{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CloudFront.Types.ViewerCertificate
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.CloudFront.Types.ViewerCertificate where

import Amazonka.CloudFront.Types.CertificateSource
import Amazonka.CloudFront.Types.MinimumProtocolVersion
import Amazonka.CloudFront.Types.SSLSupportMethod
import qualified Amazonka.Core as Core
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | A complex type that determines the distribution’s SSL\/TLS configuration
-- for communicating with viewers.
--
-- If the distribution doesn’t use @Aliases@ (also known as alternate
-- domain names or CNAMEs)—that is, if the distribution uses the CloudFront
-- domain name such as @d111111abcdef8.cloudfront.net@—set
-- @CloudFrontDefaultCertificate@ to @true@ and leave all other fields
-- empty.
--
-- If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
-- use the fields in this type to specify the following settings:
--
-- -   Which viewers the distribution accepts HTTPS connections from: only
--     viewers that support
--     <https://en.wikipedia.org/wiki/Server_Name_Indication server name indication (SNI)>
--     (recommended), or all viewers including those that don’t support
--     SNI.
--
--     -   To accept HTTPS connections from only viewers that support SNI,
--         set @SSLSupportMethod@ to @sni-only@. This is recommended. Most
--         browsers and clients support SNI.
--
--     -   To accept HTTPS connections from all viewers, including those
--         that don’t support SNI, set @SSLSupportMethod@ to @vip@. This is
--         not recommended, and results in additional monthly charges from
--         CloudFront.
--
-- -   The minimum SSL\/TLS protocol version that the distribution can use
--     to communicate with viewers. To specify a minimum version, choose a
--     value for @MinimumProtocolVersion@. For more information, see
--     <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy Security Policy>
--     in the /Amazon CloudFront Developer Guide/.
--
-- -   The location of the SSL\/TLS certificate,
--     <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html Certificate Manager (ACM)>
--     (recommended) or
--     <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Identity and Access Management (IAM)>.
--     You specify the location by setting a value in one of the following
--     fields (not both):
--
--     -   @ACMCertificateArn@
--
--     -   @IAMCertificateId@
--
-- All distributions support HTTPS connections from viewers. To require
-- viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use
-- @ViewerProtocolPolicy@ in the @CacheBehavior@ or @DefaultCacheBehavior@.
-- To specify how CloudFront should use SSL\/TLS to communicate with your
-- custom origin, use @CustomOriginConfig@.
--
-- For more information, see
-- <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html Using HTTPS with CloudFront>
-- and
-- <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https-alternate-domain-names.html Using Alternate Domain Names and HTTPS>
-- in the /Amazon CloudFront Developer Guide/.
--
-- /See:/ 'newViewerCertificate' smart constructor.
data ViewerCertificate = ViewerCertificate'
  { -- | If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
    -- specify which viewers the distribution accepts HTTPS connections from.
    --
    -- -   @sni-only@ – The distribution accepts HTTPS connections from only
    --     viewers that support
    --     <https://en.wikipedia.org/wiki/Server_Name_Indication server name indication (SNI)>.
    --     This is recommended. Most browsers and clients support SNI.
    --
    -- -   @vip@ – The distribution accepts HTTPS connections from all viewers
    --     including those that don’t support SNI. This is not recommended, and
    --     results in additional monthly charges from CloudFront.
    --
    -- -   @static-ip@ - Do not specify this value unless your distribution has
    --     been enabled for this feature by the CloudFront team. If you have a
    --     use case that requires static IP addresses for a distribution,
    --     contact CloudFront through the
    --     <https://console.aws.amazon.com/support/home Amazon Web Services Support Center>.
    --
    -- If the distribution uses the CloudFront domain name such as
    -- @d111111abcdef8.cloudfront.net@, don’t set a value for this field.
    ViewerCertificate -> Maybe SSLSupportMethod
sSLSupportMethod :: Prelude.Maybe SSLSupportMethod,
    -- | If the distribution uses @Aliases@ (alternate domain names or CNAMEs)
    -- and the SSL\/TLS certificate is stored in
    -- <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html Certificate Manager (ACM)>,
    -- provide the Amazon Resource Name (ARN) of the ACM certificate.
    -- CloudFront only supports ACM certificates in the US East (N. Virginia)
    -- Region (@us-east-1@).
    --
    -- If you specify an ACM certificate ARN, you must also specify values for
    -- @MinimumProtocolVersion@ and @SSLSupportMethod@.
    ViewerCertificate -> Maybe Text
aCMCertificateArn :: Prelude.Maybe Prelude.Text,
    -- | This field is deprecated. Use one of the following fields instead:
    --
    -- -   @ACMCertificateArn@
    --
    -- -   @IAMCertificateId@
    --
    -- -   @CloudFrontDefaultCertificate@
    ViewerCertificate -> Maybe CertificateSource
certificateSource :: Prelude.Maybe CertificateSource,
    -- | If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
    -- specify the security policy that you want CloudFront to use for HTTPS
    -- connections with viewers. The security policy determines two settings:
    --
    -- -   The minimum SSL\/TLS protocol that CloudFront can use to communicate
    --     with viewers.
    --
    -- -   The ciphers that CloudFront can use to encrypt the content that it
    --     returns to viewers.
    --
    -- For more information, see
    -- <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy Security Policy>
    -- and
    -- <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers Supported Protocols and Ciphers Between Viewers and CloudFront>
    -- in the /Amazon CloudFront Developer Guide/.
    --
    -- On the CloudFront console, this setting is called __Security Policy__.
    --
    -- When you’re using SNI only (you set @SSLSupportMethod@ to @sni-only@),
    -- you must specify @TLSv1@ or higher.
    --
    -- If the distribution uses the CloudFront domain name such as
    -- @d111111abcdef8.cloudfront.net@ (you set @CloudFrontDefaultCertificate@
    -- to @true@), CloudFront automatically sets the security policy to @TLSv1@
    -- regardless of the value that you set here.
    ViewerCertificate -> Maybe MinimumProtocolVersion
minimumProtocolVersion :: Prelude.Maybe MinimumProtocolVersion,
    -- | This field is deprecated. Use one of the following fields instead:
    --
    -- -   @ACMCertificateArn@
    --
    -- -   @IAMCertificateId@
    --
    -- -   @CloudFrontDefaultCertificate@
    ViewerCertificate -> Maybe Text
certificate :: Prelude.Maybe Prelude.Text,
    -- | If the distribution uses @Aliases@ (alternate domain names or CNAMEs)
    -- and the SSL\/TLS certificate is stored in
    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Identity and Access Management (IAM)>,
    -- provide the ID of the IAM certificate.
    --
    -- If you specify an IAM certificate ID, you must also specify values for
    -- @MinimumProtocolVersion@ and @SSLSupportMethod@.
    ViewerCertificate -> Maybe Text
iAMCertificateId :: Prelude.Maybe Prelude.Text,
    -- | If the distribution uses the CloudFront domain name such as
    -- @d111111abcdef8.cloudfront.net@, set this field to @true@.
    --
    -- If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
    -- set this field to @false@ and specify values for the following fields:
    --
    -- -   @ACMCertificateArn@ or @IAMCertificateId@ (specify a value for one,
    --     not both)
    --
    -- -   @MinimumProtocolVersion@
    --
    -- -   @SSLSupportMethod@
    ViewerCertificate -> Maybe Bool
cloudFrontDefaultCertificate :: Prelude.Maybe Prelude.Bool
  }
  deriving (ViewerCertificate -> ViewerCertificate -> Bool
(ViewerCertificate -> ViewerCertificate -> Bool)
-> (ViewerCertificate -> ViewerCertificate -> Bool)
-> Eq ViewerCertificate
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: ViewerCertificate -> ViewerCertificate -> Bool
$c/= :: ViewerCertificate -> ViewerCertificate -> Bool
== :: ViewerCertificate -> ViewerCertificate -> Bool
$c== :: ViewerCertificate -> ViewerCertificate -> Bool
Prelude.Eq, ReadPrec [ViewerCertificate]
ReadPrec ViewerCertificate
Int -> ReadS ViewerCertificate
ReadS [ViewerCertificate]
(Int -> ReadS ViewerCertificate)
-> ReadS [ViewerCertificate]
-> ReadPrec ViewerCertificate
-> ReadPrec [ViewerCertificate]
-> Read ViewerCertificate
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [ViewerCertificate]
$creadListPrec :: ReadPrec [ViewerCertificate]
readPrec :: ReadPrec ViewerCertificate
$creadPrec :: ReadPrec ViewerCertificate
readList :: ReadS [ViewerCertificate]
$creadList :: ReadS [ViewerCertificate]
readsPrec :: Int -> ReadS ViewerCertificate
$creadsPrec :: Int -> ReadS ViewerCertificate
Prelude.Read, Int -> ViewerCertificate -> ShowS
[ViewerCertificate] -> ShowS
ViewerCertificate -> String
(Int -> ViewerCertificate -> ShowS)
-> (ViewerCertificate -> String)
-> ([ViewerCertificate] -> ShowS)
-> Show ViewerCertificate
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [ViewerCertificate] -> ShowS
$cshowList :: [ViewerCertificate] -> ShowS
show :: ViewerCertificate -> String
$cshow :: ViewerCertificate -> String
showsPrec :: Int -> ViewerCertificate -> ShowS
$cshowsPrec :: Int -> ViewerCertificate -> ShowS
Prelude.Show, (forall x. ViewerCertificate -> Rep ViewerCertificate x)
-> (forall x. Rep ViewerCertificate x -> ViewerCertificate)
-> Generic ViewerCertificate
forall x. Rep ViewerCertificate x -> ViewerCertificate
forall x. ViewerCertificate -> Rep ViewerCertificate x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep ViewerCertificate x -> ViewerCertificate
$cfrom :: forall x. ViewerCertificate -> Rep ViewerCertificate x
Prelude.Generic)

-- |
-- Create a value of 'ViewerCertificate' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'sSLSupportMethod', 'viewerCertificate_sSLSupportMethod' - If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
-- specify which viewers the distribution accepts HTTPS connections from.
--
-- -   @sni-only@ – The distribution accepts HTTPS connections from only
--     viewers that support
--     <https://en.wikipedia.org/wiki/Server_Name_Indication server name indication (SNI)>.
--     This is recommended. Most browsers and clients support SNI.
--
-- -   @vip@ – The distribution accepts HTTPS connections from all viewers
--     including those that don’t support SNI. This is not recommended, and
--     results in additional monthly charges from CloudFront.
--
-- -   @static-ip@ - Do not specify this value unless your distribution has
--     been enabled for this feature by the CloudFront team. If you have a
--     use case that requires static IP addresses for a distribution,
--     contact CloudFront through the
--     <https://console.aws.amazon.com/support/home Amazon Web Services Support Center>.
--
-- If the distribution uses the CloudFront domain name such as
-- @d111111abcdef8.cloudfront.net@, don’t set a value for this field.
--
-- 'aCMCertificateArn', 'viewerCertificate_aCMCertificateArn' - If the distribution uses @Aliases@ (alternate domain names or CNAMEs)
-- and the SSL\/TLS certificate is stored in
-- <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html Certificate Manager (ACM)>,
-- provide the Amazon Resource Name (ARN) of the ACM certificate.
-- CloudFront only supports ACM certificates in the US East (N. Virginia)
-- Region (@us-east-1@).
--
-- If you specify an ACM certificate ARN, you must also specify values for
-- @MinimumProtocolVersion@ and @SSLSupportMethod@.
--
-- 'certificateSource', 'viewerCertificate_certificateSource' - This field is deprecated. Use one of the following fields instead:
--
-- -   @ACMCertificateArn@
--
-- -   @IAMCertificateId@
--
-- -   @CloudFrontDefaultCertificate@
--
-- 'minimumProtocolVersion', 'viewerCertificate_minimumProtocolVersion' - If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
-- specify the security policy that you want CloudFront to use for HTTPS
-- connections with viewers. The security policy determines two settings:
--
-- -   The minimum SSL\/TLS protocol that CloudFront can use to communicate
--     with viewers.
--
-- -   The ciphers that CloudFront can use to encrypt the content that it
--     returns to viewers.
--
-- For more information, see
-- <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy Security Policy>
-- and
-- <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers Supported Protocols and Ciphers Between Viewers and CloudFront>
-- in the /Amazon CloudFront Developer Guide/.
--
-- On the CloudFront console, this setting is called __Security Policy__.
--
-- When you’re using SNI only (you set @SSLSupportMethod@ to @sni-only@),
-- you must specify @TLSv1@ or higher.
--
-- If the distribution uses the CloudFront domain name such as
-- @d111111abcdef8.cloudfront.net@ (you set @CloudFrontDefaultCertificate@
-- to @true@), CloudFront automatically sets the security policy to @TLSv1@
-- regardless of the value that you set here.
--
-- 'certificate', 'viewerCertificate_certificate' - This field is deprecated. Use one of the following fields instead:
--
-- -   @ACMCertificateArn@
--
-- -   @IAMCertificateId@
--
-- -   @CloudFrontDefaultCertificate@
--
-- 'iAMCertificateId', 'viewerCertificate_iAMCertificateId' - If the distribution uses @Aliases@ (alternate domain names or CNAMEs)
-- and the SSL\/TLS certificate is stored in
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Identity and Access Management (IAM)>,
-- provide the ID of the IAM certificate.
--
-- If you specify an IAM certificate ID, you must also specify values for
-- @MinimumProtocolVersion@ and @SSLSupportMethod@.
--
-- 'cloudFrontDefaultCertificate', 'viewerCertificate_cloudFrontDefaultCertificate' - If the distribution uses the CloudFront domain name such as
-- @d111111abcdef8.cloudfront.net@, set this field to @true@.
--
-- If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
-- set this field to @false@ and specify values for the following fields:
--
-- -   @ACMCertificateArn@ or @IAMCertificateId@ (specify a value for one,
--     not both)
--
-- -   @MinimumProtocolVersion@
--
-- -   @SSLSupportMethod@
newViewerCertificate ::
  ViewerCertificate
newViewerCertificate :: ViewerCertificate
newViewerCertificate =
  ViewerCertificate' :: Maybe SSLSupportMethod
-> Maybe Text
-> Maybe CertificateSource
-> Maybe MinimumProtocolVersion
-> Maybe Text
-> Maybe Text
-> Maybe Bool
-> ViewerCertificate
ViewerCertificate'
    { $sel:sSLSupportMethod:ViewerCertificate' :: Maybe SSLSupportMethod
sSLSupportMethod =
        Maybe SSLSupportMethod
forall a. Maybe a
Prelude.Nothing,
      $sel:aCMCertificateArn:ViewerCertificate' :: Maybe Text
aCMCertificateArn = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:certificateSource:ViewerCertificate' :: Maybe CertificateSource
certificateSource = Maybe CertificateSource
forall a. Maybe a
Prelude.Nothing,
      $sel:minimumProtocolVersion:ViewerCertificate' :: Maybe MinimumProtocolVersion
minimumProtocolVersion = Maybe MinimumProtocolVersion
forall a. Maybe a
Prelude.Nothing,
      $sel:certificate:ViewerCertificate' :: Maybe Text
certificate = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:iAMCertificateId:ViewerCertificate' :: Maybe Text
iAMCertificateId = Maybe Text
forall a. Maybe a
Prelude.Nothing,
      $sel:cloudFrontDefaultCertificate:ViewerCertificate' :: Maybe Bool
cloudFrontDefaultCertificate = Maybe Bool
forall a. Maybe a
Prelude.Nothing
    }

-- | If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
-- specify which viewers the distribution accepts HTTPS connections from.
--
-- -   @sni-only@ – The distribution accepts HTTPS connections from only
--     viewers that support
--     <https://en.wikipedia.org/wiki/Server_Name_Indication server name indication (SNI)>.
--     This is recommended. Most browsers and clients support SNI.
--
-- -   @vip@ – The distribution accepts HTTPS connections from all viewers
--     including those that don’t support SNI. This is not recommended, and
--     results in additional monthly charges from CloudFront.
--
-- -   @static-ip@ - Do not specify this value unless your distribution has
--     been enabled for this feature by the CloudFront team. If you have a
--     use case that requires static IP addresses for a distribution,
--     contact CloudFront through the
--     <https://console.aws.amazon.com/support/home Amazon Web Services Support Center>.
--
-- If the distribution uses the CloudFront domain name such as
-- @d111111abcdef8.cloudfront.net@, don’t set a value for this field.
viewerCertificate_sSLSupportMethod :: Lens.Lens' ViewerCertificate (Prelude.Maybe SSLSupportMethod)
viewerCertificate_sSLSupportMethod :: (Maybe SSLSupportMethod -> f (Maybe SSLSupportMethod))
-> ViewerCertificate -> f ViewerCertificate
viewerCertificate_sSLSupportMethod = (ViewerCertificate -> Maybe SSLSupportMethod)
-> (ViewerCertificate
    -> Maybe SSLSupportMethod -> ViewerCertificate)
-> Lens
     ViewerCertificate
     ViewerCertificate
     (Maybe SSLSupportMethod)
     (Maybe SSLSupportMethod)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ViewerCertificate' {Maybe SSLSupportMethod
sSLSupportMethod :: Maybe SSLSupportMethod
$sel:sSLSupportMethod:ViewerCertificate' :: ViewerCertificate -> Maybe SSLSupportMethod
sSLSupportMethod} -> Maybe SSLSupportMethod
sSLSupportMethod) (\s :: ViewerCertificate
s@ViewerCertificate' {} Maybe SSLSupportMethod
a -> ViewerCertificate
s {$sel:sSLSupportMethod:ViewerCertificate' :: Maybe SSLSupportMethod
sSLSupportMethod = Maybe SSLSupportMethod
a} :: ViewerCertificate)

-- | If the distribution uses @Aliases@ (alternate domain names or CNAMEs)
-- and the SSL\/TLS certificate is stored in
-- <https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html Certificate Manager (ACM)>,
-- provide the Amazon Resource Name (ARN) of the ACM certificate.
-- CloudFront only supports ACM certificates in the US East (N. Virginia)
-- Region (@us-east-1@).
--
-- If you specify an ACM certificate ARN, you must also specify values for
-- @MinimumProtocolVersion@ and @SSLSupportMethod@.
viewerCertificate_aCMCertificateArn :: Lens.Lens' ViewerCertificate (Prelude.Maybe Prelude.Text)
viewerCertificate_aCMCertificateArn :: (Maybe Text -> f (Maybe Text))
-> ViewerCertificate -> f ViewerCertificate
viewerCertificate_aCMCertificateArn = (ViewerCertificate -> Maybe Text)
-> (ViewerCertificate -> Maybe Text -> ViewerCertificate)
-> Lens
     ViewerCertificate ViewerCertificate (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ViewerCertificate' {Maybe Text
aCMCertificateArn :: Maybe Text
$sel:aCMCertificateArn:ViewerCertificate' :: ViewerCertificate -> Maybe Text
aCMCertificateArn} -> Maybe Text
aCMCertificateArn) (\s :: ViewerCertificate
s@ViewerCertificate' {} Maybe Text
a -> ViewerCertificate
s {$sel:aCMCertificateArn:ViewerCertificate' :: Maybe Text
aCMCertificateArn = Maybe Text
a} :: ViewerCertificate)

-- | This field is deprecated. Use one of the following fields instead:
--
-- -   @ACMCertificateArn@
--
-- -   @IAMCertificateId@
--
-- -   @CloudFrontDefaultCertificate@
viewerCertificate_certificateSource :: Lens.Lens' ViewerCertificate (Prelude.Maybe CertificateSource)
viewerCertificate_certificateSource :: (Maybe CertificateSource -> f (Maybe CertificateSource))
-> ViewerCertificate -> f ViewerCertificate
viewerCertificate_certificateSource = (ViewerCertificate -> Maybe CertificateSource)
-> (ViewerCertificate
    -> Maybe CertificateSource -> ViewerCertificate)
-> Lens
     ViewerCertificate
     ViewerCertificate
     (Maybe CertificateSource)
     (Maybe CertificateSource)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ViewerCertificate' {Maybe CertificateSource
certificateSource :: Maybe CertificateSource
$sel:certificateSource:ViewerCertificate' :: ViewerCertificate -> Maybe CertificateSource
certificateSource} -> Maybe CertificateSource
certificateSource) (\s :: ViewerCertificate
s@ViewerCertificate' {} Maybe CertificateSource
a -> ViewerCertificate
s {$sel:certificateSource:ViewerCertificate' :: Maybe CertificateSource
certificateSource = Maybe CertificateSource
a} :: ViewerCertificate)

-- | If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
-- specify the security policy that you want CloudFront to use for HTTPS
-- connections with viewers. The security policy determines two settings:
--
-- -   The minimum SSL\/TLS protocol that CloudFront can use to communicate
--     with viewers.
--
-- -   The ciphers that CloudFront can use to encrypt the content that it
--     returns to viewers.
--
-- For more information, see
-- <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy Security Policy>
-- and
-- <https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers Supported Protocols and Ciphers Between Viewers and CloudFront>
-- in the /Amazon CloudFront Developer Guide/.
--
-- On the CloudFront console, this setting is called __Security Policy__.
--
-- When you’re using SNI only (you set @SSLSupportMethod@ to @sni-only@),
-- you must specify @TLSv1@ or higher.
--
-- If the distribution uses the CloudFront domain name such as
-- @d111111abcdef8.cloudfront.net@ (you set @CloudFrontDefaultCertificate@
-- to @true@), CloudFront automatically sets the security policy to @TLSv1@
-- regardless of the value that you set here.
viewerCertificate_minimumProtocolVersion :: Lens.Lens' ViewerCertificate (Prelude.Maybe MinimumProtocolVersion)
viewerCertificate_minimumProtocolVersion :: (Maybe MinimumProtocolVersion -> f (Maybe MinimumProtocolVersion))
-> ViewerCertificate -> f ViewerCertificate
viewerCertificate_minimumProtocolVersion = (ViewerCertificate -> Maybe MinimumProtocolVersion)
-> (ViewerCertificate
    -> Maybe MinimumProtocolVersion -> ViewerCertificate)
-> Lens
     ViewerCertificate
     ViewerCertificate
     (Maybe MinimumProtocolVersion)
     (Maybe MinimumProtocolVersion)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ViewerCertificate' {Maybe MinimumProtocolVersion
minimumProtocolVersion :: Maybe MinimumProtocolVersion
$sel:minimumProtocolVersion:ViewerCertificate' :: ViewerCertificate -> Maybe MinimumProtocolVersion
minimumProtocolVersion} -> Maybe MinimumProtocolVersion
minimumProtocolVersion) (\s :: ViewerCertificate
s@ViewerCertificate' {} Maybe MinimumProtocolVersion
a -> ViewerCertificate
s {$sel:minimumProtocolVersion:ViewerCertificate' :: Maybe MinimumProtocolVersion
minimumProtocolVersion = Maybe MinimumProtocolVersion
a} :: ViewerCertificate)

-- | This field is deprecated. Use one of the following fields instead:
--
-- -   @ACMCertificateArn@
--
-- -   @IAMCertificateId@
--
-- -   @CloudFrontDefaultCertificate@
viewerCertificate_certificate :: Lens.Lens' ViewerCertificate (Prelude.Maybe Prelude.Text)
viewerCertificate_certificate :: (Maybe Text -> f (Maybe Text))
-> ViewerCertificate -> f ViewerCertificate
viewerCertificate_certificate = (ViewerCertificate -> Maybe Text)
-> (ViewerCertificate -> Maybe Text -> ViewerCertificate)
-> Lens
     ViewerCertificate ViewerCertificate (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ViewerCertificate' {Maybe Text
certificate :: Maybe Text
$sel:certificate:ViewerCertificate' :: ViewerCertificate -> Maybe Text
certificate} -> Maybe Text
certificate) (\s :: ViewerCertificate
s@ViewerCertificate' {} Maybe Text
a -> ViewerCertificate
s {$sel:certificate:ViewerCertificate' :: Maybe Text
certificate = Maybe Text
a} :: ViewerCertificate)

-- | If the distribution uses @Aliases@ (alternate domain names or CNAMEs)
-- and the SSL\/TLS certificate is stored in
-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html Identity and Access Management (IAM)>,
-- provide the ID of the IAM certificate.
--
-- If you specify an IAM certificate ID, you must also specify values for
-- @MinimumProtocolVersion@ and @SSLSupportMethod@.
viewerCertificate_iAMCertificateId :: Lens.Lens' ViewerCertificate (Prelude.Maybe Prelude.Text)
viewerCertificate_iAMCertificateId :: (Maybe Text -> f (Maybe Text))
-> ViewerCertificate -> f ViewerCertificate
viewerCertificate_iAMCertificateId = (ViewerCertificate -> Maybe Text)
-> (ViewerCertificate -> Maybe Text -> ViewerCertificate)
-> Lens
     ViewerCertificate ViewerCertificate (Maybe Text) (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ViewerCertificate' {Maybe Text
iAMCertificateId :: Maybe Text
$sel:iAMCertificateId:ViewerCertificate' :: ViewerCertificate -> Maybe Text
iAMCertificateId} -> Maybe Text
iAMCertificateId) (\s :: ViewerCertificate
s@ViewerCertificate' {} Maybe Text
a -> ViewerCertificate
s {$sel:iAMCertificateId:ViewerCertificate' :: Maybe Text
iAMCertificateId = Maybe Text
a} :: ViewerCertificate)

-- | If the distribution uses the CloudFront domain name such as
-- @d111111abcdef8.cloudfront.net@, set this field to @true@.
--
-- If the distribution uses @Aliases@ (alternate domain names or CNAMEs),
-- set this field to @false@ and specify values for the following fields:
--
-- -   @ACMCertificateArn@ or @IAMCertificateId@ (specify a value for one,
--     not both)
--
-- -   @MinimumProtocolVersion@
--
-- -   @SSLSupportMethod@
viewerCertificate_cloudFrontDefaultCertificate :: Lens.Lens' ViewerCertificate (Prelude.Maybe Prelude.Bool)
viewerCertificate_cloudFrontDefaultCertificate :: (Maybe Bool -> f (Maybe Bool))
-> ViewerCertificate -> f ViewerCertificate
viewerCertificate_cloudFrontDefaultCertificate = (ViewerCertificate -> Maybe Bool)
-> (ViewerCertificate -> Maybe Bool -> ViewerCertificate)
-> Lens
     ViewerCertificate ViewerCertificate (Maybe Bool) (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\ViewerCertificate' {Maybe Bool
cloudFrontDefaultCertificate :: Maybe Bool
$sel:cloudFrontDefaultCertificate:ViewerCertificate' :: ViewerCertificate -> Maybe Bool
cloudFrontDefaultCertificate} -> Maybe Bool
cloudFrontDefaultCertificate) (\s :: ViewerCertificate
s@ViewerCertificate' {} Maybe Bool
a -> ViewerCertificate
s {$sel:cloudFrontDefaultCertificate:ViewerCertificate' :: Maybe Bool
cloudFrontDefaultCertificate = Maybe Bool
a} :: ViewerCertificate)

instance Core.FromXML ViewerCertificate where
  parseXML :: [Node] -> Either String ViewerCertificate
parseXML [Node]
x =
    Maybe SSLSupportMethod
-> Maybe Text
-> Maybe CertificateSource
-> Maybe MinimumProtocolVersion
-> Maybe Text
-> Maybe Text
-> Maybe Bool
-> ViewerCertificate
ViewerCertificate'
      (Maybe SSLSupportMethod
 -> Maybe Text
 -> Maybe CertificateSource
 -> Maybe MinimumProtocolVersion
 -> Maybe Text
 -> Maybe Text
 -> Maybe Bool
 -> ViewerCertificate)
-> Either String (Maybe SSLSupportMethod)
-> Either
     String
     (Maybe Text
      -> Maybe CertificateSource
      -> Maybe MinimumProtocolVersion
      -> Maybe Text
      -> Maybe Text
      -> Maybe Bool
      -> ViewerCertificate)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe SSLSupportMethod)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"SSLSupportMethod")
      Either
  String
  (Maybe Text
   -> Maybe CertificateSource
   -> Maybe MinimumProtocolVersion
   -> Maybe Text
   -> Maybe Text
   -> Maybe Bool
   -> ViewerCertificate)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe CertificateSource
      -> Maybe MinimumProtocolVersion
      -> Maybe Text
      -> Maybe Text
      -> Maybe Bool
      -> ViewerCertificate)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"ACMCertificateArn")
      Either
  String
  (Maybe CertificateSource
   -> Maybe MinimumProtocolVersion
   -> Maybe Text
   -> Maybe Text
   -> Maybe Bool
   -> ViewerCertificate)
-> Either String (Maybe CertificateSource)
-> Either
     String
     (Maybe MinimumProtocolVersion
      -> Maybe Text -> Maybe Text -> Maybe Bool -> ViewerCertificate)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe CertificateSource)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"CertificateSource")
      Either
  String
  (Maybe MinimumProtocolVersion
   -> Maybe Text -> Maybe Text -> Maybe Bool -> ViewerCertificate)
-> Either String (Maybe MinimumProtocolVersion)
-> Either
     String
     (Maybe Text -> Maybe Text -> Maybe Bool -> ViewerCertificate)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe MinimumProtocolVersion)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"MinimumProtocolVersion")
      Either
  String
  (Maybe Text -> Maybe Text -> Maybe Bool -> ViewerCertificate)
-> Either String (Maybe Text)
-> Either String (Maybe Text -> Maybe Bool -> ViewerCertificate)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"Certificate")
      Either String (Maybe Text -> Maybe Bool -> ViewerCertificate)
-> Either String (Maybe Text)
-> Either String (Maybe Bool -> ViewerCertificate)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"IAMCertificateId")
      Either String (Maybe Bool -> ViewerCertificate)
-> Either String (Maybe Bool) -> Either String ViewerCertificate
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Bool)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"CloudFrontDefaultCertificate")

instance Prelude.Hashable ViewerCertificate

instance Prelude.NFData ViewerCertificate

instance Core.ToXML ViewerCertificate where
  toXML :: ViewerCertificate -> XML
toXML ViewerCertificate' {Maybe Bool
Maybe Text
Maybe CertificateSource
Maybe MinimumProtocolVersion
Maybe SSLSupportMethod
cloudFrontDefaultCertificate :: Maybe Bool
iAMCertificateId :: Maybe Text
certificate :: Maybe Text
minimumProtocolVersion :: Maybe MinimumProtocolVersion
certificateSource :: Maybe CertificateSource
aCMCertificateArn :: Maybe Text
sSLSupportMethod :: Maybe SSLSupportMethod
$sel:cloudFrontDefaultCertificate:ViewerCertificate' :: ViewerCertificate -> Maybe Bool
$sel:iAMCertificateId:ViewerCertificate' :: ViewerCertificate -> Maybe Text
$sel:certificate:ViewerCertificate' :: ViewerCertificate -> Maybe Text
$sel:minimumProtocolVersion:ViewerCertificate' :: ViewerCertificate -> Maybe MinimumProtocolVersion
$sel:certificateSource:ViewerCertificate' :: ViewerCertificate -> Maybe CertificateSource
$sel:aCMCertificateArn:ViewerCertificate' :: ViewerCertificate -> Maybe Text
$sel:sSLSupportMethod:ViewerCertificate' :: ViewerCertificate -> Maybe SSLSupportMethod
..} =
    [XML] -> XML
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ Name
"SSLSupportMethod" Name -> Maybe SSLSupportMethod -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe SSLSupportMethod
sSLSupportMethod,
        Name
"ACMCertificateArn" Name -> Maybe Text -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe Text
aCMCertificateArn,
        Name
"CertificateSource" Name -> Maybe CertificateSource -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe CertificateSource
certificateSource,
        Name
"MinimumProtocolVersion"
          Name -> Maybe MinimumProtocolVersion -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe MinimumProtocolVersion
minimumProtocolVersion,
        Name
"Certificate" Name -> Maybe Text -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe Text
certificate,
        Name
"IAMCertificateId" Name -> Maybe Text -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe Text
iAMCertificateId,
        Name
"CloudFrontDefaultCertificate"
          Name -> Maybe Bool -> XML
forall a. ToXML a => Name -> a -> XML
Core.@= Maybe Bool
cloudFrontDefaultCertificate
      ]