aws-cloudformation-cloudfront_skill

This skill helps you define production CloudFront distributions with CloudFormation, multiple origins, caching, security headers, and cross-stack references.
  • Python

99

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill giuseppe-trisciuoglio/developer-kit --skill aws-cloudformation-cloudfront

  • SKILL.md51.7 KB

Overview

This skill provides production-ready AWS CloudFormation patterns for creating and managing CloudFront distributions and related resources. I include templates and examples for multiple origin types, cache behaviors, security headers, Lambda@Edge/Functions, ACM integration, WAF, and cross-stack exports. The goal is to help you declare CDN infrastructure reliably and reuseable across stacks and environments.

How this skill works

I supply CloudFormation snippets and full template structures that define DistributionConfig, Origins (S3, ALB, API Gateway, VPC, Lambda@Edge), CachePolicy and OriginRequestPolicy resources, and ViewerCertificate settings for custom domains. The skill shows parameter typing, constraints, SSM lookups, outputs and export/import patterns, plus examples for security headers, error pages, logging and nested stacks for modular deployments. Use the patterns to wire ACM certificates, OAI, WAF associations, caching strategies and monitoring into repeatable templates.

When to use it

  • Creating new CloudFront distributions with CloudFormation for production workloads
  • Configuring multiple origin types (S3, ALB, API Gateway, Lambda@Edge, VPC Origins)
  • Implementing fine-grained caching using CacheBehaviors, CachePolicy and OriginRequestPolicy
  • Managing custom domains with ACM and SNI-based viewer certificates
  • Integrating WAF, security headers, and Lambda@Edge or CloudFront Functions for request/response logic
  • Sharing resources between stacks with export/import or nested stacks for modular deployments

Best practices

  • Use AWS-specific parameter types (Certificate ARN, S3 bucket types, ALB DNS/ARN) to validate inputs and enable safer deployments
  • Centralize reusable configs (cache policies, origin request policies, security header functions) and export them from an infrastructure stack
  • Default to TLSv1.2_2021, enable IPv6 and HTTP/2/3, and set sensible Default/Max/Min TTLs to balance performance and invalidation cost
  • Limit forwarded headers/cookies/queries in cache keys to maximize cache hit ratio; whitelist only what your origin needs
  • Store WAF WebACL ARNs and CloudFront key IDs in SSM and reference them in templates for safer environment configuration

Example use cases

  • Static website delivery: CloudFront + S3 origin with OAI, long TTLs, and security headers enforced via CloudFront Functions
  • API fronting: CloudFront in front of ALB or API Gateway with path-based CacheBehaviors and origin request policy that forwards auth headers
  • Edge logic: Lambda@Edge or CloudFront Functions to rewrite requests, inject security headers, or perform A/B routing
  • Multi-stack deployment: Export S3 bucket and OAI from a network/infrastructure stack and import them into application stacks that create distributions
  • Modular templates: Use nested stacks for separate static asset and API distributions to improve CI/CD and deployment isolation

FAQ

ACM certificates for CloudFront must be in us-east-1; include region-aware mappings or request the certificate in us-east-1 and reference its ARN in the template.

How do I protect S3 origins behind CloudFront?

Create an Origin Access Identity (OAI) or Origin Access Control, restrict S3 bucket policy to allow only CloudFront, and reference the OAI in the S3OriginConfig.

When should I use Lambda@Edge vs CloudFront Functions?

Use CloudFront Functions for lightweight, high-performance request/response header manipulation and routing. Use Lambda@Edge for more complex logic, custom authentication, or when you need Node/Python runtime features.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
aws-cloudformation-cloudfront skill by giuseppe-trisciuoglio/developer-kit | VeilStrat