configuration details. To view this page, choose the gray
icon in the Config Timeline column of the
Dedicated Hosts page.
For more information, see Viewing
Configuration Details in the Amazon Config Console in the
Amazon Config Developer Guide.
- Amazon CLI
-
To get a list of all your distributions, run the list-discovered-resources command, as shown in the
following example.
aws configservice list-discovered-resources --resource-type AWS::CloudFront::Distribution
To get the configuration details of a distribution for a specific time
interval, run the get-resource-config-history command.
For more information, see View Configuration
Details Using the CLI in the
Amazon Config Developer Guide.
- Amazon Config API
-
To get a list of all your distributions, use the ListDiscoveredResources API operation.
To get the configuration details of a distribution for a specific time
interval, use the GetResourceConfigHistory API operation. For more
information, see the Amazon Config API Reference.