Doc AWS SDK 예제 GitHub 리포지토리에서 더 많은 SDK 예제를 사용할 수 있습니다. [AWS](https://github.com/awsdocs/aws-doc-sdk-examples)
기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
# Java 2.x용 SDK를 사용하는 CloudFront 예제
다음 코드 예제에서는 AWS SDK for Java 2.x CloudFront에서를 사용하여 작업을 수행하고 일반적인 시나리오를 구현하는 방법을 보여줍니다.
*작업*은 대규모 프로그램에서 발췌한 코드이며 컨텍스트에 맞춰 실행해야 합니다. 작업은 개별 서비스 함수를 직접 호출하는 방법을 보여주며, 관련 시나리오의 컨텍스트에 맞는 작업을 볼 수 있습니다.
*시나리오*는 동일한 서비스 내에서 또는 다른 AWS 서비스와 결합된 상태에서 여러 함수를 직접적으로 호출하여 특정 태스크를 수행하는 방법을 보여주는 코드 예제입니다.
각 예시에는 전체 소스 코드에 대한 링크가 포함되어 있으며, 여기에서 컨텍스트에 맞춰 코드를 설정하고 실행하는 방법에 대한 지침을 찾을 수 있습니다.
**Topics**
+ [작업](#actions)
+ [시나리오](#scenarios)
## 작업
### `CreateDistribution`
다음 코드 예시는 `CreateDistribution`의 사용 방법을 보여줍니다.
**SDK for Java 2.x**
GitHub에 더 많은 내용이 있습니다. [AWS 코드 예 리포지토리](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요.
다음 예제에서는 Amazon Simple Storage Service(Amazon S3) 버킷을 콘텐츠 오리진으로 사용합니다.
배포를 생성한 후 코드는 [CloudFrontWaiter](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/waiters/CloudFrontWaiter.html)를 생성하여 배포가 완료될 때까지 기다린 후 배포를 반환합니다.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.ItemSelection;
import software.amazon.awssdk.services.cloudfront.model.Method;
import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
import software.amazon.awssdk.services.s3.S3Client;
import java.time.Instant;
public class CreateDistribution {
private static final Logger logger = LoggerFactory.getLogger(CreateDistribution.class);
public static Distribution createDistribution(CloudFrontClient cloudFrontClient, S3Client s3Client,
final String bucketName, final String keyGroupId, final String originAccessControlId) {
final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers()
.get("x-amz-bucket-region").get(0);
final String originDomain = bucketName + ".s3." + region + ".amazonaws.com";
String originId = originDomain; // Use the originDomain value for the originId.
// The service API requires some deprecated methods, such as
// DefaultCacheBehavior.Builder#minTTL and #forwardedValue.
CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder
.distributionConfig(b1 -> b1
.origins(b2 -> b2
.quantity(1)
.items(b3 -> b3
.domainName(originDomain)
.id(originId)
.s3OriginConfig(builder4 -> builder4
.originAccessIdentity(
""))
.originAccessControlId(
originAccessControlId)))
.defaultCacheBehavior(b2 -> b2
.viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.minTTL(200L)
.forwardedValues(b5 -> b5
.cookies(cp -> cp
.forward(ItemSelection.NONE))
.queryString(true))
.trustedKeyGroups(b3 -> b3
.quantity(1)
.items(keyGroupId)
.enabled(true))
.allowedMethods(b4 -> b4
.quantity(2)
.items(Method.HEAD, Method.GET)
.cachedMethods(b5 -> b5
.quantity(2)
.items(Method.HEAD,
Method.GET))))
.cacheBehaviors(b -> b
.quantity(1)
.items(b2 -> b2
.pathPattern("/index.html")
.viewerProtocolPolicy(
ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.trustedKeyGroups(b3 -> b3
.quantity(1)
.items(keyGroupId)
.enabled(true))
.minTTL(200L)
.forwardedValues(b4 -> b4
.cookies(cp -> cp
.forward(ItemSelection.NONE))
.queryString(true))
.allowedMethods(b5 -> b5.quantity(2)
.items(Method.HEAD,
Method.GET)
.cachedMethods(b6 -> b6
.quantity(2)
.items(Method.HEAD,
Method.GET)))))
.enabled(true)
.comment("Distribution built with java")
.callerReference(Instant.now().toString())));
final Distribution distribution = createDistResponse.distribution();
logger.info("Distribution created. DomainName: [{}] Id: [{}]", distribution.domainName(),
distribution.id());
logger.info("Waiting for distribution to be deployed ...");
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distribution.id()))
.matched();
responseOrException.response()
.orElseThrow(() -> new RuntimeException("Distribution not created"));
logger.info("Distribution deployed. DomainName: [{}] Id: [{}]", distribution.domainName(),
distribution.id());
}
return distribution;
}
}
```
+ API에 대한 세부 정보는AWS SDK for Java 2.x API 참조의 [CreateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistribution)을 참조하세요.**
### `CreateFunction`
다음 코드 예시는 `CreateFunction`의 사용 방법을 보여줍니다.
**SDK for Java 2.x**
GitHub에 더 많은 내용이 있습니다. [AWS 코드 예 리포지토리](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요.
```
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CloudFrontException;
import software.amazon.awssdk.services.cloudfront.model.CreateFunctionRequest;
import software.amazon.awssdk.services.cloudfront.model.CreateFunctionResponse;
import software.amazon.awssdk.services.cloudfront.model.FunctionConfig;
import software.amazon.awssdk.services.cloudfront.model.FunctionRuntime;
import java.io.InputStream;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateFunction {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
functionName - The name of the function to create.\s
filePath - The path to a file that contains the application logic for the function.\s
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String functionName = args[0];
String filePath = args[1];
CloudFrontClient cloudFrontClient = CloudFrontClient.builder()
.region(Region.AWS_GLOBAL)
.build();
String funArn = createNewFunction(cloudFrontClient, functionName, filePath);
System.out.println("The function ARN is " + funArn);
cloudFrontClient.close();
}
public static String createNewFunction(CloudFrontClient cloudFrontClient, String functionName, String filePath) {
try {
InputStream fileIs = CreateFunction.class.getClassLoader().getResourceAsStream(filePath);
SdkBytes functionCode = SdkBytes.fromInputStream(fileIs);
FunctionConfig config = FunctionConfig.builder()
.comment("Created by using the CloudFront Java API")
.runtime(FunctionRuntime.CLOUDFRONT_JS_1_0)
.build();
CreateFunctionRequest functionRequest = CreateFunctionRequest.builder()
.name(functionName)
.functionCode(functionCode)
.functionConfig(config)
.build();
CreateFunctionResponse response = cloudFrontClient.createFunction(functionRequest);
return response.functionSummary().functionMetadata().functionARN();
} catch (CloudFrontException e) {
System.err.println(e.getMessage());
System.exit(1);
}
return "";
}
}
```
+ API 세부 정보는 **AWS SDK for Java 2.x API 참조의 [CreateFunction](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateFunction)을 참조하세요.
### `CreateKeyGroup`
다음 코드 예시는 `CreateKeyGroup`의 사용 방법을 보여줍니다.
**SDK for Java 2.x**
GitHub에 더 많은 내용이 있습니다. [AWS 코드 예 리포지토리](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요.
키 그룹에는 서명된 URL 또는 쿠키를 확인하는 데 사용되는 공개 키가 최소 하나 이상 필요합니다.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import java.util.UUID;
public class CreateKeyGroup {
private static final Logger logger = LoggerFactory.getLogger(CreateKeyGroup.class);
public static String createKeyGroup(CloudFrontClient cloudFrontClient, String publicKeyId) {
String keyGroupId = cloudFrontClient.createKeyGroup(b -> b.keyGroupConfig(c -> c
.items(publicKeyId)
.name("JavaKeyGroup" + UUID.randomUUID())))
.keyGroup().id();
logger.info("KeyGroup created with ID: [{}]", keyGroupId);
return keyGroupId;
}
}
```
+ API에 대한 세부 정보는 *AWS SDK for Java 2.x API 참조*의 [CreateKeyGroup](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateKeyGroup)을 참조하세요.
### `CreatePublicKey`
다음 코드 예시는 `CreatePublicKey`의 사용 방법을 보여줍니다.
**SDK for Java 2.x**
GitHub에 더 많은 내용이 있습니다. [AWS 코드 예 리포지토리](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요.
다음 코드 예제는 퍼블릭 키를 읽고 Amazon CloudFront에 업로드합니다.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreatePublicKeyResponse;
import software.amazon.awssdk.utils.IoUtils;
import java.io.IOException;
import java.io.InputStream;
import java.util.UUID;
public class CreatePublicKey {
private static final Logger logger = LoggerFactory.getLogger(CreatePublicKey.class);
public static String createPublicKey(CloudFrontClient cloudFrontClient, String publicKeyFileName) {
try (InputStream is = CreatePublicKey.class.getClassLoader().getResourceAsStream(publicKeyFileName)) {
String publicKeyString = IoUtils.toUtf8String(is);
CreatePublicKeyResponse createPublicKeyResponse = cloudFrontClient
.createPublicKey(b -> b.publicKeyConfig(c -> c
.name("JavaCreatedPublicKey" + UUID.randomUUID())
.encodedKey(publicKeyString)
.callerReference(UUID.randomUUID().toString())));
String createdPublicKeyId = createPublicKeyResponse.publicKey().id();
logger.info("Public key created with id: [{}]", createdPublicKeyId);
return createdPublicKeyId;
} catch (IOException e) {
throw new RuntimeException(e);
}
}
}
```
+ API에 대한 세부 정보는 *AWS SDK for Java 2.x API 참조*의 [CreatePublicKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreatePublicKey)을 참조하세요.
### `DeleteDistribution`
다음 코드 예시는 `DeleteDistribution`의 사용 방법을 보여줍니다.
**SDK for Java 2.x**
GitHub에 더 많은 내용이 있습니다. [AWS 코드 예 리포지토리](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요.
다음 코드 예제는 배포를 *비활성화됨*으로 업데이트하고, 변경사항이 배포되기를 기다리는 웨이터를 사용한 다음 배포를 삭제합니다.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.DeleteDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionConfig;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
public class DeleteDistribution {
private static final Logger logger = LoggerFactory.getLogger(DeleteDistribution.class);
public static void deleteDistribution(final CloudFrontClient cloudFrontClient, final String distributionId) {
// First, disable the distribution by updating it.
GetDistributionResponse response = cloudFrontClient.getDistribution(b -> b
.id(distributionId));
String etag = response.eTag();
DistributionConfig distConfig = response.distribution().distributionConfig();
cloudFrontClient.updateDistribution(builder -> builder
.id(distributionId)
.distributionConfig(builder1 -> builder1
.cacheBehaviors(distConfig.cacheBehaviors())
.defaultCacheBehavior(distConfig.defaultCacheBehavior())
.enabled(false)
.origins(distConfig.origins())
.comment(distConfig.comment())
.callerReference(distConfig.callerReference())
.defaultCacheBehavior(distConfig.defaultCacheBehavior())
.priceClass(distConfig.priceClass())
.aliases(distConfig.aliases())
.logging(distConfig.logging())
.defaultRootObject(distConfig.defaultRootObject())
.customErrorResponses(distConfig.customErrorResponses())
.httpVersion(distConfig.httpVersion())
.isIPV6Enabled(distConfig.isIPV6Enabled())
.restrictions(distConfig.restrictions())
.viewerCertificate(distConfig.viewerCertificate())
.webACLId(distConfig.webACLId())
.originGroups(distConfig.originGroups()))
.ifMatch(etag));
logger.info("Distribution [{}] is DISABLED, waiting for deployment before deleting ...",
distributionId);
GetDistributionResponse distributionResponse;
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distributionId)).matched();
distributionResponse = responseOrException.response()
.orElseThrow(() -> new RuntimeException("Could not disable distribution"));
}
DeleteDistributionResponse deleteDistributionResponse = cloudFrontClient
.deleteDistribution(builder -> builder
.id(distributionId)
.ifMatch(distributionResponse.eTag()));
if (deleteDistributionResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Distribution [{}] DELETED", distributionId);
}
}
}
```
+ API 세부 정보는 **AWS SDK for Java 2.x API 참조의 [DeleteDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteDistribution)를 참조합니다.
### `UpdateDistribution`
다음 코드 예시는 `UpdateDistribution`의 사용 방법을 보여줍니다.
**SDK for Java 2.x**
GitHub에 더 많은 내용이 있습니다. [AWS 코드 예 리포지토리](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요.
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionRequest;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.DistributionConfig;
import software.amazon.awssdk.services.cloudfront.model.UpdateDistributionRequest;
import software.amazon.awssdk.services.cloudfront.model.CloudFrontException;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class ModifyDistribution {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
id - the id value of the distribution.\s
""";
if (args.length != 1) {
System.out.println(usage);
System.exit(1);
}
String id = args[0];
CloudFrontClient cloudFrontClient = CloudFrontClient.builder()
.region(Region.AWS_GLOBAL)
.build();
modDistribution(cloudFrontClient, id);
cloudFrontClient.close();
}
public static void modDistribution(CloudFrontClient cloudFrontClient, String idVal) {
try {
// Get the Distribution to modify.
GetDistributionRequest disRequest = GetDistributionRequest.builder()
.id(idVal)
.build();
GetDistributionResponse response = cloudFrontClient.getDistribution(disRequest);
Distribution disObject = response.distribution();
DistributionConfig config = disObject.distributionConfig();
// Create a new DistributionConfig object and add new values to comment and
// aliases
DistributionConfig config1 = DistributionConfig.builder()
.aliases(config.aliases()) // You can pass in new values here
.comment("New Comment")
.cacheBehaviors(config.cacheBehaviors())
.priceClass(config.priceClass())
.defaultCacheBehavior(config.defaultCacheBehavior())
.enabled(config.enabled())
.callerReference(config.callerReference())
.logging(config.logging())
.originGroups(config.originGroups())
.origins(config.origins())
.restrictions(config.restrictions())
.defaultRootObject(config.defaultRootObject())
.webACLId(config.webACLId())
.httpVersion(config.httpVersion())
.viewerCertificate(config.viewerCertificate())
.customErrorResponses(config.customErrorResponses())
.build();
UpdateDistributionRequest updateDistributionRequest = UpdateDistributionRequest.builder()
.distributionConfig(config1)
.id(disObject.id())
.ifMatch(response.eTag())
.build();
cloudFrontClient.updateDistribution(updateDistributionRequest);
} catch (CloudFrontException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ API에 대한 세부 정보는 *AWS SDK for Java 2.x API 참조*의 [UpdateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/UpdateDistribution)을 참조하세요.
## 시나리오
### 다중 테넌트 배포 및 배포 테넌트 생성
다음 코드 예제에서는 다양한 구성으로 다중 테넌트 배포 및 배포 테넌트를 생성하는 방법을 보여줍니다.
**SDK for Java 2.x**
GitHub에 더 많은 내용이 있습니다. [AWS 코드 예 리포지토리](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요.
다음 예제에서는 파라미터와 와일드카드 인증서를 사용하여 다중 테넌트 배포를 생성하는 방법을 보여줍니다.
```
import software.amazon.awssdk.core.internal.waiters.ResponseOrException;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.ConnectionMode;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.Distribution;
import software.amazon.awssdk.services.cloudfront.model.GetDistributionResponse;
import software.amazon.awssdk.services.cloudfront.model.HttpVersion;
import software.amazon.awssdk.services.cloudfront.model.Method;
import software.amazon.awssdk.services.cloudfront.model.SSLSupportMethod;
import software.amazon.awssdk.services.cloudfront.model.ViewerProtocolPolicy;
import software.amazon.awssdk.services.cloudfront.waiters.CloudFrontWaiter;
import software.amazon.awssdk.services.s3.S3Client;
import java.time.Instant;
public class CreateMultiTenantDistribution {
public static Distribution CreateMultiTenantDistributionWithCert(CloudFrontClient cloudFrontClient,
S3Client s3Client,
final String bucketName,
final String certificateArn) {
// fetch the origin info if necessary
final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers()
.get("x-amz-bucket-region").get(0);
final String originDomain = bucketName + ".s3." + region + ".amazonaws.com";
String originId = originDomain; // Use the originDomain value for the originId.
CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder
.distributionConfig(b1 -> b1
.httpVersion(HttpVersion.HTTP2)
.enabled(true)
.comment("Template Distribution with cert built with java")
.connectionMode(ConnectionMode.TENANT_ONLY)
.callerReference(Instant.now().toString())
.viewerCertificate(certBuilder -> certBuilder
.acmCertificateArn(certificateArn)
.sslSupportMethod(SSLSupportMethod.SNI_ONLY))
.origins(b2 -> b2
.quantity(1)
.items(b3 -> b3
.domainName(originDomain)
.id(originId)
.originPath("/{{tenantName}}")
.s3OriginConfig(builder4 -> builder4
.originAccessIdentity(
""))))
.tenantConfig(b5 -> b5
.parameterDefinitions(b6 -> b6
.name("tenantName")
.definition(b7 -> b7
.stringSchema(b8 -> b8
.comment("tenantName value")
.defaultValue("root")
.required(false)))))
.defaultCacheBehavior(b2 -> b2
.viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy
.allowedMethods(b4 -> b4
.quantity(2)
.items(Method.HEAD, Method.GET)))
));
final Distribution distribution = createDistResponse.distribution();
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distribution.id()))
.matched();
responseOrException.response()
.orElseThrow(() -> new RuntimeException("Distribution not created"));
}
return distribution;
}
public static Distribution CreateMultiTenantDistributionNoCert(CloudFrontClient cloudFrontClient,
S3Client s3Client,
final String bucketName) {
// fetch the origin info if necessary
final String region = s3Client.headBucket(b -> b.bucket(bucketName)).sdkHttpResponse().headers()
.get("x-amz-bucket-region").get(0);
final String originDomain = bucketName + ".s3." + region + ".amazonaws.com";
String originId = originDomain; // Use the originDomain value for the originId.
CreateDistributionResponse createDistResponse = cloudFrontClient.createDistribution(builder -> builder
.distributionConfig(b1 -> b1
.httpVersion(HttpVersion.HTTP2)
.enabled(true)
.comment("Template Distribution with cert built with java")
.connectionMode(ConnectionMode.TENANT_ONLY)
.callerReference(Instant.now().toString())
.origins(b2 -> b2
.quantity(1)
.items(b3 -> b3
.domainName(originDomain)
.id(originId)
.originPath("/{{tenantName}}")
.s3OriginConfig(builder4 -> builder4
.originAccessIdentity(
""))))
.tenantConfig(b5 -> b5
.parameterDefinitions(b6 -> b6
.name("tenantName")
.definition(b7 -> b7
.stringSchema(b8 -> b8
.comment("tenantName value")
.defaultValue("root")
.required(false)))))
.defaultCacheBehavior(b2 -> b2
.viewerProtocolPolicy(ViewerProtocolPolicy.ALLOW_ALL)
.targetOriginId(originId)
.cachePolicyId("658327ea-f89d-4fab-a63d-7e88639e58f6") // CachingOptimized Policy
.allowedMethods(b4 -> b4
.quantity(2)
.items(Method.HEAD, Method.GET)))
));
final Distribution distribution = createDistResponse.distribution();
try (CloudFrontWaiter cfWaiter = CloudFrontWaiter.builder().client(cloudFrontClient).build()) {
ResponseOrException responseOrException = cfWaiter
.waitUntilDistributionDeployed(builder -> builder.id(distribution.id()))
.matched();
responseOrException.response()
.orElseThrow(() -> new RuntimeException("Distribution not created"));
}
return distribution;
}
}
```
다음 예제에서는 위에서 선언한 파라미터를 사용하는 것을 포함하여 해당 템플릿과 연결된 배포 테넌트를 생성하는 방법을 보여줍니다. 도메인이 이미 상위 템플릿에 포함되어 있기 때문에 여기에 인증서 정보를 추가할 필요가 없습니다.
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantNoCert(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.enabled(false)
.name("no-cert-tenant")
);
final DistributionTenant distributionTenant = createResponse.distributionTenant();
// Then update the Route53 hosted zone to point your domain at the distribution tenant
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
.identifier(distributionTenant.connectionGroupId()));
route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("ChangeBatch comment")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type("CNAME")
.ttl(300L)
.resourceRecords(b4 -> b4
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
return distributionTenant;
}
}
```
뷰어 인증서가 상위 템플릿에서 생략된 경우 대신 연결된 테넌트(들)에 인증서 정보를 추가해야 합니다. 다음 예제에서는 테넌트에 필요한 도메인을 포함하는 ACM 인증서 ARN을 통해 이 작업을 수행하는 방법을 보여줍니다.
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantWithCert(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId,
String certificateArn) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.enabled(false)
.name("tenant-with-cert")
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.customizations(b3 -> b3
.certificate(b4 -> b4
.arn(certificateArn))) // NOTE: Cert must be in Us-East-1 and cover the domain provided in this request
);
final DistributionTenant distributionTenant = createResponse.distributionTenant();
// Then update the Route53 hosted zone to point your domain at the distribution tenant
// We fetch the RoutingEndpoint to point to via the default connection group that was created for your tenant
final GetConnectionGroupResponse fetchedConnectionGroup = cloudFrontClient.getConnectionGroup(builder -> builder
.identifier(distributionTenant.connectionGroupId()));
route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("ChangeBatch comment")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type("CNAME")
.ttl(300L)
.resourceRecords(b4 -> b4
.value(fetchedConnectionGroup.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
return distributionTenant;
}
}
```
다음 예제에서는 CloudFront 호스팅 관리형 인증서 요청을 사용하여 이 작업을 수행하는 방법을 보여줍니다. 이는 도메인으로 향하는 트래픽이 아직 없는 경우에 적합합니다. 이 경우 ConnectionGroup을 만들어 RoutingEndpoint를 생성합니다. 그런 다음 해당 RoutingEndpoint를 사용하여 도메인 소유권을 확인하고 CloudFront를 가리키는 DNS 레코드를 생성합니다. 그러면 CloudFront가 토큰을 자동으로 제공하여 도메인 소유권을 검증하고 관리형 인증서를 생성합니다.
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantCfHosted(CloudFrontClient cloudFrontClient,
Route53Client route53Client,
String distributionId,
String domain,
String hostedZoneId) throws InterruptedException {
CreateConnectionGroupResponse createConnectionGroupResponse = cloudFrontClient.createConnectionGroup(builder -> builder
.ipv6Enabled(true)
.name("cf-hosted-connection-group")
.enabled(true));
route53Client.changeResourceRecordSets(builder -> builder
.hostedZoneId(hostedZoneId)
.changeBatch(b1 -> b1
.comment("cf-hosted domain validation record")
.changes(b2 -> b2
.resourceRecordSet(b3 -> b3
.name(domain)
.type(RRType.CNAME)
.ttl(300L)
.resourceRecords(b4 -> b4
.value(createConnectionGroupResponse.connectionGroup().routingEndpoint())))
.action("CREATE"))
));
// Give the R53 record time to propagate, if it isn't being returned by servers yet, the following call will fail
Thread.sleep(60000);
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.connectionGroupId(createConnectionGroupResponse.connectionGroup().id())
.enabled(false)
.name("cf-hosted-tenant")
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.managedCertificateRequest(b3 -> b3
.validationTokenHost(ValidationTokenHost.CLOUDFRONT)
)
);
return createResponse.distributionTenant();
}
}
```
다음 예제에서는 자체 호스팅 관리형 인증서 요청을 사용하여 이 작업을 수행하는 방법을 보여줍니다. 이는 도메인으로 향하는 트래픽이 있고 마이그레이션 중에 가동 중지 시간을 허용할 수 없는 경우에 적합합니다. 이 예제가 끝나면 도메인 검증 및 DNS 설정을 기다리는 상태로 테넌트가 생성됩니다. 트래픽을 마이그레이션할 준비가 되면 [여기](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/managed-cloudfront-certificates.html\$1complete-domain-ownership)에 나온 단계에 따라 설정을 완료합니다.
```
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.CreateConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.CreateDistributionTenantResponse;
import software.amazon.awssdk.services.cloudfront.model.DistributionTenant;
import software.amazon.awssdk.services.cloudfront.model.GetConnectionGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.ValidationTokenHost;
import software.amazon.awssdk.services.route53.Route53Client;
import software.amazon.awssdk.services.route53.model.RRType;
import java.time.Instant;
public class CreateDistributionTenant {
public static DistributionTenant createDistributionTenantSelfHosted(CloudFrontClient cloudFrontClient,
String distributionId,
String domain) {
CreateDistributionTenantResponse createResponse = cloudFrontClient.createDistributionTenant(builder -> builder
.distributionId(distributionId)
.domains(b1 -> b1
.domain(domain))
.parameters(b2 -> b2
.name("tenantName")
.value("myTenant"))
.enabled(false)
.name("self-hosted-tenant")
.managedCertificateRequest(b3 -> b3
.validationTokenHost(ValidationTokenHost.SELF_HOSTED)
.primaryDomainName(domain)
)
);
return createResponse.distributionTenant();
}
}
```
+ API 세부 정보는 *AWS SDK for Java 2.x API 참조*의 다음 주제를 참조하세요.
+ [CreateDistribution](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistribution)
+ [CreateDistributionTenant](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateDistributionTenant)
### 서명 리소스 삭제
다음 코드 예제는 Amazon Simple Storage Service(Amazon S3) 버킷의 제한된 콘텐츠에 액세스하는 데 사용되는 리소스를 삭제하는 방법을 보여줍니다.
**SDK for Java 2.x**
GitHub에 더 많은 내용이 있습니다. [AWS 코드 예제 리포지토리](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)에서 전체 예제를 찾고 설정 및 실행하는 방법을 배워보세요.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontClient;
import software.amazon.awssdk.services.cloudfront.model.DeleteKeyGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.DeleteOriginAccessControlResponse;
import software.amazon.awssdk.services.cloudfront.model.DeletePublicKeyResponse;
import software.amazon.awssdk.services.cloudfront.model.GetKeyGroupResponse;
import software.amazon.awssdk.services.cloudfront.model.GetOriginAccessControlResponse;
import software.amazon.awssdk.services.cloudfront.model.GetPublicKeyResponse;
public class DeleteSigningResources {
private static final Logger logger = LoggerFactory.getLogger(DeleteSigningResources.class);
public static void deleteOriginAccessControl(final CloudFrontClient cloudFrontClient,
final String originAccessControlId) {
GetOriginAccessControlResponse getResponse = cloudFrontClient
.getOriginAccessControl(b -> b.id(originAccessControlId));
DeleteOriginAccessControlResponse deleteResponse = cloudFrontClient.deleteOriginAccessControl(builder -> builder
.id(originAccessControlId)
.ifMatch(getResponse.eTag()));
if (deleteResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Successfully deleted Origin Access Control [{}]", originAccessControlId);
}
}
public static void deleteKeyGroup(final CloudFrontClient cloudFrontClient, final String keyGroupId) {
GetKeyGroupResponse getResponse = cloudFrontClient.getKeyGroup(b -> b.id(keyGroupId));
DeleteKeyGroupResponse deleteResponse = cloudFrontClient.deleteKeyGroup(builder -> builder
.id(keyGroupId)
.ifMatch(getResponse.eTag()));
if (deleteResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Successfully deleted Key Group [{}]", keyGroupId);
}
}
public static void deletePublicKey(final CloudFrontClient cloudFrontClient, final String publicKeyId) {
GetPublicKeyResponse getResponse = cloudFrontClient.getPublicKey(b -> b.id(publicKeyId));
DeletePublicKeyResponse deleteResponse = cloudFrontClient.deletePublicKey(builder -> builder
.id(publicKeyId)
.ifMatch(getResponse.eTag()));
if (deleteResponse.sdkHttpResponse().isSuccessful()) {
logger.info("Successfully deleted Public Key [{}]", publicKeyId);
}
}
}
```
+ API 세부 정보는 *AWS SDK for Java 2.x API 참조*의 다음 주제를 참조하세요.
+ [DeleteKeyGroup](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteKeyGroup)
+ [DeleteOriginAccessControl](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeleteOriginAccessControl)
+ [DeletePublicKey](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/DeletePublicKey)
### URL 및 쿠키에 서명
다음 코드 예제는 제한된 리소스에 액세스를 허용하는 서명된 URL 및 서명된 쿠키를 생성하는 방법을 보여줍니다.
**SDK for Java 2.x**
GitHub에 더 많은 내용이 있습니다. [AWS 코드 예 리포지토리](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cloudfront#code-examples)에서 전체 예를 찾고 설정 및 실행하는 방법을 배워보세요.
[CannedSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CannedSignerRequest.html) 클래스를 사용하면 *미리 준비된* 정책으로 URL 또는 쿠키에 서명할 수 있습니다.
```
import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
public class CreateCannedPolicyRequest {
public static CannedSignerRequest createRequestForCannedPolicy(String distributionDomainName,
String fileNameToUpload,
String privateKeyFullPath, String publicKeyId) throws Exception {
String protocol = "https";
String resourcePath = "/" + fileNameToUpload;
String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString();
Instant expirationDate = Instant.now().plus(7, ChronoUnit.DAYS);
Path path = Paths.get(privateKeyFullPath);
return CannedSignerRequest.builder()
.resourceUrl(cloudFrontUrl)
.privateKey(path)
.keyPairId(publicKeyId)
.expirationDate(expirationDate)
.build();
}
}
```
[CustomSignerRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/model/CustomSignerRequest.html) 클래스를 사용하면 *사용자 지정* 정책으로 URL 또는 쿠키에 서명할 수 있습니다. `activeDate`및 `ipRange`는 선택적 메서드입니다.
```
import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest;
import java.net.URL;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
public class CreateCustomPolicyRequest {
public static CustomSignerRequest createRequestForCustomPolicy(String distributionDomainName,
String fileNameToUpload,
String privateKeyFullPath, String publicKeyId) throws Exception {
String protocol = "https";
String resourcePath = "/" + fileNameToUpload;
String cloudFrontUrl = new URL(protocol, distributionDomainName, resourcePath).toString();
Instant expireDate = Instant.now().plus(7, ChronoUnit.DAYS);
// URL will be accessible tomorrow using the signed URL.
Instant activeDate = Instant.now().plus(1, ChronoUnit.DAYS);
Path path = Paths.get(privateKeyFullPath);
return CustomSignerRequest.builder()
.resourceUrl(cloudFrontUrl)
// .resourceUrlPattern("https://*.example.com/*") // Optional.
.privateKey(path)
.keyPairId(publicKeyId)
.expirationDate(expireDate)
.activeDate(activeDate) // Optional.
// .ipRange("192.168.0.1/24") // Optional.
.build();
}
}
```
다음 예제는 [CloudFrontUtilities](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/cloudfront/CloudFrontUtilities.html) 클래스를 사용하여 서명된 쿠키와 URL을 생성하는 방법을 보여줍니다. GitHub에서 이 코드 예제를 [확인](https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/javav2/example_code/cloudfront/src/main/java/com/example/cloudfront/SigningUtilities.java)하세요.
```
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import software.amazon.awssdk.services.cloudfront.CloudFrontUtilities;
import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCannedPolicy;
import software.amazon.awssdk.services.cloudfront.cookie.CookiesForCustomPolicy;
import software.amazon.awssdk.services.cloudfront.model.CannedSignerRequest;
import software.amazon.awssdk.services.cloudfront.model.CustomSignerRequest;
import software.amazon.awssdk.services.cloudfront.url.SignedUrl;
public class SigningUtilities {
private static final Logger logger = LoggerFactory.getLogger(SigningUtilities.class);
private static final CloudFrontUtilities cloudFrontUtilities = CloudFrontUtilities.create();
public static SignedUrl signUrlForCannedPolicy(CannedSignerRequest cannedSignerRequest) {
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCannedPolicy(cannedSignerRequest);
logger.info("Signed URL: [{}]", signedUrl.url());
return signedUrl;
}
public static SignedUrl signUrlForCustomPolicy(CustomSignerRequest customSignerRequest) {
SignedUrl signedUrl = cloudFrontUtilities.getSignedUrlWithCustomPolicy(customSignerRequest);
logger.info("Signed URL: [{}]", signedUrl.url());
return signedUrl;
}
public static CookiesForCannedPolicy getCookiesForCannedPolicy(CannedSignerRequest cannedSignerRequest) {
CookiesForCannedPolicy cookiesForCannedPolicy = cloudFrontUtilities
.getCookiesForCannedPolicy(cannedSignerRequest);
logger.info("Cookie EXPIRES header [{}]", cookiesForCannedPolicy.expiresHeaderValue());
logger.info("Cookie KEYPAIR header [{}]", cookiesForCannedPolicy.keyPairIdHeaderValue());
logger.info("Cookie SIGNATURE header [{}]", cookiesForCannedPolicy.signatureHeaderValue());
return cookiesForCannedPolicy;
}
public static CookiesForCustomPolicy getCookiesForCustomPolicy(CustomSignerRequest customSignerRequest) {
CookiesForCustomPolicy cookiesForCustomPolicy = cloudFrontUtilities
.getCookiesForCustomPolicy(customSignerRequest);
logger.info("Cookie POLICY header [{}]", cookiesForCustomPolicy.policyHeaderValue());
logger.info("Cookie KEYPAIR header [{}]", cookiesForCustomPolicy.keyPairIdHeaderValue());
logger.info("Cookie SIGNATURE header [{}]", cookiesForCustomPolicy.signatureHeaderValue());
return cookiesForCustomPolicy;
}
}
```
+ API에 대한 세부 정보는 *AWS SDK for Java 2.x API 참조*의 [CloudFrontUtilities](https://docs.aws.amazon.com/goto/SdkForJavaV2/cloudfront-2020-05-31/CloudFrontUtilities)을 참조하세요.