AWS::CloudFront::Distribution:
   Properties:
    DistributionConfig: |
      {
        "Aliases"              => ["CNAMEs (alternate domain names), if any, for the distribution"],
        "CacheBehaviors"       => [
          {
             "AllowedMethods"       => ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"], # default ["HEAD", "GET"]
             "CachedMethods"        => ["GET", "HEAD", "OPTIONS"], # default  ["HEAD", "GET"]
             "ForwardedValues"      => {
               "Cookies"     => {
                 "Forward"          => "\"none, all, or whitelist\"",
                 "WhitelistedNames" => ["The names of cookies to forward to the origin for the cache behavior."]
               },
               "Headers"     => ["(whitelisted headers)", "If you specify a single asterisk *, all headers are forwarded"],
               "QueryString" => false # Indicates whether you want CloudFront to forward query strings to the origin, Required: Yes
             },
             "MinTTL"               => "\"The minimum amount of time that you want objects to stay in the cache\"",
             "PathPattern"          => "\"The pattern to which this cache behavior applies. For example, you can specify images/*.jpg.\"",
             "SmoothStreaming"      => "\"distribute media files in the Microsoft Smooth Streaming format\"",
             "TargetOriginId"       => "\"The ID value of the origin to which you want CloudFront to route requests\"",
             "TrustedSigners"       => ["A list of AWS accounts that can create signed URLs in order to access private content."],
             "ViewerProtocolPolicy" => "\"The protocol that users can use to access the files\""
          }  
         ],
        "Comment"              => "\"Comment\"",
        "CustomErrorResponses" => [
          {
            "ErrorCachingMinTTL" => 300,  #The default value is 300.
            "ErrorCode"          => 500,  # 400, 403, 404, 405, 414, 500, 501, 502, 503, or 504
            "ResponseCode"       => 500,  # 200, 400, 403, 404, 405, 414, 500, 501, 502, 503, or 504.
            "ResponsePagePath"   => "\"The path to the custom error page\""
          }
         ],
        "DefaultCacheBehavior" => {
          "AllowedMethods"       => ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"], # default ["HEAD", "GET"]
          "CachedMethods"        => ["GET", "HEAD", "OPTIONS"], # default ["HEAD", "GET"].
          "ForwardedValues"      => {
            "Cookies"     => {
              "Forward"          => "\"none, all, or whitelist\"",
              "WhitelistedNames" => ["The names of cookies to forward to the origin for the cache behavior."]
            },
            "Headers"     => ["(whitelisted headers)", "If you specify a single asterisk *, all headers are forwarded"],
            "QueryString" => false # Indicates whether you want CloudFront to forward query strings to the origin, Required: Yes
          },
          "MinTTL"               => "\"The minimum amount of time that you want objects to stay in the cache\"",
          "SmoothStreaming"      => "\"distribute media files in the Microsoft Smooth Streaming format\"",
          "TargetOriginId"       => "\"The ID value of the origin to which you want CloudFront to route requests\"",
          "TrustedSigners"       => ["A list of AWS accounts that can create signed URLs in order to access private content."],
          "ViewerProtocolPolicy" => "\"allow-all | redirect-to-https | https-only\""
        },
        "DefaultRootObject"    => "\"The object (such as index.html) that you want CloudFront to request from your origin when the root URL\"",
        "Enabled"              => true,
        "Logging"              => {
          "Bucket"         => "\"s3bucket\"",
          "IncludeCookies" => true,
          "Prefix"         => "\"/prefix\""
        },
        "Origins"              => [
          {
            "CustomOriginConfig" => {
              "HTTPPort"             => "\"80\"",
              "HTTPSPort"            => "\"443\"",
              "OriginProtocolPolicy" => "\"http-only | match-viewer\""
            },
            "DomainName"         => "\"The DNS name of the Amazon Simple Storage Service (S3) bucket or the HTTP server\"",
            "Id"                 => "\"An identifier for the origin\"",
            "OriginPath"         => "\The path that CloudFront uses to request content from an S3 bucket or custom origin. The combination of the DomainName and OriginPath properties must resolve to a valid path. The value must start with a slash mark (/) and cannot end with a slash mark.\"",
            "S3OriginConfig"     => {
              "OriginAccessIdentity" => "\"origin-access-identity/cloudfront/ID-of-origin-access-identity\""
            }     
          }
        ],
        "PriceClass"           => "PriceClass_All | PriceClass_200 | PriceClass_100",
        "Restrictions"         => {
          "GeoRestriction" => {
            "Locations"       => ["The two-letter, uppercase country code for a country that you want to include in your blacklist or whitelist."],
            "RestrictionType" => "\"blacklist | whitelist | none\""
          }
        },
        "ViewerCertificate"    => {
          "CloudFrontDefaultCertificate" => true,
          "IamCertificateId"             => "\"The IAM certificate ID to use if you're using an alternate domain name, Path MUST starts with /cloudfront/",
          "MinimumProtocolVersion"       => "\"If you specify the IamCertificateId property and specify SNI only for the SslSupportMethod property, you must use TLSv1 for the minimum protocol version. If you don't specify a value, AWS CloudFormation specifies SSLv3.\"",
          "SslSupportMethod"             => "\"vip | sni-only\""
        }
      }