Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.
Crea un SDK per le risorse di gestione SaaS AWS
L’esempio di codice seguente mostra come creare una distribuzione multi-tenant e un tenant di distribuzione con varie configurazioni.
- Java
-
- SDK per Java 2.x
-
Nota
C'è altro su. GitHub Trova l'esempio completo e scopri di più sulla configurazione e l'esecuzione nel Repository di esempi di codice AWS
. L’esempio seguente mostra come creare una distribuzione multi-tenant con parametri e un certificato jolly.
import software.amazon.awssdk.core.internal.waiters.ResponseOrException; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.ConnectionMode; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.Distribution; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.HttpVersion; import software.amazon.awssdk.services.cloudfront.model.Method; import software.amazon.awssdk.services.cloudfront.model.SSLSupportMethod; import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy; import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter; import software.amazon.awssdk.services.s3.S3Client; import java.time.Instant; public class CreateMultiTenantDistribution { public static Distribution CreateMultiTenantDistributionWithCert(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName, final String certificateArn) { // fetch the origin info if necessary final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .httpVersion(HttpVersion.HTTP2) .enabled(true) .comment("Template Distribution with cert built with java") .connectionMode(ConnectionMode.TENANT_ONLY) .callerReference(Instant.now().toString()) .viewerCertificate(certBuilder -> certBuilder .acmCertificateArn(certificateArn) .sslSupportMethod(SSLSupportMethod.SNI_ONLY)) .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .originPath("/{{tenantName}}") .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")))) .tenantConfig(b5 -> b5 .parameterDefinitions(b6 -> b6 .name("tenantName") .definition(b7 -> b7 .stringSchema(b8 -> b8 .comment("tenantName value") .defaultValue("root") .required(false))))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET))) )); final Distribution distribution = createDistResponse.distribution(); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException<GetDistributionResponse> responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); } return distribution; } public static Distribution CreateMultiTenantDistributionNoCert(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName) { // fetch the origin info if necessary final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .httpVersion(HttpVersion.HTTP2) .enabled(true) .comment("Template Distribution with cert built with java") .connectionMode(ConnectionMode.TENANT_ONLY) .callerReference(Instant.now().toString()) .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .originPath("/{{tenantName}}") .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")))) .tenantConfig(b5 -> b5 .parameterDefinitions(b6 -> b6 .name("tenantName") .definition(b7 -> b7 .stringSchema(b8 -> b8 .comment("tenantName value") .defaultValue("root") .required(false))))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET))) )); final Distribution distribution = createDistResponse.distribution(); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException<GetDistributionResponse> responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); } return distribution; } }L’esempio seguente mostra come creare un tenant di distribuzione associato al modello, incluso l’utilizzo del parametro dichiarato sopra. Nota che non è necessario aggiungere informazioni sul certificato in questo esempio perché il dominio è già coperto dal modello principale.
import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .enabled(false) .name("no-cert-tenant") ); final DistributionTenant distributionTenant = createResponse.distributionTenant(); // Then update the Route53 hosted zone to point your domain at the distribution tenant // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder .identifier(distributionTenant.connectionGroupId())); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("ChangeBatch comment") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type("CNAME") .ttl(300L) .resourceRecords(b4 -> b4 .value(fetchedConnectionGroup.connectionGroup().routingEndpoint()))) .action("CREATE")) )); return distributionTenant; } }Se il certificato del visualizzatore è stato omesso dal modello principale, è invece necessario aggiungere le informazioni sul certificato nei tenant associati. L’esempio seguente mostra come eseguire questa operazione tramite l’ARN di un certificato ACM che interessa il dominio necessario per il tenant.
import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId, String certificateArn) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .enabled(false) .name("tenant-with-cert") .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .customizations(b3 -> b3 .certificate(b4 -> b4 .arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request ); final DistributionTenant distributionTenant = createResponse.distributionTenant(); // Then update the Route53 hosted zone to point your domain at the distribution tenant // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder .identifier(distributionTenant.connectionGroupId())); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("ChangeBatch comment") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type("CNAME") .ttl(300L) .resourceRecords(b4 -> b4 .value(fetchedConnectionGroup.connectionGroup().routingEndpoint()))) .action("CREATE")) )); return distributionTenant; } }L'esempio seguente mostra come eseguire questa operazione con una richiesta di certificato gestita CloudFront -hosted. Questa soluzione è ideale se non è già stato generato traffico verso il dominio. In questo caso, creiamo un file ConnectionGroup per generare un. RoutingEndpoint Quindi lo usiamo RoutingEndpoint per creare record DNS che verificano la proprietà del dominio e puntano a CloudFront. CloudFront utilizzerà quindi automaticamente un token per convalidare la proprietà del dominio e creare un certificato gestito.
import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId) throws InterruptedException { CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder .ipv6Enabled(true) .name("cf-hosted-connection-group") .enabled(true)); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("cf-hosted domain validation record") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type(RRType.CNAME) .ttl(300L) .resourceRecords(b4 -> b4 .value(createConnectionGroupResponse.connectionGroup().routingEndpoint()))) .action("CREATE")) )); // Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail Thread.sleep(60000); CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .connectionGroupId(createConnectionGroupResponse.connectionGroup().id()) .enabled(false) .name("cf-hosted-tenant") .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .managedCertificateRequest(b3 -> b3 .validationTokenHost(ValidationTokenHost.CLOUDFRONT) ) ); return createResponse.distributionTenant(); } }L’esempio seguente mostra come eseguire questa operazione con una richiesta di certificato gestita con hosting autonomo. Questa soluzione è ideale se è stato generato traffico verso il dominio e non possono essere sostenuti tempi di inattività durante una migrazione. Alla fine di questo esempio, il tenant verrà creato in uno stato in attesa della convalida del dominio e della configurazione DNS. Segui i passaggi [qui] (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html#complete-domain-ownership) per completare la configurazione quando sei pronto per la migrazione del traffico.
import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient, String distributionId, String domain) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .enabled(false) .name("self-hosted-tenant") .managedCertificateRequest(b3 -> b3 .validationTokenHost(ValidationTokenHost.SELF_HOSTED) .primaryDomainName(domain) ) ); return createResponse.distributionTenant(); } }-
Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella documentazione di riferimento dell’API AWS SDK for Java 2.x .
-
Per un elenco completo delle guide per sviluppatori SDK e degli esempi di codice, consulta. AWS Utilizzo di CloudFront con un SDK AWS Questo argomento include anche informazioni su come iniziare e dettagli sulle versioni precedenti dell’SDK.
Scenari
Eliminare le risorse di firma