Hay más ejemplos de AWS SDK disponibles en el GitHub repositorio de [ejemplos de AWS Doc SDK](https://github.com/awsdocs/aws-doc-sdk-examples). Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés. # Escenarios de uso CloudFront AWS SDKs Los siguientes ejemplos de código muestran cómo implementar escenarios comunes en CloudFront with AWS SDKs. Estos escenarios muestran cómo realizar tareas específicas mediante la invocación de varias funciones internas CloudFront o combinadas con otras Servicios de AWS. En cada escenario se incluye un enlace al código fuente completo, con instrucciones de configuración y ejecución del código. Los escenarios requieren un nivel intermedio de experiencia para entender las acciones de servicio en su contexto. **Topics** + [Creación de una distribución de varios inquilinos y un inquilino de distribución](cloudfront_example_cloudfront_CreateSaasResources_section.md) + [Eliminar recursos de firma](cloudfront_example_cloudfront_DeleteSigningResources_section.md) + [Comience con CloudFront](cloudfront_example_cloudfront_GettingStarted_section.md) + [Firma URLs y cookies](cloudfront_example_cloudfront_CloudFrontUtilities_section.md) # Cree un SDK de recursos para administradores de SaaS AWS El siguiente ejemplo de código muestra cómo crear una distribución de varios inquilinos y un inquilino de distribución con varias configuraciones. ------ #### [ Java ] **SDK para Java 2.x** Hay más en marcha GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples). El siguiente ejemplo demuestra cómo crear una distribución de varios inquilino con parámetros y un certificado comodín. ``` import software.amazon.awssdk.core.internal.waiters.ResponseOrException; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.ConnectionMode; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.Distribution; import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse; import software.amazon.awssdk.services.cloudfront.model.HttpVersion; import software.amazon.awssdk.services.cloudfront.model.Method; import software.amazon.awssdk.services.cloudfront.model.SSLSupportMethod; import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy; import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter; import software.amazon.awssdk.services.s3.S3Client; import java.time.Instant; public class CreateMultiTenantDistribution { public static Distribution CreateMultiTenantDistributionWithCert(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName, final String certificateArn) { // fetch the origin info if necessary final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .httpVersion(HttpVersion.HTTP2) .enabled(true) .comment("Template Distribution with cert built with java") .connectionMode(ConnectionMode.TENANT_ONLY) .callerReference(Instant.now().toString()) .viewerCertificate(certBuilder -> certBuilder .acmCertificateArn(certificateArn) .sslSupportMethod(SSLSupportMethod.SNI_ONLY)) .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .originPath("/{{tenantName}}") .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")))) .tenantConfig(b5 -> b5 .parameterDefinitions(b6 -> b6 .name("tenantName") .definition(b7 -> b7 .stringSchema(b8 -> b8 .comment("tenantName value") .defaultValue("root") .required(false))))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET))) )); final Distribution distribution = createDistResponse.distribution(); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); } return distribution; } public static Distribution CreateMultiTenantDistributionNoCert(CloudFrontClient cloudFrontClient, S3Client s3Client, final String bucketName) { // fetch the origin info if necessary final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers() .get("x-amz-bucket-region").get(0); final String originDomain = bucketName + ".s3." + region + ".amazonaws.com"; String originId = originDomain; // Use the originDomain value for the originId. CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder .distributionConfig(b1 -> b1 .httpVersion(HttpVersion.HTTP2) .enabled(true) .comment("Template Distribution with cert built with java") .connectionMode(ConnectionMode.TENANT_ONLY) .callerReference(Instant.now().toString()) .origins(b2 -> b2 .quantity(1) .items(b3 -> b3 .domainName(originDomain) .id(originId) .originPath("/{{tenantName}}") .s3OriginConfig(builder4 -> builder4 .originAccessIdentity( "")))) .tenantConfig(b5 -> b5 .parameterDefinitions(b6 -> b6 .name("tenantName") .definition(b7 -> b7 .stringSchema(b8 -> b8 .comment("tenantName value") .defaultValue("root") .required(false))))) .defaultCacheBehavior(b2 -> b2 .viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL) .targetOriginId(originId) .cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy .allowedMethods(b4 -> b4 .quantity(2) .items(Method.HEAD, Method.GET))) )); final Distribution distribution = createDistResponse.distribution(); try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) { ResponseOrException responseOrException = cfWaiter .waitUntilDistributionDeployed(builder -> builder.id(distribution.id())) .matched(); responseOrException.response() .orElseThrow(() -> new RuntimeException("Distribution not created")); } return distribution; } } ``` El siguiente ejemplo demuestra cómo crear un inquilino de distribución asociado con esa plantilla, incluida la utilización del parámetro que hemos declarado anteriormente. Tenga en cuenta que no es necesario agregar información del certificado aquí, ya que nuestro dominio ya está cubierto por la plantilla principal. ``` import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .enabled(false) .name("no-cert-tenant") ); final DistributionTenant distributionTenant = createResponse.distributionTenant(); // Then update the Route53 hosted zone to point your domain at the distribution tenant // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder .identifier(distributionTenant.connectionGroupId())); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("ChangeBatch comment") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type("CNAME") .ttl(300L) .resourceRecords(b4 -> b4 .value(fetchedConnectionGroup.connectionGroup().routingEndpoint()))) .action("CREATE")) )); return distributionTenant; } } ``` Si el certificado del lector se ha omitido en la plantilla principal, deberá agregar la información del certificado en los inquilinos asociados a ella. El siguiente ejemplo muestra cómo hacerlo mediante un certificado arn de ACM que cubre el dominio necesario para el inquilino. ``` import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId, String certificateArn) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .enabled(false) .name("tenant-with-cert") .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .customizations(b3 -> b3 .certificate(b4 -> b4 .arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request ); final DistributionTenant distributionTenant = createResponse.distributionTenant(); // Then update the Route53 hosted zone to point your domain at the distribution tenant // We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder .identifier(distributionTenant.connectionGroupId())); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("ChangeBatch comment") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type("CNAME") .ttl(300L) .resourceRecords(b4 -> b4 .value(fetchedConnectionGroup.connectionGroup().routingEndpoint()))) .action("CREATE")) )); return distributionTenant; } } ``` En el siguiente ejemplo, se muestra cómo hacerlo con una solicitud de certificado CloudFront gestionada alojada. Esto es ideal si aún no tiene tráfico hacia el dominio. En este caso, creamos un ConnectionGroup para generar un RoutingEndpoint. Luego lo usamos RoutingEndpoint para crear registros DNS que verifican la propiedad del dominio y apuntan a CloudFront. CloudFront luego, entregará automáticamente un token para validar la propiedad del dominio y crear un certificado administrado. ``` import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient, Route53Client route53Client, String distributionId, String domain, String hostedZoneId) throws InterruptedException { CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder .ipv6Enabled(true) .name("cf-hosted-connection-group") .enabled(true)); route53Client.changeResourceRecordSets(builder -> builder .hostedZoneId(hostedZoneId) .changeBatch(b1 -> b1 .comment("cf-hosted domain validation record") .changes(b2 -> b2 .resourceRecordSet(b3 -> b3 .name(domain) .type(RRType.CNAME) .ttl(300L) .resourceRecords(b4 -> b4 .value(createConnectionGroupResponse.connectionGroup().routingEndpoint()))) .action("CREATE")) )); // Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail Thread.sleep(60000); CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .connectionGroupId(createConnectionGroupResponse.connectionGroup().id()) .enabled(false) .name("cf-hosted-tenant") .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .managedCertificateRequest(b3 -> b3 .validationTokenHost(ValidationTokenHost.CLOUDFRONT) ) ); return createResponse.distributionTenant(); } } ``` El siguiente ejemplo demuestra cómo hacerlo con una solicitud de certificado autoadministrada. Esto es ideal si tiene tráfico hacia el dominio y no puede tolerar el tiempo de inactividad durante una migración. Al final de este ejemplo, el inquilino se creará con un estado de espera de la validación del dominio y la configuración de DNS. Siga los pasos [aquí] (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html\$1complete-domain-ownership) para completar la configuración cuando esté listo para migrar el tráfico. ``` import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse; import software.amazon.awssdk.services.cloudfront.model.DistributionTenant; import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse; import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost; import software.amazon.awssdk.services.route53.Route53Client; import software.amazon.awssdk.services.route53.model.RRType; import java.time.Instant; public class CreateDistributionTenant { public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient, String distributionId, String domain) { CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder .distributionId(distributionId) .domains(b1 -> b1 .domain(domain)) .parameters(b2 -> b2 .name("tenantName") .value("myTenant")) .enabled(false) .name("self-hosted-tenant") .managedCertificateRequest(b3 -> b3 .validationTokenHost(ValidationTokenHost.SELF_HOSTED) .primaryDomainName(domain) ) ); return createResponse.distributionTenant(); } } ``` + Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK for Java 2.x *. + [CreateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistribution) + [CreateDistributionTenant](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistributionTenant) ------ # CloudFront AWS Elimine los recursos de firma mediante el SDK En el siguiente ejemplo de código, se muestra cómo eliminar los recursos que se utilizan para acceder a contenido restringido de un bucket de Amazon Simple Storage Service (Amazon S3). ------ #### [ Java ] **SDK para Java 2.x** Hay más en marcha GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples). ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontClient; import software.amazon.awssdk.services.cloudfront.model.DeleteKeyGroupResponse; import software.amazon.awssdk.services.cloudfront.model.DeleteOriginAccessControlResponse; import software.amazon.awssdk.services.cloudfront.model.DeletePublicKeyResponse; import software.amazon.awssdk.services.cloudfront.model.GetKeyGroupResponse; import software.amazon.awssdk.services.cloudfront.model.GetOriginAccessControlResponse; import software.amazon.awssdk.services.cloudfront.model.GetPublicKeyResponse; public class DeleteSigningResources { private static final Logger logger = LoggerFactory.getLogger(DeleteSigningResources.class); public static void deleteOriginAccessControl(final CloudFrontClient cloudFrontClient, final String originAccessControlId) { GetOriginAccessControlResponse getResponse = cloudFrontClient .getOriginAccessControl(b -> b.id(originAccessControlId)); DeleteOriginAccessControlResponse deleteResponse = cloudFrontClient.deleteOriginAccessControl(builder -> builder .id(originAccessControlId) .ifMatch(getResponse.eTag())); if (deleteResponse.sdkHttpResponse().isSuccessful()) { logger.info("Successfully deleted Origin Access Control [{}]", originAccessControlId); } } public static void deleteKeyGroup(final CloudFrontClient cloudFrontClient, final String keyGroupId) { GetKeyGroupResponse getResponse = cloudFrontClient.getKeyGroup(b -> b.id(keyGroupId)); DeleteKeyGroupResponse deleteResponse = cloudFrontClient.deleteKeyGroup(builder -> builder .id(keyGroupId) .ifMatch(getResponse.eTag())); if (deleteResponse.sdkHttpResponse().isSuccessful()) { logger.info("Successfully deleted Key Group [{}]", keyGroupId); } } public static void deletePublicKey(final CloudFrontClient cloudFrontClient, final String publicKeyId) { GetPublicKeyResponse getResponse = cloudFrontClient.getPublicKey(b -> b.id(publicKeyId)); DeletePublicKeyResponse deleteResponse = cloudFrontClient.deletePublicKey(builder -> builder .id(publicKeyId) .ifMatch(getResponse.eTag())); if (deleteResponse.sdkHttpResponse().isSuccessful()) { logger.info("Successfully deleted Public Key [{}]", publicKeyId); } } } ``` + Para obtener detalles sobre la API, consulte los siguientes temas en la *Referencia de la API de AWS SDK for Java 2.x *. + [DeleteKeyGroup](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteKeyGroup) + [DeleteOriginAccessControl](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteOriginAccessControl) + [DeletePublicKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeletePublicKey) ------ # Comience con una CloudFront distribución básica mediante la CLI En el siguiente ejemplo de código, se muestra cómo: + Creación de un bucket de Amazon S3 para el almacenamiento de contenido + Carga del contenido de ejemplo en el bucket de S3 + Creación de un control de acceso de origen (OAC) para el acceso seguro a S3 + Cree una CloudFront distribución con S3 como origen + Actualice la política de buckets de S3 para permitir el CloudFront acceso + Espera para la implementación de la distribución y prueba del acceso al contenido + Eliminación de los recursos, incluidos la distribución, el OAC y el bucket de S3 ------ #### [ Bash ] **AWS CLI con el script Bash** Hay más información. GitHub Encuentre el ejemplo completo y obtenga información sobre cómo configurarlo y ejecutarlo en el repositorio de [Tutoriales para desarrolladores de ejemplo](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/005-cloudfront-gettingstarted). ``` #!/bin/bash # CloudFront Getting Started Tutorial Script # This script creates an S3 bucket, uploads sample content, creates a CloudFront distribution with OAC, # and demonstrates how to access content through CloudFront. # Set up logging LOG_FILE="cloudfront-tutorial.log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting CloudFront Getting Started Tutorial at $(date)" # Function to handle errors handle_error() { echo "ERROR: $1" echo "Resources created before error:" if [ -n "$BUCKET_NAME" ]; then echo "- S3 Bucket: $BUCKET_NAME" fi if [ -n "$OAC_ID" ]; then echo "- CloudFront Origin Access Control: $OAC_ID" fi if [ -n "$DISTRIBUTION_ID" ]; then echo "- CloudFront Distribution: $DISTRIBUTION_ID" fi echo "Attempting to clean up resources..." cleanup exit 1 } # Function to clean up resources cleanup() { echo "Cleaning up resources..." if [ -n "$DISTRIBUTION_ID" ]; then echo "Disabling CloudFront distribution $DISTRIBUTION_ID..." # Get the current configuration and ETag ETAG=$(aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID" --query 'ETag' --output text) if [ $? -ne 0 ]; then echo "Failed to get distribution config. Continuing with cleanup..." else # Create a modified configuration with Enabled=false aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID" | \ jq '.DistributionConfig.Enabled = false' > temp_disabled_config.json # Update the distribution to disable it aws cloudfront update-distribution \ --id "$DISTRIBUTION_ID" \ --distribution-config file://<(jq '.DistributionConfig' temp_disabled_config.json) \ --if-match "$ETAG" if [ $? -ne 0 ]; then echo "Failed to disable distribution. Continuing with cleanup..." else echo "Waiting for distribution to be disabled (this may take several minutes)..." aws cloudfront wait distribution-deployed --id "$DISTRIBUTION_ID" # Delete the distribution ETAG=$(aws cloudfront get-distribution-config --id "$DISTRIBUTION_ID" --query 'ETag' --output text) aws cloudfront delete-distribution --id "$DISTRIBUTION_ID" --if-match "$ETAG" if [ $? -ne 0 ]; then echo "Failed to delete distribution. You may need to delete it manually." else echo "CloudFront distribution deleted." fi fi fi fi if [ -n "$OAC_ID" ]; then echo "Deleting Origin Access Control $OAC_ID..." OAC_ETAG=$(aws cloudfront get-origin-access-control --id "$OAC_ID" --query 'ETag' --output text 2>/dev/null) if [ $? -ne 0 ]; then echo "Failed to get Origin Access Control ETag. You may need to delete it manually." else aws cloudfront delete-origin-access-control --id "$OAC_ID" --if-match "$OAC_ETAG" if [ $? -ne 0 ]; then echo "Failed to delete Origin Access Control. You may need to delete it manually." else echo "Origin Access Control deleted." fi fi fi if [ -n "$BUCKET_NAME" ]; then echo "Deleting S3 bucket $BUCKET_NAME and its contents..." aws s3 rm "s3://$BUCKET_NAME" --recursive if [ $? -ne 0 ]; then echo "Failed to remove bucket contents. Continuing with bucket deletion..." fi aws s3 rb "s3://$BUCKET_NAME" if [ $? -ne 0 ]; then echo "Failed to delete bucket. You may need to delete it manually." else echo "S3 bucket deleted." fi fi # Clean up temporary files rm -f temp_disabled_config.json rm -rf temp_content } # Generate a random identifier for the bucket name RANDOM_ID=$(openssl rand -hex 6) BUCKET_NAME="cloudfront-${RANDOM_ID}" echo "Using bucket name: $BUCKET_NAME" # Create a temporary directory for content TEMP_DIR="temp_content" mkdir -p "$TEMP_DIR/css" if [ $? -ne 0 ]; then handle_error "Failed to create temporary directory" fi # Step 1: Create an S3 bucket echo "Creating S3 bucket: $BUCKET_NAME" aws s3 mb "s3://$BUCKET_NAME" if [ $? -ne 0 ]; then handle_error "Failed to create S3 bucket" fi # Step 2: Create sample content echo "Creating sample content..." cat > "$TEMP_DIR/index.html" << 'EOF' Hello World

Hello world!

EOF cat > "$TEMP_DIR/css/styles.css" << 'EOF' body { font-family: Arial, sans-serif; margin: 40px; background-color: #f5f5f5; } h1 { color: #333; text-align: center; } EOF # Step 3: Upload content to the S3 bucket echo "Uploading content to S3 bucket..." aws s3 cp "$TEMP_DIR/" "s3://$BUCKET_NAME/" --recursive if [ $? -ne 0 ]; then handle_error "Failed to upload content to S3 bucket" fi # Step 4: Create Origin Access Control echo "Creating Origin Access Control..." OAC_RESPONSE=$(aws cloudfront create-origin-access-control \ --origin-access-control-config Name="oac-for-$BUCKET_NAME",SigningProtocol=sigv4,SigningBehavior=always,OriginAccessControlOriginType=s3) if [ $? -ne 0 ]; then handle_error "Failed to create Origin Access Control" fi OAC_ID=$(echo "$OAC_RESPONSE" | jq -r '.OriginAccessControl.Id') echo "Created Origin Access Control with ID: $OAC_ID" # Step 5: Create CloudFront distribution echo "Creating CloudFront distribution..." # Get AWS account ID for bucket policy ACCOUNT_ID=$(aws sts get-caller-identity --query 'Account' --output text) if [ $? -ne 0 ]; then handle_error "Failed to get AWS account ID" fi # Create distribution configuration cat > distribution-config.json << EOF { "CallerReference": "cli-tutorial-$(date +%s)", "Origins": { "Quantity": 1, "Items": [ { "Id": "S3-$BUCKET_NAME", "DomainName": "$BUCKET_NAME.s3.amazonaws.com", "S3OriginConfig": { "OriginAccessIdentity": "" }, "OriginAccessControlId": "$OAC_ID" } ] }, "DefaultCacheBehavior": { "TargetOriginId": "S3-$BUCKET_NAME", "ViewerProtocolPolicy": "redirect-to-https", "AllowedMethods": { "Quantity": 2, "Items": ["GET", "HEAD"], "CachedMethods": { "Quantity": 2, "Items": ["GET", "HEAD"] } }, "DefaultTTL": 86400, "MinTTL": 0, "MaxTTL": 31536000, "Compress": true, "ForwardedValues": { "QueryString": false, "Cookies": { "Forward": "none" } } }, "Comment": "CloudFront distribution for tutorial", "Enabled": true, "WebACLId": "" } EOF DIST_RESPONSE=$(aws cloudfront create-distribution --distribution-config file://distribution-config.json) if [ $? -ne 0 ]; then handle_error "Failed to create CloudFront distribution" fi DISTRIBUTION_ID=$(echo "$DIST_RESPONSE" | jq -r '.Distribution.Id') DOMAIN_NAME=$(echo "$DIST_RESPONSE" | jq -r '.Distribution.DomainName') echo "Created CloudFront distribution with ID: $DISTRIBUTION_ID" echo "CloudFront domain name: $DOMAIN_NAME" # Step 6: Update S3 bucket policy echo "Updating S3 bucket policy..." cat > bucket-policy.json << EOF { "Version":"2012-10-17", "Statement": [ { "Sid": "AllowCloudFrontServicePrincipal", "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::$BUCKET_NAME/*", "Condition": { "StringEquals": { "AWS:SourceArn": "arn:aws:cloudfront::$ACCOUNT_ID:distribution/$DISTRIBUTION_ID" } } } ] } EOF aws s3api put-bucket-policy --bucket "$BUCKET_NAME" --policy file://bucket-policy.json if [ $? -ne 0 ]; then handle_error "Failed to update S3 bucket policy" fi # Step 7: Wait for distribution to deploy echo "Waiting for CloudFront distribution to deploy (this may take 5-10 minutes)..." aws cloudfront wait distribution-deployed --id "$DISTRIBUTION_ID" if [ $? -ne 0 ]; then echo "Warning: Distribution deployment wait timed out. The distribution may still be deploying." else echo "CloudFront distribution is now deployed." fi # Step 8: Display access information echo "" echo "===== CloudFront Distribution Setup Complete =====" echo "You can access your content at: https://$DOMAIN_NAME/index.html" echo "" echo "Resources created:" echo "- S3 Bucket: $BUCKET_NAME" echo "- CloudFront Origin Access Control: $OAC_ID" echo "- CloudFront Distribution: $DISTRIBUTION_ID" echo "" # Ask user if they want to clean up resources read -p "Do you want to clean up all resources created by this script? (y/n): " CLEANUP_RESPONSE if [[ "$CLEANUP_RESPONSE" =~ ^[Yy] ]]; then cleanup echo "All resources have been cleaned up." else echo "Resources will not be cleaned up. You can manually delete them later." echo "To access your content, visit: https://$DOMAIN_NAME/index.html" fi echo "Tutorial completed at $(date)" ``` + Para obtener información sobre la API, consulte los siguientes temas en la *Referencia de comandos de AWS CLI *. + [CreateDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/CreateDistribution) + [CreateOriginAccessControl](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/CreateOriginAccessControl) + [DeleteDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/DeleteDistribution) + [DeleteOriginAccessControl](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/DeleteOriginAccessControl) + [GetDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/GetDistribution) + [GetDistributionConfig](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/GetDistributionConfig) + [GetOriginAccessControl](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/GetOriginAccessControl) + [UpdateDistribution](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/UpdateDistribution) + [WaitDistributionDeployed](https://docs.aws.amazon.com/goto/aws-cli/cloudfront-2020-05-31/WaitDistributionDeployed) ------ # Crea cookies URLs y firmadas mediante un AWS SDK El siguiente ejemplo de código muestra cómo crear cookies firmadas URLs y cookies que permitan el acceso a recursos restringidos. ------ #### [ Java ] **SDK para Java 2.x** Hay más información al respecto GitHub. Busque el ejemplo completo y aprenda a configurar y ejecutar en el [Repositorio de ejemplos de código de AWS](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples). Usa la [CannedSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CannedSignerRequest.html)clase para firmar URLs o usar cookies con una *política* estándar. ``` import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest; import java.net.URL; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Instant; import java.time.temporal.ChronoUnit; public class CreateCannedPolicyRequest { public static CannedSignerRequest createRequestForCannedPolicy(String distributionDomainName, String fileNameToUpload, String privateKeyFullPath, String publicKeyId) throws Exception { String protocol = "https"; String resourcePath = "/" + fileNameToUpload; String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString(); Instant expirationDate = Instant.now().plus(7, ChronoUnit.DAYS); Path path = Paths.get(privateKeyFullPath); return CannedSignerRequest.builder() .resourceUrl(cloudFrontUrl) .privateKey(path) .keyPairId(publicKeyId) .expirationDate(expirationDate) .build(); } } ``` Usa la [CustomSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CustomSignerRequest.html)clase para firmar URLs o usar cookies con una política *personalizada*. `activeDate` y `ipRange` son métodos opcionales. ``` import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest; import java.net.URL; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Instant; import java.time.temporal.ChronoUnit; public class CreateCustomPolicyRequest { public static CustomSignerRequest createRequestForCustomPolicy(String distributionDomainName, String fileNameToUpload, String privateKeyFullPath, String publicKeyId) throws Exception { String protocol = "https"; String resourcePath = "/" + fileNameToUpload; String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString(); Instant expireDate = Instant.now().plus(7, ChronoUnit.DAYS); // URL will be accessible tomorrow using the signed URL. Instant activeDate = Instant.now().plus(1, ChronoUnit.DAYS); Path path = Paths.get(privateKeyFullPath); return CustomSignerRequest.builder() .resourceUrl(cloudFrontUrl) // .resourceUrlPattern("https://*.example.com/*") // Optional. .privateKey(path) .keyPairId(publicKeyId) .expirationDate(expireDate) .activeDate(activeDate) // Optional. // .ipRange("192.168.0.1/24") // Optional. .build(); } } ``` El siguiente ejemplo demuestra el uso de la [CloudFrontUtilities](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.html)clase para producir cookies firmadas y URLs. [Vea](https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javav2/example_code/cloudfront/src/main/java/com/example/cloudfront/SigningUtilities.java) este ejemplo de código en GitHub. ``` import org.slf4j.Logger; import org.slf4j.LoggerFactory; import software.amazon.awssdk.services.cloudfront.CloudFrontUtilities; import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCannedPolicy; import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCustomPolicy; import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest; import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest; import software.amazon.awssdk.services.cloudfront.url.SignedUrl; public class SigningUtilities { private static final Logger logger = LoggerFactory.getLogger(SigningUtilities.class); private static final CloudFrontUtilities cloudFrontUtilities = CloudFrontUtilities.create(); public static SignedUrl signUrlForCannedPolicy(CannedSignerRequest cannedSignerRequest) { SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCannedPolicy(cannedSignerRequest); logger.info("Signed URL: [{}]", signedUrl.url()); return signedUrl; } public static SignedUrl signUrlForCustomPolicy(CustomSignerRequest customSignerRequest) { SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCustomPolicy(customSignerRequest); logger.info("Signed URL: [{}]", signedUrl.url()); return signedUrl; } public static CookiesForCannedPolicy getCookiesForCannedPolicy(CannedSignerRequest cannedSignerRequest) { CookiesForCannedPolicy cookiesForCannedPolicy = cloudFrontUtilities .getCookiesForCannedPolicy(cannedSignerRequest); logger.info("Cookie EXPIRES header [{}]", cookiesForCannedPolicy.expiresHeaderValue()); logger.info("Cookie KEYPAIR header [{}]", cookiesForCannedPolicy.keyPairIdHeaderValue()); logger.info("Cookie SIGNATURE header [{}]", cookiesForCannedPolicy.signatureHeaderValue()); return cookiesForCannedPolicy; } public static CookiesForCustomPolicy getCookiesForCustomPolicy(CustomSignerRequest customSignerRequest) { CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities .getCookiesForCustomPolicy(customSignerRequest); logger.info("Cookie POLICY header [{}]", cookiesForCustomPolicy.policyHeaderValue()); logger.info("Cookie KEYPAIR header [{}]", cookiesForCustomPolicy.keyPairIdHeaderValue()); logger.info("Cookie SIGNATURE header [{}]", cookiesForCustomPolicy.signatureHeaderValue()); return cookiesForCustomPolicy; } } ``` + Para obtener más información sobre la API, consulte [CloudFrontUtilities](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CloudFrontUtilities)la *referencia AWS SDK for Java 2.x de la API*. ------