Sono disponibili altri esempi per SDK AWS nel repository GitHub della documentazione degli esempi per SDK AWS
Esempi per CloudFront con SDK per Java 2.x
Gli esempi di codice seguenti mostrano come eseguire operazioni e implementare scenari comuni utilizzando AWS SDK for Java 2.x con CloudFront.
Le azioni sono estratti di codice da programmi più grandi e devono essere eseguite nel contesto. Sebbene le operazioni mostrino come richiamare le singole funzioni del servizio, è possibile visualizzarle contestualizzate negli scenari correlati.
Scenari: esempi di codice che mostrano come eseguire un’attività specifica chiamando più funzioni all’interno dello stesso servizio o combinate con altri Servizi AWS.
Ogni esempio include un link al codice sorgente completo, in cui vengono fornite le istruzioni su come configurare ed eseguire il codice nel contesto.
Azioni
L’esempio di codice seguente mostra come utilizzare CreateDistribution.
- SDK per Java 2.x
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. L’esempio seguente utilizza un bucket Amazon Simple Storage Service (Amazon S3) come origine del contenuto.
Dopo aver creato la distribuzione, il codice crea un’interfaccia CloudFrontWaiter
per attendere il completamento dell’implementazione della distribuzione prima di restituirla. import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.core.internal.waiters.ResponseOrException; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.Distribution; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.ItemSelection; import software.amazon.awssdk.services.cloudfront.model.Method; import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy; import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter; import software.amazon.awssdk.services.s3.S3Client; import java.time.Instant; public class CreateDistribution { private static final Logger logger = LoggerFactory.getLogger(CreateDistribution.class); public static Distribution createDistribution(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName, final String keyGroupId, final String originAccessControlId) { final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. // The service API requires some deprecated methods, such as // DefaultCacheBehavior.Builder#minTTL and #forwardedValue. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")) .originAccessControlId( originAccessControlId))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .minTTL(200L) .forwardedValues(b5 -> b5 .cookies(cp -> cp .forward(ItemSelection.NONE)) .queryString(true)) .trustedKeyGroups(b3 -> b3 .quantity(1) .items(keyGroupId) .enabled(true)) .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET) .cachedMethods(b5 -> b5 .quantity(2) .items(Method.HEAD, Method.GET)))) .cacheBehaviors(b -> b .quantity(1) .items(b2 -> b2 .pathPattern("/index.html") .viewerProtocolPolicy( ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .trustedKeyGroups(b3 -> b3 .quantity(1) .items(keyGroupId) .enabled(true)) .minTTL(200L) .forwardedValues(b4 -> b4 .cookies(cp -> cp .forward(ItemSelection.NONE)) .queryString(true)) .allowedMethods(b5 -> b5.quantity(2) .items(Method.HEAD, Method.GET) .cachedMethods(b6 -> b6 .quantity(2) .items(Method.HEAD, Method.GET))))) .enabled(true) .comment("Distribution built with java") .callerReference(Instant.now().toString()))); final Distribution distribution = createDistResponse.distribution(); logger.info("Distribution created. DomainName: [{}] Id: [{}]", distribution.domainName(), distribution.id()); logger.info("Waiting for distribution to be deployed ..."); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException<GetDistributionResponse> responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); logger.info("Distribution deployed. DomainName: [{}] Id: [{}]", distribution.domainName(), distribution.id()); } return distribution; } }-
Per informazioni dettagliate sull’API, consulta CreateDistribution nella documentazione di riferimento dell’API AWS SDK for Java 2.x.
-
L’esempio di codice seguente mostra come utilizzare CreateFunction.
- SDK per Java 2.x
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. import software.amazon.awssdk.core.SdkBytes; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CloudFrontException; import software.amazon.awssdk.services.cloudfront.model.CreateFunctionRequest; import software.amazon.awssdk.services.cloudfront.model.CreateFunctionResponse; import software.amazon.awssdk.services.cloudfront.model.FunctionConfig; import software.amazon.awssdk.services.cloudfront.model.FunctionRuntime; import java.io.InputStream; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class CreateFunction { public static void main(String[] args) { final String usage = """ Usage: <functionName> <filePath> Where: functionName - The name of the function to create.\s filePath - The path to a file that contains the application logic for the function.\s """; if (args.length != 2) { System.out.println(usage); System.exit(1); } String functionName = args[0]; String filePath = args[1]; CloudFrontClient cloudFrontClient = CloudFrontClient.builder() .region(Region.AWS_GLOBAL) .build(); String funArn = createNewFunction(cloudFrontClient, functionName, filePath); System.out.println("The function ARN is " + funArn); cloudFrontClient.close(); } public static String createNewFunction(CloudFrontClient cloudFrontClient, String functionName, String filePath) { try { InputStream fileIs = CreateFunction.class.getClassLoader().getResourceAsStream(filePath); SdkBytes functionCode = SdkBytes.fromInputStream(fileIs); FunctionConfig config = FunctionConfig.builder() .comment("Created by using the CloudFront Java API") .runtime(FunctionRuntime.CLOUDFRONT_JS_1_0) .build(); CreateFunctionRequest functionRequest = CreateFunctionRequest.builder() .name(functionName) .functionCode(functionCode) .functionConfig(config) .build(); CreateFunctionResponse response = cloudFrontClient.createFunction(functionRequest); return response.functionSummary().functionMetadata().functionARN(); } catch (CloudFrontException e) { System.err.println(e.getMessage()); System.exit(1); } return ""; } }-
Per informazioni dettagliate sull’API, consulta CreateFunction nella documentazione di riferimento dell’API AWS SDK for Java 2.x.
-
L’esempio di codice seguente mostra come utilizzare CreateKeyGroup.
- SDK per Java 2.x
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. Un gruppo di chiavi richiede almeno una chiave pubblica per la verifica degli URL o dei cookie firmati.
import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import java.util.UUID; public class CreateKeyGroup { private static final Logger logger = LoggerFactory.getLogger(CreateKeyGroup.class); public static String createKeyGroup(CloudFrontClient cloudFrontClient, String publicKeyId) { String keyGroupId = cloudFrontClient.createKeyGroup(b -> b.keyGroupConfig(c -> c .items(publicKeyId) .name("JavaKeyGroup" + UUID.randomUUID()))) .keyGroup().id(); logger.info("KeyGroup created with ID: [{}]", keyGroupId); return keyGroupId; } }-
Per informazioni dettagliate sull’API, consulta CreateKeyGroup nella documentazione di riferimento dell’API AWS SDK for Java 2.x.
-
L’esempio di codice seguente mostra come utilizzare CreatePublicKey.
- SDK per Java 2.x
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. L’esempio di codice seguente legge una chiave pubblica e la carica su Amazon CloudFront.
import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreatePublicKeyResponse; import software.amazon.awssdk.utils.IoUtils; import java.io.IOException; import java.io.InputStream; import java.util.UUID; public class CreatePublicKey { private static final Logger logger = LoggerFactory.getLogger(CreatePublicKey.class); public static String createPublicKey(CloudFrontClient cloudFrontClient, String publicKeyFileName) { try (InputStream is = CreatePublicKey.class.getClassLoader().getResourceAsStream(publicKeyFileName)) { String publicKeyString = IoUtils.toUtf8String(is); CreatePublicKeyResponse createPublicKeyResponse = cloudFrontClient .createPublicKey(b -> b.publicKeyConfig(c -> c .name("JavaCreatedPublicKey" + UUID.randomUUID()) .encodedKey(publicKeyString) .callerReference(UUID.randomUUID().toString()))); String createdPublicKeyId = createPublicKeyResponse.publicKey().id(); logger.info("Public key created with id: [{}]", createdPublicKeyId); return createdPublicKeyId; } catch (IOException e) { throw new RuntimeException(e); } } }-
Per informazioni dettagliate sull’API, consulta CreatePublicKey nella documentazione di riferimento dell’API AWS SDK for Java 2.x.
-
L’esempio di codice seguente mostra come utilizzare DeleteDistribution.
- SDK per Java 2.x
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. L’esempio di codice seguente aggiorna una distribuzione impostandola su disabled, utilizza un waiter che attende l’implementazione della modifica, quindi elimina la distribuzione.
import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.core.internal.waiters.ResponseOrException; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.DeleteDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionConfig; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter; public class DeleteDistribution { private static final Logger logger = LoggerFactory.getLogger(DeleteDistribution.class); public static void deleteDistribution(final CloudFrontClient cloudFrontClient, final String distributionId) { // First, disable the distribution by updating it. GetDistributionResponse response = cloudFrontClient.getDistribution(b -> b .id(distributionId)); String etag = response.eTag(); DistributionConfig distConfig = response.distribution().distributionConfig(); cloudFrontClient.updateDistribution(builder -> builder .id(distributionId) .distributionConfig(builder1 -> builder1 .cacheBehaviors(distConfig.cacheBehaviors()) .defaultCacheBehavior(distConfig.defaultCacheBehavior()) .enabled(false) .origins(distConfig.origins()) .comment(distConfig.comment()) .callerReference(distConfig.callerReference()) .defaultCacheBehavior(distConfig.defaultCacheBehavior()) .priceClass(distConfig.priceClass()) .aliases(distConfig.aliases()) .logging(distConfig.logging()) .defaultRootObject(distConfig.defaultRootObject()) .customErrorResponses(distConfig.customErrorResponses()) .httpVersion(distConfig.httpVersion()) .isIPV6Enabled(distConfig.isIPV6Enabled()) .restrictions(distConfig.restrictions()) .viewerCertificate(distConfig.viewerCertificate()) .webACLId(distConfig.webACLId()) .originGroups(distConfig.originGroups())) .ifMatch(etag)); logger.info("Distribution [{}] is DISABLED, waiting for deployment before deleting ...", distributionId); GetDistributionResponse distributionResponse; try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException<GetDistributionResponse> responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distributionId)).matched(); distributionResponse = responseOrException.response() .orElseThrow(() -> new RuntimeException("Could not disable distribution")); } DeleteDistributionResponse deleteDistributionResponse = cloudFrontClient .deleteDistribution(builder -> builder .id(distributionId) .ifMatch(distributionResponse.eTag())); if (deleteDistributionResponse.sdkHttpResponse().isSuccessful()) { logger.info("Distribution [{}] DELETED", distributionId); } } }-
Per informazioni dettagliate sull’API, consulta DeleteDistribution nella documentazione di riferimento dell’API AWS SDK for Java 2.x.
-
L’esempio di codice seguente mostra come utilizzare UpdateDistribution.
- SDK per Java 2.x
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.GetDistributionRequest; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.Distribution; import software.amazon.awssdk.services.cloudfront.model.DistributionConfig; import software.amazon.awssdk.services.cloudfront.model.UpdateDistributionRequest; import software.amazon.awssdk.services.cloudfront.model.CloudFrontException; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class ModifyDistribution { public static void main(String[] args) { final String usage = """ Usage: <id>\s Where: id - the id value of the distribution.\s """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String id = args[0]; CloudFrontClient cloudFrontClient = CloudFrontClient.builder() .region(Region.AWS_GLOBAL) .build(); modDistribution(cloudFrontClient, id); cloudFrontClient.close(); } public static void modDistribution(CloudFrontClient cloudFrontClient, String idVal) { try { // Get the Distribution to modify. GetDistributionRequest disRequest = GetDistributionRequest.builder() .id(idVal) .build(); GetDistributionResponse response = cloudFrontClient.getDistribution(disRequest); Distribution disObject = response.distribution(); DistributionConfig config = disObject.distributionConfig(); // Create a new DistributionConfig object and add new values to comment and // aliases DistributionConfig config1 = DistributionConfig.builder() .aliases(config.aliases()) // You can pass in new values here .comment("New Comment") .cacheBehaviors(config.cacheBehaviors()) .priceClass(config.priceClass()) .defaultCacheBehavior(config.defaultCacheBehavior()) .enabled(config.enabled()) .callerReference(config.callerReference()) .logging(config.logging()) .originGroups(config.originGroups()) .origins(config.origins()) .restrictions(config.restrictions()) .defaultRootObject(config.defaultRootObject()) .webACLId(config.webACLId()) .httpVersion(config.httpVersion()) .viewerCertificate(config.viewerCertificate()) .customErrorResponses(config.customErrorResponses()) .build(); UpdateDistributionRequest updateDistributionRequest = UpdateDistributionRequest.builder() .distributionConfig(config1) .id(disObject.id()) .ifMatch(response.eTag()) .build(); cloudFrontClient.updateDistribution(updateDistributionRequest); } catch (CloudFrontException e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } } }-
Per informazioni dettagliate sull’API, consulta UpdateDistribution nella documentazione di riferimento dell’API AWS SDK for Java 2.x.
-
Scenari
L’esempio di codice seguente mostra come creare una distribuzione multi-tenant e un tenant di distribuzione con varie configurazioni.
- SDK per Java 2.x
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. L’esempio seguente mostra come creare una distribuzione multi-tenant con parametri e un certificato jolly.
import software.amazon.awssdk.core.internal.waiters.ResponseOrException; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.ConnectionMode; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.Distribution; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.HttpVersion; import software.amazon.awssdk.services.cloudfront.model.Method; import software.amazon.awssdk.services.cloudfront.model.SSLSupportMethod; import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy; import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter; import software.amazon.awssdk.services.s3.S3Client; import java.time.Instant; public class CreateMultiTenantDistribution { public static Distribution CreateMultiTenantDistributionWithCert(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName, final String certificateArn) { // fetch the origin info if necessary final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .httpVersion(HttpVersion.HTTP2) .enabled(true) .comment("Template Distribution with cert built with java") .connectionMode(ConnectionMode.TENANT_ONLY) .callerReference(Instant.now().toString()) .viewerCertificate(certBuilder -> certBuilder .acmCertificateArn(certificateArn) .sslSupportMethod(SSLSupportMethod.SNI_ONLY)) .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .originPath("/{{tenantName}}") .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")))) .tenantConfig(b5 -> b5 .parameterDefinitions(b6 -> b6 .name("tenantName") .definition(b7 -> b7 .stringSchema(b8 -> b8 .comment("tenantName value") .defaultValue("root") .required(false))))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET))) )); final Distribution distribution = createDistResponse.distribution(); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException<GetDistributionResponse> responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); } return distribution; } public static Distribution CreateMultiTenantDistributionNoCert(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName) { // fetch the origin info if necessary final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .httpVersion(HttpVersion.HTTP2) .enabled(true) .comment("Template Distribution with cert built with java") .connectionMode(ConnectionMode.TENANT_ONLY) .callerReference(Instant.now().toString()) .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .originPath("/{{tenantName}}") .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")))) .tenantConfig(b5 -> b5 .parameterDefinitions(b6 -> b6 .name("tenantName") .definition(b7 -> b7 .stringSchema(b8 -> b8 .comment("tenantName value") .defaultValue("root") .required(false))))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET))) )); final Distribution distribution = createDistResponse.distribution(); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException<GetDistributionResponse> responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); } return distribution; } }L’esempio seguente mostra come creare un tenant di distribuzione associato al modello, incluso l’utilizzo del parametro dichiarato sopra. Nota che non è necessario aggiungere informazioni sul certificato in questo esempio perché il dominio è già coperto dal modello principale.
import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .enabled(false) .name("no-cert-tenant") ); final DistributionTenant distributionTenant = createResponse.distributionTenant(); // Then update the Route53 hosted zone to point your domain at the distribution tenant // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder .identifier(distributionTenant.connectionGroupId())); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("ChangeBatch comment") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type("CNAME") .ttl(300L) .resourceRecords(b4 -> b4 .value(fetchedConnectionGroup.connectionGroup().routingEndpoint()))) .action("CREATE")) )); return distributionTenant; } }Se il certificato del visualizzatore è stato omesso dal modello principale, è invece necessario aggiungere le informazioni sul certificato nei tenant associati. L’esempio seguente mostra come eseguire questa operazione tramite l’ARN di un certificato ACM che interessa il dominio necessario per il tenant.
import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId, String certificateArn) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .enabled(false) .name("tenant-with-cert") .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .customizations(b3 -> b3 .certificate(b4 -> b4 .arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request ); final DistributionTenant distributionTenant = createResponse.distributionTenant(); // Then update the Route53 hosted zone to point your domain at the distribution tenant // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder .identifier(distributionTenant.connectionGroupId())); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("ChangeBatch comment") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type("CNAME") .ttl(300L) .resourceRecords(b4 -> b4 .value(fetchedConnectionGroup.connectionGroup().routingEndpoint()))) .action("CREATE")) )); return distributionTenant; } }L’esempio seguente mostra come eseguire questa operazione con una richiesta di certificato gestita con hosting in CloudFront. Questa soluzione è ideale se non è già stato generato traffico verso il dominio. In questo caso, si crea un valore ConnectionGroup per generare un valore RoutingEndpoint. Si utilizza quindi il valore RoutingEndpoint per creare record DNS che verificano la proprietà del dominio e puntano a CloudFront. CloudFront genererà quindi un token automaticamente per convalidare la proprietà del dominio e creare un certificato gestito.
import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId) throws InterruptedException { CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder .ipv6Enabled(true) .name("cf-hosted-connection-group") .enabled(true)); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("cf-hosted domain validation record") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type(RRType.CNAME) .ttl(300L) .resourceRecords(b4 -> b4 .value(createConnectionGroupResponse.connectionGroup().routingEndpoint()))) .action("CREATE")) )); // Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail Thread.sleep(60000); CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .connectionGroupId(createConnectionGroupResponse.connectionGroup().id()) .enabled(false) .name("cf-hosted-tenant") .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .managedCertificateRequest(b3 -> b3 .validationTokenHost(ValidationTokenHost.CLOUDFRONT) ) ); return createResponse.distributionTenant(); } }L’esempio seguente mostra come eseguire questa operazione con una richiesta di certificato gestita con hosting autonomo. Questa soluzione è ideale se è stato generato traffico verso il dominio e non possono essere sostenuti tempi di inattività durante una migrazione. Alla fine di questo esempio, il tenant verrà creato in uno stato in attesa della convalida del dominio e della configurazione DNS. Consulta i passaggi [riportati qui] (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html#complete-domain-ownership) per completare la configurazione quando sei pronto per la migrazione del traffico.
import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient, String distributionId, String domain) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .enabled(false) .name("self-hosted-tenant") .managedCertificateRequest(b3 -> b3 .validationTokenHost(ValidationTokenHost.SELF_HOSTED) .primaryDomainName(domain) ) ); return createResponse.distributionTenant(); } }-
Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella documentazione di riferimento dell’API AWS SDK for Java 2.x.
-
L’esempio di codice seguente mostra come eliminare le risorse utilizzate per accedere a contenuti con restrizioni in un bucket Amazon Simple Storage Service (Amazon S3).
- SDK per Java 2.x
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.DeleteKeyGroupResponse; import software.amazon.awssdk.services.cloudfront.model.DeleteOriginAccessControlResponse; import software.amazon.awssdk.services.cloudfront.model.DeletePublicKeyResponse; import software.amazon.awssdk.services.cloudfront.model.GetKeyGroupResponse; import software.amazon.awssdk.services.cloudfront.model.GetOriginAccessControlResponse; import software.amazon.awssdk.services.cloudfront.model.GetPublicKeyResponse; public class DeleteSigningResources { private static final Logger logger = LoggerFactory.getLogger(DeleteSigningResources.class); public static void deleteOriginAccessControl(final CloudFrontClient cloudFrontClient, final String originAccessControlId) { GetOriginAccessControlResponse getResponse = cloudFrontClient .getOriginAccessControl(b -> b.id(originAccessControlId)); DeleteOriginAccessControlResponse deleteResponse = cloudFrontClient.deleteOriginAccessControl(builder -> builder .id(originAccessControlId) .ifMatch(getResponse.eTag())); if (deleteResponse.sdkHttpResponse().isSuccessful()) { logger.info("Successfully deleted Origin Access Control [{}]", originAccessControlId); } } public static void deleteKeyGroup(final CloudFrontClient cloudFrontClient, final String keyGroupId) { GetKeyGroupResponse getResponse = cloudFrontClient.getKeyGroup(b -> b.id(keyGroupId)); DeleteKeyGroupResponse deleteResponse = cloudFrontClient.deleteKeyGroup(builder -> builder .id(keyGroupId) .ifMatch(getResponse.eTag())); if (deleteResponse.sdkHttpResponse().isSuccessful()) { logger.info("Successfully deleted Key Group [{}]", keyGroupId); } } public static void deletePublicKey(final CloudFrontClient cloudFrontClient, final String publicKeyId) { GetPublicKeyResponse getResponse = cloudFrontClient.getPublicKey(b -> b.id(publicKeyId)); DeletePublicKeyResponse deleteResponse = cloudFrontClient.deletePublicKey(builder -> builder .id(publicKeyId) .ifMatch(getResponse.eTag())); if (deleteResponse.sdkHttpResponse().isSuccessful()) { logger.info("Successfully deleted Public Key [{}]", publicKeyId); } } }-
Per informazioni dettagliate sull’API, consulta i seguenti argomenti nella documentazione di riferimento dell’API AWS SDK for Java 2.x.
-
L’esempio di codice seguente mostra come creare URL e cookie firmati che consentono l’accesso a risorse con restrizioni.
- SDK per Java 2.x
-
Nota
Ulteriori informazioni su GitHub. Trova l’esempio completo e scopri di più sulla configurazione e l’esecuzione nel Repository di esempi di codice AWS
. Utilizza la classe CannedSignerRequest
per firmare URL o cookie con una policy di accesso predefinita. import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest; import java.net.URL; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Instant; import java.time.temporal.ChronoUnit; public class CreateCannedPolicyRequest { public static CannedSignerRequest createRequestForCannedPolicy(String distributionDomainName, String fileNameToUpload, String privateKeyFullPath, String publicKeyId) throws Exception { String protocol = "https"; String resourcePath = "/" + fileNameToUpload; String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString(); Instant expirationDate = Instant.now().plus(7, ChronoUnit.DAYS); Path path = Paths.get(privateKeyFullPath); return CannedSignerRequest.builder() .resourceUrl(cloudFrontUrl) .privateKey(path) .keyPairId(publicKeyId) .expirationDate(expirationDate) .build(); } }Utilizza la classe CustomSignerRequest
per firmare URL o cookie con una policy personalizzata. I metodi activeDateeipRangesono facoltativi.import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest; import java.net.URL; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Instant; import java.time.temporal.ChronoUnit; public class CreateCustomPolicyRequest { public static CustomSignerRequest createRequestForCustomPolicy(String distributionDomainName, String fileNameToUpload, String privateKeyFullPath, String publicKeyId) throws Exception { String protocol = "https"; String resourcePath = "/" + fileNameToUpload; String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString(); Instant expireDate = Instant.now().plus(7, ChronoUnit.DAYS); // URL will be accessible tomorrow using the signed URL. Instant activeDate = Instant.now().plus(1, ChronoUnit.DAYS); Path path = Paths.get(privateKeyFullPath); return CustomSignerRequest.builder() .resourceUrl(cloudFrontUrl) // .resourceUrlPattern("https://*.example.com/*") // Optional. .privateKey(path) .keyPairId(publicKeyId) .expirationDate(expireDate) .activeDate(activeDate) // Optional. // .ipRange("192.168.0.1/24") // Optional. .build(); } }L’esempio seguente mostra l’utilizzo della classe CloudFrontUtilities
per generare cookie e URL firmati. Visualizza questo esempio di codice su GitHub. import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontUtilities; import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCannedPolicy; import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCustomPolicy; import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest; import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest; import software.amazon.awssdk.services.cloudfront.url.SignedUrl; public class SigningUtilities { private static final Logger logger = LoggerFactory.getLogger(SigningUtilities.class); private static final CloudFrontUtilities cloudFrontUtilities = CloudFrontUtilities.create(); public static SignedUrl signUrlForCannedPolicy(CannedSignerRequest cannedSignerRequest) { SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCannedPolicy(cannedSignerRequest); logger.info("Signed URL: [{}]", signedUrl.url()); return signedUrl; } public static SignedUrl signUrlForCustomPolicy(CustomSignerRequest customSignerRequest) { SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCustomPolicy(customSignerRequest); logger.info("Signed URL: [{}]", signedUrl.url()); return signedUrl; } public static CookiesForCannedPolicy getCookiesForCannedPolicy(CannedSignerRequest cannedSignerRequest) { CookiesForCannedPolicy cookiesForCannedPolicy = cloudFrontUtilities .getCookiesForCannedPolicy(cannedSignerRequest); logger.info("Cookie EXPIRES header [{}]", cookiesForCannedPolicy.expiresHeaderValue()); logger.info("Cookie KEYPAIR header [{}]", cookiesForCannedPolicy.keyPairIdHeaderValue()); logger.info("Cookie SIGNATURE header [{}]", cookiesForCannedPolicy.signatureHeaderValue()); return cookiesForCannedPolicy; } public static CookiesForCustomPolicy getCookiesForCustomPolicy(CustomSignerRequest customSignerRequest) { CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities .getCookiesForCustomPolicy(customSignerRequest); logger.info("Cookie POLICY header [{}]", cookiesForCustomPolicy.policyHeaderValue()); logger.info("Cookie KEYPAIR header [{}]", cookiesForCustomPolicy.keyPairIdHeaderValue()); logger.info("Cookie SIGNATURE header [{}]", cookiesForCustomPolicy.signatureHeaderValue()); return cookiesForCustomPolicy; } }-
Per informazioni dettagliate sull’API, consulta CloudFrontUtilities nella documentazione di riferimento dell’API AWS SDK for Java 2.x.
-
