VhDdZdZdZddlZddlZddlmZ ddlZddl m Z ddl m Z ddl m Z dd l mZdd l mZdd lmZdd lmZdd lmZddlmZddlmZddlmZdZdZddZdZdZdZ dZ!dZ"dZ#dZ$Gdde%Z&dZ'e(dk(re'yy#e$rYwxYw) am --- version_added: 1.0.0 module: cloudfront_distribution short_description: Create, update and delete AWS CloudFront distributions description: - Allows for easy creation, updating and deletion of CloudFront distributions. author: - Willem van Ketwich (@wilvk) - Will Thames (@willthames) options: state: description: - The desired state of the distribution. - I(state=present) creates a new distribution or updates an existing distribution. - I(state=absent) deletes an existing distribution. choices: ['present', 'absent'] default: 'present' type: str distribution_id: description: - The ID of the CloudFront distribution. - This parameter can be exchanged with I(alias) or I(caller_reference) and is used in conjunction with I(e_tag). type: str e_tag: description: - A unique identifier of a modified or existing distribution. Used in conjunction with I(distribution_id). - Is determined automatically if not specified. type: str caller_reference: description: - A unique identifier for creating and updating CloudFront distributions. - Each caller reference must be unique across all distributions. e.g. a caller reference used in a web distribution cannot be reused in a streaming distribution. This parameter can be used instead of I(distribution_id) to reference an existing distribution. If not specified, this defaults to a datetime stamp of the format C(YYYY-MM-DDTHH:MM:SS.ffffff). type: str alias: description: - The name of an alias (CNAME) that is used in a distribution. This is used to effectively reference a distribution by its alias as an alias can only be used by one distribution per AWS account. This variable avoids having to provide the I(distribution_id) as well as the I(e_tag), or I(caller_reference) of an existing distribution. type: str aliases: description: - A list of domain name aliases (CNAMEs) as strings to be used for the distribution. - Each alias must be unique across all distribution for the AWS account. type: list elements: str default: [] purge_aliases: description: - Specifies whether existing aliases will be removed before adding new aliases. - When I(purge_aliases=true), existing aliases are removed and I(aliases) are added. default: false type: bool default_root_object: description: - A config element that specifies the path to request when the user requests the origin. - e.g. if specified as 'index.html', this maps to www.example.com/index.html when www.example.com is called by the user. - This prevents the entire distribution origin from being exposed at the root. type: str default_origin_domain_name: description: - The domain name to use for an origin if no I(origins) have been specified. - Should only be used on a first run of generating a distribution and not on subsequent runs. - Should not be used in conjunction with I(distribution_id), I(caller_reference) or I(alias). type: str default_origin_path: description: - The default origin path to specify for an origin if no I(origins) have been specified. Defaults to empty if not specified. type: str origins: type: list elements: dict description: - A config element that is a list of complex origin objects to be specified for the distribution. Used for creating and updating distributions. suboptions: id: description: A unique identifier for the origin or origin group. I(id) must be unique within the distribution. type: str domain_name: description: - The domain name which CloudFront will query as the origin. - For more information see the CloudFront documentation at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValuesDomainName) type: str origin_path: description: Tells CloudFront to request your content from a directory in your Amazon S3 bucket or your custom origin. type: str origin_shield: description: Specify origin shield options for the origin. type: dict suboptions: enabled: description: Indicate whether you want the origin to have Origin Shield enabled or not. type: bool origin_shield_region: description: Specify which AWS region will be used for Origin Shield. Required if Origin Shield is enabled. type: str version_added: 6.0.0 custom_headers: description: - Custom headers you wish to add to the request before passing it to the origin. - For more information see the CloudFront documentation at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/forward-custom-headers.html). type: list elements: dict suboptions: header_name: description: The name of a header that you want CloudFront to forward to your origin. type: str header_value: description: The value for the header that you specified in the I(header_name) field. type: str s3_origin_access_identity_enabled: description: - Use an origin access identity to configure the origin so that viewers can only access objects in an Amazon S3 bucket through CloudFront. - Will automatically create an Identity for you if no I(s3_origin_config) is specified. - See also U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html). type: bool s3_origin_config: description: Specify origin access identity for S3 origins. type: dict suboptions: origin_access_identity: description: Existing origin access identity in the format C(origin-access-identity/cloudfront/OID_ID). type: str custom_origin_config: description: Connection information about the origin. type: dict suboptions: http_port: description: The HTTP port the custom origin listens on. type: int https_port: description: The HTTPS port the custom origin listens on. type: int origin_protocol_policy: description: The origin protocol policy to apply to your origin. type: str origin_ssl_protocols: description: A list of SSL/TLS protocols that you want CloudFront to use when communicating to the origin over HTTPS. type: list elements: str origin_read_timeout: description: A timeout (in seconds) when reading from your origin. type: int origin_keepalive_timeout: description: A keep-alive timeout (in seconds). type: int connection_attempts: description: The number of times that CloudFront attempts to connect to the origin. The minimum number is C(1), the maximum is C(3). type: int default: 3 version_added: 6.0.0 connection_timeout: description: The number of seconds that CloudFront waits when trying to establish a connection to the origin. The minimum timeout is C(1) second, the maximum is C(10) seconds. type: int default: 10 version_added: 6.0.0 purge_origins: description: Whether to remove any origins that aren't listed in I(origins). default: false type: bool default_cache_behavior: type: dict description: - A dict specifying the default cache behavior of the distribution. - If not specified, the I(target_origin_id) is defined as the I(target_origin_id) of the first valid cache_behavior in I(cache_behaviors) with defaults. suboptions: target_origin_id: description: - The ID of the origin that you want CloudFront to route requests to by default. type: str response_headers_policy_id: description: - The ID of the header policy that CloudFront adds to responses that it sends to viewers. type: str cache_policy_id: version_added: 7.1.0 description: - The ID of the cache policy for CloudFront to use for the default cache behavior. - A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option. - For more information see the CloudFront documentation at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html) type: str origin_request_policy_id: version_added: 7.1.0 description: - The ID of the origin request policy for CloudFront to use for the default cache behavior. - For more information see the CloudFront documentation at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html) type: str forwarded_values: description: - A dict that specifies how CloudFront handles query strings and cookies. - A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option. type: dict suboptions: query_string: description: - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior. type: bool cookies: description: A dict that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. type: dict suboptions: forward: description: - Specifies which cookies to forward to the origin for this cache behavior. - Valid values are C(all), C(none), or C(whitelist). type: str whitelisted_names: type: list elements: str description: A list of cookies to forward to the origin for this cache behavior. headers: description: - A list of headers to forward to the origin for this cache behavior. - To forward all headers use a list containing a single element '*' (C(['*'])) type: list elements: str query_string_cache_keys: description: - A list that contains the query string parameters you want CloudFront to use as a basis for caching for a cache behavior. type: list elements: str trusted_signers: description: - A dict that specifies the AWS accounts that you want to allow to create signed URLs for private content. type: dict suboptions: enabled: description: Whether you want to require viewers to use signed URLs to access the files specified by I(target_origin_id) type: bool items: description: A list of trusted signers for this cache behavior. elements: str type: list viewer_protocol_policy: description: - The protocol that viewers can use to access the files in the origin specified by I(target_origin_id). - Valid values are C(allow-all), C(redirect-to-https) and C(https-only). type: str default_ttl: description: The default amount of time that you want objects to stay in CloudFront caches. type: int max_ttl: description: The maximum amount of time that you want objects to stay in CloudFront caches. type: int min_ttl: description: The minimum amount of time that you want objects to stay in CloudFront caches. type: int allowed_methods: description: A dict that controls which HTTP methods CloudFront processes and forwards. type: dict suboptions: items: description: A list of HTTP methods that you want CloudFront to process and forward. type: list elements: str cached_methods: description: - A list of HTTP methods that you want CloudFront to apply caching to. - This can either be C([GET,HEAD]), or C([GET,HEAD,OPTIONS]). type: list elements: str smooth_streaming: description: - Whether you want to distribute media files in the Microsoft Smooth Streaming format. type: bool compress: description: - Whether you want CloudFront to automatically compress files. type: bool lambda_function_associations: description: - A list of Lambda function associations to use for this cache behavior. type: list elements: dict suboptions: lambda_function_arn: description: The ARN of the Lambda function. type: str event_type: description: - Specifies the event type that triggers a Lambda function invocation. - This can be C(viewer-request), C(origin-request), C(origin-response) or C(viewer-response). type: str field_level_encryption_id: description: - The field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data. type: str cache_behaviors: type: list elements: dict description: - A list of dictionaries describing the cache behaviors for the distribution. - The order of the list is preserved across runs unless I(purge_cache_behaviors) is enabled. suboptions: path_pattern: description: - The pattern that specifies which requests to apply the behavior to. type: str target_origin_id: description: - The ID of the origin that you want CloudFront to route requests to by default. type: str response_headers_policy_id: description: - The ID of the header policy that CloudFront adds to responses that it sends to viewers. type: str cache_policy_id: version_added: 7.1.0 description: - The ID of the cache policy for CloudFront to use for the cache behavior. - A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option. - For more information see the CloudFront documentation at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-the-cache-key.html) type: str origin_request_policy_id: version_added: 7.1.0 description: - The ID of the origin request policy for CloudFront to use for the cache behavior. - For more information see the CloudFront documentation at U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/controlling-origin-requests.html) type: str forwarded_values: description: - A dict that specifies how CloudFront handles query strings and cookies. - A behavior should use either a C(cache_policy_id) or a C(forwarded_values) option. type: dict suboptions: query_string: description: - Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior. type: bool cookies: description: A dict that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. type: dict suboptions: forward: description: - Specifies which cookies to forward to the origin for this cache behavior. - Valid values are C(all), C(none), or C(whitelist). type: str whitelisted_names: type: list elements: str description: A list of cookies to forward to the origin for this cache behavior. headers: description: - A list of headers to forward to the origin for this cache behavior. - To forward all headers use a list containing a single element '*' (C(['*'])) type: list elements: str query_string_cache_keys: description: - A list that contains the query string parameters you want CloudFront to use as a basis for caching for a cache behavior. type: list elements: str trusted_signers: description: - A dict that specifies the AWS accounts that you want to allow to create signed URLs for private content. type: dict suboptions: enabled: description: Whether you want to require viewers to use signed URLs to access the files specified by I(path_pattern) and I(target_origin_id) type: bool items: description: A list of trusted signers for this cache behavior. elements: str type: list viewer_protocol_policy: description: - The protocol that viewers can use to access the files in the origin specified by I(target_origin_id) when a request matches I(path_pattern). - Valid values are C(allow-all), C(redirect-to-https) and C(https-only). type: str default_ttl: description: The default amount of time that you want objects to stay in CloudFront caches. type: int max_ttl: description: The maximum amount of time that you want objects to stay in CloudFront caches. type: int min_ttl: description: The minimum amount of time that you want objects to stay in CloudFront caches. type: int allowed_methods: description: A dict that controls which HTTP methods CloudFront processes and forwards. type: dict suboptions: items: description: A list of HTTP methods that you want CloudFront to process and forward. type: list elements: str cached_methods: description: - A list of HTTP methods that you want CloudFront to apply caching to. - This can either be C([GET,HEAD]), or C([GET,HEAD,OPTIONS]). type: list elements: str smooth_streaming: description: - Whether you want to distribute media files in the Microsoft Smooth Streaming format. type: bool compress: description: - Whether you want CloudFront to automatically compress files. type: bool lambda_function_associations: description: - A list of Lambda function associations to use for this cache behavior. type: list elements: dict suboptions: lambda_function_arn: description: The ARN of the Lambda function. type: str event_type: description: - Specifies the event type that triggers a Lambda function invocation. - This can be C(viewer-request), C(origin-request), C(origin-response) or C(viewer-response). type: str field_level_encryption_id: description: - The field-level encryption configuration that you want CloudFront to use for encrypting specific fields of data. type: str purge_cache_behaviors: description: - Whether to remove any cache behaviors that aren't listed in I(cache_behaviors). - This switch also allows the reordering of I(cache_behaviors). default: false type: bool custom_error_responses: type: list elements: dict description: - A config element that is a I(list[]) of complex custom error responses to be specified for the distribution. - This attribute configures custom http error messages returned to the user. suboptions: error_code: type: int description: The error code the custom error page is for. error_caching_min_ttl: type: int description: The length of time (in seconds) that CloudFront will cache status codes for. response_code: type: int description: - The HTTP status code that CloudFront should return to a user when the origin returns the HTTP status code specified by I(error_code). response_page_path: type: str description: - The path to the custom error page that you want CloudFront to return to a viewer when your origin returns the HTTP status code specified by I(error_code). purge_custom_error_responses: description: Whether to remove any custom error responses that aren't listed in I(custom_error_responses). default: false type: bool comment: description: - A comment that describes the CloudFront distribution. - If not specified, it defaults to a generic message that it has been created with Ansible, and a datetime stamp. type: str logging: description: - A config element that is a complex object that defines logging for the distribution. suboptions: enabled: description: When I(enabled=true) CloudFront will log access to an S3 bucket. type: bool include_cookies: description: When I(include_cookies=true) CloudFront will include cookies in the logs. type: bool bucket: description: The S3 bucket to store the log in. type: str prefix: description: A prefix to include in the S3 object names. type: str type: dict price_class: description: - A string that specifies the pricing class of the distribution. As per U(https://aws.amazon.com/cloudfront/pricing/) - I(price_class=PriceClass_100) consists of the areas United States, Canada and Europe. - I(price_class=PriceClass_200) consists of the areas United States, Canada, Europe, Japan, India, Hong Kong, Philippines, S. Korea, Singapore & Taiwan. - I(price_class=PriceClass_All) consists of the areas United States, Canada, Europe, Japan, India, South America, Australia, Hong Kong, Philippines, S. Korea, Singapore & Taiwan. - AWS defaults this to C(PriceClass_All). - Valid values are C(PriceClass_100), C(PriceClass_200) and C(PriceClass_All) type: str enabled: description: - A boolean value that specifies whether the distribution is enabled or disabled. - Defaults to C(false). type: bool viewer_certificate: type: dict description: - A dict that specifies the encryption details of the distribution. suboptions: cloudfront_default_certificate: type: bool description: - If you're using the CloudFront domain name for your distribution, such as C(123456789abcde.cloudfront.net) you should set I(cloudfront_default_certificate=true). - If I(cloudfront_default_certificate=true) do not set I(ssl_support_method). iam_certificate_id: type: str description: - The ID of a certificate stored in IAM to use for HTTPS connections. - If I(iam_certificate_id) is set then you must also specify I(ssl_support_method). acm_certificate_arn: type: str description: - The ID of a certificate stored in ACM to use for HTTPS connections. - If I(acm_certificate_id) is set then you must also specify I(ssl_support_method). ssl_support_method: type: str description: - How CloudFront should serve SSL certificates. - Valid values are C(sni-only) for SNI, and C(vip) if CloudFront is configured to use a dedicated IP for your content. minimum_protocol_version: type: str description: - The security policy that you want CloudFront to use for HTTPS connections. - See U(https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html) for supported security policies. restrictions: type: dict description: - A config element that is a complex object that describes how a distribution should restrict it's content. suboptions: geo_restriction: description: Apply a restriction based on the location of the requester. type: dict suboptions: restriction_type: type: str description: - The method that you want to use to restrict distribution of your content by country. - Valid values are C(none), C(whitelist), C(blacklist). items: description: - A list of ISO 3166-1 two letter (Alpha 2) country codes that the restriction should apply to. - 'See the ISO website for a full list of codes U(https://www.iso.org/obp/ui/#search/code/).' type: list elements: str web_acl_id: description: - The ID of a Web Application Firewall (WAF) Access Control List (ACL). type: str http_version: description: - The version of the http protocol to use for the distribution. - AWS defaults this to C(http2). - Valid values are C(http1.1), C(http2), C(http3) and C(http2and3). type: str ipv6_enabled: description: - Determines whether IPv6 support is enabled or not. - Defaults to C(false). type: bool wait: description: - Specifies whether the module waits until the distribution has completed processing the creation or update. type: bool default: false wait_timeout: description: - Specifies the duration in seconds to wait for a timeout of a cloudfront create or update. default: 1800 type: int extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules - amazon.aws.tags - amazon.aws.boto3 a - name: create a basic distribution with defaults and tags community.aws.cloudfront_distribution: state: present default_origin_domain_name: www.my-cloudfront-origin.com tags: Name: example distribution Project: example project Priority: '1' - name: update a distribution comment by distribution_id community.aws.cloudfront_distribution: state: present distribution_id: E1RP5A2MJ8073O comment: modified by ansible cloudfront.py - name: update a distribution comment by caller_reference community.aws.cloudfront_distribution: state: present caller_reference: my cloudfront distribution 001 comment: modified by ansible cloudfront.py - name: update a distribution's aliases and comment using the distribution_id as a reference community.aws.cloudfront_distribution: state: present distribution_id: E1RP5A2MJ8073O comment: modified by cloudfront.py again aliases: - 'www.my-distribution-source.com' - 'zzz.aaa.io' - name: update a distribution's aliases and comment using an alias as a reference community.aws.cloudfront_distribution: state: present caller_reference: my test distribution comment: modified by cloudfront.py again aliases: - www.my-distribution-source.com - zzz.aaa.io - name: update a distribution's comment and aliases and tags and remove existing tags community.aws.cloudfront_distribution: state: present distribution_id: E15BU8SDCGSG57 comment: modified by cloudfront.py again aliases: - tested.com tags: Project: distribution 1.2 purge_tags: true - name: create a distribution with an origin, logging and default cache behavior community.aws.cloudfront_distribution: state: present caller_reference: unique test distribution ID origins: - id: 'my test origin-000111' domain_name: www.example.com origin_path: /production custom_headers: - header_name: MyCustomHeaderName header_value: MyCustomHeaderValue default_cache_behavior: target_origin_id: 'my test origin-000111' forwarded_values: query_string: true cookies: forward: all headers: - '*' viewer_protocol_policy: allow-all smooth_streaming: true compress: true allowed_methods: items: - GET - HEAD cached_methods: - GET - HEAD logging: enabled: true include_cookies: false bucket: mylogbucket.s3.amazonaws.com prefix: myprefix/ enabled: false comment: this is a CloudFront distribution with logging - name: delete a distribution community.aws.cloudfront_distribution: state: absent caller_reference: replaceable distribution adX active_trusted_signers: description: Key pair IDs that CloudFront is aware of for each trusted signer. returned: always type: complex contains: enabled: description: Whether trusted signers are in use. returned: always type: bool sample: false quantity: description: Number of trusted signers. returned: always type: int sample: 1 items: description: Number of trusted signers. returned: when there are trusted signers type: list sample: - key_pair_id aliases: description: Aliases that refer to the distribution. returned: always type: complex contains: items: description: List of aliases. returned: always type: list sample: - test.example.com quantity: description: Number of aliases. returned: always type: int sample: 1 arn: description: Amazon Resource Name of the distribution. returned: always type: str sample: arn:aws:cloudfront::123456789012:distribution/E1234ABCDEFGHI cache_behaviors: description: CloudFront cache behaviors. returned: always type: complex contains: items: description: List of cache behaviors. returned: always type: complex contains: allowed_methods: description: Methods allowed by the cache behavior. returned: always type: complex contains: cached_methods: description: Methods cached by the cache behavior. returned: always type: complex contains: items: description: List of cached methods. returned: always type: list sample: - HEAD - GET quantity: description: Count of cached methods. returned: always type: int sample: 2 items: description: List of methods allowed by the cache behavior. returned: always type: list sample: - HEAD - GET quantity: description: Count of methods allowed by the cache behavior. returned: always type: int sample: 2 compress: description: Whether compression is turned on for the cache behavior. returned: always type: bool sample: false default_ttl: description: Default Time to Live of the cache behavior. returned: always type: int sample: 86400 forwarded_values: description: Values forwarded to the origin for this cache behavior. returned: always type: complex contains: cookies: description: Cookies to forward to the origin. returned: always type: complex contains: forward: description: Which cookies to forward to the origin for this cache behavior. returned: always type: str sample: none whitelisted_names: description: The names of the cookies to forward to the origin for this cache behavior. returned: when I(forward=whitelist) type: complex contains: quantity: description: Count of cookies to forward. returned: always type: int sample: 1 items: description: List of cookies to forward. returned: when list is not empty type: list sample: my_cookie headers: description: Which headers are used to vary on cache retrievals. returned: always type: complex contains: quantity: description: Count of headers to vary on. returned: always type: int sample: 1 items: description: List of headers to vary on. returned: when list is not empty type: list sample: - Host query_string: description: Whether the query string is used in cache lookups. returned: always type: bool sample: false query_string_cache_keys: description: Which query string keys to use in cache lookups. returned: always type: complex contains: quantity: description: Count of query string cache keys to use in cache lookups. returned: always type: int sample: 1 items: description: List of query string cache keys to use in cache lookups. returned: when list is not empty type: list sample: lambda_function_associations: description: Lambda function associations for a cache behavior. returned: always type: complex contains: quantity: description: Count of lambda function associations. returned: always type: int sample: 1 items: description: List of lambda function associations. returned: when list is not empty type: list sample: - lambda_function_arn: arn:aws:lambda:123456789012:us-east-1/lambda/lambda-function event_type: viewer-response max_ttl: description: Maximum Time to Live. returned: always type: int sample: 31536000 min_ttl: description: Minimum Time to Live. returned: always type: int sample: 0 path_pattern: description: Path pattern that determines this cache behavior. returned: always type: str sample: /path/to/files/* smooth_streaming: description: Whether smooth streaming is enabled. returned: always type: bool sample: false target_origin_id: description: ID of origin reference by this cache behavior. returned: always type: str sample: origin_abcd trusted_signers: description: Trusted signers. returned: always type: complex contains: enabled: description: Whether trusted signers are enabled for this cache behavior. returned: always type: bool sample: false quantity: description: Count of trusted signers. returned: always type: int sample: 1 viewer_protocol_policy: description: Policy of how to handle http/https. returned: always type: str sample: redirect-to-https quantity: description: Count of cache behaviors. returned: always type: int sample: 1 caller_reference: description: Idempotency reference given when creating CloudFront distribution. returned: always type: str sample: '1484796016700' comment: description: Any comments you want to include about the distribution. returned: always type: str sample: 'my first CloudFront distribution' custom_error_responses: description: Custom error responses to use for error handling. returned: always type: complex contains: items: description: List of custom error responses. returned: always type: complex contains: error_caching_min_ttl: description: Minimum time to cache this error response. returned: always type: int sample: 300 error_code: description: Origin response code that triggers this error response. returned: always type: int sample: 500 response_code: description: Response code to return to the requester. returned: always type: str sample: '500' response_page_path: description: Path that contains the error page to display. returned: always type: str sample: /errors/5xx.html quantity: description: Count of custom error response items returned: always type: int sample: 1 default_cache_behavior: description: Default cache behavior. returned: always type: complex contains: allowed_methods: description: Methods allowed by the cache behavior. returned: always type: complex contains: cached_methods: description: Methods cached by the cache behavior. returned: always type: complex contains: items: description: List of cached methods. returned: always type: list sample: - HEAD - GET quantity: description: Count of cached methods. returned: always type: int sample: 2 items: description: List of methods allowed by the cache behavior. returned: always type: list sample: - HEAD - GET quantity: description: Count of methods allowed by the cache behavior. returned: always type: int sample: 2 compress: description: Whether compression is turned on for the cache behavior. returned: always type: bool sample: false default_ttl: description: Default Time to Live of the cache behavior. returned: always type: int sample: 86400 forwarded_values: description: Values forwarded to the origin for this cache behavior. returned: always type: complex contains: cookies: description: Cookies to forward to the origin. returned: always type: complex contains: forward: description: Which cookies to forward to the origin for this cache behavior. returned: always type: str sample: none whitelisted_names: description: The names of the cookies to forward to the origin for this cache behavior. returned: when I(forward=whitelist) type: complex contains: quantity: description: Count of cookies to forward. returned: always type: int sample: 1 items: description: List of cookies to forward. returned: when list is not empty type: list sample: my_cookie headers: description: Which headers are used to vary on cache retrievals. returned: always type: complex contains: quantity: description: Count of headers to vary on. returned: always type: int sample: 1 items: description: List of headers to vary on. returned: when list is not empty type: list sample: - Host query_string: description: Whether the query string is used in cache lookups. returned: always type: bool sample: false query_string_cache_keys: description: Which query string keys to use in cache lookups. returned: always type: complex contains: quantity: description: Count of query string cache keys to use in cache lookups. returned: always type: int sample: 1 items: description: List of query string cache keys to use in cache lookups. returned: when list is not empty type: list sample: lambda_function_associations: description: Lambda function associations for a cache behavior. returned: always type: complex contains: quantity: description: Count of lambda function associations. returned: always type: int sample: 1 items: description: List of lambda function associations. returned: when list is not empty type: list sample: - lambda_function_arn: arn:aws:lambda:123456789012:us-east-1/lambda/lambda-function event_type: viewer-response max_ttl: description: Maximum Time to Live. returned: always type: int sample: 31536000 min_ttl: description: Minimum Time to Live. returned: always type: int sample: 0 path_pattern: description: Path pattern that determines this cache behavior. returned: always type: str sample: /path/to/files/* smooth_streaming: description: Whether smooth streaming is enabled. returned: always type: bool sample: false target_origin_id: description: ID of origin reference by this cache behavior. returned: always type: str sample: origin_abcd trusted_signers: description: Trusted signers. returned: always type: complex contains: enabled: description: Whether trusted signers are enabled for this cache behavior. returned: always type: bool sample: false quantity: description: Count of trusted signers. returned: always type: int sample: 1 viewer_protocol_policy: description: Policy of how to handle http/https. returned: always type: str sample: redirect-to-https default_root_object: description: The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution. returned: always type: str sample: '' diff: description: Difference between previous configuration and new configuration. returned: always type: dict sample: {} domain_name: description: Domain name of CloudFront distribution. returned: always type: str sample: d1vz8pzgurxosf.cloudfront.net enabled: description: Whether the CloudFront distribution is enabled or not. returned: always type: bool sample: true http_version: description: Version of HTTP supported by the distribution. returned: always type: str sample: http2 id: description: CloudFront distribution ID. returned: always type: str sample: E123456ABCDEFG in_progress_invalidation_batches: description: The number of invalidation batches currently in progress. returned: always type: int sample: 0 is_ipv6_enabled: description: Whether IPv6 is enabled. returned: always type: bool sample: true last_modified_time: description: Date and time distribution was last modified. returned: always type: str sample: '2017-10-13T01:51:12.656000+00:00' logging: description: Logging information. returned: always type: complex contains: bucket: description: S3 bucket logging destination. returned: always type: str sample: logs-example-com.s3.amazonaws.com enabled: description: Whether logging is enabled. returned: always type: bool sample: true include_cookies: description: Whether to log cookies. returned: always type: bool sample: false prefix: description: Prefix added to logging object names. returned: always type: str sample: cloudfront/test origins: description: Origins in the CloudFront distribution. returned: always type: complex contains: items: description: List of origins. returned: always type: complex contains: custom_headers: description: Custom headers passed to the origin. returned: always type: complex contains: quantity: description: Count of headers. returned: always type: int sample: 1 custom_origin_config: description: Configuration of the origin. returned: always type: complex contains: http_port: description: Port on which HTTP is listening. returned: always type: int sample: 80 https_port: description: Port on which HTTPS is listening. returned: always type: int sample: 443 origin_keepalive_timeout: description: Keep-alive timeout. returned: always type: int sample: 5 origin_protocol_policy: description: Policy of which protocols are supported. returned: always type: str sample: https-only origin_read_timeout: description: Timeout for reads to the origin. returned: always type: int sample: 30 origin_ssl_protocols: description: SSL protocols allowed by the origin. returned: always type: complex contains: items: description: List of SSL protocols. returned: always type: list sample: - TLSv1 - TLSv1.1 - TLSv1.2 quantity: description: Count of SSL protocols. returned: always type: int sample: 3 domain_name: description: Domain name of the origin. returned: always type: str sample: test-origin.example.com id: description: ID of the origin. returned: always type: str sample: test-origin.example.com origin_path: description: Subdirectory to prefix the request from the S3 or HTTP origin. returned: always type: str sample: '' connection_attempts: description: The number of times that CloudFront attempts to connect to the origin. returned: always type: int sample: 3 connection_timeout: description: The number of seconds that CloudFront waits when trying to establish a connection to the origin. returned: always type: int sample: 10 origin_shield: description: Configuration of the origin Origin Shield. returned: always type: complex contains: enabled: description: Whether Origin Shield is enabled or not. returned: always type: bool sample: false origin_shield_region: description: Which region is used by Origin Shield. returned: when enabled is true type: str sample: us-east-1 version_added: 6.0.0 s3_origin_config: description: Origin access identity configuration for S3 Origin. returned: when s3_origin_access_identity_enabled is true type: dict contains: origin_access_identity: type: str description: The origin access id as a path. sample: origin-access-identity/cloudfront/EXAMPLEID quantity: description: Count of origins. returned: always type: int sample: 1 price_class: description: Price class of CloudFront distribution. returned: always type: str sample: PriceClass_All restrictions: description: Restrictions in use by CloudFront. returned: always type: complex contains: geo_restriction: description: Controls the countries in which your content is distributed. returned: always type: complex contains: quantity: description: Count of restrictions. returned: always type: int sample: 1 items: description: List of country codes allowed or disallowed. returned: always type: list sample: xy restriction_type: description: Type of restriction. returned: always type: str sample: blacklist status: description: Status of the CloudFront distribution. returned: always type: str sample: InProgress tags: description: Distribution tags. returned: always type: dict sample: Hello: World viewer_certificate: description: Certificate used by CloudFront distribution. returned: always type: complex contains: acm_certificate_arn: description: ARN of ACM certificate. returned: when certificate comes from ACM type: str sample: arn:aws:acm:us-east-1:123456789012:certificate/abcd1234-1234-1234-abcd-123456abcdef certificate: description: Reference to certificate. returned: always type: str sample: arn:aws:acm:us-east-1:123456789012:certificate/abcd1234-1234-1234-abcd-123456abcdef certificate_source: description: Where certificate comes from. returned: always type: str sample: acm minimum_protocol_version: description: Minimum SSL/TLS protocol supported by this distribution. returned: always type: str sample: TLSv1 ssl_support_method: description: Support for pre-SNI browsers or not. returned: always type: str sample: sni-only web_acl_id: description: ID of Web Access Control List (from WAF service). returned: always type: str sample: abcd1234-1234-abcd-abcd-abcd12345678 N) OrderedDict) to_native)to_text)camel_dict_to_snake_dict)recursive_diff)snake_dict_to_camel_dict)CloudFrontFactsServiceManager)AWSRetry)ansible_dict_to_boto3_tag_list)boto3_tag_list_to_ansible_dict)compare_aws_tags)AnsibleCommunityAWSModulecZ||vr&|j|||<|j|d|SN)getpop) dictionaryold_keynew_keys y/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/aws/plugins/modules/cloudfront_distribution.pychange_dict_key_namers1*(nnW5 7w% cJ|t|trW|j|}|t|j }ng}t|t|j z||<t|tr)tt |j||z||<|Sr) isinstancedictrlistitemsset)configvalidated_node node_name config_nodeconfig_node_itemss rmerge_validation_into_configr$s! nd + **Y/K&$():):)<$=!$&! $%6n>R>R>T9U%U VF9  nd + $SI)>)O%P QF9  Mrc|g}t|ts-tdt|jdt |i}|rt ||d<t |dkDr||d<|S)NzExpected a list, got a z with value quantityrr)rr ValueErrortype__name__strlen) list_itemsinclude_quantityresults ransible_list_to_cloudfront_listr/st j$ '24 3C3L3L2M\Z]^hZiYjkll F _z :$w Mrc |s|jd|dS|d|id}|jd|dS#tjjtjj f$r}|j |dYd}~yd}~wwxYw) NT) aws_retryDistributionConfig DistributionItems)r2Tags)r1DistributionConfigWithTagszError creating distributionmsg)create_distributioncreate_distribution_with_tagsbotocore exceptions ClientError BotoCoreError fail_json_aws)clientmodulertagsdistribution_config_with_tagses rr9r9s C--QW-XYgh hCIT[]aSb,c )77;X8     + +X-@-@-N-N OCQ$ABBCs777B .BB c   |jd|dd|dS#tjjtjjf$r,}|j |dt |dYd}~yd}~wwxYw)NTr3IdETag)r1rFIfMatchzError deleting distribution r7)delete_distributionr;r<r=r>r?r)r@rA distributionrDs rrIrIsn))|N;DAr?r)r@rArdistribution_ide_tagrDs rrLrLs[))DVXgqv)w       + +X-@-@-N-N O[Q&EiPVFWEX$YZZ[s7A:A55A:c |jd|t|S#tjjtjj f$r}|j |dYd}~yd}~wwxYw)NTr4)r1Resourcer5zError tagging resourcer7) tag_resourcerr;r<r=r>r?)r@rAarnrBrDs rrRrRsi>""TCdQUFV"WW    + +X-@-@-N-N O>Q$<==> 7A4A//A4c |jd|t|S#tjjtjj f$r}|j |dYd}~yd}~wwxYw)NTrP)r1rQTagKeyszError untagging resourcer7)untag_resourcerr;r<r=r>r?)r@rArStag_keysrDs rrWrW sl@$$tc4V^K_$``    + +X-@-@-N-N O@Q$>??@rTc* |jd|}t|jdjdS#tjj tjj f$r}|j|dYd}~yd}~wwxYw)NT)r1rQr5r4zError listing tags for resourcer7)list_tags_for_resourcer rr;r<r=r>r?)r@rArSresponserDs rrZrZsG004#0N-hll6.B.F.Fw.OPP    + +X-@-@-N-N OGQ$EFFGs;>7B5B  Bc|yd}t|||\}}|rt||||d}|rt|||t|d}|S)NFT)r rWrRr ) r@rA existing_tags valid_tags purge_tagsrSchangedto_add to_removes r update_tagsrcsZG( JOFIvvsI6 VVS*H*PQ NrceZdZdZdZdZdZ d#dZdZdZ dZ d#d Z d Z d Z d#d Zd#d ZdZdZdZdZdZdZdZdZd#dZdZ d#dZdZdZdZdZdZdZ dZ!d Z"d!Z#y")$CloudFrontValidationManagerz( Manages CloudFront validations ct||_||_d|_d|_d|_d|_gd|_d|_d|_ d|_ tjjjd |_d |_d |_d |_d|_d |_d|_d|_d|_d|_t1gd|_t1gd|_t1gd|_t1gd|_t1gd|_t1gd|_t1ddgt1gdg|_|j>d |j>d|j<g|_ t1gd|_!t1ddg|_"t1gd|_#t1gd|_$t1gd|_%tMjNd|_(y) NTPiF)TLSv1TLSv1.1TLSv1.2 match-viewerz%Y-%m-%dT%H:%M:%S.%fri3iQ allow-allnone)PriceClass_100PriceClass_200PriceClass_All)z http-onlyrk https-only)SSLv3rhrirj)ro whitelistall)rnrszredirect-to-https)GETHEADPOSTPUTPATCHOPTIONSDELETErwrx)rwrxr|)zviewer-requestzviewer-responsezorigin-requestzorigin-responsezsni-onlyvip)rtrh TLSv1_2016z TLSv1.1_2016z TLSv1.2_2018z TLSv1.2_2019z TLSv1.2_2021) cloudfrontiamacm)zhttp1.1http2http3 http2and3z!\.s3(?:\.[^.]+)?\.amazonaws\.com$))r 2_CloudFrontValidationManager__cloudfront_facts_mgrrA:_CloudFrontValidationManager__default_distribution_enabled/_CloudFrontValidationManager__default_http_port0_CloudFrontValidationManager__default_https_port2_CloudFrontValidationManager__default_ipv6_enabled:_CloudFrontValidationManager__default_origin_ssl_protocolsC_CloudFrontValidationManager__default_custom_origin_protocol_policy@_CloudFrontValidationManager__default_custom_origin_read_timeoutE_CloudFrontValidationManager__default_custom_origin_keepalive_timeoutdatetimenowstrftime5_CloudFrontValidationManager__default_datetime_string<_CloudFrontValidationManager__default_cache_behavior_min_ttl<_CloudFrontValidationManager__default_cache_behavior_max_ttl@_CloudFrontValidationManager__default_cache_behavior_default_ttl=_CloudFrontValidationManager__default_cache_behavior_compressK_CloudFrontValidationManager__default_cache_behavior_viewer_protocol_policyE_CloudFrontValidationManager__default_cache_behavior_smooth_streamingU_CloudFrontValidationManager__default_cache_behavior_forwarded_values_forward_cookiesR_CloudFrontValidationManager__default_cache_behavior_forwarded_values_query_string=_CloudFrontValidationManager__default_trusted_signers_enabledr1_CloudFrontValidationManager__valid_price_classes<_CloudFrontValidationManager__valid_origin_protocol_policies8_CloudFrontValidationManager__valid_origin_ssl_protocols5_CloudFrontValidationManager__valid_cookie_forwarding<_CloudFrontValidationManager__valid_viewer_protocol_policies+_CloudFrontValidationManager__valid_methods:_CloudFrontValidationManager__valid_methods_cached_methods;_CloudFrontValidationManager__valid_methods_allowed_methodsK_CloudFrontValidationManager__valid_lambda_function_association_event_typesJ_CloudFrontValidationManager__valid_viewer_certificate_ssl_support_methodsP_CloudFrontValidationManager__valid_viewer_certificate_minimum_protocol_versionsJ_CloudFrontValidationManager__valid_viewer_certificate_certificate_sources1_CloudFrontValidationManager__valid_http_versionsrecompile4_CloudFrontValidationManager__s3_bucket_domain_regex)selfrAs r__init__z$CloudFrontValidationManager.__init__.s!&CF&K# .2+#% $'!&+#/ + 8F44619:6)1):):)>)>)@)I)IJ`)a&01-08-49116.?J<9>6IOFFJC16.%( & "14 1 --0 - )*- * &14 1 - #      / +  / / 2  / / 2  0 , @C @ <?B ? ; EH  E A?B ? ;&) & ")+ 3W(X%rc||vr||||<|Sr)r dict_object key_to_set value_to_sets radd_missing_keyz+CloudFrontValidationManager.add_missing_keys [ (\-E&2K #rc:||vr ||||<|St|||}|Sr)r)rrrrrs radd_key_else_change_dict_keyz8CloudFrontValidationManager.add_key_else_change_dict_keys7 + %,*B#/K /{GWMKrcj||vr|j||||S|rt|||<|S||||<|Sr)&validate_attribute_with_allowed_valuesr/)rrkey_nameattribute_namer valid_values to_aws_lists radd_key_else_validatez1CloudFrontValidationManager.add_key_else_validates[ { "  7 7 nVb c  (G (U H%)(4 H%rc |yi}|r8tgdj|s|jjd|j d|d<|j d|d<|j d|d<|j d|d<|S#t $r'}|jj |dYd}~yd}~wwxYw) N)enabledinclude_cookiesbucketprefixzUThe logging parameters enabled, include_cookies, bucket and prefix must be specified.r7rrrrz%Error validating distribution logging)rissubsetrA fail_jsonr Exceptionr?)rlogging valid_loggingrDs rvalidate_loggingz,CloudFrontValidationManager.validate_loggings VMs#UV__`gh %%o&07{{;L/MM+ ,'.{{9'=M) $&-kk(&;M( #&-kk(&;M( #  V KK % %a-T % U U VsBB B CB>>Cct|ts6|jj|dt |j dyy)Nz is of type z. Must be a list.r7)rrrArr(r))rlist_to_validate list_names rvalidate_is_listz,CloudFrontValidationManager.validate_is_listsB*D1 KK ! ! <EU@V@_@_?``q&r ! s2rcL||vr |jj|dyy)Nz must be specified.r7)rAr)rr full_key_namers rvalidate_required_keyz1CloudFrontValidationManager.validate_required_keys, ; & KK ! !7J&K ! L 'rc  |!||s|ryt|S| ||xsddg}ng}|j|d|s ||r|jjdt }t } |D]} | || j d<|D]Q} |j||j | j di| |} | || d<| j| dS|r&t |jD] } | | vs|| = tt |jS#t$r'} |jj| dYd} ~ yd} ~ wwxYw)N) domain_name origin_pathoriginszcBoth origins[] and default_origin_domain_name have not been specified. Please specify at least one.r7rz%Error validating distribution origins) r/rrArrrrvalidate_originappendkeysvaluesrr?) rr@rrdefault_origin_domain_namedefault_origin_pathcreate purge_origins all_origins new_domainsorigindomainrDs rvalidate_originsz,CloudFrontValidationManager.validate_originss V-5f$#>vFF-9/IZmZsqstuG G  ! !'9 59Af %%}&&-K&K  @9? FJJ}56 @! :--KOOFJJ},ErJFTg6< F=12""6-#89  : ";#3#3#560F[0'/034 8J8J8L3MN N V KK % %a-T % U U Vs(D( D(C*D(&D(( E1EEc`|jdijdr|ddS|jdijdr|ddS d|jdd|j}|jdd|j}tt||}|jdi|dd }d S#tj j tj jf$r-}|jj|d |d  Yd}~dd}~wwxYw)Ns3_origin_configorigin_access_identityzaccess-identity-by-ansible-r-)CallerReferenceComment)$CloudFrontOriginAccessIdentityConfigCloudFrontOriginAccessIdentityrFz.Couldn't create Origin Access Identity for id idr7z"origin-access-identity/cloudfront/r) rrr)create_cloud_front_origin_access_identityr;r<r>r=rAr?) rr@existing_configrcommentcaller_reference cfoai_configoairDs r validate_s3_origin_configurationz\>\=]^ 59JZdk5lLC&BBR\RSstC 4C599##1183F3F3R3RS n KK % %a/]^dei^j]k-l % m m nsA0C 7D-#D((D-c R |j|d|jd|xsd}|jdd||j|d|jd|j}d|vrvt |jddkDrY|jdD]'}d|vsd|vs |j j d )t|jd|d<n t|d<d |vrb|jd }|jd r@|jd }||j j d n|j}|jj|jdjrg|jd4|dr|j|||}nd}|d=|r|} nd} t| |d<d|vr|j j d |S|j|d|jdi}|jd} |j| dd|j|j} |j| d|j } |j| d|j"} |j%| dd|j&} |j%| dd|j(} | jdijdr | dd| d<| jdr!|j+| dd|j,n|j.| d<t| d| d<|S#t0j2j4t0j2j6f$r'} |j j9| d Yd} ~ yd} ~ wwxYw)!Nrrzorigins[].origin_pathrcustom_headersr header_name header_valuezfBoth origins[].custom_headers.header_name and origins[].custom_headers.header_value must be specified.r7 origin_shieldrorigin_shield_regionzlorigins[].origin_shield.origin_shield_region must be specified when origins[].origin_shield.enabled is true.r!s3_origin_access_identity_enabled)rrcustom_origin_configzAs3 origin domains and custom_origin_config are mutually exclusiveorigin_protocol_policyz5origins[].custom_origin_config.origin_protocol_policyorigin_read_timeoutorigin_keepalive_timeout http_port h_t_t_p_port https_porth_t_t_p_s_portorigin_ssl_protocolsrzorigins[].origin_ssl_protocolsz$Error validating distribution origin)rrrrr+rArr/lowerrsearchrrrrrrrrrr)validate_attribute_list_with_allowed_listrrr;r<r=r>r?) rr@rrr custom_headerrrrrrrDs rrz+CloudFrontValidationManager.validate_origin%sU U)) ':':=J]Jcac'dF  & &}6Mv V))&$8K8KDRVRpRp8qrF6)c&**=M2N.ORS.S%+ZZ0@%AM$M9^S`=` --!I. ,K6::VfKg+h'(+J+L'(&( & ? ;  $$Y/+8+<+<=S+T(+3 --!M. 0D/I/I/K,,,33FJJ}4M4S4S4UV::ABNAB+/+P+PQWYhjp+q(+/(BC'. 15S1QF-.)V3KK))_*PMI--2O4G4GH^`b4c(.zz2H'I$'+'A'A(,K@@99 ($(,';';(*?AjAj($(,';';(*DdFtFt($(,'H'H(+~tG_G_($(,'H'H(,8H$JcJc($(++,BBGKKGTCWXnCopwCx()?@'++,BCBB,-CD899 DHCfCf()?@?^()?@@$%;<M##//1D1D1R1RS U KK % %a-S % T T Us&B$M'E M5EM7N&?N!!N&c |||dur t|St}|s|D] }|||d< |D]<}|j|j|jdi||}|||d<>|r>t |j t |D cgc]} | d c} z D]} || =tt |jScc} w#t$r'} |jj| dYd} ~ yd} ~ wwxYw)NF path_patternz-Error validating distribution cache behaviorsr7) r/rvalidate_cache_behaviorrrrrrrrAr?) rrcache_behaviors valid_originspurge_cache_behaviorsall_cache_behaviorsbehaviorcache_behaviorvalid_cache_behaviorcbtarget_origin_idrDs rvalidate_cache_behaviorsz4CloudFrontValidationManager.validate_cache_behaviors}sM ^&=+DI^bgIg6v>>"-- ) &MHDL'(@AM"1 ['+'C'C'++N,>,>~,NPRSUcer($G[#N>$BC  [ %(+,?,D,D,F(G#2ABBR'BK)>$,,<=>348K8R8R8T3UV VC ^ KK % %a-\ % ] ] ^s/CA?C C 2CC D!DDc|r|i}|||S|j||||}|jd"|j||jd|}|j||jd|}|j ||jd|}|j ||jd|}|j ||jd|}|S)Ncache_policy_idforwarded_valuesallowed_methodslambda_function_associationstrusted_signersfield_level_encryption_id)(validate_cache_behavior_first_level_keysrvalidate_forwarded_valuesvalidate_allowed_methods%validate_lambda_function_associationsvalidate_trusted_signers"validate_field_level_encryption_id)rrrr is_default_caches rrz3CloudFrontValidationManager.validate_cache_behaviors  6N  !m&?MFF NM3C    / 0 8!;;**+=>N66v~?Q?QRc?dftuCC N&&'EF 66v~?Q?QRc?dftu@@ N&&'BC^ rc |jd=|jd,|rd}nd|d}|jj|d |jd|j|dd |jd |j}|j|d d |jd |j }|j|d d |jd |j }|j|d|jd|j}|jd|jd}|s|j|}||jdgDcgc]}|d c}vr,|rd}nd|d}|jj|d||d<|j|dd|jd|j|j}|j|d|jd|j}|Scc}w#t$r'}|jj|dYd}~yd}~wwxYw)NrrzDefault cache behaviorzCache behavior for path rzB cannot have both a cache_policy_id and a forwarded_values option.r7min_ttl min_t_t_lmax_ttl max_t_t_l default_ttl default_t_t_lcompressrrrz@ has target_origin_id pointing to an origin that does not exist.viewer_protocol_policyz%cache_behavior.viewer_protocol_policysmooth_streamingz=Error validating distribution cache behavior first level keys)rrArrrrrrr.get_first_origin_id_for_default_cache_behaviorrrrrrr?) rrrr r cache_behavior_namerrrDs rrzDCloudFrontValidationManager.validate_cache_behavior_first_level_keyss|   / 0 <ASASTfAgAs&>#(@P^A_@`&a# KK ! !*++mn " 1 n!!"34+>?XZ\+]+a+abikm+n' #  ! !"9;e f:YZq:r 6 7#33 ##ND4o4op   2BN- .! ! R KK % %a-P % Q Q RsHH H;H66H;c |b|j|d|D];}t|dd}|j|jdd|j=t ||d<|Sd|vr|jd|d<|St g|d<|S#t $r'}|jj|dYd}~yd}~wwxYw)Nrlambda_function_arnlambda_function_a_r_n event_typez9cache_behaviors[].lambda_function_associations.event_typez-Error validating lambda function associationsr7) rrrrrr/rrAr?)rrrr associationrDs rrzACloudFrontValidationManager.validate_lambda_function_associationss ^+7%%&BDbc#?K"6{DY[r"sK??# 5SLLBa0B=>" ! 2V;EKZZPnEoN#AB" !FeegEhN#AB! ! ^ KK % %a-\ % ] ] ^s$A#B&BB CB;;CcV|||d<|Sd|vr|jd|d<|Sd|d<|S)Nrr)r)rrrrs rrz>CloudFrontValidationManager.validate_field_level_encryption_id(sU $ 0:SN6 7  )F 2:@**E`:aN6 7;=N6 7rc |;|jdd||jd}|j|d|j|d|j|jd}d|vr/|j|d|j|d|j d|vr&t |ddt |k(r |d|d<nt||d<|rWt |t |jdijdijdgk(r|dd|dd<|St||dd<|Sd|vr|jd|d<|S#t$r'}|jj|d Yd}~yd}~wwxYw) Nrz&cache_behavior.allowed_methods.items[]z$cache_behavior.allowed_methods.itemscached_methodsz-cache_behavior.allowed_methods.cached_methodsz-cache_behavior.allowed_items.cached_methods[]rz Error validating allowed methodsr7) rrrrrrrr/rrAr?)rrrrtemp_allowed_items cached_itemsrDs rrz4CloudFrontValidationManager.validate_allowed_methods1s" Q***74\^mn%4%8%8%A"%%&8:`a>>&(PRVRvRv /223CD #6)),8ghBB$G;;%.3v>O7PQX7Y3Z^abt^u3u8>?P8QN#458WXj8kN#45C $5JJ0"599:JBOSST[]_`:%KQQbJcdtJuN#456FG " ! KjjvJwN#456FG" !%.8> CT8UN#45! ! Q KK % %a-O % P P Qs$D*E-EE F #FF cz |i}d|vrt|jd}n/t|jdd}d|vrt|d}|jd|jd|j|d<||d<|S#t$r'}|j j |d Yd}~yd}~wwxYw) Nrr&r)r&)rrrz Error validating trusted signersr7)r/rrrrrAr?)rrrrvalid_trusted_signersrDs rrz4CloudFrontValidationManager.validate_trusted_signersVs Q&"$/)(GH[H[\cHd(e%(,fjjQ6O(P%f$,0vg,G)/>/B/B6::i1W1WX0 !) ,1FN, -! ! Q KK % %a-O % P P QsBB B:B55B:c` |y|jdr-|jd|jjd|j|jdd|j|j|jdd|j |j|jdd |j t|dd }t|dd }t|d d }t|dd}|S#t$r'}|jj|dYd}~yd}~wwxYw)Ncloudfront_default_certificatessl_support_methodzviewer_certificate.ssl_support_method should not be specified with viewer_certificate_cloudfront_default_certificate set to true.r7z%viewer_certificate.ssl_support_methodminimum_protocol_versionz+viewer_certificate.minimum_protocol_versioncertificate_sourcez%viewer_certificate.certificate_sourcecloud_front_default_certificates_s_l_support_methodiam_certificate_idi_a_m_certificate_idacm_certificate_arna_c_m_certificate_arnz#Error validating viewer certificate) rrArrrrrrrr?)rviewer_certificaterDs rvalidate_viewer_certificatez7CloudFrontValidationManager.validate_viewer_certificatehsT$ T!)"&&'GH&**+?@L %%2&  7 7"&&';<7CC   7 7"&&'AB=II   7 7"&&';<7CC  "6"$DFg" "66HJ^`v!w !56HJ^`v!w !5"$9;R" & % T KK % %a-R % S S TsC=C7C== D-D((D-c | |s t|S|j|dt}td|D}|D]U}|j dd|t |dd}d|vrt |d|d<|d|vr||d=|j|W|s|j|jt|S#t$r'}|jj|d Yd}~yd}~wwxYw) Ncustom_error_responsesc3*K|] }|d|f yw) error_codeNr).0r[s r zNCloudFrontValidationManager.validate_custom_error_responses..s%pXx '=x&H%psrSz#custom_error_responses[].error_codeerror_caching_min_ttlerror_caching_min_t_t_l response_codez'Error validating custom error responsesr7) r/rrrrrr*rextendrrrAr?)rrrQpurge_custom_error_responsesr.existing_responsescustom_error_responserDs rvalidate_custom_error_responsesz;CloudFrontValidationManager.validate_custom_error_responsess X%-6R6v>>  ! !"8:R SVF!%%pYo%p!p )? 5%**<9^`uv(<)+BD])%#&;;=@AVWfAg=h)/:(6:LL*+@+NO 34 50 0779:26: : X KK % %a-V % W W XsCB3C C5C00C5c ||ry|S|jdd||jd}|jdd||jdij|dijdg}|jd}|s$|j|Dcgc] }||vs| c}t|}|jd|d<d|iScc}w#t$r'} |j j | dYd} ~ yd} ~ wwxYw)Ngeo_restrictionzrestrictions.geo_restrictionrestriction_typez-restrictions.geo_restriction.restriction_typerzError validating restrictionsr7)rrrYr/rrAr?) rr restrictionspurge_restrictionsr_existing_restrictionsgeo_restriction_itemsrestvalid_restrictionsrDs rvalidate_restrictionsz1CloudFrontValidationManager.validate_restrictionss1 N#%!M  & &'8:XZf g*../@AO  & &"$SUd  ,b155oFX6Y[]^bbcjlno "%4$7$7$@ !%%,,&;adtK`?`Ta"AAV!W 5D5H5HI[5\ 1 2%'9: : b  N KK % %a-L % M M Ns:CCBC C!C%)CC DC??Dc |xs|jdd|d<||n|jd|j|d<||jdr5|j|d|j|xs|jd|d<|s|jdr|xs|jd|d<|S#t$r'}|j j |dYd}~yd}~wwxYw)Ndefault_root_objectris_i_p_v6_enabled http_version web_a_c_l_idz/Error validating distribution config parametersr7)rrrrrrAr?)rrri ipv6_enabledrk web_acl_idrDs r'validate_distribution_config_parameterszCCloudFrontValidationManager.validate_distribution_config_parameterss `,?,h6::NcegChF( ) +ZZ 3T5P5PQ & ' '6::n+E;;L.Z^ZtZtu)5)SN9S~&VZZ7)3)Qvzz.7Q~&M ` KK % %a-^ % _ _ `sB0B33 C#<CC#c |i}|T|sD|j|jdijdgDcgc] }||vs| c}t||d<||j||d<||n|jd|j|d<|"|j |d|j ||d<|Scc}w#t$r'}|jj|dYd}~yd}~wwxYw)Naliasesrrr price_classz/Error validating common distribution parametersr7) rYrr/rrrrrrAr?) rrrrqrrr purge_aliasesaliasrDs r'validate_common_distribution_parameterszCCloudFrontValidationManager.validate_common_distribution_parameterss `~"$NN,2JJy",E,I,I'SU,Vo5Z_gnZno%DG$Ly!"$($9$9'$By!".FJJy$JmJm4n 9 &;;KX\XrXrs(3}%Mp ` KK % %a-^ % _ _ `s/7C B;B;A3C;C C0 C++C0cR|xs|jdd|jz|d<|S)Nrz4Distribution created by Ansible with datetime stamp )rr)rrrs rvalidate_commentz,CloudFrontValidationManager.validate_comments5# vzz MPTPnPnn( y rc"|xs |jSr)r)rrs rvalidate_caller_referencez5CloudFrontValidationManager.validate_caller_referencesA4#A#AArcD |N|jd}|;t|tr+t|dkDrt |djdS|j j dy#t$r'}|j j|dYd}~yd}~wwxYw)NrrrzqThere are no valid origins from which to specify a target_origin_id for the default_cache_behavior configuration.r7z8Error getting first origin_id for default cache behavior) rrrr+r*rArrr?)rr valid_origins_listrDs rr+zJCloudFrontValidationManager.get_first_origin_id_for_default_cache_behaviors i(%2%6%6w%?"&2"#5t<./!31!488>?? KK ! !H "  i KK % %a-g % h h isAA/A// B8BBc |j||t|tr t||vs*t|trWt|j |s. s)GQ#a&)GzThe attribute list  must be one of []r7z7Error validating attribute list with allowed value list) rrrr issupersetjoinrArrr?)rattribute_listattribute_list_name allowed_listrDs rrzECloudFrontValidationManager.validate_attribute_list_with_allowed_list s h  ! !.2E F<.'|;lC0L)44^D!$)G,)G!G %%,?@S?TTefteuuv*w%xE1  h KK % %a-f % g g hsBB C "CC c|A||vr. s%Cc!f%CrzThe attribute rrr7)rrAr)r attributerrrs rrzBCloudFrontValidationManager.validate_attribute_with_allowed_values sU  Yl%B XX%Cl%CCN KK ! !~6FFWXfWggh&i ! j&C rc |jjd}d}d}|Dcgc]}|jd}}|D]X}|jj|}|"||j|} | 9| jd|k(sN| |||<|cSycc}w#t$r'} |j j | d Yd} ~ yd} ~ wwxYw) NFkeyedr3r2rFrrz3Error validating distribution from caller referencer7)rlist_distributionsrget_distributionrrAr?) rr distributionsdistribution_namedistribution_config_namedistdistribution_idsrMrJdistribution_configrDs r+validate_distribution_from_caller_referencezGCloudFrontValidationManager.validate_distribution_from_caller_reference s d 77JJQVJWM . '; $;HI4I I#3 ,#::KKK_ +*67H*I*M*MNf*g'+7/334EFJZZTg %678PQ++ , J d KK % %a-b % c c ds?$B#B%B#$B#;B# B#B#B## C,CCc ||j|S|r||j|}|r|jj|Sy#t$r'}|j j |dYd}~yd}~wwxYw)NrzIError validating distribution_id from alias, aliases and caller referencer7)r#validate_distribution_id_from_aliasrrrrAr?)rrMrqrrDs r3validate_distribution_from_aliases_caller_referencezOCloudFrontValidationManager.validate_distribution_from_aliases_caller_reference, s +GGHXYY6&*&N&Nw&WO"66GG?G[[  KK % %b &   sA 2A A9A44A9c|jjd}|rG|D]B}|jdijdg}t|t|zs=|dcSy)NFrAliasesr4rF)rrrr)rrqrrJdistribution_aliasess rrz?CloudFrontValidationManager.validate_distribution_id_from_alias; sp33FFUFS  - . '3'7'7 2'F'J'J7TV'W$w<#&:";;'-- .rc||j|}|dd} |jd}dt|dz z}|j|d|iy#tj j $r4}|jj|d t|d  Yd}~yd}~wtj jtj jf$r*}|jj|d | Yd}~yd}~wwxYw) N)rr3rFdistribution_deployedr~< MaxAttempts)rF WaiterConfigz2Timeout waiting for CloudFront action. Waited for z seconds before timeout.r7zError getting distribution ) r get_waiterintwaitr;r< WaiterErrorrAr?rr=r>) rr@ wait_timeoutrMrrJwaiterattemptsrDs rwait_until_processedz0CloudFrontValidationManager.wait_until_processedD s  "KK]mKnL*>:4@O ^&&'>?F3|b011H KK?-9RK S""..  KK % %HQ]I^H__wx &   ##//1D1D1R1RS ^ KK % %a/J?J[-\ % ] ] ^s#7AD3*B"":D DDN)F)$r) __module__ __qualname____doc__rrrrrrrrrrrrrrrrrrrOr]rgrorurwryr+rrrrrrrrrrere)sDYL ^c V"tM*VX:(VUp^0,:nx(RT^.#QJQ$%TNX0N4`(MR`0 Bi hk d( ^rrec tdHidtddgddtdtdtdtd td d g d tdddtdtdgddtdddtdtdd dtdddtd dtdd dtddd tdd d!tddd"td d#td$tdd%td d&td d'td(td)tdd*td+td,tdd-d.td/d0-}i}d}t|dddgd*dgd*dgg1}|jd2tj3}t |}|j jd}|j jd}|j jd}|j jd} |j jd } |j jd } |j jd} |j jd} |j jd}|j jd}|j jd}|j jd}|j jd}|j jd}|j jd}|j jd}|j jd }|j jd!}|j jd"}|j jd#}|j jd$}|j jd%}|j jd&}|j jd4}|j jd'}|j jd(}|j jd)} |j jd*}!|j jd+}"|j jd,}#|j jd.}$| r| |vr|j| |j| ||}%|dk(xr|%}&|dk(xr|% }'|dk(xr|%}(|&s|'s|(s|jd5i})|&s|(r|%d6d7})|%d8} |%d6d9} |&r t|)d:})|'s|&rf|j|)|||||})|j|)|| ||})|j||)jdijd;g||!|"|'||)d<|j|)jdijd;g||)d||)d<|j!|)jdi||)dd|)d<|j#|)jd ijd;g|||)d <|j%|)jd&i||}*|*r|*|)d&<|j'|}+t)|)|+d%})|j+|)|})t-|)d<})|'rM|j/||)d=<t1|||)t3| xsi}t|}t5|||d>|d <|(r\|)d?r7d|)d?<t7|||)| | }|j9||$| |)jd=|j| ||}%t;|||%}|&r|)|%d6d7k7}|rt7|||)| | }n|%d6}t5|||d@},|,|%d6d7d <|t=|||,| | |d@z}t|}t5|||d>x|dAd <|)d <t|dB<t?|%d6d7|)}-|-r|-dC|dBdD<|-dE|dBdF<|#r'|'s|&r#|j9||$| |)jd=dA|vr|jA|dA|dA=|jdHdG|i|y)INstatepresentabsent)choicesdefaultrrrMrNrBr resource_tags)r(rqr_boolT)r(rrtrqrr*)r(relementsrsFrir)r(rrdefault_cache_behavior)r(r r rQrZrrrrrNrarnrkrmrrr)rr(rir) argument_specsupports_check_modemutually_exclusiver)retry_decoratorrb)r`r3r2rGrF) reversibler)capitalize_firstrrSEnabledARNrdiffrbeforer~afterr`r)!rAnsibleAWSModuler@r jittered_backoffreparamsrrr exit_jsonrrurorrrr]rgrOr$rwrryr9r rZrLrrIrcrupdate).rr.r`rAr@validation_mgrrrrrNrBr_rMrtrqrsrirrrr r rQrZrrrrrNrarbrnrkrmrrrrrJrrdeleterrfvalid_viewer_certificater]rs. rmainrW s> Ix0)D  f  v'8 9 VT2f&"u=6!F&626 $0&6: #>!" $&A#$&*vu%E%&&!'(F)*&!+, V,-.v&/0612V34v&56$(678!F9:%f -;<$U3=MBFG #!  ( )+< = )7 3 F]]<9R9R9T] UF08N MM  g &E}}(();<mm *G MM  g &E ==  V $D""<0Jmm''(9:O MM  g &Emm *GMM%%o6M --++,ABmm *GMM%%o6M#]]../GHmm''(9:O"MM--.EF#]]../GH#)==#4#45S#T mm *G--##M2Kmm *G**+?@==$$^4L**+?@""<0J==$$^4L==$$^4L!'!2!23O!P --++,AB ==  V $D==$$^4L g%u!UU"2Li  0LF i  4 $4F h  /  9  ! %  ! ,:+Q+Q JJ/ 46LfU^N_ae, '(,:+Y+Y JJ/ 4 8 8" E " (, '( ,AA JJ~r *L:L  %7F> "#1#M#MN`#a -f6NPde00A)&4H $2$L$LM]$^ !$VVV=[\`\fdf=gh)&1/u Nv )  %F9 (RWXF  / / oW]WaWabsWt u%YY W&6 %VV\B L89MNN (RWXF!.1F.vvve}M ER ^$%9:6B;vv}dJPVW\P]^^)&1AWX^`fhnothuAvv$%f-vvl>:;OPRXY '+AwF6N8 $&*1gF6N7 # 6++FL/SYS]S]^oSpq& f234 ( )F/W//r__main__)NT)) DOCUMENTATIONEXAMPLESRETURNrr collectionsrr; ImportErroransible.module_utils._textrr0ansible.module_utils.common.dict_transformationsrrrDansible_collections.amazon.aws.plugins.module_utils.cloudfront_factsr ;ansible_collections.amazon.aws.plugins.module_utils.retriesr ;ansible_collections.amazon.aws.plugins.module_utils.taggingr r r >ansible_collections.community.aws.plugins.module_utils.modulesrrrr$r/r9rIrLrRrWrZrcobjectrerr)rrrrsp  d\ |S j # 1.UKUnPffXx   Cn[>@G k ^&k ^\{0| zFG#  sBBB