You can use AWS Config to record configuration changes for CloudFront distribution settings changes. For example, you can capture changes to distribution states, price classes, origins, geo restriction settings, and Lambda@Edge configurations.
Note
AWS Config does not record key–value tags for CloudFront distribution and CloudFront streaming distribution.
When you set up AWS Config, you can choose to record all supported AWS resources, or you can specify only certain resources to record configuration changes for, such as just recording changes for CloudFront. To see the specific resources supported for CloudFront, see the list of Supported AWS Resource Types in the AWS Config Developer Guide.
To track configuration changes to your CloudFront distribution, you must log in to the AWS Management Console in the US East (N. Virginia) Region.
Note
There might be a delay in recording resources with AWS Config. AWS Config records resources only after it discovers the resources.
Set up AWS Config with CloudFront (console)
-
Sign in to the AWS Management Console and open the AWS Config console at https://console.aws.amazon.com/config/.
-
Choose Get Started Now.
-
On the Settings page, for Resource types to record, specify the AWS resource types that you want AWS Config to record. If you want to record only CloudFront changes, choose Specific types, and then, under CloudFront, choose the distribution or streaming distribution that you want to track changes for.
To add or change which distributions to track, choose Settings on the left, after completing your initial setup.
-
Specify additional required options for AWS Config: set up a notification, specify a location for the configuration information, and add rules for evaluating resource types.
For more information, see Setting up AWS Config with the Console in the AWS Config Developer Guide.
To set up AWS Config with CloudFront by using the AWS CLI or by using an API, see one of the following:
- Use the AWS CLI: Setting up AWS Config with the AWS CLI in the AWS Config Developer Guide
- Use an API: The StartConfigurationRecorder operation and other information in the AWS Config API Reference
After AWS Config starts recording configuration changes to your distributions, you can get the configuration history of any distribution that you have configured for CloudFront.
You can view configuration histories in any of the following ways:
- Use the AWS Config console. For each recorded resource, you can view a timeline page, which provides a history of configuration details. To view this page, choose the gray icon in the Config Timeline column of the Dedicated Hosts page. For more information, see Viewing Configuration Details in the AWS Config Console in the AWS Config Developer Guide.
- Run AWS CLI commands. To get a list of all of your distributions, use the list-discovered-resources command. To get the configuration details of a distribution for a specific time interval, use the get-resource-config-history command. For more information, see View Configuration Details Using the CLI in the AWS Config Developer Guide.
- **Use the AWS Config API in your applications. ** To get a list of all of your distributions use the ListDiscoveredResources operation. To get the configuration details of a distribution for a specific time interval, use the GetResourceConfigHistory action. For more information, see the AWS Config API Reference.
For example, to get a list of all of your distributions from AWS Config, you could run a CLI command such as the following:
aws configservice list-discovered-resources --resource-type AWS::CloudFront::Distribution
Or, to get a list of all of your RTMP streaming distributions from AWS Config, run a CLI command such as the following:
aws configservice list-discovered-resources --resource-type AWS::CloudFront::StreamingDistribution