[cloudfront]: suport for MultiTenantDistribution creation via CDK

[mattiLeBlanc]

Describe the feature

Create Cloudfront Multi tenant distribution via cdk.

Use Case

I want to deploy all my cloudformation via CDK. Now I have to create the multitenant distribution manually.

Now I get ValidationError: Template format error: Unrecognized resource types: [AWS::CloudFront::MultiTenantDistribution] when I try the proposed solution below

Proposed Solution

It would be nice if this would be supported:

const name = `${this.props.applicationName}-website-manager`;

    const oac = new CfnOriginAccessControl(this, 'WebsiteOAC', {
      originAccessControlConfig: {
        name,
        originAccessControlOriginType: 's3',
        signingBehavior: 'always',
        signingProtocol: 'sigv4',
      },
    });

    // Multi-tenant distribution — parameters {{customerId}} and {{websiteId}} are substituted
    // per tenant at CreateDistributionTenant time.
    // NOTE: CfnResource property names mirror the CloudFront API shape.
    // Adjust if CloudFormation validation fails on first deploy.
    new CfnResource(this, 'WebsiteDistribution', {
      type: 'AWS::CloudFront::MultiTenantDistribution',
      properties: {
        MultiTenantDistributionConfig: {
          Name: name,
          Comment: name,
          Enabled: true,
          Origins: [{
            Id: 'S3Origin',
            DomainName: `${dataBucket.bucketName}.s3.${Stack.of(this).region}.amazonaws.com`,
            OriginPath: '/customers/{{customerId}}/websites/{{websiteId}}/dist',
            S3OriginConfig: { OriginAccessIdentity: '' },
            OriginAccessControlId: oac.attrId,
          }],
          DefaultCacheBehavior: {
            TargetOriginId: 'S3Origin',
            ViewerProtocolPolicy: 'redirect-to-https',
            CachePolicyId: '658327ea-f89d-4fab-a63d-7e88639e58f6', // Managed-CachingOptimized
            Compress: true,
          },
          CustomErrorResponses: [
            { ErrorCode: 403, ResponseCode: 200, ResponsePagePath: '/index.html' },
            { ErrorCode: 404, ResponseCode: 200, ResponsePagePath: '/index.html' },
          ],
          TenantConfig: {
            ParameterDefinitions: [
              { Name: 'customerId' },
              { Name: 'websiteId' },
            ],
          },
        },
      },
    });

    // Connection group — shared CloudFront entry point; each tenant domain routes via this group
    new CfnResource(this, 'WebsiteConnectionGroup', {
      type: 'AWS::CloudFront::ConnectionGroup',
      properties: {
        Name: name,
        Ipv6Enabled: true,
      },
    });

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

AWS CDK Library version (aws-cdk-lib)

^2.248.0

AWS CDK CLI version

2.1100.1 (build db19110)

Environment details (OS name and version, etc.)

Macos 26.3.1 (a)

[related-issues-bot-for-aws]

Hi @mattiLeBlanc,

Thanks for reporting! While a member of the CDK team reviews this, we've identified this as a potential duplicate.

Potential Duplicate Issues

• cloudfront: add support for CF SaaS Manager #34297: Both issues request CDK support for CloudFront multi-tenant distribution resources (SaaS Manager). The current issue attempts to use AWS::CloudFront::MultiTenantDistribution and AWS::CloudFront::ConnectionGroup via CfnResource and encounters "Unrecognized resource types," while cloudfront: add support for CF SaaS Manager #34297 requests the same CloudFront SaaS Manager support in CDK covering the identical resource types. They share the same root cause — these CloudFront resource types are not yet supported in CDK/CloudFormation — and would be resolved by the same fix: adding L1/L2 construct support for CloudFront SaaS Manager resources in aws-cdk-lib/aws-cloudfront.

This message was generated automatically to help connect related conversations and improve discoverability.

Please react with 👍 or 👎 to let us know if this response was helpful!

Thank you for helping improve CDK! 🙌