GetDistributionConfig - Amazon CloudFront
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Get the configuration information about a distribution.

Request Syntax

GET /2020-05-31/distribution/Id/config HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.


The distribution's ID. If the ID is empty, an empty distribution configuration is returned.

Required: Yes

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200 <?xml version="1.0" encoding="UTF-8"?> <DistributionConfig> <Aliases> <Items> <CNAME>string</CNAME> </Items> <Quantity>integer</Quantity> </Aliases> <CacheBehaviors> <Items> <CacheBehavior> <AllowedMethods> <CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </AllowedMethods> <CachePolicyId>string</CachePolicyId> <Compress>boolean</Compress> <DefaultTTL>long</DefaultTTL> <FieldLevelEncryptionId>string</FieldLevelEncryptionId> <ForwardedValues> <Cookies> <Forward>string</Forward> <WhitelistedNames> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </WhitelistedNames> </Cookies> <Headers> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </Headers> <QueryString>boolean</QueryString> <QueryStringCacheKeys> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </QueryStringCacheKeys> </ForwardedValues> <FunctionAssociations> <Items> <FunctionAssociation> <EventType>string</EventType> <FunctionARN>string</FunctionARN> </FunctionAssociation> </Items> <Quantity>integer</Quantity> </FunctionAssociations> <LambdaFunctionAssociations> <Items> <LambdaFunctionAssociation> <EventType>string</EventType> <IncludeBody>boolean</IncludeBody> <LambdaFunctionARN>string</LambdaFunctionARN> </LambdaFunctionAssociation> </Items> <Quantity>integer</Quantity> </LambdaFunctionAssociations> <MaxTTL>long</MaxTTL> <MinTTL>long</MinTTL> <OriginRequestPolicyId>string</OriginRequestPolicyId> <PathPattern>string</PathPattern> <RealtimeLogConfigArn>string</RealtimeLogConfigArn> <ResponseHeadersPolicyId>string</ResponseHeadersPolicyId> <SmoothStreaming>boolean</SmoothStreaming> <TargetOriginId>string</TargetOriginId> <TrustedKeyGroups> <Enabled>boolean</Enabled> <Items> <KeyGroup>string</KeyGroup> </Items> <Quantity>integer</Quantity> </TrustedKeyGroups> <TrustedSigners> <Enabled>boolean</Enabled> <Items> <AwsAccountNumber>string</AwsAccountNumber> </Items> <Quantity>integer</Quantity> </TrustedSigners> <ViewerProtocolPolicy>string</ViewerProtocolPolicy> </CacheBehavior> </Items> <Quantity>integer</Quantity> </CacheBehaviors> <CallerReference>string</CallerReference> <Comment>string</Comment> <ContinuousDeploymentPolicyId>string</ContinuousDeploymentPolicyId> <CustomErrorResponses> <Items> <CustomErrorResponse> <ErrorCachingMinTTL>long</ErrorCachingMinTTL> <ErrorCode>integer</ErrorCode> <ResponseCode>string</ResponseCode> <ResponsePagePath>string</ResponsePagePath> </CustomErrorResponse> </Items> <Quantity>integer</Quantity> </CustomErrorResponses> <DefaultCacheBehavior> <AllowedMethods> <CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </CachedMethods> <Items> <Method>string</Method> </Items> <Quantity>integer</Quantity> </AllowedMethods> <CachePolicyId>string</CachePolicyId> <Compress>boolean</Compress> <DefaultTTL>long</DefaultTTL> <FieldLevelEncryptionId>string</FieldLevelEncryptionId> <ForwardedValues> <Cookies> <Forward>string</Forward> <WhitelistedNames> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </WhitelistedNames> </Cookies> <Headers> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </Headers> <QueryString>boolean</QueryString> <QueryStringCacheKeys> <Items> <Name>string</Name> </Items> <Quantity>integer</Quantity> </QueryStringCacheKeys> </ForwardedValues> <FunctionAssociations> <Items> <FunctionAssociation> <EventType>string</EventType> <FunctionARN>string</FunctionARN> </FunctionAssociation> </Items> <Quantity>integer</Quantity> </FunctionAssociations> <LambdaFunctionAssociations> <Items> <LambdaFunctionAssociation> <EventType>string</EventType> <IncludeBody>boolean</IncludeBody> <LambdaFunctionARN>string</LambdaFunctionARN> </LambdaFunctionAssociation> </Items> <Quantity>integer</Quantity> </LambdaFunctionAssociations> <MaxTTL>long</MaxTTL> <MinTTL>long</MinTTL> <OriginRequestPolicyId>string</OriginRequestPolicyId> <RealtimeLogConfigArn>string</RealtimeLogConfigArn> <ResponseHeadersPolicyId>string</ResponseHeadersPolicyId> <SmoothStreaming>boolean</SmoothStreaming> <TargetOriginId>string</TargetOriginId> <TrustedKeyGroups> <Enabled>boolean</Enabled> <Items> <KeyGroup>string</KeyGroup> </Items> <Quantity>integer</Quantity> </TrustedKeyGroups> <TrustedSigners> <Enabled>boolean</Enabled> <Items> <AwsAccountNumber>string</AwsAccountNumber> </Items> <Quantity>integer</Quantity> </TrustedSigners> <ViewerProtocolPolicy>string</ViewerProtocolPolicy> </DefaultCacheBehavior> <DefaultRootObject>string</DefaultRootObject> <Enabled>boolean</Enabled> <HttpVersion>string</HttpVersion> <IsIPV6Enabled>boolean</IsIPV6Enabled> <Logging> <Bucket>string</Bucket> <Enabled>boolean</Enabled> <IncludeCookies>boolean</IncludeCookies> <Prefix>string</Prefix> </Logging> <OriginGroups> <Items> <OriginGroup> <FailoverCriteria> <StatusCodes> <Items> <StatusCode>integer</StatusCode> </Items> <Quantity>integer</Quantity> </StatusCodes> </FailoverCriteria> <Id>string</Id> <Members> <Items> <OriginGroupMember> <OriginId>string</OriginId> </OriginGroupMember> </Items> <Quantity>integer</Quantity> </Members> </OriginGroup> </Items> <Quantity>integer</Quantity> </OriginGroups> <Origins> <Items> <Origin> <ConnectionAttempts>integer</ConnectionAttempts> <ConnectionTimeout>integer</ConnectionTimeout> <CustomHeaders> <Items> <OriginCustomHeader> <HeaderName>string</HeaderName> <HeaderValue>string</HeaderValue> </OriginCustomHeader> </Items> <Quantity>integer</Quantity> </CustomHeaders> <CustomOriginConfig> <HTTPPort>integer</HTTPPort> <HTTPSPort>integer</HTTPSPort> <OriginKeepaliveTimeout>integer</OriginKeepaliveTimeout> <OriginProtocolPolicy>string</OriginProtocolPolicy> <OriginReadTimeout>integer</OriginReadTimeout> <OriginSslProtocols> <Items> <SslProtocol>string</SslProtocol> </Items> <Quantity>integer</Quantity> </OriginSslProtocols> </CustomOriginConfig> <DomainName>string</DomainName> <Id>string</Id> <OriginAccessControlId>string</OriginAccessControlId> <OriginPath>string</OriginPath> <OriginShield> <Enabled>boolean</Enabled> <OriginShieldRegion>string</OriginShieldRegion> </OriginShield> <S3OriginConfig> <OriginAccessIdentity>string</OriginAccessIdentity> </S3OriginConfig> </Origin> </Items> <Quantity>integer</Quantity> </Origins> <PriceClass>string</PriceClass> <Restrictions> <GeoRestriction> <Items> <Location>string</Location> </Items> <Quantity>integer</Quantity> <RestrictionType>string</RestrictionType> </GeoRestriction> </Restrictions> <Staging>boolean</Staging> <ViewerCertificate> <ACMCertificateArn>string</ACMCertificateArn> <Certificate>string</Certificate> <CertificateSource>string</CertificateSource> <CloudFrontDefaultCertificate>boolean</CloudFrontDefaultCertificate> <IAMCertificateId>string</IAMCertificateId> <MinimumProtocolVersion>string</MinimumProtocolVersion> <SSLSupportMethod>string</SSLSupportMethod> </ViewerCertificate> <WebACLId>string</WebACLId> </DistributionConfig>

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in XML format by the service.


Root level tag for the DistributionConfig parameters.

Required: Yes


A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.

Type: Aliases object


A complex type that contains zero or more CacheBehavior elements.

Type: CacheBehaviors object


A unique value (for example, a date-time stamp) that ensures that the request can't be replayed.

If the value of CallerReference is new (regardless of the content of the DistributionConfig object), CloudFront creates a new distribution.

If CallerReference is a value that you already sent in a previous request to create a distribution, CloudFront returns a DistributionAlreadyExists error.

Type: String


A comment to describe the distribution. The comment cannot be longer than 128 characters.

Type: String


The identifier of a continuous deployment policy. For more information, see CreateContinuousDeploymentPolicy.

Type: String


A complex type that controls the following:

  • Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer.

  • How long CloudFront caches HTTP status codes in the 4xx and 5xx range.

For more information about custom error pages, see Customizing Error Responses in the Amazon CloudFront Developer Guide.

Type: CustomErrorResponses object


A complex type that describes the default cache behavior if you don't specify a CacheBehavior element or if files don't match any of the values of PathPattern in CacheBehavior elements. You must create exactly one default cache behavior.

Type: DefaultCacheBehavior object


The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution ( instead of an object in your distribution ( Specifying a default root object avoids exposing the contents of your distribution.

Specify only the object name, for example, index.html. Don't add a / before the object name.

If you don't want to specify a default root object when you create a distribution, include an empty DefaultRootObject element.

To delete the default root object from an existing distribution, update the distribution configuration and include an empty DefaultRootObject element.

To replace the default root object, update the distribution configuration and specify the new object.

For more information about the default root object, see Creating a Default Root Object in the Amazon CloudFront Developer Guide.

Type: String


From this field, you can enable or disable the selected distribution.

Type: Boolean


(Optional) Specify the maximum HTTP version(s) that you want viewers to use to communicate with CloudFront. The default value for new web distributions is http2. Viewers that don't support HTTP/2 automatically use an earlier HTTP version.

For viewers and CloudFront to use HTTP/2, viewers must support TLSv1.2 or later, and must support Server Name Indication (SNI).

For viewers and CloudFront to use HTTP/3, viewers must support TLSv1.3 and Server Name Indication (SNI). CloudFront supports HTTP/3 connection migration to allow the viewer to switch networks without losing connection. For more information about connection migration, see Connection Migration at RFC 9000. For more information about supported TLSv1.3 ciphers, see Supported protocols and ciphers between viewers and CloudFront.

Type: String

Valid Values: http1.1 | http2 | http3 | http2and3


If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.

In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.

If you're using an Amazon Route 53 Amazon Web Services Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:

  • You enable IPv6 for the distribution

  • You're using alternate domain names in the URLs for your objects

For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Amazon Route 53 Amazon Web Services Integration Developer Guide.

If you created a CNAME resource record set, either with Amazon Route 53 Amazon Web Services Integration or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.

Type: Boolean


A complex type that controls whether access logs are written for the distribution.

For more information about logging, see Access Logs in the Amazon CloudFront Developer Guide.

Type: LoggingConfig object


A complex type that contains information about origin groups for this distribution.

Type: OriginGroups object


A complex type that contains information about origins for this distribution.

Type: Origins object


The price class that corresponds with the maximum price that you want to pay for CloudFront service. If you specify PriceClass_All, CloudFront responds to requests for your objects from all CloudFront edge locations.

If you specify a price class other than PriceClass_All, CloudFront serves your objects from the CloudFront edge location that has the lowest latency among the edge locations in your price class. Viewers who are in or near regions that are excluded from your specified price class may encounter slower performance.

For more information about price classes, see Choosing the Price Class for a CloudFront Distribution in the Amazon CloudFront Developer Guide. For information about CloudFront pricing, including how price classes (such as Price Class 100) map to CloudFront regions, see Amazon CloudFront Pricing.

Type: String

Valid Values: PriceClass_100 | PriceClass_200 | PriceClass_All


A complex type that identifies ways in which you want to restrict distribution of your content.

Type: Restrictions object


A Boolean that indicates whether this is a staging distribution. When this value is true, this is a staging distribution. When this value is false, this is not a staging distribution.

Type: Boolean


A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers.

Type: ViewerCertificate object


A unique identifier that specifies the Amazon WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of Amazon WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using Amazon WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.

Amazon WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about Amazon WAF, see the Amazon WAF Developer Guide.

Type: String


For information about the errors that are common to all actions, see Common Errors.


Access denied.

HTTP Status Code: 403


The specified distribution does not exist.

HTTP Status Code: 404

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: